From e9607746a188c8b90b8a910121637e264280b64f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 00:09:46 +0000 Subject: [PATCH 01/19] chore(deps): bump github/contributors in the dependencies group Bumps the dependencies group with 1 update: [github/contributors](https://github.com/github/contributors). Updates `github/contributors` from 1.5.0 to 1.5.1 - [Release notes](https://github.com/github/contributors/releases) - [Commits](https://github.com/github/contributors/compare/1286dc8d6904a9a7f735e28b7503be164fb7d4b9...90922d5748ecaf8417a3b7a0eedb4892c8fa1c44) --- updated-dependencies: - dependency-name: github/contributors dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/contributors_report.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml index e77cd36..57041d2 100644 --- a/.github/workflows/contributors_report.yaml +++ b/.github/workflows/contributors_report.yaml @@ -30,7 +30,7 @@ jobs: echo "END_DATE=$end_date" >> "$GITHUB_ENV" - name: Run contributor action - uses: github/contributors@1286dc8d6904a9a7f735e28b7503be164fb7d4b9 + uses: github/contributors@90922d5748ecaf8417a3b7a0eedb4892c8fa1c44 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} START_DATE: ${{ env.START_DATE }} From 70c6c001a57e8928e8747d3ad1572b9fa1a07fd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 00:54:04 +0000 Subject: [PATCH 02/19] chore(deps): bump pytest-cov from 5.0.0 to 6.0.0 Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 5.0.0 to 6.0.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v5.0.0...v6.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 1be36d2..6298139 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -4,5 +4,5 @@ mypy==1.13.0 mypy-extensions==1.0.0 pylint==3.3.1 pytest==8.3.3 -pytest-cov==5.0.0 +pytest-cov==6.0.0 types-requests==2.32.0.20241016 From 56274ebaee51f6b70c2cd60e5555adc90d80d6b0 Mon Sep 17 00:00:00 2001 From: Zack Koppert Date: Tue, 5 Nov 2024 08:46:10 -0800 Subject: [PATCH 03/19] test: add more tests to increase auth test coverage --- test_auth.py | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/test_auth.py b/test_auth.py index 7a595fe..a9d6c66 100644 --- a/test_auth.py +++ b/test_auth.py @@ -3,6 +3,7 @@ import unittest from unittest.mock import MagicMock, patch +import requests import auth @@ -91,6 +92,41 @@ def test_get_github_app_installation_token(self, mock_post): self.assertEqual(result, dummy_token) + @patch("github3.apps.create_jwt_headers", MagicMock(return_value="gh_token")) + @patch("auth.requests.post") + def test_get_github_app_installation_token_request_failure(self, mock_post): + """ + Test the get_github_app_installation_token function returns None when the request fails. + """ + # Mock the post request to raise a RequestException + mock_post.side_effect = requests.exceptions.RequestException("Request failed") + + # Call the function with test data + result = get_github_app_installation_token( + ghe="https://api.github.com", + gh_app_id=12345, + gh_app_private_key_bytes=b"private_key", + gh_app_installation_id=678910, + ) + + # Assert that the result is None + self.assertIsNone(result) + + @patch("github3.login") + def test_auth_to_github_invalid_credentials(self, mock_login): + """ + Test the auth_to_github function raises correct ValueError + when credentials are present but incorrect. + """ + mock_login.return_value = None + with self.assertRaises(ValueError) as context_manager: + auth_to_github("not_a_valid_token", "", "", b"", "", False) + + the_exception = context_manager.exception + self.assertEqual( + str(the_exception), + "Unable to authenticate to GitHub", + ) if __name__ == "__main__": unittest.main() From 753b2f3bb22858e5a0a85ecc3badab5e3006acdd Mon Sep 17 00:00:00 2001 From: Zack Koppert Date: Tue, 5 Nov 2024 09:38:37 -0800 Subject: [PATCH 04/19] fix: use proper prefix for function calls Signed-off-by: Zack Koppert --- test_auth.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test_auth.py b/test_auth.py index a9d6c66..9337abc 100644 --- a/test_auth.py +++ b/test_auth.py @@ -3,8 +3,8 @@ import unittest from unittest.mock import MagicMock, patch -import requests import auth +import requests class TestAuth(unittest.TestCase): @@ -102,7 +102,7 @@ def test_get_github_app_installation_token_request_failure(self, mock_post): mock_post.side_effect = requests.exceptions.RequestException("Request failed") # Call the function with test data - result = get_github_app_installation_token( + result = auth.get_github_app_installation_token( ghe="https://api.github.com", gh_app_id=12345, gh_app_private_key_bytes=b"private_key", @@ -120,7 +120,7 @@ def test_auth_to_github_invalid_credentials(self, mock_login): """ mock_login.return_value = None with self.assertRaises(ValueError) as context_manager: - auth_to_github("not_a_valid_token", "", "", b"", "", False) + auth.auth_to_github("not_a_valid_token", "", "", b"", "", False) the_exception = context_manager.exception self.assertEqual( @@ -128,5 +128,6 @@ def test_auth_to_github_invalid_credentials(self, mock_login): "Unable to authenticate to GitHub", ) + if __name__ == "__main__": unittest.main() From 73c6d9bab5d1b64e508ddcaeed7c261dcde37e61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 00:52:40 +0000 Subject: [PATCH 05/19] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.0 to 3.27.