Closed renovate[bot] closed 1 week ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
Command failed: pipenv lock
Loading .env environment variables...
Creating a virtualenv for this project...
Pipfile: /tmp/renovate/repos/github/camptocamp/c2cgeoportal/Pipfile
Using /opt/containerbase/tools/python/3.8.19/bin/python3.8 (3.8.19) to create virtualenv...
created virtual environment CPython3.8.19.final.0-64 in 177ms
creator CPython3Posix(dest=/tmp/renovate/cache/others/virtualenvs/c2cgeoportal-DevFxLjq, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/ubuntu/.local/share/virtualenv)
added seed packages: pip==24.1, setuptools==70.1.0, wheel==0.43.0
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
✔ Successfully created virtual environment!
Virtualenv location: /tmp/renovate/cache/others/virtualenvs/c2cgeoportal-DevFxLjq
Locking [packages] dependencies...
Warning: WARNING:pipenv.patched.pip._internal.resolution.resolvelib.resolver:The candidate selected for download or install is a yanked version: 'sqlalchemy-utils' candidate (version 0.36.8 at https://files.pythonhosted.org/packages/14/68/e5301c4c960c79a32333b8805e52cb69d3d237aa869a773b4157ccb3eb26/SQLAlchemy-Utils-0.36.8.tar.gz (from https://pypi.org/simple/sqlalchemy-utils/))
Reason for being yanked: Wrong required python
Locking [dev-packages] dependencies...
False
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot install certifi==2020.12.5 because these package versions have conflicting dependencies.
[ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/resolver.py", line 645, in _main
[ResolutionFailure]: resolve_packages(
[ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/resolver.py", line 612, in resolve_packages
[ResolutionFailure]: results, resolver = resolve(
[ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/resolver.py", line 592, in resolve
[ResolutionFailure]: return resolve_deps(
[ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 932, in resolve_deps
[ResolutionFailure]: results, hashes, internal_resolver = actually_resolve_deps(
[ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 700, in actually_resolve_deps
[ResolutionFailure]: resolver.resolve()
[ResolutionFailure]: File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 457, in resolve
[ResolutionFailure]: raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this mechanism, then run $ pipenv graph to inspect the versions actually installed in the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts
Traceback (most recent call last):
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/bin/pipenv", line 8, in <module>
sys.exit(cli())
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1157, in __call__
return self.main(*args, **kwargs)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/cli/options.py", line 58, in main
return super().main(*args, **kwargs, windows_expand_args=False)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1078, in main
rv = self.invoke(ctx)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/decorators.py", line 92, in new_func
return ctx.invoke(f, obj, *args, **kwargs)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/vendor/click/decorators.py", line 33, in new_func
return f(get_current_context(), *args, **kwargs)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/cli/command.py", line 344, in lock
do_lock(
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/routines/lock.py", line 66, in do_lock
venv_resolve_deps(
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 873, in venv_resolve_deps
c = resolve(cmd, st, project=project)
File "/opt/containerbase/tools/pipenv/2024.0.1/3.8.19/lib/python3.8/site-packages/pipenv/utils/resolver.py", line 737, in resolve
raise RuntimeError("Failed to lock Pipfile.lock!")
RuntimeError: Failed to lock Pipfile.lock!
This PR contains the following updates:
==1.7.8
->==1.7.9
3.8
->3.8.19
Release Notes
PyCQA/bandit (bandit)
### [`v1.7.9`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://togithub.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://togithub.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://togithub.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://togithub.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://togithub.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://togithub.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://togithub.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://togithub.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://togithub.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://togithub.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://togithub.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://togithub.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://togithub.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://togithub.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://togithub.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://togithub.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://togithub.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://togithub.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://togithub.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://togithub.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://togithub.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://togithub.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://togithub.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@bersbersbers](https://togithub.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://togithub.com/PyCQA/bandit/pull/1052) #### New Contributors - [@pre-commit-ci](https://togithub.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://togithub.com/PyCQA/bandit/pull/1119) - [@bersbersbers](https://togithub.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://togithub.com/PyCQA/bandit/pull/1052) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9Configuration
📅 Schedule: Branch creation - "after 5pm on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.