From d60da424eb3db414249afa4f2ac903e1e0f39954 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jul 2024 10:12:59 +0200 Subject: [PATCH 1/2] :rocket: pip: Bump safety from 3.2.3 to 3.2.4 (#1307) Bumps [safety](https://github.com/pyupio/safety) from 3.2.3 to 3.2.4. - [Release notes](https://github.com/pyupio/safety/releases) - [Changelog](https://github.com/pyupio/safety/blob/main/CHANGELOG.md) - [Commits](https://github.com/pyupio/safety/compare/3.2.3...3.2.4) --- updated-dependencies: - dependency-name: safety dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 23 ++++++++++++----------- pyproject.toml | 2 +- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/poetry.lock b/poetry.lock index e73b65bf..59708355 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. [[package]] name = "alabaster" @@ -538,18 +538,18 @@ typing-extensions = {version = ">=3.10.0.1", markers = "python_version < \"3.8\" [[package]] name = "filelock" -version = "3.3.2" +version = "3.12.2" description = "A platform independent file lock." optional = false -python-versions = ">=3.6" +python-versions = ">=3.7" files = [ - {file = "filelock-3.3.2-py3-none-any.whl", hash = "sha256:bb2a1c717df74c48a2d00ed625e5a66f8572a3a30baacb7657add1d7bac4097b"}, - {file = "filelock-3.3.2.tar.gz", hash = "sha256:7afc856f74fa7006a289fd10fa840e1eebd8bbff6bffb69c26c54a0512ea8cf8"}, + {file = "filelock-3.12.2-py3-none-any.whl", hash = "sha256:cbb791cdea2a72f23da6ac5b5269ab0a0d161e9ef0100e653b69049a7706d1ec"}, + {file = "filelock-3.12.2.tar.gz", hash = "sha256:002740518d8aa59a26b0c76e10fb8c6e15eae825d34b6fdf670333fd7b938d81"}, ] [package.extras] -docs = ["furo (>=2021.8.17b43)", "sphinx (>=4.1)", "sphinx-autodoc-typehints (>=1.12)"] -testing = ["covdefaults (>=1.2.0)", "coverage (>=4)", "pytest (>=4)", "pytest-cov", "pytest-timeout (>=1.4.2)"] +docs = ["furo (>=2023.5.20)", "sphinx (>=7.0.1)", "sphinx-autodoc-typehints (>=1.23,!=1.23.4)"] +testing = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "diff-cover (>=7.5)", "pytest (>=7.3.1)", "pytest-cov (>=4.1)", "pytest-mock (>=3.10)", "pytest-timeout (>=2.1)"] [[package]] name = "flake8" @@ -1527,19 +1527,20 @@ files = [ [[package]] name = "safety" -version = "3.2.3" +version = "3.2.4" description = "Checks installed dependencies for known vulnerabilities and licenses." optional = false python-versions = ">=3.7" files = [ - {file = "safety-3.2.3-py3-none-any.whl", hash = "sha256:cda1e91749f610337a18b7f21f78267c127e44ebbbbcbbd419c83284279a5024"}, - {file = "safety-3.2.3.tar.gz", hash = "sha256:414154934f1727daf8a6473493944fecb380540c3f00875dc1ae377382f7d83f"}, + {file = "safety-3.2.4-py3-none-any.whl", hash = "sha256:242ff7ae448d7fb2ea455c90f44e3f2ca45be9c8559b2fe9dfc89617164a0f17"}, + {file = "safety-3.2.4.tar.gz", hash = "sha256:bac0202016d736a2118057964a0e3983fa20ff2563fd103cac3f3ac1ed3fea11"}, ] [package.dependencies] Authlib = ">=1.2.0" Click = ">=8.0.2" dparse = ">=0.6.4b0" +filelock = ">=3.12.2,<3.13.0" jinja2 = ">=3.1.0" marshmallow = ">=3.15.0" packaging = ">=21.0" @@ -2097,4 +2098,4 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools" [metadata] lock-version = "2.0" python-versions = "^3.7" -content-hash = "8dfbe5badd430ff75b8f7a4fcd4f66013521e7b5248491ad3e2d479dbb106550" +content-hash = "414c3a94c90b185bfa0b49de5d1affd5b5db402ac73352ab23f6675ff3c3175e" diff --git a/pyproject.toml b/pyproject.toml index d8f8c640..75668de7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -48,7 +48,7 @@ PyYAML = ">=5.4.1,<7.0.0" [tool.poetry.dev-dependencies] coverage = {extras = ["toml"], version = "^7.2"} pytest = "^7.4.4" -safety = "^3.2.3" +safety = "^3.2.4" mypy = "^1.4" typeguard = "^2.13.3" From ef96cf06f0c80a780c4cace4860feaf6bb912919 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jul 2024 10:13:30 +0200 Subject: [PATCH 2/2] :rocket: gha: Bump dependabot/fetch-metadata from 2.1.0 to 2.2.0 (#1308) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jürgen Mülbert --- .github/workflows/dependabot-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml index 92e4f599..253634e5 100644 --- a/.github/workflows/dependabot-merge.yml +++ b/.github/workflows/dependabot-merge.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2.1.0 + uses: dependabot/fetch-metadata@v2.2.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Add a label for all production dependencies