update: bump the pip-packages group across 1 directory with 7 updates #374

dependabot · 2024-09-20T22:19:46Z

Bumps the pip-packages group with 7 updates in the / directory:

Package	From	To
pyyaml	`6.0.1`	`6.0.2`
semgrep	`1.81.0`	`1.89.0`
mkdocs-material	`9.5.30`	`9.5.35`
mike	`2.1.2`	`2.1.3`
black	`24.4.2`	`24.8.0`
pylint	`3.2.6`	`3.3.0`
pytest	`8.3.2`	`8.3.3`

Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

6.0.2rc1

Support for extension build with Cython 3.x

Support for Python 3.13

Added PyPI wheels for musllinux on aarch64

Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

Commits

41309b0 Release 6.0.2 (#819)
dd9f0e1 6.0.2rc1 (#809)
f5527a2 disable CI trigger on PR edits
b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
See full diff in compare view

Updates semgrep from 1.81.0 to 1.89.0

Release notes

Sourced from semgrep's releases.

Release v1.89.0

1.89.0 - 2024-09-19

Fixed

Fix crash on certain SCA parse errors caused by an access to an unbound variable. (gh-2259)

Release v1.88.0

1.88.0 - 2024-09-18

Added

The dataflow analysis in the Pro engine can now track method invocations on variables of an interface type, safely assuming that any implementation of the method can be called. For example, tainted input vulnerabilities in both implementation classes can now be detected in the following code:

public interface MovieService {
  String vulnerableInjection(String input);
}
public class SimpleImpl implements MovieService {
@Override
public String vulnerableInjection(String input) {
return sink(input);
}
}
public class MoreImpl implements MovieService {
@Override
public String vulnerableInjection(String input) {
return sink(input);
}
}
public class AppController {
private MovieService movieService;
public String pwnTest(String taintedInput) {
return movieService.vulnerableInjection(taintedInput);
}
}
</code></pre>
</li>
<li>
<p>Type inference for constructor parameter properties in TypeScript is now
supported in the Pro engine. For example, the taint analysis can recognize that</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md&quot;&gt;semgrep's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/returntocorp/semgrep/releases/tag/v1.89.0&quot;&gt;1.89.0&lt;/a> - 2024-09-19</h2>
<h3>Fixed</h3>
<ul>
<li>Fix crash on certain SCA parse errors caused by an access to an unbound variable. (<a href="https://redirect.github.com/returntocorp/semgrep/issues/2259&quot;&gt;gh-2259&lt;/a&gt;)&lt;/li>
</ul>
<h2><a href="https://github.com/returntocorp/semgrep/releases/tag/v1.88.0&quot;&gt;1.88.0&lt;/a> - 2024-09-18</h2>
<h3>Added</h3>
<ul>
<li>
<p>The dataflow analysis in the Pro engine can now track method invocations on
variables of an interface type, safely assuming that any implementation of the
method can be called. For example, tainted input vulnerabilities in both
implementation classes can now be detected in the following code:</p>
<pre lang="java"><code>public interface MovieService {
String vulnerableInjection(String input);
}
public class SimpleImpl implements MovieService {
@Override
public String vulnerableInjection(String input) {
return sink(input);
}
}
public class MoreImpl implements MovieService {
@Override
public String vulnerableInjection(String input) {
return sink(input);
}
}
public class AppController {
private MovieService movieService;
public String pwnTest(String taintedInput) {
return movieService.vulnerableInjection(taintedInput);
}
}
&lt;/code&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;Type inference for constructor parameter properties in TypeScript is now
supported in the Pro engine. For example, the taint analysis can recognize that
&lt;code&gt;sampleFunction&lt;/code&gt; is defined in &lt;code&gt;AbstractedService&lt;/code&gt; class in the following code:&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;!-- raw HTML omitted --&gt;
&lt;/blockquote&gt;
&lt;p&gt;... (truncated)&lt;/p&gt;
&lt;/details&gt;
&lt;details&gt;
&lt;summary&gt;Commits&lt;/summary&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/745af77e1e08610c7603ffc133a53e248231f83e&quot;&gt;&lt;code&gt;745af77&lt;/code&gt;&lt;/a&gt; chore: release version 1.89.0&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/11d6c3a5c2497d49ebe28ec552e7e74bea6f4b18&quot;&gt;&lt;code&gt;11d6c3a&lt;/code&gt;&lt;/a&gt;&lt;code&gt;semgrep/semgrep-proprietary#2267&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/0c50b30ed2b5c195504e332f5a6cf481df201661&quot;&gt;&lt;code&gt;0c50b30&lt;/code&gt;&lt;/a&gt;&lt;code&gt;semgrep/semgrep-proprietary#2296&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/9a21f7ff6a712c25d67c5d742bc000855bfb3bf2&quot;&gt;&lt;code&gt;9a21f7f&lt;/code&gt;&lt;/a&gt; fix(sca): fix access to unbound variable in SCA error printing (semgrep/semgr...&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/d46649ea29979bfc6f2be2cfb94dacf528a5fd3c&quot;&gt;&lt;code&gt;d46649e&lt;/code&gt;&lt;/a&gt; chore(style): add style rec from &lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/2266&quot;&gt;#2266&lt;/a&gt;&lt;code&gt;semgrep/semgrep-proprietary#2294&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/ac7f9579a935b31d47464ed5abd46b38efcd0094&quot;&gt;&lt;code&gt;ac7f957&lt;/code&gt;&lt;/a&gt;&lt;code&gt;semgrep/semgrep-proprietary#2292&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/ff98e65867e582191b0a49d447cc5456747a4366&quot;&gt;&lt;code&gt;ff98e65&lt;/code&gt;&lt;/a&gt;&lt;code&gt;semgrep/semgrep-proprietary#2291&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/1e4ba14b97197746b1b03465b68a6b97fcb76ab5&quot;&gt;&lt;code&gt;1e4ba14&lt;/code&gt;&lt;/a&gt;&lt;code&gt;semgrep/semgrep-proprietary#2288&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/c22bdc640aef7aea8d2f345da79b86692e2c6426&quot;&gt;&lt;code&gt;c22bdc6&lt;/code&gt;&lt;/a&gt; Cleanup Unit_engine.ml, no need big black list of bad tests (semgrep/semgrep-...&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/4b6f2ec3afb1fb66751e5925707973febf3a82a3&quot;&gt;&lt;code&gt;4b6f2ec&lt;/code&gt;&lt;/a&gt; Release Version 1.88.0 (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10544&quot;&gt;#10544&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;Additional commits viewable in &lt;a href=&quot;https://github.com/returntocorp/semgrep/compare/v1.81.0...v1.89.0&quot;&gt;compare view&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/details&gt;

