From 5533da431f74dd361eb57fb46c503434c05b83c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 05:08:13 +0000 Subject: [PATCH 01/46] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `github/codeql-action` from 3.25.7 to 3.25.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f079b8493333aace61c81488f8bd40919487bd9f...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff) Updates `super-linter/super-linter` from 6.5.1 to 6.6.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/5b638caee6ba65e25e07143887b669a1233847a0...88ea3923a7e1f89dd485d079f6eb5f5e8f937589) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- .github/workflows/super-linter.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4fec5d0..566a721 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 42c8584..0ba7efb 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -28,7 +28,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@5b638caee6ba65e25e07143887b669a1233847a0 + uses: super-linter/super-linter@88ea3923a7e1f89dd485d079f6eb5f5e8f937589 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From a60c7d0bb4eeebf81b908999439eed293f8d91cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 05:55:37 +0000 Subject: [PATCH 02/46] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [pylint](https://github.com/pylint-dev/pylint) and [pytest](https://github.com/pytest-dev/pytest). Updates `pylint` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.2.2...v3.2.3) Updates `pytest` from 8.2.1 to 8.2.2 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.2.1...8.2.2) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-test.txt b/requirements-test.txt index 9383373..2221af1 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,7 +2,7 @@ black==24.4.2 flake8==7.0.0 mypy==1.10.0 mypy-extensions==1.0.0 -pylint==3.2.2 -pytest==8.2.1 +pylint==3.2.3 +pytest==8.2.2 pytest-cov==5.0.0 types-requests==2.32.0.20240602 From ae4f3ec518840ab3d7b9c8ed680856d6c62aff19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 15:19:10 +0000 Subject: [PATCH 03/46] chore(deps): bump python from `afc139a` to `e3ae8cf` Bumps python from `afc139a` to `e3ae8cf`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 79a5e56..1a3e079 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:afc139a0a640942491ec481ad8dda10f2c5b753f5c969393b12480155fe15a63 +FROM python:3.12-slim@sha256:e3ae8cf03c4f0abbfef13a8147478a7cd92798a94fa729a36a185d9106cbae32 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From a06c7b14053b37dd6654c25820616c54cdc012a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 05:45:44 +0000 Subject: [PATCH 04/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) Updates `docker/build-push-action` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/2cdde995de11925a030ce8070c3d77a52ffcf1c0...ca052bb54ab0790a636c9b5f226502c73d547a25) Updates `github/codeql-action` from 3.25.8 to 3.25.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2e230e8fe0ad3a14a340ad0815ddb96d599d2aff...23acc5c183826b7a8a97bce3cecc52db901f8251) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-ci.yml | 2 +- .github/workflows/major-version-updater.yml | 2 +- .github/workflows/python-ci.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/super-linter.yaml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 49fa3b2..b7f9ceb 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -16,6 +16,6 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build the Docker image run: docker build . --file Dockerfile --platform linux/amd64 diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 76bf51e..7094234 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -15,7 +15,7 @@ jobs: contents: write steps: - name: Checkout Repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: version id: version diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 6a775b7..9c5c11d 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -21,7 +21,7 @@ jobs: python-version: [3.11, 3.12] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71eccb9..3c023c6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,10 +60,10 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 566a721..50b6f3a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 0ba7efb..6b4085a 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Install dependencies From cfa69900ecd6fd1bfb3d4bafdb01f8e5b1685337 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 05:47:50 +0000 Subject: [PATCH 05/46] chore(deps): bump flake8 from 7.0.0 to 7.1.0 in the dependencies group Bumps the dependencies group with 1 update: [flake8](https://github.com/pycqa/flake8). Updates `flake8` from 7.0.0 to 7.1.0 - [Commits](https://github.com/pycqa/flake8/compare/7.0.0...7.1.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 2221af1..e0ed2cc 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,5 +1,5 @@ black==24.4.2 -flake8==7.0.0 +flake8==7.1.0 mypy==1.10.0 mypy-extensions==1.0.0 pylint==3.2.3 From 0e290de9723951e7f50ba093895c39927ee3d643 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 05:50:14 +0000 Subject: [PATCH 06/46] chore(deps): bump python from `e3ae8cf` to `2fba8e7` Bumps python from `e3ae8cf` to `2fba8e7`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1a3e079..7d3e102 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:e3ae8cf03c4f0abbfef13a8147478a7cd92798a94fa729a36a185d9106cbae32 +FROM python:3.12-slim@sha256:2fba8e70a87bcc9f6edd20dda0a1d4adb32046d2acbca7361bc61da5a106a914 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 0417a8690e7d940ffd47093d2fc59df9bd71fc9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 05:16:34 +0000 Subject: [PATCH 07/46] chore(deps): bump docker/build-push-action from 5.4.0 to 6.1.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.4.0 to 6.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca052bb54ab0790a636c9b5f226502c73d547a25...31159d49c0d4756269a0940a750801a1ea5d7003) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3c023c6..09f7795 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 + uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 with: context: . file: ./Dockerfile From 1a5be39429474e2eaed59cb51d07fad19c253d4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 05:58:17 +0000 Subject: [PATCH 08/46] chore(deps): bump types-requests from 2.32.0.20240602 to 2.32.0.20240622 Bumps [types-requests](https://github.com/python/typeshed) from 2.32.0.20240602 to 2.32.0.20240622. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index e0ed2cc..f548f84 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -5,4 +5,4 @@ mypy-extensions==1.0.0 pylint==3.2.3 pytest==8.2.2 pytest-cov==5.0.0 -types-requests==2.32.0.20240602 +types-requests==2.32.0.20240622 From 2416c0536e66ecd88379ad2efb081e477643ef64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 05:22:52 +0000 Subject: [PATCH 09/46] chore(deps): bump python from `2fba8e7` to `da2d7af` Bumps python from `2fba8e7` to `da2d7af`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7d3e102..2a9a90b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:2fba8e70a87bcc9f6edd20dda0a1d4adb32046d2acbca7361bc61da5a106a914 +FROM python:3.12-slim@sha256:da2d7af143dab7cd5b0d5a5c9545fe14e67fc24c394fcf1cf15e8ea16cbd8637 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 9b07ab5d84beb8f8b1ef1d79dd0413a9eb16f197 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 05:39:44 +0000 Subject: [PATCH 10/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request), [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `amannn/action-semantic-pull-request` from 5.5.2 to 5.5.3 - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/cfb60706e18bc85e8aec535e3c577abe8f70378e...0723387faaf9b38adef4775cd42cfd5155ed6017) Updates `docker/build-push-action` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/31159d49c0d4756269a0940a750801a1ea5d7003...15560696de535e4014efeff63c48f16952e52dd1) Updates `github/codeql-action` from 3.25.10 to 3.25.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/23acc5c183826b7a8a97bce3cecc52db901f8251...b611370bb5703a7efb587f9d136a52ea24c5c38c) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/pr-title.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index ccefc81..68d25c7 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -17,7 +17,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 09f7795..ea667d2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 50b6f3a..0c68758 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif From 3709ad03f6ed6d6adbdf3ab74c677f5c7f01157d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 05:55:03 +0000 Subject: [PATCH 11/46] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [mypy](https://github.com/python/mypy) and [pylint](https://github.com/pylint-dev/pylint). Updates `mypy` from 1.10.0 to 1.10.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.10.0...v1.10.1) Updates `pylint` from 3.2.3 to 3.2.5 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.2.3...v3.2.5) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-test.txt b/requirements-test.txt index f548f84..bd40d44 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,8 +1,8 @@ black==24.4.2 flake8==7.1.0 -mypy==1.10.0 +mypy==1.10.1 mypy-extensions==1.0.0 -pylint==3.2.3 +pylint==3.2.5 pytest==8.2.2 pytest-cov==5.0.0 types-requests==2.32.0.20240622 From cc161471e2eff5bd783c90ab025d7d6db5ceacc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 05:38:44 +0000 Subject: [PATCH 12/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [docker/build-push-action](https://github.com/docker/build-push-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `docker/setup-buildx-action` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/d70bba72b1f3fd22344832f00baa16ece964efeb...4fd812986e6c8c2a69e18311145f9371337f27d4) Updates `docker/build-push-action` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/15560696de535e4014efeff63c48f16952e52dd1...1a162644f9a7e87d8f4b053101d1d9a712edc18c) Updates `actions/upload-artifact` from 4.3.3 to 4.3.4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...0b2256b8c012f0828dc542b3febcab082c67f72b) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ea667d2..bf12856 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: IMAGE_NAME: ${{ github.repository }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 - name: Log in to the Container registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 with: @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0c68758..130ed21 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From 909d0350eaa5fda571cf1c6d6f08771cfca98def Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 05:59:51 +0000 Subject: [PATCH 13/46] chore(deps): bump python from `da2d7af` to `d5f1674` Bumps python from `da2d7af` to `d5f1674`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2a9a90b..c960baf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:da2d7af143dab7cd5b0d5a5c9545fe14e67fc24c394fcf1cf15e8ea16cbd8637 +FROM python:3.12-slim@sha256:d5f16749562233aa4bd26538771d76bf0dfd0a0ea7ea8771985e267451397ae4 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 3f79a23b82ac2d2a4c774551312d9e3a3b107842 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 05:07:41 +0000 Subject: [PATCH 14/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python), [github/codeql-action](https://github.com/github/codeql-action) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `actions/setup-python` from 5.1.0 to 5.1.1 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/82c7e631bb3cdc910f68e0081d67478d79c6982d...39cd14951b08e74b54015e9e001cdefcf80e669f) Updates `github/codeql-action` from 3.25.11 to 3.25.12 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7efb587f9d136a52ea24c5c38c...4fa2a7953630fd2f3fb380f21be14ede0169dd4f) Updates `super-linter/super-linter` from 6.6.0 to 6.7.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/88ea3923a7e1f89dd485d079f6eb5f5e8f937589...3fe03abab2eafb293ace16d4a3b07aeabcb3f1a0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/python-ci.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/super-linter.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 9c5c11d..867c588 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 130ed21..c3055ff 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 6b4085a..1506822 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -28,7 +28,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@88ea3923a7e1f89dd485d079f6eb5f5e8f937589 + uses: super-linter/super-linter@3fe03abab2eafb293ace16d4a3b07aeabcb3f1a0 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From eba6b24f6ff39b80770723fa771e8bc8de11cb47 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 05:44:42 +0000 Subject: [PATCH 15/46] chore(deps): bump types-requests from 2.32.0.20240622 to 2.32.0.20240712 Bumps [types-requests](https://github.com/python/typeshed) from 2.32.0.20240622 to 2.32.0.20240712. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index bd40d44..707d461 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -5,4 +5,4 @@ mypy-extensions==1.0.0 pylint==3.2.5 pytest==8.2.2 pytest-cov==5.0.0 -types-requests==2.32.0.20240622 +types-requests==2.32.0.20240712 From c48c7cba0628b94f1feda4a61f234797b3d13384 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 06:00:00 +0000 Subject: [PATCH 16/46] chore(deps): bump python from `d5f1674` to `f11725a` Bumps python from `d5f1674` to `f11725a`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c960baf..8707a74 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:d5f16749562233aa4bd26538771d76bf0dfd0a0ea7ea8771985e267451397ae4 +FROM python:3.12-slim@sha256:f11725aba18c19664a408902103365eaf8013823ffc56270f921d1dc78a198cb LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From ad3ddeb25b7494364f94918ac349004921caedbe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 05:54:21 +0000 Subject: [PATCH 17/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [mypy](https://github.com/python/mypy), [pylint](https://github.com/pylint-dev/pylint) and [pytest](https://github.com/pytest-dev/pytest). Updates `mypy` from 1.10.1 to 1.11.0 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.10.1...v1.11) Updates `pylint` from 3.2.5 to 3.2.6 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.2.5...v3.2.6) Updates `pytest` from 8.2.2 to 8.3.1 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.2.2...8.3.1) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements-test.txt b/requirements-test.txt index 707d461..d41c320 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,8 +1,8 @@ black==24.4.2 flake8==7.1.0 -mypy==1.10.1 +mypy==1.11.0 mypy-extensions==1.0.0 -pylint==3.2.5 -pytest==8.2.2 +pylint==3.2.6 +pytest==8.3.1 pytest-cov==5.0.0 types-requests==2.32.0.20240712 From 751de7548f12f14961d7d690ea70c37abb9033fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 06:00:13 +0000 Subject: [PATCH 18/46] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/build-push-action` from 6.3.0 to 6.4.1 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/1a162644f9a7e87d8f4b053101d1d9a712edc18c...1ca370b3a9802c92e886402e0dd88098a2533b12) Updates `github/codeql-action` from 3.25.12 to 3.25.