python-gvm icon indicating copy to clipboard operation
python-gvm copied to clipboard
verified publisher icon greenbone

Deps: Bump the python-packages group across 1 directory with 3 updates

Open dependabot[bot] opened this issue 1 year ago • 2 comments

Bumps the python-packages group with 3 updates in the / directory: importlib-metadata, mypy and ruff.

Updates importlib-metadata from 7.2.1 to 8.0.0

Changelog

Sourced from importlib-metadata's changelog.

v8.0.0

Deprecations and Removals

  • Message.getitem now raises a KeyError on missing keys. (#371)
  • Removed deprecated support for Distribution subclasses not implementing abstract methods.
Commits
  • f390168 Finalize
  • c3bae1e Merge pull request #491 from python/debt/remove-legacy
  • a970a49 Message.getitem now raises a KeyError on missing keys.
  • 32c14aa Removed deprecated support for Distribution subclasses not implementing abstr...
  • See full diff in compare view

Updates mypy from 1.10.0 to 1.10.1

Changelog

Sourced from mypy's changelog.

Mypy 1.10.1

  • Fix error reporting on cached run after uninstallation of third party library (Shantanu, PR 17420)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • Alex Waygood
  • Ali Hamdan
  • Edward Paget
  • Evgeniy Slobodkin
  • Hashem
  • hesam
  • Hugo van Kemenade
  • Ihor
  • James Braza
  • Jelle Zijlstra
  • jhance
  • Jukka Lehtosalo
  • Loïc Simon
  • Marc Mueller
  • Matthieu Devlin
  • Michael R. Crusoe
  • Nikita Sobolev
  • Oskari Lehto
  • Riccardo Di Maio
  • Richard Si
  • roberfi
  • Roman Solomatin
  • Sam Xifaras
  • Shantanu
  • Spencer Brown
  • Srinivas Lade
  • Tamir Duberstein
  • youkaichao

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.9

We’ve just uploaded mypy 1.9 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Breaking Changes

Because the version of typeshed we use in mypy 1.9 doesn't support 3.7, neither does mypy 1.9. (Jared Hance, PR 16883)

... (truncated)

Commits
  • c28b525 [1.10 backport] Fix error reporting on cached run after uninstallation of thi...
  • See full diff in compare view

Updates ruff from 0.4.10 to 0.5.1

Release notes

Sourced from ruff's releases.

0.5.1

Release Notes

Preview features

  • [flake8-bugbear] Implement mutable-contextvar-default (B039) (#12113)
  • [pycodestyle] Whitespace after decorator (E204) (#12140)
  • [pytest] Reverse PT001 and PT0023 defaults (#12106)

Rule changes

  • Enable token-based rules on source with syntax errors (#11950)
  • [flake8-bandit] Detect httpx for S113 (#12174)
  • [numpy] Update NPY201 to include exception deprecations (#12065)
  • [pylint] Generate autofix for duplicate-bases (PLE0241) (#12105)

Server

  • Avoid syntax error notification for source code actions (#12148)
  • Consider the content of the new cells during notebook sync (#12203)
  • Fix replacement edit range computation (#12171)

Bug fixes

  • Disable auto-fix when source has syntax errors (#12134)
  • Fix cache key collisions for paths with separators (#12159)
  • Make requires-python inference robust to == (#12091)
  • Use char-wise width instead of str-width (#12135)
  • [pycodestyle] Avoid E275 if keyword followed by comma (#12136)
  • [pycodestyle] Avoid E275 if keyword is followed by a semicolon (#12095)
  • [pylint] Skip dummy variables for PLR1704 (#12190)

Performance

  • Remove allocation in parse_identifier (#12103)
  • Use CompactString for Identifier AST node (#12101)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.1

Preview features

  • [flake8-bugbear] Implement mutable-contextvar-default (B039) (#12113)
  • [pycodestyle] Whitespace after decorator (E204) (#12140)
  • [pytest] Reverse PT001 and PT0023 defaults (#12106)