&lt;br /&gt;
</code></pre>

Updates `mkdocs-material` from 9.5.30 to 9.5.35
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/squidfunk/mkdocs-material/releases">mkdocs-material's releases</a>.</em></p>
<blockquote>
<h2>mkdocs-material-9.5.35</h2>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7498">#7498</a>: Search not showing for Vietnamese language</li>
</ul>
<h2>mkdocs-material-9.5.34</h2>
<ul>
<li>Updated Mermaid.js to version 11 (latest)</li>
</ul>
<p>Thanks go to <a href="https://github.com/manselmi"><code>@manselmi</code></a> for their contributions</p>
<h2>mkdocs-material-9.5.33</h2>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7453">#7453</a>: Incorrect position of tooltip when sorting table</li>
</ul>
<h2>mkdocs-material-9.5.32</h2>
<ul>
<li>Fixed RXSS vulnerability via deep link in search results</li>
<li>Added support for fetching latest release from GitLab</li>
</ul>
<p>Thanks go to <a href="https://github.com/joaopalmeiro"><code>@joaopalmeiro</code></a> for their contributions</p>
<h2>mkdocs-material-9.5.31</h2>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7405">#7405</a>: DockerHub missing images &gt; 9.5.27 due to change in Alpine/APK</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG">mkdocs-material's changelog</a>.</em></p>
<blockquote>
<p>mkdocs-material-9.5.35 (2024-09-18)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7498">#7498</a>: Search not showing for Vietnamese language</li>
</ul>
<p>mkdocs-material-9.5.34+insiders-4.53.13 (2024-09-14)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7520">#7520</a>: Social plugin errors for generated files (MkDocs 1.6+)</li>
</ul>
<p>mkdocs-material-9.5.34 (2024-08-31)</p>
<ul>
<li>Updated Mermaid.js to version 11 (latest)</li>
</ul>
<p>mkdocs-material-9.5.33 (2024-08-23)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7453">#7453</a>: Incorrect position of tooltip when sorting table</li>
</ul>
<p>mkdocs-material-9.5.32 (2024-08-19)</p>
<ul>
<li>Fixed RXSS vulnerability via deep link in search results</li>
<li>Added support for fetching latest release from GitLab</li>
</ul>
<p>mkdocs-material-9.5.31+insiders-4.53.12 (2024-08-02)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7410">#7410</a>: Instant previews jump on content tabs with anchor links</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7408">#7408</a>: Instant previews jump on content tabs</li>
</ul>
<p>mkdocs-material-9.5.31 (2024-08-02)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7405">#7405</a>: DockerHub missing images &gt; 9.5.27 due to change in Alpine/APK</li>
</ul>
<p>mkdocs-material-9.5.30 (2024-07-23)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7380">#7380</a>: Navigation icons disappearing on hover in Safari</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7367">#7367</a>: Blog readtime computation includes SVG text content</li>
</ul>
<p>mkdocs-material-9.5.29 (2024-07-14)</p>
<ul>
<li>Updated Galician translations</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7362">#7362</a>: Annotations in figure captions rendering incorrectly</li>
</ul>
<p>mkdocs-material-9.5.28 (2024-07-02)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7313">#7313</a>: Improved tooltips mounted in sidebar when feature is disabled</li>
</ul>
<p>mkdocs-material-9.5.27 (2024-06-16)</p>
<ul>
<li>Updated Estonian translations</li>
</ul>
