⚠️ CONFLICT! Lineage pull request for: skeleton #57
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cisagovbot
added
the
upstream update
The repo name we were using redirects to the correct place, but we may as well cut out the middle man.
…orrect staticcheck package URL Co-Authored By: @mcdonnnj <mcdonnj@users.noreply.github.com>
Co-authored-by: Shane Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value.
Our standard practice for YAML files is to sort keys alphabetically.
Co-authored-by: David Harris <David.Harris@associates.cisa.dhs.gov>
Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
…b-action" This reverts commit ddbf6f7. This can be done now that cisagov/setup-env-github-action#65 has been merged.
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Add crazy-max/ghaction-github-labeler as a commented out dependency to ignore in the dependabot configuration file. This should be enabled in downstream projects to consolidate updating this Action to the cisagov/skeleton-generic repository.
Add go packages for pre-commit
Use the correct repo name for the ansible-lint pre-commit hook
…nfiguration Update the Dependabot configuration
Delete duplicate word "are"
Add nixfmt pre-commit hook
…s/checkout-4 Bump actions/checkout from 3 to 4
Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive
This is done automatically with the `pre-commit autoupdate` command.
This mirror was created to leverage performance optimizations from mypyc wheels that are available if black is installed from PyPI. These wheels are not available if black is installed from source as it would be using the old URL. Please see psf/black#3828 and psf/black#3405 for more information.
This action is added in a separate "diagnostics" job. As configured it will never fail, but it will print out the status of the various GitHub components. This information will sometimes be useful when determining why builds fail after the fact. Co-authored-by: Mark Feldhousen <mark.feldhousen@gwe.cisa.dhs.gov> Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
Even though the diagnostics job is not currently configured to fail due to the GitHub status, it is still true that if the job is unable to run that does not bode well for the lint job's successful execution. Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com>
This can be useful when debugging why a GH Action failed. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This GH Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc. Co-authored-by: felddy <mark.feldhousen@gwe.cisa.dhs.gov>
This task can only provide coverage for the job that contains it.
…oks_are_sorted Sort hook ids in each `pre-commit` hook entry
We should use the same version of bandit throughout the pre-commit configuration.
This Python library is used in this project, so we should include it.
…nitor task for jobs that lack them
Add a directive for hashicorp/setup-packer that was missed when it was added to the `build` workflow. Add a directive for cisagov/setup-env-github-action that is not strictly necessary since we currently just pull from the `develop` branch, but is good to have in case we were to change that in the future.
Add missing dependabot ignore directives
# Conflicts: # .github/dependabot.yml
This is being done because the pip-audit pre-commit hook identifies a vulnerability in ansible-core version 2.16.13. Note that this requires that we bump up ansible to version 10 since all versions of ansible 9 have a dependency on ~=2.16.X.
Version 24.10.0 is the first version that supports Fedora 41 as a valid platform.
The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core to >2.16.13, but in the spirit of the earlier, optional pin of ansible>=10 we pin ansible-core to >=2.17. This effectively also pins ansible to >=10. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
…n-for-ansible-core Bump up the lower bound on `ansible-core`
…-pre-commit-hook-version Update the version of the `ansible-lint` `pre-commit` hook
Remove support for Python 3.7 and 3.8
Add the `--non-interactive` flag when installing type stubs via `mypy`
Improve pytest configuration
⚠️ CONFLICT! Lineage pull request for: skeleton
Add `dev` dependencies section
…ary-pins Remove two unnecessary pins
Support Python 3.13
…/skeleton # Conflicts: # .github/CODEOWNERS # setup.py # src/example/example.py # tests/test_example.py
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| .decode("utf-8") | ||
| .strip() | ||
| ) | ||
| logging.info('Secret="%s"', secret_message) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we should avoid logging the content of secret_message directly. Instead, we can log a message indicating that the secret message was accessed without revealing its content. This way, we maintain the functionality of logging the event without exposing sensitive information.
- Replace the line that logs the
secret_messagewith a line that logs a generic message indicating that the secret message was accessed. - Ensure that the new log message does not contain any sensitive information.
Suggested changeset
1
src/example/example.py
| @@ -102,3 +102,3 @@ | ||
| ) | ||
| logging.info('Secret="%s"', secret_message) | ||
| logging.info('Secret message accessed successfully.') | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Check the "Everything is cool" checkbox below:
Mark this draft pull request "Ready for review".
Note: You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage