Bump the dev-dependencies group across 1 directory with 3 updates #126

dependabot · 2024-10-07T05:03:22Z

Bumps the dev-dependencies group with 3 updates in the / directory: bandit, pre-commit-hooks and safety.

Updates bandit from 1.7.9 to 1.7.10

Release notes

1.7.10

What's Changed

Bump docker/build-push-action from 5.4.0 to 6.0.0 by @dependabot in PyCQA/bandit#1147

Suggested small refactors in assignments by @ericwb in PyCQA/bandit#1150

Performance improvement in blacklist function by @ericwb in PyCQA/bandit#1148

Add test for usage of FTP_TLS by @ericwb in PyCQA/bandit#1149

New check: B113: TrojanSource - Bidirectional control characters by @Lucas-C in PyCQA/bandit#757

Bump docker/build-push-action from 6.0.0 to 6.1.0 by @dependabot in PyCQA/bandit#1152

feat(plugins): add support for httpx in B113 by @mkniewallner in PyCQA/bandit#1060

Nit: remove unused variable by @ericwb in PyCQA/bandit#1153

Add recent releases to version choice in bug report by @ericwb in PyCQA/bandit#1151

Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in PyCQA/bandit#1155

Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in PyCQA/bandit#1157

Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in PyCQA/bandit#1156

Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in PyCQA/bandit#1158

Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in PyCQA/bandit#1159

Bump docker/build-push-action from 6.3.0 to 6.5.0 by @dependabot in PyCQA/bandit#1160

Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in PyCQA/bandit#1163

Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in PyCQA/bandit#1166

Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in PyCQA/bandit#1165

Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in PyCQA/bandit#1168

Use consistent file naming of docs by @ericwb in PyCQA/bandit#1170

Pytorch Load / Save Plugin by @lukehinds in PyCQA/bandit#1114

New Contributors

@Lucas-C made their first contribution in PyCQA/bandit#757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

Commits

36fd650 Pytorch Load / Save Plugin (#1114)
4ac55df Use consistent file naming of docs (#1170)
68022aa Bump docker/build-push-action from 6.6.1 to 6.7.0 (#1168)
77566a0 Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#1165)
221ced6 Bump docker/build-push-action from 6.5.0 to 6.6.1 (#1166)
701b7d5 Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#1163)
320495c Bump docker/build-push-action from 6.3.0 to 6.5.0 (#1160)
90490c7 Bump docker/login-action from 3.2.0 to 3.3.0 (#1159)
708ab74 Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#1158)
89d2345 Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#1156)
Additional commits viewable in compare view

Updates pre-commit-hooks from 4.6.0 to 5.0.0

Changelog

Sourced from pre-commit-hooks's changelog.

5.0.0 - 2024-10-05

Features

requirements-txt-fixer: also remove pkg_resources==....

#850 PR by @ericfrederich.

#1030 issue by @ericfrederich.

check-illegal-windows-names: new hook!

#1044 PR by @ericfrederich.

#589 issue by @ericfrederich.

#1049 PR by @Jeffrey-Lim.

pretty-format-json: continue processing even if a file has a json error.

#1039 PR by @amarvin.

#1038 issue by @amarvin.

Fixes

destroyed-symlinks: set stages to [pre-commit, pre-push, manual]

PR #1085 by @AdrianDC.

Migrating

pre-commit-hooks now requires pre-commit>=3.2.0.

use non-deprecated names for stages.

#1093 PR by @asottile.

Commits

cef0300 v5.0.0
f47ab2f Merge pull request #1049 from Jeffrey-Lim/main
fd01124 Extend check for illegal Windows filenames
515e8b3 Merge pull request #1085 from AdrianDC/destroyed-symlinks
c7d1e85 set stages for destroyed-symlinks
5b5b46d Merge pull request #1093 from pre-commit/non-deprecated-stages-names
003dfa5 update stages names to the non-deprecated names
ed71474 Merge pull request #1088 from pre-commit/pre-commit-ci-update-config
6553d02 remove types-all
6952eeb [pre-commit.ci] pre-commit autoupdate
Additional commits viewable in compare view

Updates safety from 3.2.7 to 3.2.8

Changelog

Sourced from safety's changelog.

[3.2.8] - 2024-09-27

feat: enhance version comparison logic for check-updates command (#605)

docs: add demo Jupyter Notebook (#601)

feat: add script to generate CONTRIBUTORS.md with Shields.io badges based on merged PRs (#600)

chore: fix CLI help text by removing rich formatting for cleaner output (#599)

chore: hide system scan from help text (#598)

chore: add LICENSES.md file to document dependency licenses (#597)

docs: add SECURITY.md file with security policy and bug bounty details (#593)

Commits

31b1821 chore/release-3.2.8 (#606)
dec98e0 fix/check-updates-fixes (#605)
15e757c Demo Jupyter Notebook (#601)
af7fa27 Add Script to Generate CONTRIBUTORS.md with Shields.io Badges Based on Merged...
01c2c28 chore/fix-cli-help-text: remove rich formatting for cleaner help text (#599)
84b981d chore/hide-system-scan-from-help-text (#598)
96ddcb5 chore: add LICENSES.md file with dependency licenses (#597)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-dependencies group with 3 updates in the / directory: [bandit](https://github.com/PyCQA/bandit), [pre-commit-hooks](https://github.com/pre-commit/pre-commit-hooks) and [safety](https://github.com/pyupio/safety). Updates `bandit` from 1.7.9 to 1.7.10 - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.7.9...1.7.10) Updates `pre-commit-hooks` from 4.6.0 to 5.0.0 - [Release notes](https://github.com/pre-commit/pre-commit-hooks/releases) - [Changelog](https://github.com/pre-commit/pre-commit-hooks/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit-hooks@v4.6.0...v5.0.0) Updates `safety` from 3.2.7 to 3.2.8 - [Release notes](https://github.com/pyupio/safety/releases) - [Changelog](https://github.com/pyupio/safety/blob/main/CHANGELOG.md) - [Commits](pyupio/safety@3.2.7...3.2.8) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: pre-commit-hooks dependency-type: direct:development update-type: version-update:semver-major dependency-group: dev-dependencies - dependency-name: safety dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-10-21T04:41:17Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 7, 2024

dependabot bot force-pushed the dependabot/pip/dev-dependencies-52bb835171 branch from 2701b30 to f7c19d9 Compare October 14, 2024 04:28

dependabot bot closed this Oct 21, 2024

dependabot bot deleted the dependabot/pip/dev-dependencies-52bb835171 branch October 21, 2024 04:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dev-dependencies group across 1 directory with 3 updates #126

Bump the dev-dependencies group across 1 directory with 3 updates #126

dependabot bot commented on behalf of github Oct 7, 2024 •

edited

Loading

dependabot bot commented on behalf of github Oct 21, 2024

Bump the dev-dependencies group across 1 directory with 3 updates #126

Bump the dev-dependencies group across 1 directory with 3 updates #126

Conversation

dependabot bot commented on behalf of github Oct 7, 2024 • edited Loading

1.7.10

What's Changed

New Contributors

5.0.0 - 2024-10-05

Features

Fixes

Migrating

[3.2.8] - 2024-09-27

dependabot bot commented on behalf of github Oct 21, 2024

dependabot bot commented on behalf of github Oct 7, 2024 •

edited

Loading