<p>mkdocs-material-9.5.26 (2024-06-06)</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/c589327476b88c5ef65d7d40f97107f3acc66401"><code>c589327</code></a> Prepare 9.5.35 release</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/8925cae63a8920f71c98cd960014df8311710cbc"><code>8925cae</code></a> Fixed Vietnamese search not working due to Lunr.js error</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/7faa464e361952afb9225f00d9c91adf3c357f3e"><code>7faa464</code></a> Updated dependencies</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/8ea81e5cd7e9074d7b63fda5073588f04629affd"><code>8ea81e5</code></a> Documentation (<a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7527">#7527</a>)</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/a916360e5b68c245a0a32b76b8ecc9b1cb9bb668"><code>a916360</code></a> Updated Insiders changelog</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/0eb9f6540298873d2a813c0accc795475520ae0c"><code>0eb9f65</code></a> Updated publishing-your-site.md (<a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7525">#7525</a>)</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/8df393d11158ebc87026e4eea9ed0c887eae2371"><code>8df393d</code></a> Updated dependencies</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/548ad38c665bfaefcf4302f10bba8a92ee52a0a8"><code>548ad38</code></a> Updated publishing-your-site.md link to Netlify guide (<a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7503">#7503</a>)</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/d95e0e62def5068ec8003d378c164ab5b752e21c"><code>d95e0e6</code></a> Updated dependencies</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/7d6096ae007580d53f9c034476615c9fe7b95e6c"><code>7d6096a</code></a> Prepare 9.5.34 release</li>
<li>Additional commits viewable in <a href="https://github.com/squidfunk/mkdocs-material/compare/9.5.30...9.5.35">compare view</a></li>
</ul>
</details>
<br />

Updates `mike` from 2.1.2 to 2.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jimporter/mike/releases">mike's releases</a>.</em></p>
<blockquote>
<h2>v2.1.3</h2>
<h3>Bug fixes</h3>
<ul>
<li>When deploying using a deploy prefix, only delete stale versions of the docs within that prefix</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jimporter/mike/blob/master/CHANGES.md">mike's changelog</a>.</em></p>
<blockquote>
<h2>v2.1.3 (2024-08-12)</h2>
<h3>Bug fixes</h3>
<ul>
<li>When deploying using a deploy prefix, only delete stale versions of the docs
within that prefix</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jimporter/mike/commit/c4e96085f86e6930e9669e12d81941eff7c3de1d"><code>c4e9608</code></a> Update version to 2.1.3</li>
<li><a href="https://github.com/jimporter/mike/commit/3b19e27e9041cca20131f97419a9d7d88f85cf37"><code>3b19e27</code></a> Announce the previous change</li>
<li><a href="https://github.com/jimporter/mike/commit/dd9826a855965b0ce6bd06d290665f43ce9dabab"><code>dd9826a</code></a> Consult deploy prefix when deleting files during deploy; resolves <a href="https://redirect.github.com/jimporter/mike/issues/227">#227</a></li>
<li><a href="https://github.com/jimporter/mike/commit/91cf5ee70da446a80bbc6108513581d0d6858ecf"><code>91cf5ee</code></a> Properly escape parameters in regex</li>
<li><a href="https://github.com/jimporter/mike/commit/90cf1314af3452003eaf40c9f97853efd2ee4e86"><code>90cf131</code></a> Update version to 2.2.0.dev0</li>
<li>See full diff in <a href="https://github.com/jimporter/mike/compare/v2.1.2...v2.1.3">compare view</a></li>
</ul>
</details>
<br />

