chore(deps): update all non-major dependencies #24

renovate · 2024-07-01T02:30:26Z

This PR contains the following updates:

Package	Change	Type	Update
black (changelog)	`==24.3.0` -> `==24.4.2`		minor
certifi	`==2024.2.2` -> `==2024.6.2`		minor
docker.io/library/python	`3.12.2-slim` -> `3.12.4-slim`	final	patch
flake8 (changelog)	`==7.0.0` -> `==7.1.0`		minor
flake8-bugbear (changelog)	`==24.2.6` -> `==24.4.26`		minor
packaging	`==24.0` -> `==24.1`		minor
platformdirs	`==4.2.0` -> `==4.2.2`		patch
pycodestyle (changelog)	`==2.11.1` -> `==2.12.0`		minor
requests (source, changelog)	`==2.32.0` -> `==2.32.3`		patch

Release Notes

psf/black (black)

`v24.4.2`

Compare Source

This is a bugfix release to fix two regressions in the new f-string parser introduced in
24.4.1.

Parser

Fix regression where certain complex f-strings failed to parse (#4332)

Performance

Fix bad performance on certain complex string literals (#4331)

`v24.4.1`

Compare Source

Highlights

Add support for the new Python 3.12 f-string syntax introduced by PEP 701 (#3822)

Stable style

Fix crash involving indented dummy functions containing newlines (#4318)

Parser

Add support for type parameter defaults, a new syntactic feature added to Python 3.13
by PEP 696 (#4327)

Integrations

Github Action now works even when git archive is skipped (#4313)

`v24.4.0`

Compare Source

Stable style

Fix unwanted crashes caused by AST equivalency check (#4290)

Preview style

if guards in case blocks are now wrapped in parentheses when the line is too long.
(#4269)
Stop moving multiline strings to a new line unless inside brackets (#4289)

Integrations

Add a new option use_pyproject to the GitHub Action psf/black. This will read the
Black version from pyproject.toml. (#4294)

certifi/python-certifi (certifi)

`v2024.6.2`

Compare Source

pycqa/flake8 (flake8)

`v7.1.0`

Compare Source

PyCQA/flake8-bugbear (flake8-bugbear)

`v24.4.26`

Compare Source

B909: Fix false positive affecting containers of mutables (#469)

`v24.4.21`

Compare Source

B950: Add pragma comment to line length ignores (#463)
B909: Add more cases to detect + more container mutating functions (#460)

pypa/packaging (packaging)

platformdirs/platformdirs (platformdirs)

`v4.2.2`

Compare Source

What's Changed

Fix android detection when python4android is present by @tmolitor-stud-tu in https://github.com/platformdirs/platformdirs/pull/277

New Contributors

@tmolitor-stud-tu made their first contribution in https://github.com/platformdirs/platformdirs/pull/277

Full Changelog: tox-dev/platformdirs@4.2.1...4.2.2

`v4.2.1`

Compare Source

What's Changed

Switch to ruff for formatting and use codespell and docformatter by @gaborbernat in https://github.com/platformdirs/platformdirs/pull/261
Use hatch over tox by @gaborbernat in https://github.com/platformdirs/platformdirs/pull/262
chore: various minor fixes by @deronnax in https://github.com/platformdirs/platformdirs/pull/263
chore: update dead Microsoft's known folders documentation link by @deronnax in https://github.com/platformdirs/platformdirs/pull/267
Allow working without ctypes by @youknowone in https://github.com/platformdirs/platformdirs/pull/275

New Contributors

@deronnax made their first contribution in https://github.com/platformdirs/platformdirs/pull/263
@youknowone made their first contribution in https://github.com/platformdirs/platformdirs/pull/275

Full Changelog: tox-dev/platformdirs@4.2.0...4.2.1

psf/requests (requests)

`v2.32.3`

Compare Source

Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)

`v2.32.2`

Compare Source

Deprecations

To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)

`v2.32.1`

Compare Source

Bugfixes

Add missing test certs to the sdist distributed on PyPI.