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b0f9265..0838057 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif From 8084b0b183ddb3819b3e546c8572d94acb6c793b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 00:57:50 +0000 Subject: [PATCH 06/19] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.1 to 3.27.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0838057..c6f2e01 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From de63c7f1bbd7e66f35267c7780280ff3cf411b69 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 01:05:12 +0000 Subject: [PATCH 07/19] chore(deps): bump python from `751d8be` to `4efa69b` Bumps python from `751d8be` to `4efa69b`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5fdb73b..2bcd07e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:751d8bece269ba9e672b3f2226050e7e6fb3f3da3408b5dcb5d415a054fcb061 +FROM python:3.13-slim@sha256:4efa69bf17cfbd83a9942e60e2642335c3b397448e00410063a0421f9727c4c4 LABEL com.github.actions.name="contributors" \ com.github.actions.description="GitHub Action that given an organization or repository, produces information about the contributors over the specified time period." \ com.github.actions.icon="users" \ From ac9a41ae4cdcb4970ca1c465d575dc8224ab63e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 00:34:19 +0000 Subject: [PATCH 08/19] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `github/codeql-action` from 3.27.4 to 3.27.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) Updates `super-linter/super-linter` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/b92721f792f381cedc002ecdbb9847a15ece5bb8...e1cb86b6e8d119f789513668b4b30bf17fe1efe4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- .github/workflows/super-linter.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c6f2e01..9a47aa5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index b41f192..b6e1773 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -26,7 +26,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@b92721f792f381cedc002ecdbb9847a15ece5bb8 + uses: super-linter/super-linter@e1cb86b6e8d119f789513668b4b30bf17fe1efe4 env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From af77d47f288c39eee4e64fcb5cf4bddd7383037d Mon Sep 17 00:00:00 2001 From: jmeridth Date: Mon, 25 Nov 2024 09:00:48 -0600 Subject: [PATCH 09/19] fix: linting issues - [x] solve actionlint issues - [x] group commands instead of instead of individual redirects - [x] double quote variable to prevent globbing and word splitting Signed-off-by: jmeridth --- .github/linters/.python-lint | 1 + .github/workflows/major-version-updater.yml | 4 +--- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/linters/.python-lint b/.github/linters/.python-lint index 6de8dd2..5fad82e 100644 --- a/.github/linters/.python-lint +++ b/.github/linters/.python-lint @@ -437,6 +437,7 @@ disable=bad-inline-option, too-many-arguments, too-many-branches, too-many-locals, + too-many-positional-arguments, too-many-statements, useless-suppression, use-symbolic-message-instead, diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 066d389..fb262a4 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -25,9 +25,7 @@ jobs: tag=${GITHUB_REF/refs\/tags\//}; version=${tag#v} ; major=${version%%.*} ; - echo "tag=${tag}" >> "$GITHUB_OUTPUT" ; - echo "version=${version}" >> "$GITHUB_OUTPUT" ; - echo "major=${major}" >> "$GITHUB_OUTPUT" ; + { echo "tag=${tag}" ; echo "version=${version}" ; echo "major=${major}" ; } >> "$GITHUB_OUTPUT" ; - name: force update major tag run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e681c61..8b5d169 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: id: get_tag_name run: | short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1) - echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT + echo "SHORT_TAG=$short_tag" >> "$GITHUB_OUTPUT" create_action_images: needs: create_release runs-on: ubuntu-latest From 74156ec3a1c783f90e2a7cf1cceb1794880bb38a Mon Sep 17 00:00:00 2001 From: jmeridth Date: Wed, 20 Nov 2024 10:31:22 -0600 Subject: [PATCH 10/19] chore: github actions cleanup - [x] add