Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deps: Bump the python-packages group with 5 updates #1176

Merged
merged 1 commit into from
Oct 14, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 14, 2024

Bumps the python-packages group with 5 updates:

Package From To
coverage 7.6.1 7.6.3
black 24.8.0 24.10.0
anyio 4.6.0 4.6.2
charset-normalizer 3.3.2 3.4.0
markupsafe 2.1.5 3.0.1

Updates coverage from 7.6.1 to 7.6.3

Changelog

Sourced from coverage's changelog.

Version 7.6.3 — 2024-10-13

  • Fix: nested context managers could incorrectly be analyzed to flag a missing branch on the last context manager, as described in issue 1876_. This is now fixed.

  • Fix: the missing branch message about not exiting a module had an extra "didn't," as described in issue 1873_. This is now fixed.

.. _issue 1873: nedbat/coveragepy#1873 .. _issue 1876: nedbat/coveragepy#1876

.. _changes_7-6-2:

Version 7.6.2 — 2024-10-09

  • Dropped support for Python 3.8 and PyPy 3.8.

  • Fix: a final wildcard match/case clause assigning to a name (case _ as value) was incorrectly marked as a missing branch. This is now fixed, closing issue 1860_.

  • Fewer things are considered branches now. Lambdas, comprehensions, and generator expressions are no longer marked as missing branches if they don't complete execution. Closes issue 1852_.

  • Fix: the HTML report didn't properly show multi-line f-strings that end with a backslash continuation. This is now fixed, closing issue 1836, thanks to LiuYinCarl and Marco Ricci <pull 1838_>.

  • Fix: the LCOV report now has correct line numbers (fixing issue 1846) and better branch descriptions for BRDA records (fixing issue 1850). There are other changes to lcov also, including a new configuration option :ref:line_checksums <config_lcov_line_checksums> to control whether line checksums are included in the lcov report. The default is false. To keep checksums set it to true. All this work is thanks to Zack Weinberg (pull 1849_ and pull 1851_).

  • Fixed the docs for multi-line regex exclusions, closing issue 1863_.

  • Fixed a potential crash in the C tracer, closing issue 1835, thanks to Jan Kühle <pull 1843_>.

.. _issue 1835: nedbat/coveragepy#1835 .. _issue 1836: nedbat/coveragepy#1836 .. _pull 1838: nedbat/coveragepy#1838 .. _pull 1843: nedbat/coveragepy#1843

... (truncated)

Commits
  • 342a4cb docs: sample HTML for 7.6.3
  • df03796 docs: prep for 7.6.3
  • 378c321 fix: nested context managers shouldn't cause a phantom missing branch #1876
  • c8902ed build: pypy 3.9 doesn't seem to be available nightly
  • c59a77b docs(build): put a header on the GitHub releases
  • 65ac395 docs: fix a link in the changes
  • 2d3e72c docs: add coverage-simple-excludes to the docs
  • 474a363 fix: didn't-ectomy. #1873
  • 5229fc3 docs: mention 1852 is fixed
  • 6a4506f build(docs): upgrade doc dependencies
  • Additional commits viewable in compare view

Updates black from 24.8.0 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

  • Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
  • Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
  • Black no longer supports running with Python 3.8 (#4452)

Stable style

  • Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
  • Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

  • Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

  • Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

  • Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
  • blackd now requires a newer version of aiohttp. (#4451)

Output

  • Added Python target version information on parse error (#4378)
  • Add information about Black version to internal error messages (#4457)
Changelog

Sourced from black's changelog.

24.10.0

Highlights

  • Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
  • Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
  • Black no longer supports running with Python 3.8 (#4452)

Stable style

  • Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
  • Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

  • Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

  • Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

  • Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
  • blackd now requires a newer version of aiohttp. (#4451)

Output

  • Added Python target version information on parse error (#4378)
  • Add information about Black version to internal error messages (#4457)
Commits

Updates anyio from 4.6.0 to 4.6.2

Release notes

Sourced from anyio's releases.

4.6.2

  • Fixed regression caused by (#807) that prevented the use of parametrized async fixtures

4.6.1

This release contains all the changes from both v4.5.1 and v4.6.0, plus:

  • Fixed TaskGroup and CancelScope producing cyclic references in tracebacks when raising exceptions (#806) (PR by @​graingert)
Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.6.2

  • Fixed regression caused by ([#807](https://github.com/agronholm/anyio/issues/807) <https://github.com/agronholm/anyio/pull/807>_) that prevented the use of parametrized async fixtures

4.6.1

This release contains all the changes from both v4.5.1 and v4.6.0, plus:

  • Fixed TaskGroup and CancelScope producing cyclic references in tracebacks when raising exceptions ([#806](https://github.com/agronholm/anyio/issues/806) <https://github.com/agronholm/anyio/pull/806>_) (PR by @​graingert)

4.6.0

This release is the successor to v4.5.0 with Python 3.8 support dropped, and does not contain the changes from v4.5.1.

