search

greenbone / python-gvm

Greenbone Vulnerability Management Python Library
https://greenbone.github.io/python-gvm/
GNU General Public License v3.0
107 stars 60 forks source link

Deps: Bump the python-packages group with 4 updates #1164

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the python-packages group with 4 updates: coverage, black, mypy and ruff.

Updates coverage from 7.6.0 to 7.6.1

Changelog

Sourced from coverage's changelog.

Version 7.6.1 — 2024-08-04

  • Fix: coverage used to fail when measuring code using :func:runpy.run_path <python:runpy.run_path> with a :class:Path <python:pathlib.Path> argument. This is now fixed, thanks to Ask Hjorth Larsen <pull 1819_>_.

  • Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to LiuYinCarl <pull 1828_>_.

  • Now we publish wheels for Python 3.13, both regular and free-threaded.

.. _pull 1819: nedbat/coveragepy#1819 .. _pull 1828: nedbat/coveragepy#1828

.. _changes_7-6-0:

Commits
  • 29f5898 docs: sample HTML for 7.6.1
  • 9b829f1 docs: prep for 7.6.1
  • ebbb6a2 build: wheels for 3.13rc1
  • 3872525 chore: make upgrade
  • 7a27f40 test: fix a test on free-threading, use abiflags to get site-packages path co...
  • 2b53664 build: include gil/nogil in the version banner
  • da1682f docs: changelog and contributor for #1828
  • dc819ff test: two tests for #1828
  • 9aaa404 fix: properly handle backslash before multi-line string (#1828)
  • 9c50270 chore: make upgrade
  • Additional commits viewable in compare view


Updates black from 24.4.2 to 24.8.0

Release notes

Sourced from black's releases.

24.8.0

Stable style

  • Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

  • Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

  • Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)
  • Fix regression where Black failed to parse an escaped single quote inside an f-string (#4401)
  • Fix bug with Black incorrectly parsing empty lines with a backslash (#4343)
  • Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#4422)
  • Fix incorrect line numbers in the tokenizer for certain tokens within f-strings (#4423)

Performance

  • Improve performance when a large directory is listed in .gitignore (#4415)

Blackd

  • Fix blackd (and all extras installs) for docker container (#4357)
Changelog

Sourced from black's changelog.

24.8.0

Stable style

  • Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

  • Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

  • Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)
  • Fix regression where Black failed to parse an escaped single quote inside an f-string (#4401)
  • Fix bug with Black incorrectly parsing empty lines with a backslash (#4343)
  • Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#4422)
  • Fix incorrect line numbers in the tokenizer for certain tokens within f-strings (#4423)

Performance

  • Improve performance when a large directory is listed in .gitignore (#4415)

Blackd

  • Fix blackd (and all extras installs) for docker container (#4357)
Commits
  • b965c2a Prepare release 24.8.0 (#4426)
  • 9ccf279 Document find_project_root ignoring pyproject.toml without [tool.black]...
  • 14b6e61 fix: Enhace black efficiently to skip directories listed in .gitignore (#4415)
  • b1c4dd9 fix: respect braces better in f-string parsing (#4422)
  • 4b4ae43 Fix incorrect linenos on fstring tokens with escaped newlines (#4423)
  • 7fa1faf docs: fix the installation command of extra for blackd (#4413)
  • 8827acc Bump sphinx from 7.3.7 to 7.4.0 in /docs (#4404)
  • b0da11d Bump furo from 2024.5.6 to 2024.7.18 in /docs (#4409)
  • 721dff5 fix: avoid formatting backslash strings inside f-strings (#4401)
  • 7e2afc9 Update actions/checkout to v4 to stop node deprecation warnings (#4379)
  • Additional commits viewable in compare view


Updates mypy from 1.11.0 to 1.11.1

Commits


Updates ruff from 0.5.5 to 0.5.6

Release notes

Sourced from ruff's releases.

0.5.6

Release Notes

Ruff 0.5.6 automatically enables linting and formatting of notebooks in preview mode. You can opt-out of this behavior by adding *.ipynb to the extend-exclude setting.

[tool.ruff]
extend-exclude = ["*.ipynb"]

Preview features

  • Enable notebooks by default in preview mode (#12621)
  • [flake8-builtins] Implement import, lambda, and module shadowing (#12546)
  • [pydoclint] Add docstring-missing-returns (DOC201) and docstring-extraneous-returns (DOC202) (#12485)

Rule changes

  • [flake8-return] Exempt cached properties and other property-like decorators from explicit return rule (RET501) (#12563)

Server

  • Make server panic hook more error resilient (#12610)
  • Use $/logTrace for server trace logs in Zed and VS Code (#12564)
  • Keep track of deleted cells for reorder change request (#12575)

Configuration

  • [flake8-implicit-str-concat] Always allow explicit multi-line concatenations when implicit concatenations are banned (#12532)

Bug fixes

  • [flake8-async] Avoid flagging asyncio.timeouts as unused when the context manager includes asyncio.TaskGroup (#12605)
  • [flake8-slots] Avoid recommending __slots__ for classes that inherit from more than namedtuple (#12531)
  • [isort] Avoid marking required imports as unused (#12537)
  • [isort] Preserve trailing inline comments on import-from statements (#12498)
  • [pycodestyle] Add newlines before comments (E305) (#12606)
  • [pycodestyle] Don't attach comments with mismatched indents (#12604)
  • [pyflakes] Fix preview-mode bugs in F401 when attempting to autofix unused first-party submodule imports in an __init__.py file (#12569)
  • [pylint] Respect start index in unnecessary-list-index-lookup (#12603)
  • [pyupgrade] Avoid recommending no-argument super in slots=True dataclasses (#12530)
  • [pyupgrade] Use colon rather than dot formatting for integer-only types (#12534)
  • Fix NFKC normalization bug when removing unused imports (#12571)

Other changes

  • Consider more stdlib decorators to be property-like (#12583)
  • Improve handling of metaclasses in various linter rules (#12579)
  • Improve consistency between linter rules in determining whether a function is property (#12581)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.6

Ruff 0.5.6 automatically enables linting and formatting of notebooks in preview mode. You can opt-out of this behavior by adding *.ipynb to the extend-exclude setting.

[tool.ruff]
extend-exclude = ["*.ipynb"]

Preview features

  • Enable notebooks by default in preview mode (#12621)
  • [flake8-builtins] Implement import, lambda, and module shadowing (#12546)
  • [pydoclint] Add docstring-missing-returns (DOC201) and docstring-extraneous-returns (DOC202) (#12485)

Rule changes

  • [flake8-return] Exempt cached properties and other property-like decorators from explicit return rule (RET501) (#12563)

Server

  • Make server panic hook more error resilient (#12610)
  • Use $/logTrace for server trace logs in Zed and VS Code (#12564)
  • Keep track of deleted cells for reorder change request (#12575)

Configuration

  • [flake8-implicit-str-concat] Always allow explicit multi-line concatenations when implicit concatenations are banned (#12532)

Bug fixes

  • [flake8-async] Avoid flagging asyncio.timeouts as unused when the context manager includes asyncio.TaskGroup (#12605)
  • [flake8-slots] Avoid recommending __slots__ for classes that inherit from more than namedtuple (#12531)
  • [isort] Avoid marking required imports as unused (#12537)
  • [isort] Preserve trailing inline comments on import-from statements (#12498)
  • [pycodestyle] Add newlines before comments (E305) (#12606)
  • [pycodestyle] Don't attach comments with mismatched indents (#12604)
  • [pyflakes] Fix preview-mode bugs in F401 when attempting to autofix unused first-party submodule imports in an __init__.py file (#12569)
  • [pylint] Respect start index in unnecessary-list-index-lookup (#12603)
  • [pyupgrade] Avoid recommending no-argument super in slots=True dataclasses (#12530)
  • [pyupgrade] Use colon rather than dot formatting for integer-only types (#12534)
  • Fix NFKC normalization bug when removing unused imports (#12571)

Other changes

  • Consider more stdlib decorators to be property-like (#12583)
  • Improve handling of metaclasses in various linter rules (#12579)
  • Improve consistency between linter rules in determining whether a function is property (#12581)
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 3 months ago

Dependency Review

The following issues were found:

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1be04b5626d00602253b743f41716d7da843fddb.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
mypy1.11.1MIT AND NOASSERTION AND Python-2.0Invalid SPDX License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, MIT, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

PackageVersionScoreDetails
pip/black 24.8.0 :green_circle: 6.6
Details
CheckScoreReason
Code-Review:green_circle: 8Found 17/20 approved changesets -- score normalized to 8
Maintained:green_circle: 1023 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Security-Policy:green_circle: 10security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/coverage 7.6.1 :green_circle: 8.6
Details
CheckScoreReason
Code-Review:warning: 1Found 3/24 approved changesets -- score normalized to 1
Maintained:green_circle: 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
License:green_circle: 10license file detected
CII-Best-Practices:green_circle: 5badge detected: Passing
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies:green_circle: 5dependency not pinned by hash detected -- score normalized to 5
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Fuzzing:green_circle: 10project is fuzzed
Signed-Releases:warning: -1no releases found
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
pip/mypy 1.11.1 :green_circle: 5.4
Details
CheckScoreReason
Code-Review:green_circle: 6Found 19/28 approved changesets -- score normalized to 6
Maintained:green_circle: 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts:green_circle: 10no binaries found in the repo
Fuzzing:warning: 0project is not fuzzed
Security-Policy:warning: 0security policy file not detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
pip/ruff 0.5.6 UnknownUnknown

Scanned Manifest Files

poetry.lock
  • black@24.8.0
  • coverage@7.6.1
  • mypy@1.11.1
  • ruff@0.5.6
  • black@24.4.2
  • coverage@7.6.0
  • mypy@1.11.0
  • ruff@0.5.5
github-actions[bot] commented 3 months ago

Conventional Commits Report

Type Number
Dependencies 1

:rocket: Conventional commits found.

codecov[bot] commented 3 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 97.57%. Comparing base (6ff2a66) to head (1be04b5). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1164 +/- ## ======================================= Coverage 97.57% 97.57% ======================================= Files 65 65 Lines 4544 4544 Branches 832 832 ======================================= Hits 4434 4434 Misses 74 74 Partials 36 36 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.