Bump ruff from 0.4.3 to 0.4.4 #10181
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.3 to 0.4.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@v0.4.3...v0.4.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
|
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Summary: The changes in this pull request are relatively straightforward, involving a minor version update to the However, it's important to note that when updating dependencies, it's always a good idea to review the release notes and change logs to ensure that there are no known security vulnerabilities or other issues that could impact the application. Additionally, having a comprehensive testing process in place to validate that the updated dependencies do not introduce any regressions or unexpected behavior is recommended. Overall, this pull request appears to be a routine dependency update and does not seem to have any significant security implications. As an application security engineer, I would recommend approving this change, as long as the necessary testing and validation have been performed. Files Changed:
Powered by DryRun Security |
Bumps ruff from 0.4.3 to 0.4.4.
Release notes
Sourced from ruff's releases.
Changelog
Sourced from ruff's changelog.
Commits
3e8878aBump version to v0.4.4 (#11352)b6b4ad9[red-knot]@overridelint rule (#11282)dd42961[pylint] Detectpathlib.Path.opencalls inunspecified-encoding(`PLW15...c80c171[red-knot] Vendor typeshed's stdlib (#11340)e2fe177Revert "Simplify arithmetic operation in logical lines checker (#11346)" (#11...e9d1cddSimplify arithmetic operation in logical lines checker (#11346)dfe4291Improveruff_python_semantic::all::extract_all_names()(#11335)4541337[red-knot] Remove\<Db: SemanticDb>contraints in favor of dynamic dispatch ...8e9ddeeIgnore end-of-line comments when determining blank line rules (#11342)702d2faMake B024 and B027 documentation more nuanced (#11341)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)