  • Dropped support for Python 3.8 (as [#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_ cannot be resolved without cancel message support)
  • Fixed 100% CPU use on asyncio while waiting for an exiting task group to finish while said task group is within a cancelled cancel scope ([#695](https://github.com/agronholm/anyio/issues/695) <https://github.com/agronholm/anyio/issues/695>_)
  • Fixed cancel scopes on asyncio not propagating CancelledError on exit when the enclosing cancel scope has been effectively cancelled ([#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_)
  • Fixed asyncio task groups not yielding control to the event loop at exit if there were no child tasks to wait on
  • Fixed inconsistent task uncancellation with asyncio cancel scopes belonging to a task group when said task group has child tasks running

4.5.1

As Python 3.8 support was dropped in v4.6.0, this interim release was created to bring a regression fix to Python 3.8, and adds a few other fixes also present in v4.6.1.

  • Fixed acquring a lock twice in the same task on asyncio hanging instead of raising a RuntimeError ([#798](https://github.com/agronholm/anyio/issues/798) <https://github.com/agronholm/anyio/issues/798>_)
  • Fixed an async fixture's self being different than the test's self in class-based tests ([#633](https://github.com/agronholm/anyio/issues/633) <https://github.com/agronholm/anyio/issues/633>_) (PR by @​agronholm and @​graingert)
  • Fixed TypeError with TLSStream on Windows when a certificate verification error occurs when using a truststore <https://github.com/sethmlarson/truststore>_ SSL certificate ([#795](https://github.com/agronholm/anyio/issues/795) <https://github.com/agronholm/anyio/issues/795>_)

... (truncated)

Commits
  • 5861355 Bumped up the version
  • f6ddfc8 Fixed a regression in the pytest plugin that broke parametrized async fixtures
  • 4ecc963 Bumped up the version
  • 5489fbd Fixed tox configuration
  • 77b94df Updated Path documentation and made is_junction() conditional (#800)
  • bf130dc Fixed TypeError when TLS handshake fails with truststore SSLContext (#801)
  • 4cb89a5 Migrated to native TOML configuration for Tox
  • 6bebf18 Made test_start_task_soon_cancel_immediately() less flaky
  • e8546bd Rebind instance method fixtures to the same instance as the test (#807)
  • 57bcbc9 Updated macOS and Windows to test on Python 3.13 by default
  • Additional commits viewable in compare view

Updates charset-normalizer from 3.3.2 to 3.4.0

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.0

🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] All of this while our community is still struggling to make a firm advancement in HTTP clients. Now, many of you use Requests as the defacto http client, now, and for many years now, Requests has been frozen. Being left in a vegetative state and not evolving, this blocked millions of developers from using more advanced features.

We promptly invite Python developers to look at the drop-in replacement for Requests, namely Niquests. It leverage charset-normalizer in a better way! Check it out, you will be positively surprised! Don't wait another decade.

We are thankful to @​microsoft and involved parties for funding our work through the Microsoft FOSS Fund program.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Changelog

Sourced from charset-normalizer's changelog.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Commits
  • f3118e3 🔧 change download/upload artifact version to last working version
  • 33e67e8 🔧 set compile-generator in generator_generic_slsa3 action
  • 73dd24c 🔧 add explicit build deps to setuptools
  • 78f1e9b 🔧 attempt to fix cd.yml *3
  • 56ae702 🔧 attempt to fix cd.yml *2
  • 9720055 🔧 attempt to fix cd.yml (macos part)
  • 1e10d06 Update CHANGELOG.md
  • 36c103a 🔖 Release 3.4.0 (#545)
  • 7658dfc ⬆️ Bump github/codeql-action from 3.26.11 to 3.26.12 (#544)
  • ca2535d ⬆️ Bump github/codeql-action from 3.26.9 to 3.26.11 (#542)
  • Additional commits viewable in compare view

Updates markupsafe from 2.1.5 to 3.0.1

Release notes

Sourced from markupsafe's releases.