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4fa2a7953630fd2f3fb380f21be14ede0169dd4f...2d790406f505036ef40ecba973cc774a50395aac) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bf12856..df63ec3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c3055ff..862ec66 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif From 0ddf75ea58ac0f037e9e598191c71d0ebc76fcdf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:19:13 +0000 Subject: [PATCH 19/46] chore(deps): bump python from `f11725a` to `740d94a` Bumps python from `f11725a` to `740d94a`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8707a74..aac97fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:f11725aba18c19664a408902103365eaf8013823ffc56270f921d1dc78a198cb +FROM python:3.12-slim@sha256:740d94a19218c8dd584b92f804b1158f85b0d241e5215ea26ed2dcade2b9d138 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From aa1d37a59d88a3d087ae2470d22f7f7500b98783 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:41:47 +0000 Subject: [PATCH 20/46] chore(deps): bump pytest from 8.3.1 to 8.3.2 in the dependencies group Bumps the dependencies group with 1 update: [pytest](https://github.com/pytest-dev/pytest). Updates `pytest` from 8.3.1 to 8.3.2 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.3.1...8.3.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index d41c320..fe77536 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -3,6 +3,6 @@ flake8==7.1.0 mypy==1.11.0 mypy-extensions==1.0.0 pylint==3.2.6 -pytest==8.3.1 +pytest==8.3.2 pytest-cov==5.0.0 types-requests==2.32.0.20240712 From c7e957def3ce6d186ee69e9111d97c8eaf7efeb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:51:52 +0000 Subject: [PATCH 21/46] chore(deps): bump the dependencies group with 5 updates Bumps the dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.4.0` | `3.5.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.4.1` | `6.5.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.13` | `3.25.15` | Updates `docker/setup-buildx-action` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4fd812986e6c8c2a69e18311145f9371337f27d4...aa33708b10e362ff993539393ff100fa93ed6a27) Updates `docker/login-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/0d4c9c5ea7693da7b068278f7b52bda2a190a446...9780b0c442fbb1117ed29e0efdff1e18412f7567) Updates `docker/build-push-action` from 6.4.1 to 6.5.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/1ca370b3a9802c92e886402e0dd88098a2533b12...5176d81f87c23d6fc96624dfdbcd9f3830bbe445) Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) Updates `github/codeql-action` from 3.25.13 to 3.25.15 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef40ecba973cc774a50395aac...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df63ec3..9d5145b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,9 +53,9 @@ jobs: IMAGE_NAME: ${{ github.repository }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 + uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 - name: Log in to the Container registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 862ec66..767f270 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From f7440a6ec22d74870953fad4ae0ad6df94891f92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:09:14 +0000 Subject: [PATCH 22/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [black](https://github.com/psf/black), [flake8](https://github.com/pycqa/flake8) and [mypy](https://github.com/python/mypy). Updates `black` from 24.4.2 to 24.8.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/24.4.2...24.8.0) Updates `flake8` from 7.1.0 to 7.1.1 - [Commits](https://github.com/pycqa/flake8/compare/7.1.0...7.1.1) Updates `mypy` from 1.11.0 to 1.11.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.11...v1.11.1) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: flake8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements-test.txt b/requirements-test.txt index fe77536..6914185 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,6 +1,6 @@ -black==24.4.2 -flake8==7.1.0 -mypy==1.11.0 +black==24.8.0 +flake8==7.1.1 +mypy==1.11.1 mypy-extensions==1.0.0 pylint==3.2.6 pytest==8.3.2 From 5354cfc739f106e008558f4e85fa973a491e0f1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:32:52 +0000 Subject: [PATCH 23/46] chore(deps): bump python from `740d94a` to `a3e58f9` Bumps python from `740d94a` to `a3e58f9`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index aac97fa..335cdca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:740d94a19218c8dd584b92f804b1158f85b0d241e5215ea26ed2dcade2b9d138 +FROM python:3.12-slim@sha256:a3e58f9399353be051735f09be0316bfdeab571a5c6a24fd78b92df85bcb2d85 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 29defb95ac24b10c754027b85a3327907bcfbb21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:59:59 +0000 Subject: [PATCH 24/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `docker/setup-buildx-action` from 3.5.0 to 3.6.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/aa33708b10e362ff993539393ff100fa93ed6a27...988b5a0280414f521da01fcc63a27aeeb4b104db) Updates `actions/upload-artifact` from 4.3.4 to 4.3.5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b2256b8c012f0828dc542b3febcab082c67f72b...89ef406dd8d7e03cfd12d9e0a4a378f454709029) Updates `super-linter/super-linter` from 6.7.0 to 6.8.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/3fe03abab2eafb293ace16d4a3b07aeabcb3f1a0...b4515bd4ad9d0aa4681960e053916ab991bdbe96) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/super-linter.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9d5145b..03eae72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: IMAGE_NAME: ${{ github.repository }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - name: Log in to the Container registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 767f270..2e1a7d8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 1506822..6bc3b97 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -28,7 +28,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@3fe03abab2eafb293ace16d4a3b07aeabcb3f1a0 + uses: super-linter/super-linter@b4515bd4ad9d0aa4681960e053916ab991bdbe96 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 092d2f1fe0d7445e1c2548db161b9eeee7a25252 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 05:21:44 +0000 Subject: [PATCH 25/46] chore(deps): bump python from `a3e58f9` to `105e9d8` Bumps python from `a3e58f9` to `105e9d8`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 335cdca..b7304e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:a3e58f9399353be051735f09be0316bfdeab571a5c6a24fd78b92df85bcb2d85 +FROM python:3.12-slim@sha256:105e9d85a67db1602e70fa2bbb49c1e66bae7e3bdcb6259344fe8ca116434f74 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From a38f9faf6b2ee44317270cf588b5ff38ae52e824 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 05:40:38 +0000 Subject: [PATCH 26/46] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [docker/build-push-action](https://github.com/docker/build-push-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/build-push-action` from 6.5.0 to 6.6.1 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/5176d81f87c23d6fc96624dfdbcd9f3830bbe445...16ebe778df0e7752d2cfcbd924afdbbd89c1a755) Updates `actions/upload-artifact` from 4.3.5 to 4.3.6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/89ef406dd8d7e03cfd12d9e0a4a378f454709029...834a144ee995460fba8ed112a2fc961b36a5ec5a) Updates `github/codeql-action` from 3.25.15 to 3.26.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...eb055d739abdc2e8de2e5f4ba1a8b246daa779aa) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03eae72..648ec03 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 + uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2e1a7d8..3dd1e00 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,12 +36,12 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From 880f2774a5c372fe93dc0952b16f0dc58fedbd4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 05:11:57 +0000 Subject: [PATCH 27/46] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/build-push-action` from 6.6.1 to 6.7.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/16ebe778df0e7752d2cfcbd924afdbbd89c1a755...5cd11c3a4ced054e52742c5fd54dca954e0edd85) Updates `github/codeql-action` from 3.26.0 to 3.26.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/eb055d739abdc2e8de2e5f4ba1a8b246daa779aa...429e1977040da7a23b6822b13c129cd1ba93dbb2) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 648ec03..735b147 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3dd1e00..219cb62 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif From 50f607833ba58254058e389f622d37ee82dc02c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 05:27:12 +0000 Subject: [PATCH 28/46] chore(deps): bump python from `105e9d8` to `59c7332` Bumps python from `105e9d8` to `59c7332`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b7304e9..71bca68 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:105e9d85a67db1602e70fa2bbb49c1e66bae7e3bdcb6259344fe8ca116434f74 +FROM python:3.12-slim@sha256:59c7332a4a24373861c4a5f0eec2c92b87e3efeb8ddef011744ef9a751b1d11c LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From c3c7351e36b1143a7ef6bac0553ecbf5dcbdf72b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 05:12:01 +0000 Subject: [PATCH 29/46] chore(deps): bump super-linter/super-linter from 6.8.0 to 7.0.0 Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 6.8.0 to 7.0.0. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/b4515bd4ad9d0aa4681960e053916ab991bdbe96...02a1172d274f021e4c70f66e23f1085eadd1064b) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/super-linter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 6bc3b97..7cbc47d 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -28,7 +28,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@b4515bd4ad9d0aa4681960e053916ab991bdbe96 + uses: super-linter/super-linter@02a1172d274f021e4c70f66e23f1085eadd1064b env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From bb454e632e0ce82c58a0cf11344b0ba8b372a78a Mon Sep 17 00:00:00 2001 From: jmeridth Date: Mon, 19 Aug 2024 07:49:02 -0500 Subject: [PATCH 30/46] fix: run prettier on all files suggested by new version of super-linter Signed-off-by: jmeridth --- .github/linters/.jscpd.json | 6 +- .github/pull_request_template.md | 4 +- .github/release-drafter.yml | 80 ++++++++++----------- .github/workflows/auto-labeler.yml | 2 +- .github/workflows/contributors_report.yaml | 2 +- .github/workflows/docker-ci.yml | 5 +- .github/workflows/major-version-updater.yml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/python-ci.yml | 4 +- .github/workflows/release.yml | 4 +- .github/workflows/scorecard.yml | 4 +- .github/workflows/stale.yaml | 8 +-- .github/workflows/super-linter.yaml | 2 +- .vscode/settings.json | 16 ++--- CONTRIBUTING.md | 8 ++- README.md | 39 +++++----- action.yml | 14 ++-- 17 files changed, 102 insertions(+), 100 deletions(-) diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json index 225b930..b67b860 100644 --- a/.github/linters/.jscpd.json +++ b/.github/linters/.jscpd.json @@ -1,7 +1,5 @@ { "threshold": 25, - "ignore": [ - "test*" - ], + "ignore": ["test*"], "absolute": true -} \ No newline at end of file +} diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 2a36620..f78f37f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,5 +1,6 @@ # Pull Request - ## Proposed Changes + ## Readiness Checklist diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index f5a529b..8dab22f 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -1,6 +1,6 @@ --- -name-template: 'v$RESOLVED_VERSION' -tag-template: 'v$RESOLVED_VERSION' +name-template: "v$RESOLVED_VERSION" +tag-template: "v$RESOLVED_VERSION" template: | # Changelog $CHANGES @@ -8,61 +8,61 @@ template: | See details of [all code changes](https://github.com/github/cleanowners/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release categories: - - title: '🚀 Features' + - title: "🚀 Features" labels: - - 'feature' - - 'enhancement' - - title: '🐛 Bug Fixes' + - "feature" + - "enhancement" + - title: "🐛 Bug Fixes" labels: - - 'fix' - - 'bugfix' - - 'bug' - - title: '🧰 Maintenance' + - "fix" + - "bugfix" + - "bug" + - title: "🧰 Maintenance" labels: - - 'infrastructure' - - 'automation' - - 'documentation' - - 'dependencies' - - 'maintenance' - - 'revert' - - title: '🏎 Performance' - label: 'performance' -change-template: '- $TITLE @$AUTHOR (#$NUMBER)' + - "infrastructure" + - "automation" + - "documentation" + - "dependencies" + - "maintenance" + - "revert" + - title: "🏎 Performance" + label: "performance" +change-template: "- $TITLE @$AUTHOR (#$NUMBER)" version-resolver: major: labels: - - 'breaking' + - "breaking" minor: labels: - - 'enhancement' - - 'fix' + - "enhancement" + - "fix" patch: labels: - - 'documentation' - - 'maintenance' + - "documentation" + - "maintenance" default: patch autolabeler: - - label: 'automation' + - label: "automation" title: - - '/^(build|ci|perf|refactor|test).*/i' - - label: 'enhancement' + - "/^(build|ci|perf|refactor|test).*/i" + - label: "enhancement" title: - - '/^(style).*/i' - - label: 'documentation' + - "/^(style).*/i" + - label: "documentation" title: - - '/^(docs).