From e544a4baf43a06a9b10e14184f6c2da32c06df8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Apr 2023 10:57:31 +0000 Subject: [PATCH 1/4] build(deps): bump coverage from 7.2.3 to 7.2.4 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.3 to 7.2.4. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.2.3...7.2.4) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements/test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/test.txt b/requirements/test.txt index 4792dbd7d4..b65926705a 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -4,4 +4,4 @@ -r pinned.txt # coverage measurement -coverage==7.2.3 +coverage==7.2.4 From ac419451ccafb7a2417695d6cb2ba58295711965 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Apr 2023 10:58:26 +0000 Subject: [PATCH 2/4] build(deps): bump github/codeql-action from 2.3.0 to 2.3.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...f3feb00acb00f31a6f60280e6ace9ca31d91c76a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index dae1cf68d1..78a8ef68f7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,9 +25,9 @@ jobs: uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab - name: Initialize CodeQL - uses: github/codeql-action/init@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 + uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a with: languages: 'python' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 + uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e3377cfd0d..d8cccac918 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -34,6 +34,6 @@ jobs: publish_results: true - name: "Upload to code-scanning dashboard" - uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 + uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a with: sarif_file: results.sarif From 1de47255c5c1e4af708e1d29d667932f47301f15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 May 2023 10:59:07 +0000 Subject: [PATCH 3/4] build(deps): bump coverage from 7.2.4 to 7.2.5 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.4 to 7.2.5. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.2.4...7.2.5) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements/test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/test.txt b/requirements/test.txt index b65926705a..70f52e6d85 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -4,4 +4,4 @@ -r pinned.txt # coverage measurement -coverage==7.2.4 +coverage==7.2.5 From 078f996781f8620fa315d2c0af1b76c31a179996 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 May 2023 11:14:47 +0000 Subject: [PATCH 4/4] build(deps): bump requests from 2.28.2 to 2.29.0 Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.29.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.28.2...v2.29.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements/pinned.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/pinned.txt b/requirements/pinned.txt index f24a40fab2..903f44de40 100644 --- a/requirements/pinned.txt +++ b/requirements/pinned.txt @@ -5,6 +5,6 @@ cryptography==40.0.2 # via securesystemslib idna==3.4 # via requests pycparser==2.21 # via cffi pynacl==1.5.0 # via securesystemslib -requests==2.28.2 +requests==2.29.0 securesystemslib[crypto,pynacl]==0.28.0 urllib3==1.26.15 # via requests