build(deps): bump the general group across 1 directory with 5 updates

[dependabot]

Bumps the general group with 5 updates in the / directory:

Package	From	To
pbr	6.0.0	6.1.0
pefile	2023.2.7	2024.8.26
pyparsing	3.1.2	3.1.4
setuptools	73.0.1	74.0.0
zope-interface	7.0.1	7.0.3

Updates pbr from 6.0.0 to 6.1.0

Updates pefile from 2023.2.7 to 2024.8.26

Release notes

Sourced from pefile's releases.

pefile 2024.8.26

What's Changed

• Close the data attribute before reassigning it by @​adang1345 in erocarrera/pefile#367
• Floor division (//) does mathematical division with the floor functio… by @​j-t-1 in erocarrera/pefile#373
• Update new dvrt type and Load Config filed adapt to Windows11 by @​zjgcjy in erocarrera/pefile#374
• fix PE.get_data by @​mak in erocarrera/pefile#379
• Fix ambiguous string syntax for PEid parsing regexp by @​hillu in erocarrera/pefile#388
• fixed a memory leak that caused the pe file to be access locked. by @​daniel-mekuria in erocarrera/pefile#386
• Exphash from sha256 to md5 to match imphash by @​N0fix in erocarrera/pefile#377
• More readable calls to superclass by @​j-t-1 in erocarrera/pefile#393
• Fix cache_adjust_FileAlignment to work with files not aligned to 0x200 by @​asivery in erocarrera/pefile#397
• [StepSecurity] Apply security best practices by @​step-security-bot in erocarrera/pefile#399
• Create sets using curly brackets by @​j-t-1 in erocarrera/pefile#400
• Change IOError to OSError by @​j-t-1 in erocarrera/pefile#401
• Apply isort to sort all imports by @​j-t-1 in erocarrera/pefile#403
• Remove "OC Patch" comments by @​j-t-1 in erocarrera/pefile#408
• Update tox.ini Python versions by @​j-t-1 in erocarrera/pefile#409
• Use with statement to write to file by @​j-t-1 in erocarrera/pefile#418
• Remove distutils use by @​j-t-1 in erocarrera/pefile#417
• Use chaining comparison operators by @​j-t-1 in erocarrera/pefile#416
• Replace list comprehension with set comprehension by @​j-t-1 in erocarrera/pefile#415
• Use not in operator by @​j-t-1 in erocarrera/pefile#414
• Replace base class name with super() by @​j-t-1 in erocarrera/pefile#413
• Increase readability and consistency by @​j-t-1 in erocarrera/pefile#412
• Tiny comment improvements by @​j-t-1 in erocarrera/pefile#410
• Update oleaut32.py from oleaut32.dll by @​j-t-1 in erocarrera/pefile#406
• Improve parse_rich_header by @​j-t-1 in erocarrera/pefile#402
• Include ordinals for wsock32.dll by @​j-t-1 in erocarrera/pefile#405
• Update ws2_32.py from ws2_32.dll by @​j-t-1 in erocarrera/pefile#404
• Update pefile.py for typo by @​Derekt2 in erocarrera/pefile#398
• Add parsing for IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS by @​aursulis in erocarrera/pefile#365

New Contributors

• @​adang1345 made their first contribution in erocarrera/pefile#367
• @​zjgcjy made their first contribution in erocarrera/pefile#374
• @​mak made their first contribution in erocarrera/pefile#379
• @​daniel-mekuria made their first contribution in erocarrera/pefile#386
• @​N0fix made their first contribution in erocarrera/pefile#377
• @​asivery made their first contribution in erocarrera/pefile#397
• @​step-security-bot made their first contribution in erocarrera/pefile#399
• @​Derekt2 made their first contribution in erocarrera/pefile#398
• @​aursulis made their first contribution in erocarrera/pefile#365

Full Changelog: erocarrera/pefile@v2023.2.7...v2024.8.26

Commits

• 4b3b1e2 Update version for new release 2024.8.26
• ee1e3eb Delete README
• 14a4c71 Address issue brought up in PR #385
• 1be5822 Update tests.yaml
• 33e5c75 Ran black
• bacbdad Follow up from PR #365
• 77e233e Merge pull request #365 from aursulis/parse-ex-dllcharacteristics
• a60cc07 Merge branch 'master' into parse-ex-dllcharacteristics
• 36855ba Merge pull request #398 from Derekt2/patch-1
• 153e688 Merge pull request #404 from j-t-1/ws2_32
• Additional commits viewable in compare view

Updates pyparsing from 3.1.2 to 3.1.4

Changelog

Sourced from pyparsing's changelog.

Version 3.1.4 - August, 2024

• Fixed a regression introduced in pyparsing 3.1.3, addition of a type annotation that referenced re.Pattern. Since this type was introduced in Python 3.7, using this type definition broke Python 3.6 installs of pyparsing 3.1.3. PR submitted by Felix Fontein, nice work!

Version 3.1.3 - August, 2024

• Added new Tag ParserElement, for inserting metadata into the parsed results. This allows a parser to add metadata or annotations to the parsed tokens. The Tag element also accepts an optional value parameter, defaulting to True. See the new tag_metadata.py example in the examples directory.