Rule changes

  • Enable token-based rules on source with syntax errors (#11950)
  • [flake8-bandit] Detect httpx for S113 (#12174)
  • [numpy] Update NPY201 to include exception deprecations (#12065)
  • [pylint] Generate autofix for duplicate-bases (PLE0241) (#12105)

Server

  • Avoid syntax error notification for source code actions (#12148)
  • Consider the content of the new cells during notebook sync (#12203)
  • Fix replacement edit range computation (#12171)

Bug fixes

  • Disable auto-fix when source has syntax errors (#12134)
  • Fix cache key collisions for paths with separators (#12159)
  • Make requires-python inference robust to == (#12091)
  • Use char-wise width instead of str-width (#12135)
  • [pycodestyle] Avoid E275 if keyword followed by comma (#12136)
  • [pycodestyle] Avoid E275 if keyword is followed by a semicolon (#12095)
  • [pylint] Skip dummy variables for PLR1704 (#12190)

Performance

  • Remove allocation in parse_identifier (#12103)
  • Use CompactString for Identifier AST node (#12101)

0.5.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

  • Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
  • Selecting ALL now excludes deprecated rules
  • The released archives now include an extra level of nesting, which can be removed with --strip-components=1 when untarring.
  • The release artifact's file name no longer includes the version tag. This enables users to install via /latest URLs on GitHub.
  • The diagnostic ranges for some flake8-bandit rules were modified (#10667).

... (truncated)

Commits
  • 3a72400 Rename publish workflow file extension (yaml -> yml) (#12206)
  • 1b3bff0 Bump version to 0.5.1 (#12205)
  • 0f6f73e [red-knot] Require that FileSystem objects implement Debug (#12204)
  • 7910bee Consider the content of the new cells during notebook sync (#12203)
  • f3ccd15 Revert "Remove --preview as a required argument for ruff server (#12053)"...
  • 1e07bfa [pycodestyle] Whitespace after decorator (E204) (#12140)
  • 5e7ba05 docs(*): fix a few typos, consistency issues and links (#12193)
  • d12570e docs(options): fix some typos and improve consistency (#12191)
  • 2f3264e fix(rules): skip dummy variables for PLR1704 (#12190)
  • e2e0889 [red-knot] Add very basic benchmark (#12182)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar Jul 08 '24 08:07 dependabot[bot]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA cd0c2ef7332476505af5e367ed2d0ddf6788aba9.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/importlib-metadata 8.0.0 :green_circle: 6.4
Details
CheckScoreReason
Code-Review:warning: 0Found 1/21 approved changesets -- score normalized to 0
Maintained:green_circle: 1028 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts:green_circle: 8binaries present in source code
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Signed-Releases:warning: -1no releases found
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/mypy 1.10.1 :green_circle: 5.6
Details
CheckScoreReason
Code-Review:green_circle: 8Found 24/29 approved changesets -- score normalized to 8
Maintained:green_circle: 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/ruff 0.5.1 UnknownUnknown
pip/importlib-metadata 7.2.1 :green_circle: 6.4
Details
CheckScoreReason
Code-Review:warning: 0Found 1/21 approved changesets -- score normalized to 0
Maintained:green_circle: 1028 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts:green_circle: 8binaries present in source code
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Signed-Releases:warning: -1no releases found
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/mypy 1.10.0 :green_circle: 5.6
Details
CheckScoreReason
Code-Review:green_circle: 8Found 24/29 approved changesets -- score normalized to 8
Maintained:green_circle: 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy:warning: 0security policy file not detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/ruff 0.4.10 UnknownUnknown

Scanned Manifest Files

poetry.lock

github-actions[bot] avatar Jul 08 '24 08:07 github-actions[bot]

Conventional Commits Report

Type Number
Changed 1
Dependencies 1

:rocket: Conventional commits found.

github-actions[bot] avatar Jul 08 '24 08:07 github-actions[bot]