*/i' - - label: 'feature' + - "/^(docs).*/i" + - label: "feature" title: - - '/^(feat).*/i' - - label: 'fix' + - "/^(feat).*/i" + - label: "fix" title: - - '/^(fix).*/i' - - label: 'infrastructure' + - "/^(fix).*/i" + - label: "infrastructure" title: - - '/^(infrastructure).*/i' - - label: 'maintenance' + - "/^(infrastructure).*/i" + - label: "maintenance" title: - - '/^(chore|maintenance).*/i' - - label: 'revert' + - "/^(chore|maintenance).*/i" + - label: "revert" title: - - '/^(revert).*/i' + - "/^(revert).*/i" diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 7ee1928..9fe305e 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -4,7 +4,7 @@ name: Auto Labeler on: # pull_request_target event is required for autolabeler to support all PRs including forks pull_request_target: - types: [ opened, reopened, edited, synchronize ] + types: [opened, reopened, edited, synchronize] permissions: contents: read diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml index 7e3f4d1..34e8f19 100644 --- a/.github/workflows/contributors_report.yaml +++ b/.github/workflows/contributors_report.yaml @@ -3,7 +3,7 @@ name: Monthly contributor report on: workflow_dispatch: schedule: - - cron: '3 2 1 * *' + - cron: "3 2 1 * *" permissions: contents: read diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index b7f9ceb..5f82994 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -3,16 +3,15 @@ name: Docker Image CI on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] permissions: contents: read jobs: build: - runs-on: ubuntu-latest steps: diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 7094234..23271bb 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -3,7 +3,7 @@ name: Major Version Updater # Whenever a new release is made, push a major version tag on: release: - types: [ published ] + types: [published] permissions: contents: read diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 68d25c7..4e6ec94 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -4,7 +4,7 @@ name: "Lint PR" on: pull_request_target: - types: [ opened, reopened, edited, synchronize] + types: [opened, reopened, edited, synchronize] permissions: contents: read diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 867c588..e805832 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -6,9 +6,9 @@ name: Python package on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] permissions: contents: read diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 735b147..32edf01 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,8 +4,8 @@ name: Release on: workflow_dispatch: pull_request_target: - types: [ closed ] - branches: [ main ] + types: [closed] + branches: [main] permissions: contents: read diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 219cb62..281794e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -9,9 +9,9 @@ on: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '29 11 * * 6' + - cron: "29 11 * * 6" push: - branches: [ main ] + branches: [main] permissions: read-all diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index a101eb5..db21aa0 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -1,8 +1,8 @@ --- -name: 'Close stale issues' +name: "Close stale issues" on: schedule: - - cron: '30 1 * * *' + - cron: "30 1 * * *" permissions: contents: read @@ -16,8 +16,8 @@ jobs: steps: - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e with: - stale-issue-message: 'This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days.' - close-issue-message: 'This issue was closed because it has been stalled for 35 days with no activity.' + stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days." + close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity." days-before-stale: 21 days-before-close: 14 days-before-pr-close: -1 diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 7cbc47d..de4402a 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -3,7 +3,7 @@ name: Lint Code Base on: pull_request: - branches: [ main ] + branches: [main] permissions: contents: read diff --git a/.vscode/settings.json b/.vscode/settings.json index 9c93b59..705ed9b 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,11 +1,9 @@ { - "python.testing.pytestArgs": [ - "." - ], - "python.testing.unittestEnabled": false, - "python.testing.pytestEnabled": true, - "[python]": { - "editor.defaultFormatter": "ms-python.black-formatter" - }, - "python.formatting.provider": "none" + "python.testing.pytestArgs": ["."], + "python.testing.unittestEnabled": false, + "python.testing.pytestEnabled": true, + "[python]": { + "editor.defaultFormatter": "ms-python.black-formatter" + }, + "python.formatting.provider": "none" } diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bcec5be..8f753e2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,5 +1,6 @@ + # Contributing to cleanowners First off, thanks for taking the time to contribute! :heart: @@ -7,6 +8,7 @@ First off, thanks for taking the time to contribute! :heart: All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us project owners and smooth out the experience for all involved. The team looks forward to your contributions. :tada: + ## Table of Contents - [I Have a Question](#i-have-a-question) @@ -36,6 +38,7 @@ When contributing to this project, you must agree that you have authored 100% of ## Reporting Bugs + ### Before Submitting a Bug Report A good bug report shouldn't leave others needing to chase you up for more information. Therefore, we ask you to investigate carefully, collect information and describe the issue in detail in your report. Please complete the following steps in advance to help us fix any potential bug as fast as possible. @@ -51,6 +54,7 @@ A good bug report shouldn't leave others needing to chase you up for more inform - Can you reliably reproduce the issue? And can you also reproduce it with older versions? + ### How Do I Submit a Good Bug Report? Please submit a bug report using our [GitHub Issues template](https://github.com/github/cleanowners/issues/new?template=bug_report.yml). @@ -60,6 +64,7 @@ Please submit a bug report using our [GitHub Issues template](https://github.com This section guides you through submitting an enhancement suggestion for cleanowners, **including completely new features and minor improvements to existing functionality**. Following these guidelines will help maintainers and the community to understand your suggestion and find related suggestions. + ### Before Submitting an Enhancement - Make sure that you are using the latest version. @@ -68,6 +73,7 @@ This section guides you through submitting an enhancement suggestion for cleanow - Find out whether your idea fits with the scope and aims of the project. It's up to you to make a strong case to convince the project's developers of the merits of this feature or to develop the feature yourself and contribute it to the project. + ### How Do I Submit a Good Enhancement Suggestion? Please submit an enhancement suggestion using our [GitHub Issues template](https://github.com/github/cleanowners/issues/new?template=feature_request.yml). @@ -80,4 +86,4 @@ We are using [Conventional Commits](https://www.conventionalcommits.org/en/v1.0. Releases are automated if a pull request is labelled with our [semver related labels](.github/release-drafter.yml) or with the `vuln` or `release` labels. -You can also manually initiate a release you can do so through the GitHub Actions UI. If you have permissions to do so, you can navigate to the [Actions tab](https://github.com/github/cleanowners/actions/workflows/release.yml) and select the `Run workflow` button. This will allow you to select the branch to release from and the version to release. +You can also manually initiate a release you can do so through the GitHub Actions UI. If you have permissions to do so, you can navigate to the [Actions tab](https://github.com/github/cleanowners/actions/workflows/release.yml) and select the `Run workflow` button. This will allow you to select the branch to release from and the version to release. diff --git a/README.md b/README.md index eaab0e2..17abd99 100644 --- a/README.md +++ b/README.md @@ -35,28 +35,28 @@ This action can be configured to authenticate with GitHub App Installation or Pe ##### GitHub App Installation -| field | required | default | description | -|-------------------------------|----------|---------|-------------| -| `GH_APP_ID` | True | `""` | GitHub Application ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. | -| `GH_APP_INSTALLATION_ID` | True | `""` | GitHub Application Installation ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. | -| `GH_APP_PRIVATE_KEY` | True | `""` | GitHub Application Private Key. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. | +| field | required | default | description | +| ------------------------ | -------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `GH_APP_ID` | True | `""` | GitHub Application ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. | +| `GH_APP_INSTALLATION_ID` | True | `""` | GitHub Application Installation ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. | +| `GH_APP_PRIVATE_KEY` | True | `""` | GitHub Application Private Key. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. | ##### Personal Access Token (PAT) -| field | required | default | description | -|-------------------------------|----------|---------|-------------| -| `GH_TOKEN` | True | `""` | The GitHub Token used to scan the repository. Must have read access to all repository you are interested in scanning. | +| field | required | default | description | +| ---------- | -------- | ------- | --------------------------------------------------------------------------------------------------------------------- | +| `GH_TOKEN` | True | `""` | The GitHub Token used to scan the repository. Must have read access to all repository you are interested in scanning. | #### Other Configuration Options -| field | required | default | description | -|---------------------------|----------|---------|-------------| -| `GH_ENTERPRISE_URL` | False | "" | The `GH_ENTERPRISE_URL` is used to connect to an enterprise server instance of GitHub. github.com users should not enter anything here. | -| `ORGANIZATION` | Required to have `ORGANIZATION` or `REPOSITORY` | | The name of the GitHub organization which you want this action to work from. ie. github.com/github would be `github` | -| `REPOSITORY` | Required to have `ORGANIZATION` or `REPOSITORY` | | The name of the repository and organization which you want this action to work from. ie. `github/cleanowners` or a comma separated list of multiple repositories `github/cleanowners,super-linter/super-linter` | -| `EXEMPT_REPOS` | False | "" | These repositories will be exempt from this action. ex: If my org is set to `github` then I might want to exempt a few of the repos but get the rest by setting `EXEMPT_REPOS` to `github/cleanowners,github/contributors` | -| `DRY_RUN` | False | False | If set to true, this action will not create any pull requests. It will only log the repositories that could have the `CODEOWNERS` file updated. This is useful for testing or discovering the scope of this issue in your organization. | -| `ISSUE_REPORT` | False | False | If set to true, this action will create an issue in the repository with the report on the repositories that had users removed from the `CODEOWNERS` file. | +| field | required | default | description | +| ------------------- | ----------------------------------------------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `GH_ENTERPRISE_URL` | False | "" | The `GH_ENTERPRISE_URL` is used to connect to an enterprise server instance of GitHub. github.com users should not enter anything here. | +| `ORGANIZATION` | Required to have `ORGANIZATION` or `REPOSITORY` | | The name of the GitHub organization which you want this action to work from. ie. github.com/github would be `github` | +| `REPOSITORY` | Required to have `ORGANIZATION` or `REPOSITORY` | | The name of the repository and organization which you want this action to work from. ie. `github/cleanowners` or a comma separated list of multiple repositories `github/cleanowners,super-linter/super-linter` | +| `EXEMPT_REPOS` | False | "" | These repositories will be exempt from this action. ex: If my org is set to `github` then I might want to exempt a few of the repos but get the rest by setting `EXEMPT_REPOS` to `github/cleanowners,github/contributors` | +| `DRY_RUN` | False | False | If set to true, this action will not create any pull requests. It will only log the repositories that could have the `CODEOWNERS` file updated. This is useful for testing or discovering the scope of this issue in your organization. | +| `ISSUE_REPORT` | False | False | If set to true, this action will create an issue in the repository with the report on the repositories that had users removed from the `CODEOWNERS` file. | ### Example workflows @@ -68,7 +68,7 @@ name: Weekly codeowners cleanup on: workflow_dispatch: schedule: - - cron: '3 2 1 * *' + - cron: "3 2 1 * *" permissions: contents: read @@ -96,7 +96,7 @@ name: Weekly codeowners cleanup on: workflow_dispatch: schedule: - - cron: '3 2 1 * *' + - cron: "3 2 1 * *" permissions: contents: read @@ -123,7 +123,6 @@ jobs: content-filepath: ./report.md assignees: token: ${{ secrets.GITHUB_TOKEN }} - ``` ### Authenticating with a GitHub App and Installation @@ -136,7 +135,7 @@ name: Weekly codeowners cleanup via GitHub App on: workflow_dispatch: schedule: - - cron: '3 2 1 * *' + - cron: "3 2 1 * *" permissions: contents: read diff --git a/action.yml b/action.yml index 9b7c465..4591402 100644 --- a/action.yml +++ b/action.yml @@ -1,10 +1,10 @@ --- -name: 'Cleanowners action' -author: 'github' -description: 'A GitHub Action to suggest removal of non-organization members from CODEOWNERS files.' +name: "Cleanowners action" +author: "github" +description: "A GitHub Action to suggest removal of non-organization members from CODEOWNERS files." runs: - using: 'docker' - image: 'docker://ghcr.io/github/cleanowners:v1' + using: "docker" + image: "docker://ghcr.io/github/cleanowners:v1" branding: - icon: 'bell' - color: 'orange' + icon: "bell" + color: "orange" From 07792d9d8fbf24f7a447a2ed52eac2ffbc0aa231 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 05:05:59 +0000 Subject: [PATCH 31/46] chore(deps): bump mypy from 1.11.1 to 1.11.2 in the dependencies group Bumps the dependencies group with 1 update: [mypy](https://github.com/python/mypy). Updates `mypy` from 1.11.1 to 1.11.2 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.11.1...v1.11.2) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 6914185..d950f76 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,6 +1,6 @@ black==24.8.0 flake8==7.1.1 -mypy==1.11.1 +mypy==1.11.2 mypy-extensions==1.0.0 pylint==3.2.6 pytest==8.3.2 From d54cf19f649c87d56a055502969a736ba98e2885 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 05:11:50 +0000 Subject: [PATCH 32/46] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [github/contributors](https://github.com/github/contributors) and [github/codeql-action](https://github.com/github/codeql-action). Updates `github/contributors` from 1.4.3 to 1.5.0 - [Release notes](https://github.com/github/contributors/releases) - [Commits](https://github.com/github/contributors/compare/135b0430e856ade27175cbd1d4e1e11b0dd8ef95...1286dc8d6904a9a7f735e28b7503be164fb7d4b9) Updates `github/codeql-action` from 3.26.2 to 3.26.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/429e1977040da7a23b6822b13c129cd1ba93dbb2...2c779ab0d087cd7fe7b826087247c2c81f27bfa6) --- updated-dependencies: - dependency-name: github/contributors dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/contributors_report.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml index 34e8f19..dffb5bf 100644 --- a/.github/workflows/contributors_report.yaml +++ b/.github/workflows/contributors_report.yaml @@ -30,7 +30,7 @@ jobs: echo "END_DATE=$end_date" >> "$GITHUB_ENV" - name: Run contributor action - uses: github/contributors@135b0430e856ade27175cbd1d4e1e11b0dd8ef95 + uses: github/contributors@1286dc8d6904a9a7f735e28b7503be164fb7d4b9 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} START_DATE: ${{ env.START_DATE }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 281794e..9cc5649 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif From c81f78c7aef02e7f0eac425075546540930f458b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 05:44:50 +0000 Subject: [PATCH 33/46] chore(deps): bump the dependencies group with 4 updates Bumps the dependencies group with 4 updates: [actions/setup-python](https://github.com/actions/setup-python), [actions/upload-artifact](https://github.com/actions/upload-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `actions/setup-python` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) Updates `actions/upload-artifact` from 4.3.6 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874) Updates `github/codeql-action` from 3.26.5 to 3.26.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93) Updates `super-linter/super-linter` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/02a1172d274f021e4c70f66e23f1085eadd1064b...b92721f792f381cedc002ecdbb9847a15ece5bb8) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/python-ci.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/super-linter.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index e805832..f56a0dc 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -23,7 +23,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9cc5649..8b734a1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,12 +36,12 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index de4402a..b402f23 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -28,7 +28,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@02a1172d274f021e4c70f66e23f1085eadd1064b + uses: super-linter/super-linter@b92721f792f381cedc002ecdbb9847a15ece5bb8 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From d34d75b8012667b010395a9ff6352740592cd86d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 06:00:16 +0000 Subject: [PATCH 34/46] chore(deps): bump pylint from 3.2.6 to 3.2.7 in the dependencies group Bumps the dependencies group with 1 update: [pylint](https://github.com/pylint-dev/pylint). Updates `pylint` from 3.2.6 to 3.2.7 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.2.6...v3.2.7) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index d950f76..d7d867c 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,7 +2,7 @@ black==24.8.0 flake8==7.1.1 mypy==1.11.2 mypy-extensions==1.0.0 -pylint==3.2.6 +pylint==3.2.7 pytest==8.3.2 pytest-cov==5.0.0 types-requests==2.32.0.20240712 From dd60d39562c54b5de8f817e6ded2fe17590601c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 05:10:33 +0000 Subject: [PATCH 35/46] chore(deps): bump types-requests from 2.32.0.20240712 to 2.32.0.20240907 Bumps [types-requests](https://github.com/python/typeshed) from 2.32.0.20240712 to 2.32.0.20240907. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index d7d867c..33706ad 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -5,4 +5,4 @@ mypy-extensions==1.0.0 pylint==3.2.7 pytest==8.3.2 pytest-cov==5.0.0 -types-requests==2.32.0.20240712 +types-requests==2.32.0.20240907 From ec0fb6d8b96c3f09f9c4fbd363bd641332a29a55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 05:29:48 +0000 Subject: [PATCH 36/46] chore(deps): bump python from `59c7332` to `c24c34b` Bumps python from `59c7332` to `c24c34b`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 71bca68..739775f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:59c7332a4a24373861c4a5f0eec2c92b87e3efeb8ddef011744ef9a751b1d11c +FROM python:3.12-slim@sha256:c24c34b502635f1f7c4e99dc09a2cbd85d480b7dcfd077198c6b5af138906390 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 7ddf8612c932846908f1b48c7a048e43f0e0637e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 05:53:43 +0000 Subject: [PATCH 37/46] chore(deps): bump python from `c24c34b` to `15bad98` Bumps python from `c24c34b` to `15bad98`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 739775f..44e8563 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:c24c34b502635f1f7c4e99dc09a2cbd85d480b7dcfd077198c6b5af138906390 +FROM python:3.12-slim@sha256:15bad989b293be1dd5eb26a87ecacadaee1559f98e29f02bf6d00c8d86129f39 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 5695a22dad8951de1887520bc634b3cee330e4ee Mon Sep 17 00:00:00 2001 From: jmeridth Date: Mon, 16 Sep 2024 13:15:34 -0500 Subject: [PATCH 38/46] fix: docker container image build switched from git-all to just git (pinned) Signed-off-by: jmeridth --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 44e8563..2fc908a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ COPY requirements.txt *.py /action/workspace/ RUN python3 -m pip install --no-cache-dir -r requirements.txt \ && apt-get -y update \ - && apt-get -y install --no-install-recommends git-all=1:2.39.2-1.1 \ + && apt-get -y install --no-install-recommends git=1:2.39.5-0+deb12u1 \ && rm -rf /var/lib/apt/lists/* CMD ["/action/workspace/cleanowners.py"] From 19bb2abeb7c0096743005cab096577813d801e02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 12:53:32 +0000 Subject: [PATCH 39/46] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.6 to 3.26.