From 3591851a48e309199ca123fc122c614541fc2b42 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Nov 2024 10:44:01 -0500
Subject: [PATCH 1/2] build(deps): bump cryptography from 42.0.4 to 43.0.3
 (#1734)

Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.4 to 43.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/42.0.4...43.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vikas Agarwal <75295756+vikas-agarwal76@users.noreply.github.com>
Co-authored-by: Jennifer Power <barnabei.jennifer@gmail.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 9627497da..882f204a8 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -28,7 +28,7 @@ include_package_data = True
 install_requires =
     attrs
     ilcli
-    cryptography==42.0.4
+    cryptography==43.0.3
     paramiko==3.4.0
     ruamel.yaml
     furl

From 65d7dce9c4d0287dbe7611c0c19198cc3aadaacb Mon Sep 17 00:00:00 2001
From: Jennifer Power <barnabei.jennifer@gmail.com>
Date: Tue, 19 Nov 2024 15:56:56 -0500
Subject: [PATCH 2/2] chore: add initial CODEOWNERS file (#1753)

* chore: add initial CODEOWNERS file

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>

* docs: updates contributing guide with CODEOWNERS requirement

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>

* docs: remove relative link in contributing document

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>

---------

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
---
 .github/CODEOWNERS | 3 +++
 CONTRIBUTING.md    | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 .github/CODEOWNERS

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 000000000..58eca65fd
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in
+# the repo.
+*       @oscal-compass/compliance-trestle-maintainers
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7b9622fde..fdd4c9759 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -28,9 +28,11 @@ pull request so it can be tracked.
 ### Merge approval
 
 The project maintainers use LGTM (Looks Good To Me) in comments on the code
-review to indicate acceptance. A change requires LGTMs from one of the maintainers.
+review to indicate acceptance.
 
-For a list of the maintainers, see the [maintainers](https://oscal-compass.github.io/compliance-trestle/maintainers/) page.
+A change requires LGTMs from at least two reviewers. One of the reviewers must be a [`CODEOWNER`](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners).
+
+For a list of the maintainers (also codeowners), see the [maintainers](https://oscal-compass.github.io/compliance-trestle/maintainers/) page.
 
 ### Trestle updating, testing and release logistics