search

OWASP / cornucopia

The source files and tools needed to build the OWASP Cornucopia decks in various languages
https://cornucopia.owasp.org
Other
46 stars 22 forks source link

Bump pipenv from 2024.0.2 to 2024.2.0 #855

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 3 weeks ago

Bumps pipenv from 2024.0.2 to 2024.2.0.

Release notes

Sourced from pipenv's releases.

Release v2024.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/pipenv/compare/v2024.1.0...v2024.2.0

Release v2024.1.0

What's Changed

Full Changelog: https://github.com/pypa/pipenv/compare/v2024.0.3...v2024.1.0

Release v2024.0.3

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/pipenv/compare/v2024.0.2...v2024.0.3

Changelog

Sourced from pipenv's changelog.

2024.2.0 (2024-10-22)

Pipenv 2024.2.0 (2024-10-22)

Bug Fixes

  • Features & Bug Fixes

    • Refactored and simplified install routines, improving maintainability and reliability (#6276)

      • Split install logic into smaller, focused functions.
      • Eliminated Pipfile caching for now to prevent bugs and reduce complexity.
      • Fixed edge cases with package category selection.
      • Improved handling of VCS dependencies during updates, fixing when ref is a revision and not a branch.

    • Enhanced VCS URL handling with better environment variable support (#6276)

      • More reliable expansion of environment variables in Git URLs.
      • Better handling of authentication components in VCS URLs.
      • Improved error messaging for missing environment variables.
      • Fixed issue where Git reference could be dropped during relock. [#6276](https://github.com/pypa/pipenv/issues/6276) <https://github.com/pypa/pipenv/issues/6276>_

Vendored Libraries

  • Update pipdeptree to version 2.23.4 [#6275](https://github.com/pypa/pipenv/issues/6275) <https://github.com/pypa/pipenv/issues/6275>_ 2024.1.0 (2024-09-29) ===================== Pipenv 2024.1.0 (2024-09-29) ============================

Features & Improvements

  • Upgrade from pip==24.0 to pip==24.1.2. [#6253](https://github.com/pypa/pipenv/issues/6253) <https://github.com/pypa/pipenv/issues/6253>_

Bug Fixes

  • Fixes regression in lock file generation that caused environment variable references (e.g., ${GIT_PASSWORD}) in VCS URLs to be stripped out. This restores the ability to use credential placeholders in version control system URLs. [#6256](https://github.com/pypa/pipenv/issues/6256) <https://github.com/pypa/pipenv/issues/6256>_ 2024.0.3 (2024-09-22) ===================== Pipenv 2024.0.3 (2024-09-22) ============================

Bug Fixes

... (truncated)

Commits
  • 0d7160e Release v2024.2.0
  • dd2f21f Bumped version to 2024.2.0.
  • 0df3738 refactor: use VCS_SCHEMES constant in unpack_url
  • 30930e0 chore: some improvements
  • b872d0b Merge pull request #6276 from pypa/issue-6267
  • 526ed94 Refactor do_check routine to be more modular and address concerns about the q...
  • 5268bde Updated logic for determining available python version string.
  • 8977f13 fix import
  • c74f9a6 Clean up lint, add news fragment and address issue 6167
  • b2c094b fix VCS environment variable expansion
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 weeks ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

rewtd commented 3 weeks ago

@sydseter why did you close this and not merge it?

sydseter commented 3 weeks ago

It breaks the build. Better to do this manually.