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...8214744c546c1e5c8f03dde8fab3a7353211988d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8b734a1..af50045 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From 60021ce21721fa9d8780333e61ddc25d7c4d1500 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 12:59:55 +0000 Subject: [PATCH 40/46] chore(deps): bump types-requests from 2.32.0.20240907 to 2.32.0.20240914 Bumps [types-requests](https://github.com/python/typeshed) from 2.32.0.20240907 to 2.32.0.20240914. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 33706ad..72fc976 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -5,4 +5,4 @@ mypy-extensions==1.0.0 pylint==3.2.7 pytest==8.3.2 pytest-cov==5.0.0 -types-requests==2.32.0.20240907 +types-requests==2.32.0.20240914 From 6a1985d7a83ded60625f375e73d0a3896a8d8b4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 13:04:51 +0000 Subject: [PATCH 41/46] chore(deps): bump pytest from 8.3.2 to 8.3.3 in the dependencies group Bumps the dependencies group with 1 update: [pytest](https://github.com/pytest-dev/pytest). Updates `pytest` from 8.3.2 to 8.3.3 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.3.2...8.3.3) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 72fc976..b57f1ba 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -3,6 +3,6 @@ flake8==7.1.1 mypy==1.11.2 mypy-extensions==1.0.0 pylint==3.2.7 -pytest==8.3.2 +pytest==8.3.3 pytest-cov==5.0.0 types-requests==2.32.0.20240914 From 96f13b62648d8e45db6bf919c0dabcf8fc8c26c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 05:07:31 +0000 Subject: [PATCH 42/46] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.7 to 3.26.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8214744c546c1e5c8f03dde8fab3a7353211988d...294a9d92911152fe08befb9ec03e240add280cb3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index af50045..b9bb83f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From 9134e58a3afe3775bf87e1817789a7b43d99576d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 05:54:23 +0000 Subject: [PATCH 43/46] chore(deps): bump pylint from 3.2.7 to 3.3.0 in the dependencies group Bumps the dependencies group with 1 update: [pylint](https://github.com/pylint-dev/pylint). Updates `pylint` from 3.2.7 to 3.3.0 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.2.7...v3.3.0) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index b57f1ba..be9b918 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,7 +2,7 @@ black==24.8.0 flake8==7.1.1 mypy==1.11.2 mypy-extensions==1.0.0 -pylint==3.2.7 +pylint==3.3.0 pytest==8.3.3 pytest-cov==5.0.0 types-requests==2.32.0.20240914 From 3dee33a61dce4e823a1c434577434ed0c40133ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:16:53 +0000 Subject: [PATCH 44/46] chore(deps): bump pylint from 3.3.0 to 3.3.1 in the dependencies group Bumps the dependencies group with 1 update: [pylint](https://github.com/pylint-dev/pylint). Updates `pylint` from 3.3.0 to 3.3.1 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.3.0...v3.3.1) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index be9b918..8f0288a 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,7 +2,7 @@ black==24.8.0 flake8==7.1.1 mypy==1.11.2 mypy-extensions==1.0.0 -pylint==3.3.0 +pylint==3.3.1 pytest==8.3.3 pytest-cov==5.0.0 types-requests==2.32.0.20240914 From e10e2b82f69522a38d9fd8bbfbc1686e39bc2b01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:23:30 +0000 Subject: [PATCH 45/46] chore(deps): bump python from `15bad98` to `ad48727` Bumps python from `15bad98` to `ad48727`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2fc908a..3f9ba91 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.12-slim@sha256:15bad989b293be1dd5eb26a87ecacadaee1559f98e29f02bf6d00c8d86129f39 +FROM python:3.12-slim@sha256:ad48727987b259854d52241fac3bc633574364867b8e20aec305e6e7f4028b26 LABEL org.opencontainers.image.source https://github.com/github/cleanowners WORKDIR /action/workspace From 58c73bcf5878eb3ecf5cd465fc2308b8a28d2776 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 05:49:04 +0000 Subject: [PATCH 46/46] chore(deps): bump the dependencies group with 4 updates Bumps the dependencies group with 4 updates: [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file), [actions/checkout](https://github.com/actions/checkout), [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `peter-evans/create-issue-from-file` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](https://github.com/peter-evans/create-issue-from-file/compare/24452a72d85239eacf1468b0f1982a9f3fec4c94...e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd) Updates `actions/checkout` from 4.1.7 to 4.2.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938) Updates `docker/build-push-action` from 6.7.0 to 6.8.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/5cd11c3a4ced054e52742c5fd54dca954e0edd85...32945a339266b759abcbdc89316275140b0fc960) Updates `github/codeql-action` from 3.26.8 to 3.26.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/294a9d92911152fe08befb9ec03e240add280cb3...461ef6c76dfe95d5c364de2f431ddbd31a417628) --- updated-dependencies: - dependency-name: peter-evans/create-issue-from-file dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/contributors_report.yaml | 2 +- .github/workflows/docker-ci.yml | 2 +- .github/workflows/major-version-updater.yml | 2 +- .github/workflows/python-ci.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/super-linter.yaml | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml index dffb5bf..b211d83 100644 --- a/.github/workflows/contributors_report.yaml +++ b/.github/workflows/contributors_report.yaml @@ -39,7 +39,7 @@ jobs: SPONSOR_INFO: "true" - name: Create issue - uses: peter-evans/create-issue-from-file@24452a72d85239eacf1468b0f1982a9f3fec4c94 + uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd with: title: Monthly contributor report token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 5f82994..9e62686 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Build the Docker image run: docker build . --file Dockerfile --platform linux/amd64 diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 23271bb..8433a06 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -15,7 +15,7 @@ jobs: contents: write steps: - name: Checkout Repo - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: version id: version diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index f56a0dc..aa38f4f 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -21,7 +21,7 @@ jobs: python-version: [3.11, 3.12] steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32edf01..b9329b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,10 +60,10 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 + uses: docker/build-push-action@32945a339266b759abcbdc89316275140b0fc960 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b9bb83f..bbe4e4c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index b402f23..92bf411 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - name: Install dependencies