search

greenbone / python-gvm

Greenbone Vulnerability Management Python Library
https://greenbone.github.io/python-gvm/
GNU General Public License v3.0
107 stars 60 forks source link

Deps: Bump the python-packages group with 4 updates #1137

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the python-packages group with 4 updates: sphinx, docutils, exceptiongroup and ruff.

Updates sphinx from 7.2.6 to 7.3.7

Release notes

Sourced from sphinx's releases.

Sphinx 7.3.7

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.6

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.5

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.4

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.3

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.2

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinx's changelog.

Release 7.3.7 (released Apr 19, 2024)

Bugs fixed

  • #12299: Defer loading themes defined via entry points until their explicit use by the user or a child theme. Patch by Adam Turner.
  • #12305: Return the default value for theme.get_config() with an unsupported theme configuration section. Patch by Adam Turner.

Release 7.3.6 (released Apr 17, 2024)

Bugs fixed

  • #12295: Re-export all AST types in the C and C++ domains. Patch by Adam Turner.
  • #12295: Re-export various objects from sphinx.domains.python._annotations in sphinx.domains.python. Patch by Jacob Chesslo and Adam Turner.

Release 7.3.5 (released Apr 17, 2024)

Bugs fixed

  • #12295: Re-export various objects from sphinx.domains.python._object in sphinx.domains.python. Patch by Jacob Chesslo and Adam Turner.

Release 7.3.4 (released Apr 17, 2024)

Bugs fixed

  • Handle cases when Any is not an instance of type. Patch by Adam Turner.

Release 7.3.3 (released Apr 17, 2024)

Bugs fixed

... (truncated)

Commits
  • de4ac2f Bump to 7.3.7 final
  • 4a0c9dd Return the default value for unsupported theme configuration sections
  • 62c3bad Re-export py_sig_re from the Python domain
  • 3bcc669 Defer loading entry-point themes until needed
  • fa4563f Bump version
  • 630b4fb Bump to 7.3.6 final
  • 740b964 fixup! Elaborate a little more in the warning message for config.cache
  • 141f3ec Elaborate a little more in the warning message for config.cache
  • af27188 Add config.cache to the list of warning types
  • be2b083 Re-export more names in sphinx.domains.python (#12297)
  • Additional commits viewable in compare view


Updates docutils from 0.20.1 to 0.21.1

Updates exceptiongroup from 1.2.0 to 1.2.1

Release notes

Sourced from exceptiongroup's releases.

1.2.1

  • Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
  • Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
  • Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)
Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.2.1

  • Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
  • Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
  • Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

  • Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
  • Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
  • Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except* handler

1.1.3

  • catch() now raises a TypeError if passed an async exception handler instead of just giving a RuntimeWarning about the coroutine never being awaited. (#66, PR by John Litborn)
  • Fixed plain raise statement in an exception handler callback to work like a raise in an except* block
  • Fixed new exception group not being chained to the original exception when raising an exception group from exceptions raised in handler callbacks
  • Fixed type annotations of the derive(), subgroup() and split() methods to match the ones in typeshed

1.1.2

  • Changed handling of exceptions in exception group handler callbacks to not wrap a single exception in an exception group, as per CPython issue 103590 <https://github.com/python/cpython/issues/103590>_

1.1.1

  • Worked around CPython issue [#98778](https://github.com/agronholm/exceptiongroup/issues/98778) <https://github.com/python/cpython/issues/98778>_, urllib.error.HTTPError(..., fp=None) raises KeyError on unknown attribute access, on affected Python versions. (PR by Zac Hatfield-Dodds)

1.1.0

... (truncated)

Commits
  • b91b7a3 Added the release version
  • 521f02f Fixed type errors, added type tests (#118)
  • 4639b1e Fixed test failure on Python 3.12.3
  • 684b79a Have tox install the package in editable mode
  • 9ebe9f5 Updated GitHub actions
  • e57b07f [pre-commit.ci] pre-commit autoupdate (#115)
  • 8d2f627 [pre-commit.ci] pre-commit autoupdate (#113)
  • ee53e9f BaseExceptionGroup.derive should not copy notes (#112)
  • 2f23259 Corrected the type annotation for the exception handler callback (#109)
  • 0c89199 [pre-commit.ci] pre-commit autoupdate (#110)
  • Additional commits viewable in compare view


