Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deps: Bump the python-packages group with 3 updates #791

Merged
merged 1 commit into from
Feb 10, 2025
Merged

Deps: Bump the python-packages group with 3 updates #791

merged 1 commit into from
Feb 10, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 10, 2025

Bumps the python-packages group with 3 updates: autohooks, ruff and autohooks-plugin-ruff.

Updates autohooks from 24.2.0 to 25.2.0

Release notes

Sourced from autohooks's releases.

autohooks 25.2.0

[25.2.0] - 2025-02-04

Added

  • Allow to check if a Config has a key 52e7ea9
  • Allow to load a config from a string b4ea89a

Changed

  • Use poetry group for declaring dev dependencies b54e905

Bug Fixes

  • Linting in CI via ruff check f2d11b9

Dependencies

  • Bump the dependencies group with 9 updates 537b609
  • Bump semver from 3.0.3 to 3.0.4 in the dependencies group 0a98d0e
  • Bump the dependencies group with 2 updates cd3f0ce
  • Bump the dependencies group with 3 updates 6a7fb3a
  • Bump the dependencies group with 4 updates 1f7613e
  • Bump the dependencies group with 2 updates b2514f1
  • Bump the dependencies group with 6 updates 64b2a77
  • Bump the dependencies group with 3 updates 10360c4
  • Bump the dependencies group across 1 directory with 7 updates 1d6668b
  • Bump the dependencies group with 4 updates a13a639
  • Bump the dependencies group with 3 updates 098b784
  • Bump the dependencies group with 2 updates 91afcd9
  • Bump the dependencies group with 3 updates 382ce0a
  • Bump the dependencies group with 5 updates ba996b3
  • Bump the dependencies group with 6 updates 21ac5b6
  • Bump the dependencies group with 4 updates 6a198a6
  • Bump ruff from 0.6.7 to 0.6.8 in the dependencies group (#684) 23c66dc
  • Bump the dependencies group with 3 updates d238e5a
  • Bump the dependencies group with 8 updates 885cd29
  • Bump the dependencies group across 1 directory with 7 updates 9e3d9e2
  • Bump the dependencies group with 4 updates b899778
  • Bump the dependencies group with 3 updates cd28f75
  • Bump the dependencies group with 6 updates 55374a1
  • Bump the dependencies group with 4 updates 6ab3546
  • Bump the dependencies group with 7 updates 740fd7e
  • Bump the dependencies group with 6 updates 027c99a
  • Bump the dependencies group with 4 updates 152fb36
  • Bump the dependencies group across 1 directory with 4 updates c812998
  • Bump certifi from 2024.6.2 to 2024.7.4 02c703d
  • Bump urllib3 from 2.2.1 to 2.2.2 f59e430
  • Bump ruff from 0.4.8 to 0.4.9 in the dependencies group 7dd2970
  • Bump the dependencies group with 4 updates 751534b
  • Bump the dependencies group with 6 updates b5a7ce0
  • Bump the dependencies group with 6 updates a2e3a37
  • Bump the dependencies group with 3 updates 4138aac
  • Bump the dependencies group with 4 updates aaecf68

... (truncated)

Commits
  • 3179489 Automatic release to 25.2.0
  • 52e7ea9 Add: Allow to check if a Config has a key
  • b4ea89a Add: Allow to load a config from a string
  • 232e20d Update beatifulsoup4 dependency
  • b54e905 Change: Use poetry group for declaring dev dependencies
  • 537b609 Deps: Bump the dependencies group with 9 updates
  • 0a98d0e Deps: Bump semver from 3.0.3 to 3.0.4 in the dependencies group
  • cd3f0ce Deps: Bump the dependencies group with 2 updates
  • 6a7fb3a Deps: Bump the dependencies group with 3 updates
  • 1f7613e Deps: Bump the dependencies group with 4 updates
  • Additional commits viewable in compare view

Updates ruff from 0.9.4 to 0.9.5

Release notes

Sourced from ruff's releases.