Updates `black` from 24.4.2 to 24.8.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/psf/black/releases">black's releases</a>.</em></p>
<blockquote>
<h2>24.8.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix crash when <code># fmt: off</code> is used before a closing parenthesis or bracket. (<a href="https://redirect.github.com/psf/black/issues/4363">#4363</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Packaging metadata updated: docs are explictly linked, the issue tracker is now also
linked. This improves the PyPI listing for Black. (<a href="https://redirect.github.com/psf/black/issues/4345">#4345</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix regression where Black failed to parse a multiline f-string containing another
multiline string (<a href="https://redirect.github.com/psf/black/issues/4339">#4339</a>)</li>
<li>Fix regression where Black failed to parse an escaped single quote inside an f-string
(<a href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li>Fix bug with Black incorrectly parsing empty lines with a backslash (<a href="https://redirect.github.com/psf/black/issues/4343">#4343</a>)</li>
<li>Fix bugs with Black's tokenizer not handling <code>\{</code> inside f-strings very well (<a href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li>Fix incorrect line numbers in the tokenizer for certain tokens within f-strings
(<a href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve performance when a large directory is listed in <code>.gitignore</code> (<a href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix blackd (and all extras installs) for docker container (<a href="https://redirect.github.com/psf/black/issues/4357">#4357</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/psf/black/blob/main/CHANGES.md">black's changelog</a>.</em></p>
<blockquote>
<h2>24.8.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix crash when <code># fmt: off</code> is used before a closing parenthesis or bracket. (<a href="https://redirect.github.com/psf/black/issues/4363">#4363</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Packaging metadata updated: docs are explictly linked, the issue tracker is now also
linked. This improves the PyPI listing for Black. (<a href="https://redirect.github.com/psf/black/issues/4345">#4345</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix regression where Black failed to parse a multiline f-string containing another
multiline string (<a href="https://redirect.github.com/psf/black/issues/4339">#4339</a>)</li>
<li>Fix regression where Black failed to parse an escaped single quote inside an f-string
(<a href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li>Fix bug with Black incorrectly parsing empty lines with a backslash (<a href="https://redirect.github.com/psf/black/issues/4343">#4343</a>)</li>
<li>Fix bugs with Black's tokenizer not handling <code>\{</code> inside f-strings very well (<a href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li>Fix incorrect line numbers in the tokenizer for certain tokens within f-strings
(<a href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve performance when a large directory is listed in <code>.gitignore</code> (<a href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix blackd (and all extras installs) for docker container (<a href="https://redirect.github.com/psf/black/issues/4357">#4357</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/psf/black/commit/b965c2a5026f8ba399283ba3e01898b012853c79"><code>b965c2a</code></a> Prepare release 24.8.0 (<a href="https://redirect.github.com/psf/black/issues/4426">#4426</a>)</li>
<li><a href="https://github.com/psf/black/commit/9ccf279a17ff19cc51f62c60fc88ba46e615d202"><code>9ccf279</code></a> Document <code>find_project_root</code> ignoring <code>pyproject.toml</code> without <code>[tool.black]</code>...</li>
<li><a href="https://github.com/psf/black/commit/14b6e619704e6d81749f0a23060750ee0a5fcc40"><code>14b6e61</code></a> fix: Enhace black efficiently to  skip directories listed in .gitignore (<a href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
<li><a href="https://github.com/psf/black/commit/b1c4dd96d769cb3ac3c8fc057e8dc60907b84c17"><code>b1c4dd9</code></a> fix: respect braces better in f-string parsing (<a href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li><a href="https://github.com/psf/black/commit/4b4ae43e8b66a2eab2d41a73364745c2a4570287"><code>4b4ae43</code></a> Fix incorrect linenos on fstring tokens with escaped newlines (<a href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
<li><a href="https://github.com/psf/black/commit/7fa1faf83af513e09c44e029da573c6b0b2bd570"><code>7fa1faf</code></a> docs: fix the installation command of extra for blackd (<a href="https://redirect.github.com/psf/black/issues/4413">#4413</a>)</li>
<li><a href="https://github.com/psf/black/commit/8827accf560c7be418000962565f1fd6fa7b01cb"><code>8827acc</code></a> Bump sphinx from 7.3.7 to 7.4.0 in /docs (<a href="https://redirect.github.com/psf/black/issues/4404">#4404</a>)</li>
<li><a href="https://github.com/psf/black/commit/b0da11d370adb5730fd45594cc89b1dc816786ea"><code>b0da11d</code></a> Bump furo from 2024.5.6 to 2024.7.18 in /docs (<a href="https://redirect.github.com/psf/black/issues/4409">#4409</a>)</li>
<li><a href="https://github.com/psf/black/commit/721dff549362f54930ecc038218dcc40e599a875"><code>721dff5</code></a> fix: avoid formatting backslash strings inside f-strings (<a href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li><a href="https://github.com/psf/black/commit/7e2afc9bfdc4ec4bc3297aaa16a62d575249a5e0"><code>7e2afc9</code></a> Update <code>actions/checkout</code> to v4 to stop node deprecation warnings (<a href="https://redirect.github.com/psf/black/issues/4379">#4379</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/psf/black/compare/24.4.2...24.8.0">compare view</a></li>
</ul>
</details>
<br />