Updates ruff from 0.3.7 to 0.4.1

Release notes

Sourced from ruff's releases.

v0.4.1

Changes

Preview features

  • [pylint] Implement invalid-hash-returned (PLE0309) (#10961)
  • [pylint] Implement invalid-index-returned (PLE0305) (#10962)

Bug fixes

  • [pylint] Allow NoReturn-like functions for __str__, __len__, etc. (PLE0307) (#11017)
  • Parser: Use empty range when there's "gap" in token source (#11032)
  • [ruff] Ignore stub functions in unused-async (RUF029) (#11026)
  • Parser: Expect indented case block instead of match stmt (#11033)

Contributors

v0.4.0

Changes

A new, hand-written parser

Ruff's new parser is >2x faster, which translates to a 20-40% speedup for all linting and formatting invocations. There's a lot to say about this exciting change, so check out the blog post for more details!

See #10036 for implementation details.

A new language server in Rust

With this release, we also want to highlight our new language server. ruff server is a Rust-powered language server that comes built-in with Ruff. It can be used with any editor that supports the Language Server Protocol (LSP). It uses a multi-threaded, lock-free architecture inspired by rust-analyzer and it will open the door for a lot of exciting features. It’s also faster than our previous Python-based language server -- but you probably guessed that already.

ruff server is only in alpha, but it has a lot of features that you can try out today:

  • Lints Python files automatically and shows quick-fixes when available
  • Formats Python files, with support for range formatting
  • Comes with commands for quickly performing actions: ruff.applyAutofix, ruff.applyFormat, and ruff.applyOrganizeImports
  • Supports source.fixAll and source.organizeImports source actions
  • Automatically reloads your project configuration when you change it

To setup ruff server with your editor, refer to the README.md.

Preview features

  • [pycodestyle] Do not trigger E3 rules on defs following a function/method with a dummy body (#10704)
  • [pylint] Implement invalid-bytes-returned (E0308) (#10959)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.1

Preview features

  • [pylint] Implement invalid-hash-returned (PLE0309) (#10961)
  • [pylint] Implement invalid-index-returned (PLE0305) (#10962)

Bug fixes

  • [pylint] Allow NoReturn-like functions for __str__, __len__, etc. (PLE0307) (#11017)
  • Parser: Use empty range when there's "gap" in token source (#11032)
  • [ruff] Ignore stub functions in unused-async (RUF029) (#11026)
  • Parser: Expect indented case block instead of match stmt (#11033)

0.4.0

A new, hand-written parser

Ruff's new parser is >2x faster, which translates to a 20-40% speedup for all linting and formatting invocations. There's a lot to say about this exciting change, so check out the blog post for more details!

See #10036 for implementation details.

A new language server in Rust

With this release, we also want to highlight our new language server. ruff server is a Rust-powered language server that comes built-in with Ruff. It can be used with any editor that supports the Language Server Protocol (LSP). It uses a multi-threaded, lock-free architecture inspired by rust-analyzer and it will open the door for a lot of exciting features. It’s also faster than our previous Python-based language server -- but you probably guessed that already.

ruff server is only in alpha, but it has a lot of features that you can try out today:

  • Lints Python files automatically and shows quick-fixes when available
  • Formats Python files, with support for range formatting
  • Comes with commands for quickly performing actions: ruff.applyAutofix, ruff.applyFormat, and ruff.applyOrganizeImports
  • Supports source.fixAll and source.organizeImports source actions
  • Automatically reloads your project configuration when you change it

To setup ruff server with your editor, refer to the README.md.