stale workflow - [x] switch to umutable actions on ones that allow it (closes 8 security warnings) Signed-off-by: jmeridth --- .github/workflows/docker-ci.yml | 2 +- .github/workflows/major-version-updater.yml | 2 +- .github/workflows/python-ci.yml | 4 ++-- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/stale.yml | 21 +++++++++++++++++++++ .github/workflows/super-linter.yaml | 2 +- 7 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 90fe96b..14cc976 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -14,6 +14,6 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Build the Docker image run: docker build . --file Dockerfile --platform linux/amd64 diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index fb262a4..aac4de5 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -15,7 +15,7 @@ jobs: contents: write steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 - name: version id: version diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index ff0f30e..5eef415 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -20,9 +20,9 @@ jobs: matrix: python-version: [3.11, 3.12] steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b + uses: actions/setup-python@v5.3.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8b5d169..284ecf9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Push Docker Image if: ${{ success() }} uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9a47aa5..f882939 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 with: persist-credentials: false @@ -36,7 +36,7 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@v4.4.3 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..2d8c416 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,21 @@ +name: "Close stale issues" +on: + schedule: + - cron: "30 1 * * *" + +permissions: + issues: write + pull-requests: read + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9.0.0 + with: + stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days." + close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity." + days-before-stale: 21 + days-before-close: 14 + days-before-pr-close: -1 + exempt-issue-labels: keep diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index b6e1773..87f515a 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -18,7 +18,7 @@ jobs: statuses: write steps: - name: Checkout Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - name: Install dependencies From c61713e0feeb691429aee3ef4b4fcc0744c3b808 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 00:33:30 +0000 Subject: [PATCH 11/19] chore(deps): bump docker/build-push-action in the dependencies group Bumps the dependencies group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action). Updates `docker/build-push-action` from 6.9.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4f58ea79222b3b9dc2c8bbdd6debcef730109a75...48aba3b46d1b1fec4febb7c5d0c644b249a11355) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 284ecf9..cba744c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@v4.2.2 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . file: ./Dockerfile From 1510e1d77fedb777669ca5ae057a4179a239b606 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 00:57:37 +0000 Subject: [PATCH 12/19] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [pylint](https://github.com/pylint-dev/pylint) and [pytest](https://github.com/pytest-dev/pytest). Updates `pylint` from 3.3.1 to 3.3.2 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.3.1...v3.3.2) Updates `pytest` from 8.3.3 to 8.3.4 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.3.3...8.3.4) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-test.txt b/requirements-test.txt index 6298139..21e1cde 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,7 +2,7 @@ black==24.10.0 flake8==7.1.1 mypy==1.13.0 mypy-extensions==1.0.0 -pylint==3.3.1 -pytest==8.3.3 +pylint==3.3.2 +pytest==8.3.4 pytest-cov==6.0.0 types-requests==2.32.0.20241016 From 59059342a0f2359e9560c50f809f49f19ad8277f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 00:28:30 +0000 Subject: [PATCH 13/19] chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.27.5 to 3.27.