Configuration

📅 Schedule: Branch creation - "every 3 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

github-actions · 2024-07-01T02:33:41Z

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Errors	Elapsed time
✅ ACTION	actionlint	4	0	0.06s
✅ DOCKERFILE	hadolint	1	0	0.16s
✅ EDITORCONFIG	editorconfig-checker	22	0	0.08s
✅ JSON	jsonlint	2	0	0.2s
⚠️ JSON	prettier	2	1	0.41s
✅ MARKDOWN	markdownlint	2	0	0.29s
✅ PYTHON	bandit	2	0	1.43s
✅ PYTHON	black	2	0	0.88s
✅ PYTHON	flake8	2	0	2.24s
✅ PYTHON	isort	2	0	0.26s
✅ PYTHON	mypy	2	0	7.91s
✅ PYTHON	ruff	2	0	0.02s
✅ REPOSITORY	checkov	yes	no	12.88s
✅ REPOSITORY	gitleaks	yes	no	0.09s
✅ REPOSITORY	git_diff	yes	no	0.0s
✅ REPOSITORY	grype	yes	no	15.42s
✅ REPOSITORY	kics	yes	no	3.35s
✅ REPOSITORY	secretlint	yes	no	0.6s
✅ REPOSITORY	syft	yes	no	0.31s
✅ REPOSITORY	trivy	yes	no	6.11s
✅ REPOSITORY	trivy-sbom	yes	no	2.55s
✅ REPOSITORY	trufflehog	yes	no	3.75s
✅ YAML	prettier	6	0	0.51s
✅ YAML	yamllint	6	0	0.29s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

Click here to request the new flavor

MegaLinter is graciously provided by

github-actions · 2024-07-01T10:49:16Z

Trivy image scan report

`ghcr.io/miracum/ohdsi-cohort-sync:pr-24 (debian 12.5)`

14 known vulnerabilities found (CRITICAL: 0 HIGH: 4 MEDIUM: 10 LOW: 0)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
`libgnutls30`	CVE-2024-28834	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libgnutls30`	CVE-2024-28835	MEDIUM	3.7.9-2+deb12u2	3.7.9-2+deb12u3
`libssl3`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libssl3`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`libsystemd0`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libsystemd0`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50387	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`libudev1`	CVE-2023-50868	HIGH	252.22-1~deb12u1	252.23-1~deb12u1
`openssl`	CVE-2023-5678	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6129	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2023-6237	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1
`openssl`	CVE-2024-0727	MEDIUM	3.0.11-1~deb12u2	3.0.13-1~deb12u1

No Misconfigurations found

`Python`

No Vulnerabilities found

No Misconfigurations found

miracum-bot · 2024-07-01T11:16:59Z

🎉 This PR is included in version 1.0.6 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

chore(deps): update all non-major dependencies

3d20915

renovate bot force-pushed the renovate/all-minor-patch branch from 426a144 to 3d20915 Compare July 1, 2024 10:45

chgl approved these changes Jul 1, 2024

View reviewed changes

chgl merged commit 4d7a9b0 into master Jul 1, 2024
14 checks passed

chgl deleted the renovate/all-minor-patch branch July 1, 2024 11:14

miracum-bot added the released label Jul 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies #24

chore(deps): update all non-major dependencies #24

renovate bot commented Jul 1, 2024 •

edited

Loading

github-actions bot commented Jul 1, 2024 •

edited

Loading

github-actions bot commented Jul 1, 2024

miracum-bot commented Jul 1, 2024

chore(deps): update all non-major dependencies #24

chore(deps): update all non-major dependencies #24

Conversation

renovate bot commented Jul 1, 2024 • edited Loading

Release Notes

Parser

Performance

Highlights

Stable style

Parser

Integrations

Stable style

Preview style

Integrations

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

Configuration

github-actions bot commented Jul 1, 2024 • edited Loading

🦙 MegaLinter status: ⚠️ WARNING

github-actions bot commented Jul 1, 2024

Trivy image scan report

ghcr.io/miracum/ohdsi-cohort-sync:pr-24 (debian 12.5)

14 known vulnerabilities found (CRITICAL: 0 HIGH: 4 MEDIUM: 10 LOW: 0)

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

miracum-bot commented Jul 1, 2024

renovate bot commented Jul 1, 2024 •

edited

Loading

github-actions bot commented Jul 1, 2024 •

edited

Loading

`ghcr.io/miracum/ohdsi-cohort-sync:pr-24 (debian 12.5)`

`Python`