github-actions[bot]
commented
8 months ago 🦙 MegaLinter status: ⚠️ WARNING
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ⚠️ ACTION | actionlint | 4 | 3 | 0.27s | |
| ✅ COPYPASTE | jscpd | yes | no | 2.29s | |
| ⚠️ DOCKERFILE | hadolint | 2 | 1 | 0.09s | |
| ✅ JSON | eslint-plugin-jsonc | 3 | 0 | 0 | 1.49s |
| ✅ JSON | jsonlint | 3 | 0 | 0.17s | |
| ✅ JSON | prettier | 3 | 0 | 0 | 0.8s |
| ✅ JSON | v8r | 3 | 0 | 4.3s | |
| ⚠️ MAKEFILE | checkmake | 1 | 1 | 0.01s | |
| ⚠️ MARKDOWN | markdownlint | 12 | 0 | 18 | 1.52s |
| ✅ MARKDOWN | markdown-table-formatter | 12 | 0 | 0 | 0.39s |
| ✅ PYTHON | bandit | 6 | 0 | 1.34s | |
| ✅ PYTHON | black | 6 | 0 | 0 | 1.07s |
| ✅ PYTHON | flake8 | 6 | 0 | 0.43s | |
| ✅ PYTHON | isort | 6 | 0 | 0 | 0.35s |
| ⚠️ PYTHON | mypy | 6 | 5 | 8.86s | |
| ✅ PYTHON | pylint | 6 | 0 | 4.16s | |
| ⚠️ PYTHON | pyright | 6 | 8 | 10.33s | |
| ✅ PYTHON | ruff | 6 | 0 | 0 | 0.05s |
| ✅ REPOSITORY | checkov | yes | no | 12.95s | |
| ✅ REPOSITORY | gitleaks | yes | no | 2.66s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.05s | |
| ✅ REPOSITORY | grype | yes | no | 13.63s | |
| ✅ REPOSITORY | secretlint | yes | no | 1.28s | |
| ✅ REPOSITORY | trivy | yes | no | 6.2s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 2.96s | |
| ✅ REPOSITORY | trufflehog | yes | no | 4.52s | |
| ✅ SPELL | cspell | 47 | 0 | 5.24s | |
| ✅ SPELL | lychee | 29 | 0 | 1.13s | |
| ✅ YAML | prettier | 14 | 0 | 0 | 1.42s |
| ✅ YAML | v8r | 14 | 0 | 19.41s | |
| ✅ YAML | yamllint | 14 | 0 | 0.47s |
See detailed report in MegaLinter reports
_MegaLinter is graciously provided by 
_
This PR contains the following updates:
v3.3.2->v3.3.31.7.6->1.7.71.7.6->1.7.74.12.2->4.12.3==4.12.2->==4.12.37.4.0->7.4.17.4.0->7.4.12.1.4->2.2.03.6.0->3.6.23.6.0->3.6.23.12.1-alpine3.18->3.12.2-alpine3.183.15.0->3.15.13.15.0->3.15.1Release Notes
actions/cache (actions/cache)
### [`v3.3.3`](https://togithub.com/actions/cache/releases/tag/v3.3.3) [Compare Source](https://togithub.com/actions/cache/compare/v3.3.2...v3.3.3) #### What's Changed - Cache v3.3.3 by [@robherley](https://togithub.com/robherley) in [https://github.com/actions/cache/pull/1302](https://togithub.com/actions/cache/pull/1302) #### New Contributors - [@robherley](https://togithub.com/robherley) made their first contribution in [https://github.com/actions/cache/pull/1302](https://togithub.com/actions/cache/pull/1302) **Full Changelog**: https://github.com/actions/cache/compare/v3...v3.3.3PyCQA/bandit (bandit)
### [`v1.7.7`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://togithub.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://togithub.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://togithub.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@costaparas](https://togithub.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://togithub.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@kajinamit](https://togithub.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://togithub.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://togithub.com/PyCQA/bandit/pull/1089) - Create a security policy by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://togithub.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://togithub.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://togithub.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://togithub.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://togithub.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://togithub.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://togithub.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://togithub.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://togithub.com/PyCQA/bandit/pull/1104) #### New Contributors - [@kajinamit](https://togithub.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://togithub.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7nedbat/coveragepy (coverage)
### [`v7.4.1`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-741--2024-01-26) [Compare Source](https://togithub.com/nedbat/coveragepy/compare/7.4.0...7.4.1) - Python 3.13.0a3 is supported. - Fix: the JSON report now includes an explicit format version number, closing `issue 1732`\_. .. \_issue 1732:[https://github.com/nedbat/coveragepy/issues/1732](https://togithub.com/nedbat/coveragepy/issues/1732)2 .. \_changes\_7-4-0:pandas-dev/pandas (pandas)
### [`v2.2.0`](https://togithub.com/pandas-dev/pandas/compare/v2.1.4...v2.2.0) [Compare Source](https://togithub.com/pandas-dev/pandas/compare/v2.1.4...v2.2.0)pre-commit/pre-commit (pre-commit)
### [`v3.6.2`](https://togithub.com/pre-commit/pre-commit/blob/HEAD/CHANGELOG.md#362---2024-02-18) [Compare Source](https://togithub.com/pre-commit/pre-commit/compare/v3.6.1...v3.6.2) \================== ##### Fixes - Fix building golang hooks during `git commit --all`. - [#3130](https://togithub.com/pre-commit/pre-commit/issues/3130) PR by [@asottile](https://togithub.com/asottile). - [#2722](https://togithub.com/pre-commit/pre-commit/issues/2722) issue by [@pestanko](https://togithub.com/pestanko) and [@matthewhughes934](https://togithub.com/matthewhughes934). ### [`v3.6.1`](https://togithub.com/pre-commit/pre-commit/blob/HEAD/CHANGELOG.md#361---2024-02-10) [Compare Source](https://togithub.com/pre-commit/pre-commit/compare/v3.6.0...v3.6.1) \================== ##### Fixes - Remove `PYTHONEXECUTABLE` from environment when running. - [#3110](https://togithub.com/pre-commit/pre-commit/issues/3110) PR by [@untitaker](https://togithub.com/untitaker). - Handle staged-files-only with only a crlf diff. - [#3126](https://togithub.com/pre-commit/pre-commit/issues/3126) PR by [@asottile](https://togithub.com/asottile). - issue by [@tyyrok](https://togithub.com/tyyrok).asottile/pyupgrade (pyupgrade)
### [`v3.15.1`](https://togithub.com/asottile/pyupgrade/compare/v3.15.0...v3.15.1) [Compare Source](https://togithub.com/asottile/pyupgrade/compare/v3.15.0...v3.15.1)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.