From d4d856767d89faf6e9ebae069671a9151c2c7f31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 20:13:49 +0200 Subject: [PATCH 1/6] build(deps): bump pre-commit from 3.5.0 to 4.0.1 (#2464) Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.5.0 to 4.0.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v3.5.0...v4.0.1) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f8e9c3bc6..30a117cbb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -114,7 +114,7 @@ dev = [ # we want all developer environments to be consistent. # These dependencies are not used in production environments # and should not conflict with other libraries/tooling. - "pre-commit==3.5.0", + "pre-commit==4.0.1", "pytest==8.0.0", "pytest-sugar==1.0.0", "pytest-instafail==0.5.0", From 24236dda0e1d088ea5840f4b89f234882cc97d01 Mon Sep 17 00:00:00 2001 From: Soufiane Fariss Date: Wed, 23 Oct 2024 00:05:39 +0200 Subject: [PATCH 2/6] ci: skip changelog.yml when PR author is `dependabot` --- .github/workflows/changelog.yml | 5 ++++- CHANGELOG.md | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 8bf5d67cc..20914f43f 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -13,7 +13,10 @@ permissions: jobs: check_changelog: # no need to check for dependency updates via dependabot - if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' + # github.event.pull_request.user.login refers to PR author + if: | + github.event.pull_request.user.login != 'dependabot[bot]' && + github.event.pull_request.user.login != 'dependabot-preview[bot]' runs-on: ubuntu-latest env: NO_CHANGELOG: '[x] No CHANGELOG update needed' diff --git a/CHANGELOG.md b/CHANGELOG.md index 65d339590..d2decf6ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -186,6 +186,7 @@ Special thanks to our repeat and new contributors: - CI: update tests.yml workflow to exclude web and documentation files #2263 @s-ff - CI: update build.yml workflow to exclude web and documentation files #2270 @s-ff - CI: add web releases workflow #2455 @s-ff +- CI: skip changelog.yml for dependabot PRs #2471 ### Raw diffs From 0237059cbd50ee5d86b9591c89222c9b1553a322 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 09:04:34 +0200 Subject: [PATCH 3/6] build(deps): bump black from 24.8.0 to 24.10.0 (#2462) * build(deps): bump black from 24.8.0 to 24.10.0 Bumps [black](https://github.com/psf/black) from 24.8.0 to 24.10.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/24.8.0...24.10.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --------- Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 30a117cbb..bb3a6e1b0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -131,7 +131,7 @@ dev = [ "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", "ruff==0.6.4", - "black==24.8.0", + "black==24.10.0", "isort==5.13.2", "mypy==1.11.2", "mypy-protobuf==3.6.0", From 296255f581586507fce41c38878e3a23595e6242 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 09:05:50 +0200 Subject: [PATCH 4/6] build(deps): bump setuptools from 75.1.0 to 75.2.0 (#2468) Bumps [setuptools](https://github.com/pypa/setuptools) from 75.1.0 to 75.2.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v75.1.0...v75.2.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz --- pyproject.toml | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index bb3a6e1b0..48773eb73 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -151,7 +151,7 @@ build = [ # These dependencies are not used in production environments # and should not conflict with other libraries/tooling. "pyinstaller==6.10.0", - "setuptools==75.1.0", + "setuptools==75.2.0", "build==1.2.2" ] scripts = [ diff --git a/requirements.txt b/requirements.txt index 7e6354282..1847b3f6d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -39,7 +39,7 @@ pyyaml==6.0.2 rich==13.9.2 ruamel-yaml==0.18.6 ruamel-yaml-clib==0.2.8 -setuptools==75.1.0 +setuptools==75.2.0 six==1.16.0 sortedcontainers==2.4.0 viv-utils==0.7.11 From 77758e89221442c25e0e9d99c9793215422c221d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 09:06:28 +0200 Subject: [PATCH 5/6] build(deps): bump mypy from 1.11.2 to 1.12.1 (#2469) Bumps [mypy](https://github.com/python/mypy) from 1.11.2 to 1.12.1. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.11.2...v1.12.1) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 48773eb73..eab5204ef 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -133,7 +133,7 @@ dev = [ "ruff==0.6.4", "black==24.10.0", "isort==5.13.2", - "mypy==1.11.2", + "mypy==1.12.1", "mypy-protobuf==3.6.0", "PyGithub==2.4.0", # type stubs for mypy From 7d983af9077a26b246d09fffb76bf9804a55589d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 09:07:05 +0200 Subject: [PATCH 6/6] build(deps): bump xmltodict from 0.13.0 to 0.14.2 (#2470) Bumps [xmltodict](https://github.com/martinblech/xmltodict) from 0.13.0 to 0.14.2. - [Changelog](https://github.com/martinblech/xmltodict/blob/master/CHANGELOG.md) - [Commits](https://github.com/martinblech/xmltodict/compare/v0.13.0...v0.14.2) --- updated-dependencies: - dependency-name: xmltodict dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1847b3f6d..4bc0cdd81 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,7 +31,7 @@ pydantic==2.9.2 # but dependabot updates these separately (which is broken) and is annoying, # so we rely on pydantic to pull in the right version of pydantic-core. # pydantic-core==2.23.4 -xmltodict==0.13.0 +xmltodict==0.14.2 pyelftools==0.31 pygments==2.18.0 python-flirt==0.8.10