Updates `pylint` from 3.2.6 to 3.3.0
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pylint-dev/pylint/commit/6350dfa900b11de442bc562564884037ca8bc4f6"><code>6350dfa</code></a> Bump pylint to 3.3.0, update changelog</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/78f3dfa0c40bdb1e0f145e75c309f28f4e8cc31e"><code>78f3dfa</code></a> Bump astroid to 3.3.3 (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9939">#9939</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/b28c1f69334191ade62357d01c248742afac24b3"><code>b28c1f6</code></a> Add check for <code>unnecessary-default-type-args</code> (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9938">#9938</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/bd97b93db80298570bce6a0197c62d78a4d5134f"><code>bd97b93</code></a> [doc framework] Assert that the good and bad example exists in the doc (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9936">#9936</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/7aa44364a6c202dce8384eafad7f4d5fb6492dad"><code>7aa4436</code></a> Fix duplicate workflow step ids (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9934">#9934</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/09509163baaba140fca2633930a6632f05830246"><code>0950916</code></a> [pre-commit] Add codespell, and fix some existing typos (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9912">#9912</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/3b4a7f9ba6ed01298324d73e2e625324ee4a39e7"><code>3b4a7f9</code></a> Add details.rst for c-extension-no-member (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9933">#9933</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/7d60c27efc799dabd2aa217744636c81036c78c6"><code>7d60c27</code></a> Explicitly save cache in primer jobs</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/67acc9669fdaca388fcf2078413827941993b777"><code>67acc96</code></a> Add additional stdlib deprecations (mostly 3.13) (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9853">#9853</a>)</li>
<li><a href="https://github.com/pylint-dev/pylint/commit/0adf671a98b6171099b19e8d5d0d363421c8b451"><code>0adf671</code></a> Remove old-style classes code, remove check for new-style class (<a href="https://redirect.github.com/pylint-dev/pylint/issues/9925">#9925</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pylint-dev/pylint/compare/v3.2.6...v3.3.0">compare view</a></li>
</ul>
</details>
<br />