3.0.1

This is the MarkupSafe 3.0.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.1/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-1 (pending a fix to the docs build) Milestone: https://github.com/pallets/markupsafe/milestone/13?closed=1

  • Address compiler warnings that became errors in GCC 14. #466
  • Fix compatibility with proxy objects. #467

3.0.0

This is the MarkupSafe 3.0.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. The 3.0.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/MarkupSafe/3.0.0/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-0 (pending a fix to the docs build) Milestone: https://github.com/pallets/markupsafe/milestone/10?closed=1

  • Support Python 3.13 and its experimental free-threaded build. #461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348
  • Change distutils imports to setuptools. #399
  • Use deferred evaluation of annotations. #400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402
  • Speed up escaping plain strings by 40%. #434
  • Simplify speedups implementation. #437
Changelog

Sourced from markupsafe's changelog.

Version 3.0.1

Released 2024-10-08

  • Address compiler warnings that became errors in GCC 14. :issue:466
  • Fix compatibility with proxy objects. :issue:467

Version 3.0.0

Released 2024-10-07

  • Support Python 3.13 and its experimental free-threaded build. :pr:461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:348
  • Change distutils imports to setuptools. :pr:399
  • Use deferred evaluation of annotations. :pr:400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. :pr:400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. :issue:401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. :pr:402
  • Speed up escaping plain strings by 40%. :pr:434
  • Simplify speedups implementation. :pr:437
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.1` | `7.6.3` |
| [black](https://github.com/psf/black) | `24.8.0` | `24.10.0` |
| [anyio](https://github.com/agronholm/anyio) | `4.6.0` | `4.6.2` |
| [charset-normalizer](https://github.com/Ousret/charset_normalizer) | `3.3.2` | `3.4.0` |
| [markupsafe](https://github.com/pallets/markupsafe) | `2.1.5` | `3.0.1` |


Updates `coverage` from 7.6.1 to 7.6.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.6.1...7.6.3)

Updates `black` from 24.8.0 to 24.10.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.8.0...24.10.0)

Updates `anyio` from 4.6.0 to 4.6.2
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Changelog](https://github.com/agronholm/anyio/blob/master/docs/versionhistory.rst)
- [Commits](agronholm/anyio@4.6.0...4.6.2)

Updates `charset-normalizer` from 3.3.2 to 3.4.0
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.3.2...3.4.0)

Updates `markupsafe` from 2.1.5 to 3.0.1
- [Release notes](https://github.com/pallets/markupsafe/releases)
- [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst)
- [Commits](pallets/markupsafe@2.1.5...3.0.1)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: anyio
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: charset-normalizer
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: markupsafe
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested review from a team as code owners October 14, 2024 04:17
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 14, 2024
@greenbonebot greenbonebot enabled auto-merge (rebase) October 14, 2024 04:17
Copy link

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 8efaad7.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/anyio 4.6.2 🟢 5.7
Details
CheckScoreReason
Code-Review🟢 6Found 14/22 approved changesets -- score normalized to 6
Maintained🟢 1029 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/black 24.10.0 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 7Found 22/28 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
pip/charset-normalizer 3.4.0 🟢 8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1021 out of 21 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 1/12 approved changesets -- score normalized to 0
Contributors🟢 3project has 1 contributing companies or organizations -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases🟢 104 out of the last 4 releases have a total of 4 signed artifacts.
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/coverage 7.6.3 🟢 8.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
License🟢 10license file detected
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
pip/markupsafe 3.0.1 🟢 6.7
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/15 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases🟢 105 out of the last 5 releases have a total of 5 signed artifacts.
Packaging🟢 10packaging workflow detected
Security-Policy🟢 9security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

poetry.lock
  • anyio@4.6.2
  • black@24.10.0
  • charset-normalizer@3.4.0
  • coverage@7.6.3
  • markupsafe@3.0.1
  • anyio@4.6.0
  • black@24.8.0
  • charset-normalizer@3.3.2
  • coverage@7.6.1
  • markupsafe@2.1.5

Copy link

Conventional Commits Report

Type Number
Dependencies 1

🚀 Conventional commits found.

Copy link

codecov bot commented Oct 14, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.60%. Comparing base (3ee2f98) to head (8efaad7).
Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1176      +/-   ##
==========================================
+ Coverage   97.57%   97.60%   +0.02%     
==========================================
  Files          65       65              
  Lines        4544     4544              
  Branches      832      825       -7     
==========================================
+ Hits         4434     4435       +1     
  Misses         74       74              
+ Partials       36       35       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@greenbonebot greenbonebot merged commit db803a6 into main Oct 14, 2024
22 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-981806b496 branch October 14, 2024 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants