search

greenbone / python-gvm

Greenbone Vulnerability Management Python Library
https://greenbone.github.io/python-gvm/
GNU General Public License v3.0
107 stars 60 forks source link

Deps: Bump the python-packages group with 4 updates #1160

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the python-packages group with 4 updates: coverage, exceptiongroup, ruff and tomlkit.

Updates coverage from 7.5.4 to 7.6.0

Changelog

Sourced from coverage's changelog.

Version 7.6.0 — 2024-07-11

  • Exclusion patterns can now be multi-line, thanks to Daniel Diniz <pull 1807_>. This enables many interesting exclusion use-cases, including those requested in issues 118 <issue 118_> (entire files), 996 <issue 996_>_ (multiple lines only when appearing together), 1741 <issue 1741_>_ (remainder of a function), and 1803 <issue 1803_>_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude section of the docs for more details and examples.

  • The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz <pull 1809_>_ for getting the work started. This closes issue 1793_ and issue 1532_.

  • Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.

  • Python 3.13.0b3 is supported.

.. _issue 118: nedbat/coveragepy#118 .. _issue 996: nedbat/coveragepy#996 .. _issue 1532: nedbat/coveragepy#1532 .. _issue 1741: nedbat/coveragepy#1741 .. _issue 1793: nedbat/coveragepy#1793 .. _issue 1803: nedbat/coveragepy#1803 .. _pull 1807: nedbat/coveragepy#1807 .. _pull 1809: nedbat/coveragepy#1809

.. _changes_7-5-4:

Commits
  • 59a3cd7 docs: sample HTML for 7.6.0
  • 7f27fa7 docs: prep for 7.6.0
  • 6a268b0 docs: issues closed by the json region reporting
  • 5bfe9e7 chore: bump actions/setup-python from 5.1.0 to 5.1.1 (#1814)
  • ab609ef docs: mention json region reporting in the changes
  • 92d96b9 fix: json report needs 'no class' and 'no function' also
  • e47e7e7 refactor: move duplicate code into methods
  • 3d6be2b fix: json format should bump for regions
  • a9992d2 test: add a test of json regions with branches
  • 8b89764 test: json expectations should have explicit format number
  • Additional commits viewable in compare view


Updates exceptiongroup from 1.2.1 to 1.2.2

Release notes

Sourced from exceptiongroup's releases.

1.2.2

  • Removed an assert in exceptiongroup._formatting that caused compatibility issues with Sentry (#123)
Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.2.2

  • Removed an assert in exceptiongroup._formatting that caused compatibility issues with Sentry ([#123](https://github.com/agronholm/exceptiongroup/issues/123) <https://github.com/agronholm/exceptiongroup/issues/123>_)

1.2.1

  • Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
  • Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
  • Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

  • Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
  • Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
  • Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except* handler

1.1.3

  • catch() now raises a TypeError if passed an async exception handler instead of just giving a RuntimeWarning about the coroutine never being awaited. (#66, PR by John Litborn)
  • Fixed plain raise statement in an exception handler callback to work like a raise in an except* block
  • Fixed new exception group not being chained to the original exception when raising an exception group from exceptions raised in handler callbacks
  • Fixed type annotations of the derive(), subgroup() and split() methods to match the ones in typeshed

1.1.2

  • Changed handling of exceptions in exception group handler callbacks to not wrap a single exception in an exception group, as per CPython issue 103590 <https://github.com/python/cpython/issues/103590>_

1.1.1

  • Worked around

... (truncated)

Commits
  • 2399d54 Added the release version
  • bec9651 Removed problematic assert that caused compatibility issues
  • f3f0ff6 Updated Ruff configuration
  • bb43ee0 Fixed formatting tests failing on Python 3.13
  • eb8fbbc [pre-commit.ci] pre-commit autoupdate (#129)
  • 6ff8300 [pre-commit.ci] pre-commit autoupdate (#128)
  • 761933f [pre-commit.ci] pre-commit autoupdate (#127)
  • 1b43294 [pre-commit.ci] pre-commit autoupdate (#125)
  • dd87018 [pre-commit.ci] pre-commit autoupdate (#124)
  • 54d8b8d [pre-commit.ci] pre-commit autoupdate (#121)
  • Additional commits viewable in compare view


Updates ruff from 0.5.1 to 0.5.2

Release notes

Sourced from ruff's releases.

0.5.2

Release Notes

Preview features

  • Use space separator before parenthesized expressions in comprehensions with leading comments (#12282)
  • [flake8-async] Update ASYNC100 to include anyio and asyncio (#12221)
  • [flake8-async] Update ASYNC109 to include anyio and asyncio (#12236)
  • [flake8-async] Update ASYNC110 to include anyio and asyncio (#12261)
  • [flake8-async] Update ASYNC115 to include anyio and asyncio (#12262)
  • [flake8-async] Update ASYNC116 to include anyio and asyncio (#12266)

Rule changes

  • [flake8-return] Exempt properties from explicit return rule (RET501) (#12243)
  • [numpy] Add np.NAN-to-np.nan diagnostic (#12292)
  • [refurb] Make list-reverse-copy an unsafe fix (#12303)

Server

  • Consider include and extend-include settings in native server (#12252)
  • Include nested configurations in settings reloading (#12253)

CLI

  • Omit code frames for fixes with empty ranges (#12304)
  • Warn about formatter incompatibility for D203 (#12238)

Bug fixes

  • Make cache-write failures non-fatal on Windows (#12302)
  • Treat not operations as boolean tests (#12301)
  • [flake8-bandit] Avoid S310 violations for HTTP-safe f-strings (#12305)
  • [flake8-bandit] Support explicit string concatenations in S310 HTTP detection (#12315)
  • [flake8-bandit] fix S113 false positive for httpx without timeout argument (#12213)
  • [pycodestyle] Remove "non-obvious" allowance for E721 (#12300)
  • [pyflakes] Consider with blocks as single-item branches for redefinition analysis (#12311)
  • [refurb] Restrict forwarding for newline argument in open() calls to Python versions >= 3.10 (#12244)

Documentation

  • Update help and documentation to reflect --output-format full default (#12248)

Performance

  • Use more threads when discovering Python files (#12258)

Install ruff 0.5.2

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.2

Preview features

  • Use space separator before parenthesized expressions in comprehensions with leading comments (#12282)
  • [flake8-async] Update ASYNC100 to include anyio and asyncio (#12221)
  • [flake8-async] Update ASYNC109 to include anyio and asyncio (#12236)
  • [flake8-async] Update ASYNC110 to include anyio and asyncio (#12261)
  • [flake8-async] Update ASYNC115 to include anyio and asyncio (#12262)
  • [flake8-async] Update ASYNC116 to include anyio and asyncio (#12266)

Rule changes

  • [flake8-return] Exempt properties from explicit return rule (RET501) (#12243)
  • [numpy] Add np.NAN-to-np.nan diagnostic (#12292)
  • [refurb] Make list-reverse-copy an unsafe fix (#12303)

Server

  • Consider include and extend-include settings in native server (#12252)
  • Include nested configurations in settings reloading (#12253)

CLI

  • Omit code frames for fixes with empty ranges (#12304)
  • Warn about formatter incompatibility for D203 (#12238)

Bug fixes

  • Make cache-write failures non-fatal on Windows (#12302)
  • Treat not operations as boolean tests (#12301)
  • [flake8-bandit] Avoid S310 violations for HTTP-safe f-strings (#12305)
  • [flake8-bandit] Support explicit string concatenations in S310 HTTP detection (#12315)
  • [flake8-bandit] fix S113 false positive for httpx without timeout argument (#12213)
  • [pycodestyle] Remove "non-obvious" allowance for E721 (#12300)
  • [pyflakes] Consider with blocks as single-item branches for redefinition analysis (#12311)
  • [refurb] Restrict forwarding for newline argument in open() calls to Python versions >= 3.10 (#12244)

Documentation

  • Update help and documentation to reflect --output-format full default (#12248)

Performance

  • Use more threads when discovering Python files (#12258)
Commits
  • dc8db1a Make some amendments to the v0.5.2 changelog (#12319)
  • 18c364d [flake8-bandit] Support explicit string concatenations in S310 HTTP detecti...
  • 7a7c601 Bump version to v0.5.2 (#12316)
  • 3bfbbbc Avoid allocation when validating HTTP and HTTPS prefixes (#12313)
  • 1a3ee45 [flake8-bandit] Avoid S310 violations for HTTP-safe f-strings (#12305)
  • 6584886 [refurb] Make list-reverse-copy an unsafe fix (#12303)
  • 456d6a2 Consider with blocks as single-item branches (#12311)
  • 940df67 Omit code frames for fixes with empty ranges (#12304)
  • e58713e Make cache-write failures non-fatal (#12302)
  • aa5c53b Remove 'non-obvious' allowance for E721 (#12300)
  • Additional commits viewable in compare view


Updates tomlkit from 0.12.5 to 0.13.0

Release notes

Sourced from tomlkit's releases.

0.13.0

What's Changed

New Contributors

Full Changelog: https://github.com/python-poetry/tomlkit/compare/0.12.5...0.13.0

Changelog

Sourced from tomlkit's changelog.

[0.13.0] - 2024-07-10

Changed

  • Expect a tomlkit-specific error instead of TypeError from a custom encoder. (#355)
  • Drop support for Python older than 3.8. Remove 3.7 from the CI matrix.

Fixed

  • Fix the incompatiblity with 3.13 because of the datetime.replace() change. (#333)
  • Revert the change of parsing out-of-order tables. (#347)
  • Keep the nested out-of-order table. (#361)
Commits
  • 4d06dff chore: bump version to 0.13.0
  • 85aaf7a fix: keep the nested out of order table (#366)
  • f12ece3 chore(deps-dev): bump zipp from 3.15.0 to 3.19.1 (#365)
  • f4b2f74 chore(deps-dev): bump requests from 2.31.0 to 2.32.2 (#364)
  • 0747884 chore(deps-dev): bump urllib3 from 2.0.7 to 2.2.2 (#363)
  • d55d837 fix: Remove 3.7 from the CI matrix
  • 49daa69 chore(deps-dev): bump certifi from 2024.2.2 to 2024.7.4 (#362)
  • cce567c [pre-commit.ci] pre-commit autoupdate (#359)
  • 400057b fix: tomlkit 0.12.5 : Encoder contract interferes with external TypeError...
  • 22676f9 Update tests action (#357)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 3 months ago

Dependency Review

The following issues were found:

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 69c1bee828a155fa896fbb0a7982197376665f27.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
coverage7.6.0Apache-2.0Incompatible License
ruff0.5.2MITIncompatible License
tomlkit0.13.0MITIncompatible License
exceptiongroup1.2.2NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, GPL-3.0-or-later, LGPL-2.1, EPL-2.0, Python-2.0, GPL-2.0-or-later, GPL-2.0-only, GPL-3.0-or-later AND LGPL-2.1-only, GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only, GPL-2.0 AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later, MIT, ISC, Unlicense, Apache-2.0, BSD-3-Clause, BSD-2-Clause, BSD-2-Clause AND MIT, MPL-2.0, CC-BY-4.0, CC-BY-3.0, CC-BY-SA-4.0, CC0-1.0, BSD-2-Clause AND BSD-3-Clause, BSD-3-Clause AND BSD-3-Clause-Clear, MIT OR Apache-2.0, MIT AND Python-2.0, (Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT), (MIT OR Apache-2.0) AND Unicode-DFS-2016, OFL-1.1, Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1, BlueOak-1.0.0, BSL-1.0, Python-2.0.1, MIT AND PSF-2.0, LGPL-2.0-only AND LGPL-2.1-or-later, CAL-1.0

OpenSSF Scorecard

PackageVersionScoreDetails
pip/coverage 7.6.0 :green_circle: 8.5
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review:warning: 0Found 1/24 approved changesets -- score normalized to 0
License:green_circle: 10license file detected
CII-Best-Practices:green_circle: 5badge detected: Passing
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
Pinned-Dependencies:green_circle: 5dependency not pinned by hash detected -- score normalized to 5
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
pip/exceptiongroup 1.2.2 UnknownUnknown
pip/ruff 0.5.2 UnknownUnknown
pip/tomlkit 0.13.0 UnknownUnknown

Scanned Manifest Files

poetry.lock
  • coverage@7.6.0
  • exceptiongroup@1.2.2
  • ruff@0.5.2
  • tomlkit@0.13.0
  • coverage@7.5.4
  • exceptiongroup@1.2.1
  • ruff@0.5.1
  • tomlkit@0.12.5
github-actions[bot] commented 3 months ago

Conventional Commits Report

Type Number
Dependencies 1

:rocket: Conventional commits found.