0.9.5

Release Notes

Preview features

  • Recognize all symbols named TYPE_CHECKING for in_type_checking_block (#15719)
  • [flake8-comprehensions] Handle builtins at top of file correctly for unnecessary-dict-comprehension-for-iterable (C420) (#15837)
  • [flake8-logging] .exception() and exc_info= outside exception handlers (LOG004, LOG014) (#15799)
  • [flake8-pyi] Fix incorrect behaviour of custom-typevar-return-type preview-mode autofix if typing was already imported (PYI019) (#15853)
  • [flake8-pyi] Fix more complex cases (PYI019) (#15821)
  • [flake8-pyi] Make PYI019 autofixable for .py files in preview mode as well as stubs (#15889)
  • [flake8-pyi] Remove type parameter correctly when it is the last (PYI019) (#15854)
  • [pylint] Fix missing parens in unsafe fix for unnecessary-dunder-call (PLC2801) (#15762)
  • [pyupgrade] Better messages and diagnostic range (UP015) (#15872)
  • [pyupgrade] Rename private type parameters in PEP 695 generics (UP049) (#15862)
  • [refurb] Also report non-name expressions (FURB169) (#15905)
  • [refurb] Mark fix as unsafe if there are comments (FURB171) (#15832)
  • [ruff] Classes with mixed type variable style (RUF053) (#15841)
  • [airflow] BashOperator has been moved to airflow.providers.standard.operators.bash.BashOperator (AIR302) (#15922)
  • [flake8-pyi] Add autofix for unused-private-type-var (PYI018) (#15999)
  • [flake8-pyi] Significantly improve accuracy of PYI019 if preview mode is enabled (#15888)

Rule changes

  • Preserve triple quotes and prefixes for strings (#15818)
  • [flake8-comprehensions] Skip when TypeError present from too many (kw)args for C410,C411, and C418 (#15838)
  • [flake8-pyi] Rename PYI019 and improve its diagnostic message (#15885)
  • [pep8-naming] Ignore @override methods (N803) (#15954)
  • [pyupgrade] Reuse replacement logic from UP046 and UP047 to preserve more comments (UP040) (#15840)
  • [ruff] Analyze deferred annotations before enforcing mutable-(data)class-default and function-call-in-dataclass-default-argument (RUF008,RUF009,RUF012) (#15921)
  • [pycodestyle] Exempt sys.path += ... calls (E402) (#15980)

Configuration

  • Config error only when flake8-import-conventions alias conflicts with isort.required-imports bound name (#15918)
  • Workaround Even Better TOML crash related to allOf (#15992)

Bug fixes

  • [flake8-comprehensions] Unnecessary list comprehension (rewrite as a set comprehension) (C403) - Handle extraneous parentheses around list comprehension (#15877)
  • [flake8-comprehensions] Handle trailing comma in fixes for unnecessary-generator-list/set (C400,C401) (#15929)
  • [flake8-pyi] Fix several correctness issues with custom-type-var-return-type (PYI019) (#15851)
  • [pep8-naming] Consider any number of leading underscore for N801 (#15988)
  • [pyflakes] Visit forward annotations in TypeAliasType as types (F401) (#15829)
  • [pylint] Correct min/max auto-fix and suggestion for (PL1730) (#15930)
  • [refurb] Handle unparenthesized tuples correctly (FURB122, FURB142) (#15953)
  • [refurb] Avoid None | None as well as better detection and fix (FURB168) (#15779)

Documentation

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.5

Preview features

  • Recognize all symbols named TYPE_CHECKING for in_type_checking_block (#15719)
  • [flake8-comprehensions] Handle builtins at top of file correctly for unnecessary-dict-comprehension-for-iterable (C420) (#15837)
  • [flake8-logging] .exception() and exc_info= outside exception handlers (LOG004, LOG014) (#15799)
  • [flake8-pyi] Fix incorrect behaviour of custom-typevar-return-type preview-mode autofix if typing was already imported (PYI019) (#15853)
  • [flake8-pyi] Fix more complex cases (PYI019) (#15821)
  • [flake8-pyi] Make PYI019 autofixable for .py files in preview mode as well as stubs (#15889)
  • [flake8-pyi] Remove type parameter correctly when it is the last (PYI019) (#15854)
  • [pylint] Fix missing parens in unsafe fix for unnecessary-dunder-call (PLC2801) (#15762)
  • [pyupgrade] Better messages and diagnostic range (UP015) (#15872)
  • [pyupgrade] Rename private type parameters in PEP 695 generics (UP049) (#15862)
  • [refurb] Also report non-name expressions (FURB169) (#15905)
  • [refurb] Mark fix as unsafe if there are comments (FURB171) (#15832)
  • [ruff] Classes with mixed type variable style (RUF053) (#15841)
  • [airflow] BashOperator has been moved to airflow.providers.standard.operators.bash.BashOperator (AIR302) (#15922)
  • [flake8-pyi] Add autofix for unused-private-type-var (PYI018) (#15999)
  • [flake8-pyi] Significantly improve accuracy of PYI019 if preview mode is enabled (#15888)

