chore(deps-dev): bump the development-dependencies group with 3 updates#100
chore(deps-dev): bump the development-dependencies group with 3 updates#100dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the development-dependencies group with 3 updates: [coverage](https://github.com/coveragepy/coveragepy), [gitpython](https://github.com/gitpython-developers/GitPython) and [python-semantic-release](https://github.com/python-semantic-release/python-semantic-release). Updates `coverage` from 7.15.0 to 7.15.1 - [Release notes](https://github.com/coveragepy/coveragepy/releases) - [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.15.0...7.15.1) Updates `gitpython` from 3.1.50 to 3.1.51 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.50...3.1.51) Updates `python-semantic-release` from 10.6.0 to 10.6.1 - [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) - [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst) - [Commits](python-semantic-release/python-semantic-release@v10.6...v10.6.1) --- updated-dependencies: - dependency-name: coverage dependency-version: 7.15.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: gitpython dependency-version: 3.1.51 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: python-semantic-release dependency-version: 10.6.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
AssigneesThe following users could not be added as assignees: LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
There was a problem hiding this comment.
Nice work! 😎
I didn't find anything of concern
List of skipped files due to configuration
Risk: 🟢 Low
Risk analysis
The highest scoring dimensions are blast_radius and operational_risk. blast_radius scores a 2 because the changes affect development dependencies used across the project, potentially impacting build processes and developer workflows. operational_risk scores a 1 due to the possibility of compatibility issues or unexpected behavior from updated dependencies, though the updates are minor versions and include bug fixes. Other dimensions score 0 as they do not introduce direct security concerns, data integrity risks, or significant reversibility challenges.
Reviewed with 🤟 by Zenable
Bumps the development-dependencies group with 3 updates: coverage, gitpython and python-semantic-release.
Updates
coveragefrom 7.15.0 to 7.15.1Changelog
Sourced from coverage's changelog.
Commits
da63beddocs: sample HTML for 7.15.1bc35e64docs: prep for 7.15.1182b010perf: resolve sysmon branch events lazily, one pair at a time (#2221)ee271eeperf: compute multiline maps cheaply in the sysmon core (#2220)1441b96chore: bump the action-dependencies group with 6 updates (#2225)dd80635fix: escape context labels in html report inline script block (#2224)7c3ae71docs: normalize earlier history order (#2222)088dc60chore: make upgradef7e15a8test: upload .json and .xml coverage reports3b62112docs: thanks, Paul KehrerUpdates
gitpythonfrom 3.1.50 to 3.1.51Release notes
Sourced from gitpython's releases.
Commits
7b0764dbump to v3.1.51af027beMerge pull request #2163 from gitpython-developers/fix-unguarded-blame701ce32fix: Guard unsafe git command options (GHSA-956x-8gvw-wg5v)65a7283Merge pull request #2168 from gitpython-developers/advisory-fix-13e59876Merge pull request #2169 from gitpython-developers/fix-config-assertf033017chore: avoid duplicate runs of CI in PRs1551238fix: allow relative config paths with includes (#2103)5680608fix: reject joined unsafe short options181e8edAddress review feedback about unsafe option abbreviations40f1424Add Commit.is_shallow property; document stats() limitation at shallow bounda...Updates
python-semantic-releasefrom 10.6.0 to 10.6.1Release notes
Sourced from python-semantic-release's releases.
Changelog
Sourced from python-semantic-release's changelog.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions