search

greenbone / python-gvm

Greenbone Vulnerability Management Python Library
https://greenbone.github.io/python-gvm/
GNU General Public License v3.0
106 stars 60 forks source link

Deps: Bump the python-packages group with 3 updates #1167

Closed dependabot[bot] closed 4 weeks ago

dependabot[bot] commented 1 month ago

Bumps the python-packages group with 3 updates: ruff, soupsieve and tomlkit.

Updates ruff from 0.5.7 to 0.6.1

Release notes

Sourced from ruff's releases.

0.6.1

Release Notes

This is a hotfix release to address an issue with ruff-pre-commit. In v0.6, Ruff changed its behavior to lint and format Jupyter notebooks by default; however, due to an oversight, these files were still excluded by default if Ruff was run via pre-commit, leading to inconsistent behavior. This has now been fixed.

Preview features

  • [fastapi] Implement fast-api-unused-path-parameter (FAST003) (#12638)

Rule changes

  • [pylint] Rename too-many-positional to too-many-positional-arguments (R0917) (#12905)

Server

  • Fix crash when applying "fix-all" code-action to notebook cells (#12929)

Other changes

  • [flake8-naming]: Respect import conventions (N817) (#12922)

Contributors

Install ruff 0.6.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.6.1/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/astral-sh/ruff/releases/download/0.6.1/ruff-installer.ps1 | iex"

Download ruff 0.6.1

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.1

This is a hotfix release to address an issue with ruff-pre-commit. In v0.6, Ruff changed its behavior to lint and format Jupyter notebooks by default; however, due to an oversight, these files were still excluded by default if Ruff was run via pre-commit, leading to inconsistent behavior. This has now been fixed.

Preview features

  • [fastapi] Implement fast-api-unused-path-parameter (FAST003) (#12638)

Rule changes

  • [pylint] Rename too-many-positional to too-many-positional-arguments (R0917) (#12905)

Server

  • Fix crash when applying "fix-all" code-action to notebook cells (#12929)

Other changes

  • [flake8-naming]: Respect import conventions (N817) (#12922)

0.6.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

  • Lint and format Jupyter Notebook by default (#12878).
  • Detect imports in src layouts by default for isort rules (#12848)
  • The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838).

Deprecations

The following rules are now deprecated:

Remapped rules

The following rules have been remapped to new rule codes:

... (truncated)

Commits


Updates soupsieve from 2.5 to 2.6

Release notes

Sourced from soupsieve's releases.

2.6

  • NEW: Add official support for Python 3.13.
  • NEW: Add support for & as scoping root per the CSS Nesting Module, Level 1. When & is used outside the context of nesting, it is treated as the scoping root (equivalent to :scope).
  • FIX: Improve error message when an unrecognized pseudo-class is used.
Commits


Updates tomlkit from 0.13.0 to 0.13.2

Release notes

Sourced from tomlkit's releases.

0.13.2

What's Changed

Full Changelog: https://github.com/python-poetry/tomlkit/compare/0.13.1...0.13.2

0.13.1

What's Changed

New Contributors

Full Changelog: https://github.com/python-poetry/tomlkit/compare/0.13.0...0.13.1

Changelog

Sourced from tomlkit's changelog.

[0.13.2] - 2024-08-14

Fixed

  • Fix deleting keys from an out-of-order table does not remove all table parts. (#379)

[0.13.1] - 2024-08-14

Fixed

  • Fix the Table.is_super_table() check for tables with dotted key as the only child. (#374)
  • Count table as a super table if it has children and all children are either tables or arrays of tables. (#377)
Commits
  • e6e5d38 fix: delete keys from out of order table (#379)
  • 8c1671a chore: bump version to 0.13.1
  • 28fe6ec fix: Empty table dumped when number of subtables > 1 (#378)
  • 168cb22 [pre-commit.ci] pre-commit autoupdate (#376)
  • 3594bdf [pre-commit.ci] pre-commit autoupdate (#372)
  • 8b288a5 fix: Table header missing (#375)
  • b1b38b3 Merge branch 'master' of github.com:python-poetry/tomlkit
  • 507ca76 doc: upgrade docs requirements
  • c35ab33 [pre-commit.ci] pre-commit autoupdate (#369)
  • 2344a42 Add tomlkit.dump() example (#370)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 1 month ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 65fd31daed085931e35ea1feb4095b7f49f904c5.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/ruff 0.6.1 UnknownUnknown
pip/soupsieve 2.6 :green_circle: 5.8
Details
CheckScoreReason
Maintained:warning: 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review:warning: 1Found 3/25 approved changesets -- score normalized to 1
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Security-Policy:green_circle: 10security policy file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases:warning: -1no releases found
Fuzzing:green_circle: 10project is fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Packaging:green_circle: 10packaging workflow detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
pip/tomlkit 0.13.2 UnknownUnknown

Scanned Manifest Files

poetry.lock
  • ruff@0.6.1
  • soupsieve@2.6
  • tomlkit@0.13.2
  • ruff@0.5.7
  • soupsieve@2.5
  • tomlkit@0.13.0
github-actions[bot] commented 1 month ago

Conventional Commits Report

Type Number
Dependencies 1

:rocket: Conventional commits found.