Updates `pytest` from 8.3.2 to 8.3.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p>
<blockquote>
<h2>8.3.3</h2>
<h1>pytest 8.3.3 (2024-09-09)</h1>
<h2>Bug fixes</h2>
<ul>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12446">#12446</a>: Avoid calling <code>@property</code> (and other instance descriptors) during fixture discovery -- by <code>asottile</code>{.interpreted-text role=&quot;user&quot;}</p>
</li>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12659">#12659</a>: Fixed the issue of not displaying assertion failure differences when using the parameter <code>--import-mode=importlib</code> in pytest&gt;=8.1.</p>
</li>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12667">#12667</a>: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.</p>
</li>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12744">#12744</a>: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by <code>Avasam</code>{.interpreted-text role=&quot;user&quot;}</p>
</li>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12745">#12745</a>: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.</p>
</li>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/6682">#6682</a>: Fixed bug where the verbosity levels where not being respected when printing the &quot;msg&quot; part of failed assertion (as in <code>assert condition, msg</code>).</p>
</li>
<li>
<p><a href="https://redirect.github.com/pytest-dev/pytest/issues/9422">#9422</a>: Fix bug where disabling the terminal plugin via <code>-p no:terminal</code> would cause crashes related to missing the <code>verbose</code> option.</p>
<p>-- by <code>GTowers1</code>{.interpreted-text role=&quot;user&quot;}</p>
</li>
</ul>
<h2>Improved documentation</h2>
<ul>
<li><a href="https://redirect.github.com/pytest-dev/pytest/issues/12663">#12663</a>: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.</li>
<li><a href="https://redirect.github.com/pytest-dev/pytest/issues/12678">#12678</a>: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.</li>
</ul>
<h2>Miscellaneous internal changes</h2>
<ul>
<li><a href="https://redirect.github.com/pytest-dev/pytest/issues/12769">#12769</a>: Fix typos discovered by codespell and add codespell to pre-commit hooks.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pytest-dev/pytest/commit/d0f136fe64f9374f18a04562305b178fb380d1ec"><code>d0f136f</code></a> build(deps): Bump pypa/gh-action-pypi-publish from 1.10.0 to 1.10.1 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12790">#12790</a>)</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/972f307c7861ae498e705d3d12e003fa4b035ac0"><code>972f307</code></a> Prepare release version 8.3.3</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/0dabdcfe4de99147a07bd577804b60818ea25bc4"><code>0dabdcf</code></a> Include co-authors in release announcement (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12795">#12795</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12797">#12797</a>)</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/a9910a413a691e1b216e2235a9cbec0921117702"><code>a9910a4</code></a> Do not discover properties when iterating fixtures (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12781">#12781</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12788">#12788</a>)</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/0f10b6b0d8138d3539de75cb7b2e33167b6fc882"><code>0f10b6b</code></a> Fix issue with slashes being turned into backslashes on Windows (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12760">#12760</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12">#12</a>...</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/300d13d2231db85186729c2091ea33480cb39c1a"><code>300d13d</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12785">#12785</a> from pytest-dev/patchback/backports/8.3.x/57cccf7f4...</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/e5d32c73abcf4fa1362b15aaf660074de8f710d4"><code>e5d32c7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12784">#12784</a> from svenevs/fix/docs-example-parametrize-minor-typo</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/bc913d194ec009699194b016ca619d5ae7f22c91"><code>bc913d1</code></a> Streamline checks for verbose option (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12706">#12706</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12778">#12778</a>)</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/01cfcc9f2dda817b25511772593012fd93e092d0"><code>01cfcc9</code></a> Fix typos and introduce codespell pre-commit hook (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12769">#12769</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12774">#12774</a>)</li>
<li><a href="https://github.com/pytest-dev/pytest/commit/4873394d53635ef62d1915d23972ed4281a784eb"><code>4873394</code></a> doc: Remove past training (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12772">#12772</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12773">#12773</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/8.3.2...8.3.3">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions


</details>

Bumps the pip-packages group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [pyyaml](https://github.com/yaml/pyyaml) | `6.0.1` | `6.0.2` | | [semgrep](https://github.com/returntocorp/semgrep) | `1.81.0` | `1.89.0` | | [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.30` | `9.5.35` | | [mike](https://github.com/jimporter/mike) | `2.1.2` | `2.1.3` | | [black](https://github.com/psf/black) | `24.4.2` | `24.8.0` | | [pylint](https://github.com/pylint-dev/pylint) | `3.2.6` | `3.3.0` | | [pytest](https://github.com/pytest-dev/pytest) | `8.3.2` | `8.3.3` | Updates `pyyaml` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](yaml/pyyaml@6.0.1...6.0.2) Updates `semgrep` from 1.81.0 to 1.89.0 - [Release notes](https://github.com/returntocorp/semgrep/releases) - [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md) - [Commits](semgrep/semgrep@v1.81.0...v1.89.0) Updates `mkdocs-material` from 9.5.30 to 9.5.35 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.30...9.5.35) Updates `mike` from 2.1.2 to 2.1.3 - [Release notes](https://github.com/jimporter/mike/releases) - [Changelog](https://github.com/jimporter/mike/blob/master/CHANGES.md) - [Commits](jimporter/mike@v2.1.2...v2.1.3) Updates `black` from 24.4.2 to 24.8.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@24.4.2...24.8.0) Updates `pylint` from 3.2.6 to 3.3.0 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](pylint-dev/pylint@v3.2.6...v3.3.0) Updates `pytest` from 8.3.2 to 8.3.3 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.3.2...8.3.3) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-packages - dependency-name: semgrep dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-packages - dependency-name: mkdocs-material dependency-type: direct:development update-type: version-update:semver-patch dependency-group: pip-packages - dependency-name: mike dependency-type: direct:development update-type: version-update:semver-patch dependency-group: pip-packages - dependency-name: black dependency-type: direct:development update-type: version-update:semver-minor dependency-group: pip-packages - dependency-name: pylint dependency-type: direct:development update-type: version-update:semver-minor dependency-group: pip-packages - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-patch dependency-group: pip-packages ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2024-09-20T22:20:16Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA afb9a85.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

pip/astroid

3.3.3

🟢 7.9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	🟢 10	SAST tool is run on all commits

pip/black

24.8.0

🟢 6.5

Details

Check	Score	Reason
Code-Review	🟢 7	Found 19/24 approved changesets -- score normalized to 7
Maintained	🟢 10	27 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected

pip/mike

2.1.3

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 8	7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	no SAST tool detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

pip/mkdocs-material

9.5.35

🟢 5.4

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

pip/pylint

3.3.0

🟢 7.3

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	🟢 5	badge detected: Passing
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	🟢 9	SAST tool detected but not run on all commits
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

pip/pytest

8.3.3

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 9	Found 13/14 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/pyyaml

6.0.2

🟢 6.4

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Maintained	🟢 10	2 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/rich

13.5.3

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 1	Found 1/6 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	🟢 10	SAST tool is run on all commits
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

pip/semgrep

1.89.0

Unknown

pip/PyYAML

6.0.2

🟢 6.4

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Maintained	🟢 10	2 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/semgrep

1.89.0

Unknown

Scanned Manifest Files

poetry.lock

astroid@3.3.3
black@24.8.0
mike@2.1.3
mkdocs-material@9.5.35
pylint@3.3.0
pytest@8.3.3
pyyaml@6.0.2
rich@13.5.3
semgrep@1.89.0
astroid@3.2.4
black@24.4.2
mike@2.1.2
mkdocs-material@9.5.30
pylint@3.2.6
pytest@8.3.2
pyyaml@6.0.1
rich@13.7.1
semgrep@1.81.0

pyproject.toml

PyYAML@6.0.2
semgrep@1.89.0
PyYAML@6.0.1
semgrep@1.81.0

github-actions · 2024-09-20T22:20:58Z

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	18	18	0%	5–32
app.py	81	4	95%	117, 177–178, 209
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	202	26	87%

Tests	Skipped	Failures	Errors	Time
18	0 💤	0 ❌	0 🔥	1.669s ⏱️

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 20, 2024

dependabot bot mentioned this pull request Sep 20, 2024

update: bump the pip-packages group across 1 directory with 7 updates #372

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: bump the pip-packages group across 1 directory with 7 updates #374

update: bump the pip-packages group across 1 directory with 7 updates #374

dependabot bot commented on behalf of github Sep 20, 2024

github-actions bot commented Sep 20, 2024

github-actions bot commented Sep 20, 2024

update: bump the pip-packages group across 1 directory with 7 updates #374

Are you sure you want to change the base?

update: bump the pip-packages group across 1 directory with 7 updates #374

Conversation

dependabot bot commented on behalf of github Sep 20, 2024

6.0.2

What's Changed

6.0.2rc1

Release v1.89.0

1.89.0 - 2024-09-19

Fixed

Release v1.88.0

1.88.0 - 2024-09-18

Added

github-actions bot commented Sep 20, 2024

Dependency Review

Snapshot Warnings

OpenSSF Scorecard

Scanned Manifest Files

github-actions bot commented Sep 20, 2024