Preview features

  • [pycodestyle] Do not trigger E3 rules on defs following a function/method with a dummy body (#10704)
  • [pylint] Implement invalid-bytes-returned (E0308) (#10959)
  • [pylint] Implement invalid-length-returned (E0303) (#10963)
  • [pylint] Implement self-cls-assignment (W0642) (#9267)
  • [pylint] Omit stubs from invalid-bool and invalid-str-return-type (#11008)
  • [ruff] New rule unused-async (RUF029) to detect unneeded async keywords on functions (#9966)

... (truncated)

Commits
  • 0ff25a5 Bump version to 0.4.1 (#11035)
  • 34873ec Add a script to fuzz the parser (courtesy of pysource-codegen) (#11015)
  • d3cd61f Use empty range when there's "gap" in token source (#11032)
  • 9b80cc0 Select fewer ruff rules when linting Python files in scripts/ (#11034)
  • 9bb23b0 Expect indented case block instead of match stmt (#11033)
  • 06c248a [ruff] Ignore stub functions in unused-async (RUF029) (#11026)
  • 27902b7 [pylint] Implement invalid-index-returned (PLE0305) (#10962)
  • 97acf1d ENH: Bump ruff dependency versions to support the latest release of `v0.4.0...
  • adf63d9 [pylint] Implement invalid-hash-returned (PLE0309) (#10961)
  • 5d3c9f2 ruff server: fix Neovim setup guide command (#11021)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 6 months ago

Dependency Review

The following issues were found:

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA e02851aa92b6c6ddf93d2e3fe1952382819e5ac9.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
docutils0.21.1NullUnknown License
exceptiongroup1.2.1NullUnknown License
sphinx7.3.7NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, GPL-3.0-or-later, LGPL-2.1, EPL-2.0, Python-2.0, GPL-2.0-or-later, GPL-2.0-only, GPL-3.0-or-later AND LGPL-2.1-only, GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only, GPL-2.0 AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later, MIT, ISC, Unlicense, Apache-2.0, BSD-3-Clause, BSD-2-Clause, BSD-2-Clause AND MIT, MPL-2.0, CC-BY-4.0, CC-BY-3.0, CC-BY-SA-4.0, CC0-1.0, BSD-2-Clause AND BSD-3-Clause, BSD-3-Clause AND BSD-3-Clause-Clear, MIT OR Apache-2.0, MIT AND Python-2.0, (Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT), (MIT OR Apache-2.0) AND Unicode-DFS-2016, OFL-1.1, Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1, BlueOak-1.0.0, BSL-1.0, Python-2.0.1, MIT AND PSF-2.0

OpenSSF Scorecard

PackageVersionScoreDetails
pip/docutils 0.21.1 UnknownUnknown
pip/exceptiongroup 1.2.1 UnknownUnknown
pip/ruff 0.4.1 UnknownUnknown
pip/sphinx 7.3.7 :green_circle: 5.9
Details
CheckScoreReason
Code-Review:warning: 1Found 3/30 approved changesets -- score normalized to 1
Maintained:green_circle: 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
pip/docutils 0.20.1 UnknownUnknown
pip/exceptiongroup 1.2.0 UnknownUnknown
pip/ruff 0.3.7 UnknownUnknown
pip/sphinx 7.2.6 :green_circle: 5.9
Details
CheckScoreReason
Code-Review:warning: 1Found 3/30 approved changesets -- score normalized to 1
Maintained:green_circle: 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases:warning: -1no releases found
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts:green_circle: 10no binaries found in the repo
Security-Policy:warning: 0security policy file not detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

poetry.lock
  • docutils@0.21.1
  • exceptiongroup@1.2.1
  • ruff@0.4.1
  • sphinx@7.3.7
  • docutils@0.20.1
  • exceptiongroup@1.2.0
  • ruff@0.3.7
  • sphinx@7.2.6
github-actions[bot] commented 6 months ago

Conventional Commits Report

Type Number
Dependencies 1

:rocket: Conventional commits found.

codecov[bot] commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 97.85%. Comparing base (9f00f18) to head (e02851a). Report is 17 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1137 +/- ## ========================================== - Coverage 97.93% 97.85% -0.08% ========================================== Files 60 61 +1 Lines 4461 4299 -162 Branches 1068 1047 -21 ========================================== - Hits 4369 4207 -162 Misses 72 72 Partials 20 20 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.