From e2a765f47fba26a90c3b43a9eb64467e7d6d4eb3 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Wed, 19 Jul 2023 22:29:50 +0300
Subject: [PATCH] Pin more python dependencies

* click: use release version
* tuf: use release version
* securesystemslib: pin a git hash (latest release does not have
  azurekms)
---
 repo/pyproject.toml   | 6 +++---
 signer/pyproject.toml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/repo/pyproject.toml b/repo/pyproject.toml
index 363f8fc1..49e9469c 100644
--- a/repo/pyproject.toml
+++ b/repo/pyproject.toml
@@ -13,9 +13,9 @@ description = "TUF-on-CI repository tools, intended to be executed on a CI syste
 readme = "README.md"
 dependencies = [
   "sigstore @ git+https://github.com/sigstore/sigstore-python@7d4af6c5f6732ef12e5bb455962321ebe5cce137",
-  "securesystemslib[azurekms, gcpkms, sigstore, pynacl] @ git+https://github.com/secure-systems-lab/securesystemslib",
-  "tuf @ git+https://github.com/theupdateframework/python-tuf",
-  "click",
+  "securesystemslib[azurekms, gcpkms, sigstore, pynacl] @ git+https://github.com/secure-systems-lab/securesystemslib@bf63e1b0a58e35c3d5087d5ddd53e43d25e7250a",
+  "tuf ~= 3.0.0",
+  "click ~= 8.1.0",
 ]
 requires-python = ">=3.10"
 
diff --git a/signer/pyproject.toml b/signer/pyproject.toml
index b9265a62..ff890163 100644
--- a/signer/pyproject.toml
+++ b/signer/pyproject.toml
@@ -13,9 +13,9 @@ description = "Signing tools for TUF-on-CI"
 readme = "README.md"
 dependencies = [
   "sigstore @ git+https://github.com/sigstore/sigstore-python@7d4af6c5f6732ef12e5bb455962321ebe5cce137",
-  "securesystemslib[gcpkms,hsm,sigstore] @ git+https://github.com/secure-systems-lab/securesystemslib",
-  "tuf @ git+https://github.com/theupdateframework/python-tuf",
-  "click",
+  "securesystemslib[gcpkms,hsm,sigstore] @ git+https://github.com/secure-systems-lab/securesystemslib@bf63e1b0a58e35c3d5087d5ddd53e43d25e7250a",
+  "tuf ~= 3.0.0",
+  "click ~= 8.1.0",
 ]
 requires-python = ">=3.10"