Rule changes

  • Preserve triple quotes and prefixes for strings (#15818)
  • [flake8-comprehensions] Skip when TypeError present from too many (kw)args for C410,C411, and C418 (#15838)
  • [flake8-pyi] Rename PYI019 and improve its diagnostic message (#15885)
  • [pep8-naming] Ignore @override methods (N803) (#15954)
  • [pyupgrade] Reuse replacement logic from UP046 and UP047 to preserve more comments (UP040) (#15840)
  • [ruff] Analyze deferred annotations before enforcing mutable-(data)class-default and function-call-in-dataclass-default-argument (RUF008,RUF009,RUF012) (#15921)
  • [pycodestyle] Exempt sys.path += ... calls (E402) (#15980)

Configuration

  • Config error only when flake8-import-conventions alias conflicts with isort.required-imports bound name (#15918)
  • Workaround Even Better TOML crash related to allOf (#15992)

Bug fixes

  • [flake8-comprehensions] Unnecessary list comprehension (rewrite as a set comprehension) (C403) - Handle extraneous parentheses around list comprehension (#15877)
  • [flake8-comprehensions] Handle trailing comma in fixes for unnecessary-generator-list/set (C400,C401) (#15929)
  • [flake8-pyi] Fix several correctness issues with custom-type-var-return-type (PYI019) (#15851)
  • [pep8-naming] Consider any number of leading underscore for N801 (#15988)
  • [pyflakes] Visit forward annotations in TypeAliasType as types (F401) (#15829)
  • [pylint] Correct min/max auto-fix and suggestion for (PL1730) (#15930)
  • [refurb] Handle unparenthesized tuples correctly (FURB122, FURB142) (#15953)
  • [refurb] Avoid None | None as well as better detection and fix (FURB168) (#15779)

Documentation

  • Add deprecation warning for ruff-lsp related settings (#15850)

... (truncated)

Commits
  • 10d3e64 Bump version to 0.9.5 (#16002)
  • 84ceddc [ruff] Classes with mixed type variable style (RUF053) (#15841)
  • ba2f0e9 [flake8-pyi] Add autofix for unused-private-type-var (PYI018) (#15999)
  • 18b497a [red-knot] Fixup a couple of nits in the red_knot_test README (#15996)
  • 7cac0da Workaround Even Better TOML crash related to allOf (#15992)
  • b66cc94 Add deprecation warning for ruff-lsp related settings (#15850)
  • e345307 [red-knot] Fix diagnostic range for non-iterable unpacking assignments (#15994)
  • 5588c75 [red-knot] Fix relative imports in src.root (#15990)
  • 9d2105b add instance variable examples to RUF012 (#15982)
  • 8fcac0f Recognize all symbols named TYPE_CHECKING for in_type_checking_block (#15...
  • Additional commits viewable in compare view

Updates autohooks-plugin-ruff from 24.1.0 to 25.2.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Deps: Bump the python-packages group with 3 updates
0e9010b 
Bumps the python-packages group with 3 updates: [autohooks](https://github.com/greenbone/autohooks), [ruff](https://github.com/astral-sh/ruff) and [autohooks-plugin-ruff](https://github.com/greeenbone/autohooks-plugin-ruff).


Updates `autohooks` from 24.2.0 to 25.2.0
- [Release notes](https://github.com/greenbone/autohooks/releases)
- [Commits](greenbone/autohooks@v24.2.0...v25.2.0)

Updates `ruff` from 0.9.4 to 0.9.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.9.4...0.9.5)

Updates `autohooks-plugin-ruff` from 24.1.0 to 25.2.0
- [Commits](https://github.com/greeenbone/autohooks-plugin-ruff/commits)

---
updated-dependencies:
- dependency-name: autohooks
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: autohooks-plugin-ruff
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner February 10, 2025 04:53
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 10, 2025
@github-actions GitHub Actions
Copy link

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0e9010b.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
ruff0.9.50BSD AND Apache-2.0 AND BSD-3-Clause AND MITIncompatible License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib

OpenSSF Scorecard

PackageVersionScoreDetails
pip/autohooks 25.2.0 🟢 6.9
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 6Found 3/5 approved changesets -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
pip/autohooks-plugin-ruff 25.2.0 UnknownUnknown
pip/ruff 0.9.5 UnknownUnknown

Scanned Files

  • poetry.lock

@github-actions GitHub Actions
Copy link

Conventional Commits Report

Type Number
Dependencies 1

🚀 Conventional commits found.

@mbrinkhoff mbrinkhoff merged commit fede29e into main Feb 10, 2025
12 of 13 checks passed
@mbrinkhoff mbrinkhoff deleted the dependabot/pip/python-packages-61f88b2d4d branch February 10, 2025 08:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbrinkhoff mbrinkhoff mbrinkhoff approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mbrinkhoff