  Example:

    # add tag indicating mood
    end_punc = "." | ("!" + Tag("enthusiastic")))
    greeting = "Hello" + Word(alphas) + end_punc
  result = greeting.parse_string("Hello World.")
  print(result.dump())
  result = greeting.parse_string("Hello World!")
  print(result.dump())
  

  prints:

    ['Hello', 'World', '.']
  ['Hello', 'World', '!']
  
  enthusiastic: True
  

Added example mongodb_query_expression.py, to convert human-readable infix query expressions (such as a==100 and b>=200) and transform them into the equivalent query argument for the pymongo package ({'$and': [{'a': 100}, {'b': {'$gte': 200}}]}). Supports many equality and inequality operators - see the docstring for the transform_query function for more examples.

Fixed issue where PEP8 compatibility names for ParserElement static methods were not themselves defined as staticmethods. When called using a ParserElement instance, this resulted in a TypeError exception. Reported by eylenburg (#548).

To address a compatibility issue in RDFLib, added a property setter for the ParserElement.name property, to call ParserElement.set_name.

Modified ParserElement.set_name() to accept a None value, to clear the defined name and corresponding error message for a ParserElement.

... (truncated)

Commits

• b846e4a Prep for 3.1.4 release
• 9bd2356 Add Python 3.6 to CI (#566)
• ee50a19 Add Tag notes to HowToUsePyparsing.rst
• 3ffc3ef Fix typo
• e5e97f7 Add mongodb_query_expression.py to examples; updated 0README.html and test_ex...
• 10cef98 Add Tag ParserElement class
• cf41d90 Prep for 3.1.3 release
• d7c163c Some minor code changes in chemical_formulas.py
• eb56030 Various code cleanups
• a9e7d47 Added name property setter, and enhanced set_name() to accept a None value to...
• Additional commits viewable in compare view

Updates setuptools from 73.0.1 to 74.0.0

Changelog

Sourced from setuptools's changelog.

v74.0.0

Features

• Changed the type of error raised by setuptools.command.easy_install.CommandSpec.from_param on unsupported argument from AttributeError to TypeError -- by :user:Avasam (#4548)
• Added detection of ARM64 variant of MSVC -- by :user:saschanaz (#4553)
• Made setuptools.package_index.Credential a typing.NamedTuple -- by :user:Avasam (#4585)
• Reraise error from setuptools.command.easy_install.auto_chmod instead of nonsensical TypeError: 'Exception' object is not subscriptable -- by :user:Avasam (#4593)
• Fully typed all collection attributes in pkg_resources -- by :user:Avasam (#4598)
• Automatically exclude .tox|.nox|.venv directories from sdist. (#4603)

Deprecations and Removals

• Removed the monkeypatching of distutils._msvccompiler. Now all compiler logic is consolidated in distutils. (#4600)
• Synced with pypa/distutils@58fe058e4, including consolidating Visual Studio 2017 support (#4600, pypa/distutils#289pypa/distutils#287#4606)

Misc

• #4592

Commits

• 98ad794 Bump version: 73.0.1 → 74.0.0
• b4fb917 Merge pull request #4600 from pypa/debt/msvc-monkey
• 18a44d8 Add news fragment.
• 5f8215d Merge pull request #4548 from Avasam/from_param-TypeError
• 6928048 Merge branch 'main' into debt/msvc-monkey
• 11a6b59 Merge pull request #4606 from pypa/distutils-58fe058e4
• 903604b Reraise sensible errors from auto_chmod (#4593)
• 8ec5b5a Add missing news fragment for PR 4603
• e90dfd5 Exclude top-level .tox|.nox|.venv from sdist (#4603)
• ef2957a Reraise sensible errors from auto_chmod
• Additional commits viewable in compare view

Updates zope-interface from 7.0.1 to 7.0.3

Changelog

Sourced from zope-interface's changelog.

7.0.3 (2024-08-27)

• Fix Assertion 'memb->type == T_PYSSIZET' failed. for Python < 3.12. ([#319](https://github.com/zopefoundation/zope.interface/issues/319) <https://github.com/zopefoundation/zope.interface/issues/319>_)

7.0.2 (2024-08-26)

• Fix reference-counting bug in C module initialization (broken in 7.0). ([#316](https://github.com/zopefoundation/zope.interface/issues/316) <https://github.com/zopefoundation/zope.interface/issues/316>_)

Commits

• cf5ac5b Prepare release 7.0.3
• ef32bf2 Merge pull request #320 from zopefoundation/fix-weaklistoffset
• 81f64e3 Fix weaklistoffset in SB_members with USE_EXPLICIT_WEAKREFLIST
• c3a4945 svb
• bcf4cbb Merge pull request #318 from zopefoundation/release-7.0.2
• db74300 Prepare 7.0.2 release
• 9a2d03e Merge pull request #317 from zopefoundation/davisagli-fix-gc-assertion
• c8ada7e call Py_INCREF after null check
• f9a7458 Fix refcounting bug in module initialization
• a44f50e - remove appveyor reference [ci skip]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

requirements.txt

Package	Version	License	Issue Type
zope.interface	7.0.3	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/pbr	6.1.0	Unknown	Unknown
pip/pefile	2024.8.26	🟢 5.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches CI-Tests 🟢 9 13 out of 14 merged PRs checked by a CI test -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 5 found 11 unreviewed changesets out of 25 -- score normalized to 5 Contributors 🟢 10 10 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ 0 0 out of 5 artifacts are signed or have provenance Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 no vulnerabilities detected
pip/pyparsing	3.1.4	🟢 6.6	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Maintained 🟢 10 18 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/setuptools	74.0.0	🟢 6	Details Check Score Reason Code-Review 🟢 4 Found 7/15 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/zope.interface	7.0.3	🟢 6.2	Details Check Score Reason Code-Review 🟢 4 Found 8/18 approved changesets -- score normalized to 4 Maintained 🟢 10 17 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud