From 075949fecef9304137a88fc989c9120525a607a6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Mar 2025 21:31:22 +0000
Subject: [PATCH 1/2] build(deps): bump the test-and-lint-dependencies group
 with 2 updates

Bumps the test-and-lint-dependencies group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/woodruffw/zizmor).


Updates `ruff` from 0.9.10 to 0.11.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.10...0.11.0)

Updates `zizmor` from 1.4.1 to 1.5.1
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](https://github.com/woodruffw/zizmor/compare/v1.4.1...v1.5.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
- dependency-name: zizmor
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements/lint.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/lint.txt b/requirements/lint.txt
index b4ae77b517..51f9a2ca52 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -6,9 +6,9 @@
 # Lint tools
 # (We are not so interested in the specific versions of the tools: the versions
 # are pinned to prevent unexpected linting failures when tools update)
-ruff==0.9.10
+ruff==0.11.0
 mypy==1.15.0
-zizmor==1.4.1
+zizmor==1.5.1
 
 # Required for type stubs
 freezegun==1.5.1

From f3eddc19ff026e1d0a8ce25b3a613ad6f41d8326 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 18 Mar 2025 18:20:11 +0200
Subject: [PATCH 2/2] lint: Accept ruff suggestions for cast()

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 tuf/api/dsse.py                                | 4 ++--
 tuf/api/metadata.py                            | 2 +-
 tuf/ngclient/_internal/trusted_metadata_set.py | 8 ++++----
 tuf/ngclient/updater.py                        | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/tuf/api/dsse.py b/tuf/api/dsse.py
index 493fefd1d0..8f812d0741 100644
--- a/tuf/api/dsse.py
+++ b/tuf/api/dsse.py
@@ -81,7 +81,7 @@ def from_bytes(cls, data: bytes) -> SimpleEnvelope[T]:
         except Exception as e:
             raise DeserializationError from e
 
-        return cast(SimpleEnvelope[T], envelope)
+        return cast("SimpleEnvelope[T]", envelope)
 
     def to_bytes(self) -> bytes:
         """Return envelope as JSON bytes.
@@ -150,4 +150,4 @@ def get_signed(self) -> T:
         except Exception as e:
             raise DeserializationError from e
 
-        return cast(T, inner_cls.from_dict(payload_dict))
+        return cast("T", inner_cls.from_dict(payload_dict))
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
index 76b5ce0fde..d03a501546 100644
--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@@ -199,7 +199,7 @@ def from_dict(cls, metadata: dict[str, Any]) -> Metadata[T]:
 
         return cls(
             # Specific type T is not known at static type check time: use cast
-            signed=cast(T, inner_cls.from_dict(metadata.pop("signed"))),
+            signed=cast("T", inner_cls.from_dict(metadata.pop("signed"))),
             signatures=signatures,
             # All fields left in the metadata dict are unrecognized.
             unrecognized_fields=metadata,
diff --git a/tuf/ngclient/_internal/trusted_metadata_set.py b/tuf/ngclient/_internal/trusted_metadata_set.py
index 3678ddf3a1..179a65ed87 100644
--- a/tuf/ngclient/_internal/trusted_metadata_set.py
+++ b/tuf/ngclient/_internal/trusted_metadata_set.py
@@ -145,22 +145,22 @@ def __iter__(self) -> Iterator[Signed]:
     @property
     def root(self) -> Root:
         """Get current root."""
-        return cast(Root, self._trusted_set[Root.type])
+        return cast("Root", self._trusted_set[Root.type])
 
     @property
     def timestamp(self) -> Timestamp:
         """Get current timestamp."""
-        return cast(Timestamp, self._trusted_set[Timestamp.type])
+        return cast("Timestamp", self._trusted_set[Timestamp.type])
 
     @property
     def snapshot(self) -> Snapshot:
         """Get current snapshot."""
-        return cast(Snapshot, self._trusted_set[Snapshot.type])
+        return cast("Snapshot", self._trusted_set[Snapshot.type])
 
     @property
     def targets(self) -> Targets:
         """Get current top-level targets."""
-        return cast(Targets, self._trusted_set[Targets.type])
+        return cast("Targets", self._trusted_set[Targets.type])
 
     # Methods for updating metadata
     def update_root(self, data: bytes) -> Root:
diff --git a/tuf/ngclient/updater.py b/tuf/ngclient/updater.py
index 2504c86aa4..a98e799ce4 100644
--- a/tuf/ngclient/updater.py
+++ b/tuf/ngclient/updater.py
@@ -459,7 +459,7 @@ def _load_targets(self, role: str, parent_role: str) -> Targets:
 
         # Avoid loading 'role' more than once during "get_targetinfo"
         if role in self._trusted_set:
-            return cast(Targets, self._trusted_set[role])
+            return cast("Targets", self._trusted_set[role])
 
         try:
             data = self._load_local_metadata(role)