renovate[bot]
commented
3 months ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: poetry.lock
Updating dependencies
Resolving dependencies...
Creating virtualenv micropy-cli-fyJ5AX0N-py3.11 in /home/ubuntu/.cache/pypoetry/virtualenvs
The current project's Python requirement (>=3.8,<3.12) is not compatible with some of the required packages Python requirement:
- micropython-stubber requires Python >=3.9,<3.12, so it will not be satisfied for Python >=3.8,<3.9
Because micropy-cli depends on micropython-stubber (1.16.3) which requires Python >=3.9,<3.12, version solving failed.
• Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
For micropython-stubber, a possible solution would be to set the `python` property to ">=3.9,<3.12"
https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
https://python-poetry.org/docs/dependency-specification/#using-environment-markers
This PR contains the following updates:
4.66.1->4.66.3GitHub Vulnerability Alerts
CVE-2024-34062
Impact
Any optional non-boolean CLI arguments (e.g.
--delim,--buf-size,--manpath) are passed through python'seval, allowing arbitrary code execution. Example:Patches
https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316 released in
tqdm>=4.66.3Workarounds
None
References
Release Notes
tqdm/tqdm (tqdm)
### [`v4.66.3`](https://togithub.com/tqdm/tqdm/compare/v4.66.2...v4.66.3) [Compare Source](https://togithub.com/tqdm/tqdm/compare/v4.66.2...v4.66.3) ### [`v4.66.2`](https://togithub.com/tqdm/tqdm/releases/tag/v4.66.2): tqdm v4.66.2 stable [Compare Source](https://togithub.com/tqdm/tqdm/compare/v4.66.1...v4.66.2) - `pandas`: add `DataFrame.progress_map` ([#1549](https://togithub.com/tqdm/tqdm/issues/1549)) - `notebook`: fix HTML padding ([#1506](https://togithub.com/tqdm/tqdm/issues/1506)) - `keras`: fix resuming training when `verbose>=2` ([#1508](https://togithub.com/tqdm/tqdm/issues/1508)) - fix `format_num` negative fractions missing leading zero ([#1548](https://togithub.com/tqdm/tqdm/issues/1548)) - fix Python 3.12 `DeprecationWarning` on `import` ([#1519](https://togithub.com/tqdm/tqdm/issues/1519)) - linting: use f-strings ([#1549](https://togithub.com/tqdm/tqdm/issues/1549)) - update tests ([#1549](https://togithub.com/tqdm/tqdm/issues/1549)) - fix `pandas` warnings - fix `asv` ([https://github.com/airspeed-velocity/asv/issues/1323](https://togithub.com/airspeed-velocity/asv/issues/1323)) - fix macos `notebook` docstring indentation - CI: bump actions ([#1549](https://togithub.com/tqdm/tqdm/issues/1549))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.