scratchdir icon indicating copy to clipboard operation
scratchdir copied to clipboard

Published 20 hours ago verified publisher icon ahawker

Bump safety from 1.9.0 to 2.3.5

Open dependabot[bot] opened this issue 3 years ago • 1 comments

Bumps safety from 1.9.0 to 2.3.5.

Release notes

Sourced from safety's releases.

2.3.5

No release notes provided.

2.3.4

No release notes provided.

2.3.3

No release notes provided.

2.3.2

  • Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
  • Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
  • Fixed telemetry data missing when the CLI mode is used.
  • Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
  • Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

2.3.1

No release notes provided.

2.3.0

What's Changed

Full Changelog: https://github.com/pyupio/safety/compare/2.2.1...2.3.0

2.2.1

What's Changed

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

... (truncated)

Changelog

Sourced from safety's changelog.

[2.3.5] - 2022-12-08

  • Pinned packaging dependency to a compatible range.
  • Pinned the CI actions to the runner image with Python 3.6 support.

[2.3.4] - 2022-12-07

  • Removed LegacyVersion use; this fixes the issue with packaging 22.0.
  • Fixed typos in the README.
  • Added Python 3.11 to the classifiers in the setup.cfg.

[2.3.3] - 2022-11-27

  • Fixed recursive requirements issue when an unpinned package is found.

[2.3.2] - 2022-11-21

  • Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
  • Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
  • Fixed telemetry data missing when the CLI mode is used.
  • Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
  • Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

[2.3.1] - 2022-10-05

  • Add safety.alerts module to setup.cfg

[2.3.0] - 2022-10-05

  • Safety can now create GitHub PRs and Issues for vulnerabilities directly, with the new safety alert subcommand.
  • Support for GitHub PR and Issue alerting has been added to the GitHub Action.

[2.2.1] - 2022-10-04

  • Fixed the use of the SAFETY_COLOR environment variable
  • Fixed bug in the case of vulnerabilities without a CVE linked
  • Fixed GitHub version in the README

[2.2.0] - 2022-09-19

  • Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
  • Added logic for custom integrations like pipenv check.
  • The --db flag is compatible remote sources too.
  • Added more logging
  • Upgrade dparse dependency to avoid a possible ReDos security issue
  • Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

  • Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

  • Improved error messages & fixed issues with proxies
  • Fixed license command
  • Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
  • Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

... (truncated)

Commits
  • d8bd6f7 Version 2.3.5
  • a10fbd8 Merge pull request #444 from pyupio/develop
  • 7b24998 Test integration for 2.3.4
  • 7d6dd5e Update the OS mapping in the binaries file.
  • b62b75c Merge pull request #443 from pyupio/fix/pin-compatible-packaging-versions
  • 93598ae Pin the ubuntu version to be used for the CI.
  • aa1b153 Use packaging versions < 22.0 to prevent issues.
  • f78823c Starting version 2.3.5.dev
  • 9164106 Merge pull request #442 from pyupio/main
  • 46d54bc Version 2.3.4
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Dec 12 '22 03:12 dependabot[bot]

The following labels could not be found: type: maintenance.

dependabot[bot] avatar Dec 12 '22 03:12 dependabot[bot]