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f09c1c0a94de965c15400f5634aa42fac8fb8f88...aa578102511db1f4524ed59b8cc2bae4f6e88195) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f882939..0913e07 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: sarif_file: results.sarif From 873462c3ec360c638954ebecd75c075ee1d6a401 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 00:35:34 +0000 Subject: [PATCH 14/19] chore(deps): bump python from `4efa69b` to `f41a75c` Bumps python from `4efa69b` to `f41a75c`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2bcd07e..800dda5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:4efa69bf17cfbd83a9942e60e2642335c3b397448e00410063a0421f9727c4c4 +FROM python:3.13-slim@sha256:f41a75c9cee9391c09e0139f7b49d4b1fbb119944ec740ecce4040626dc07bed LABEL com.github.actions.name="contributors" \ com.github.actions.description="GitHub Action that given an organization or repository, produces information about the contributors over the specified time period." \ com.github.actions.icon="users" \ From 81a7e1dec2ad51aead4c57f7f4b46d0b19d4e2b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 00:56:44 +0000 Subject: [PATCH 15/19] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `github/codeql-action` from 3.27.6 to 3.27.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/aa578102511db1f4524ed59b8cc2bae4f6e88195...df409f7d9260372bd5f19e5b04e83cb3c43714ae) Updates `super-linter/super-linter` from 7.2.0 to 7.2.1 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/e1cb86b6e8d119f789513668b4b30bf17fe1efe4...85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: super-linter/super-linter dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- .github/workflows/super-linter.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0913e07..1f335b0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 87f515a..2cf68b6 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -26,7 +26,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@e1cb86b6e8d119f789513668b4b30bf17fe1efe4 + uses: super-linter/super-linter@85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e254940eee8da4a6bd20edd691d51b40246eb31b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 00:41:16 +0000 Subject: [PATCH 16/19] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) Updates `actions/upload-artifact` from 4.4.3 to 4.5.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) Updates `github/codeql-action` from 3.27.9 to 3.28.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...48ab28a6f5dbc2a99bf1e0131198dd8f1df78169) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cba744c..931a016 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,7 +53,7 @@ jobs: IMAGE_NAME: ${{ github.repository }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 - name: Log in to the Container registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1f335b0..3d475a4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,12 +36,12 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@v4.5.0 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif From 3f102bb540e9a413a31ed216aa14d33ce59639d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 00:43:03 +0000 Subject: [PATCH 17/19] chore(deps): bump mypy from 1.13.0 to 1.14.0 in the dependencies group Bumps the dependencies group with 1 update: [mypy](https://github.com/python/mypy). Updates `mypy` from 1.13.0 to 1.14.0 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.13.0...v1.14.0) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 21e1cde..0f4b9e1 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,6 +1,6 @@ black==24.10.0 flake8==7.1.1 -mypy==1.13.0 +mypy==1.14.0 mypy-extensions==1.0.0 pylint==3.3.2 pytest==8.3.4 From 7c8d6614ffbe522054dacf7c8eb2bd69385e46d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 00:19:51 +0000 Subject: [PATCH 18/19] chore(deps): bump python from `f41a75c` to `1127090` Bumps python from `f41a75c` to `1127090`. --- updated-dependencies: - dependency-name: python dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 800dda5..6fe5a80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:f41a75c9cee9391c09e0139f7b49d4b1fbb119944ec740ecce4040626dc07bed +FROM python:3.13-slim@sha256:1127090f9fff0b8e7c3a1367855ef8a3299472d2c9ed122948a576c39addeaf1 LABEL com.github.actions.name="contributors" \ com.github.actions.description="GitHub Action that given an organization or repository, produces information about the contributors over the specified time period." \ com.github.actions.icon="users" \ From d1d1a36e32f09ffdd7a426af66f26db687fb9eed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 00:46:38 +0000 Subject: [PATCH 19/19] chore(deps): bump pylint from 3.3.2 to 3.3.3 in the dependencies group Bumps the dependencies group with 1 update: [pylint](https://github.com/pylint-dev/pylint). Updates `pylint` from 3.3.2 to 3.3.3 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](https://github.com/pylint-dev/pylint/compare/v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 0f4b9e1..75c3626 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -2,7 +2,7 @@ black==24.10.0 flake8==7.1.1 mypy==1.14.0 mypy-extensions==1.0.0 -pylint==3.3.2 +pylint==3.3.3 pytest==8.3.4 pytest-cov==6.0.0 types-requests==2.32.0.20241016