Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump the general group with 5 updates #257

Merged
merged 1 commit into from
Nov 12, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 11, 2024

Bumps the general group with 5 updates:

Package From To
gevent 24.10.3 24.11.1
jedi 0.19.1 0.19.2
pyinstaller 6.11.0 6.11.1
pyinstaller-hooks-contrib 2024.9 2024.10
setuptools 75.3.0 75.4.0

Updates gevent from 24.10.3 to 24.11.1

Commits
  • e755b5c Preparing release 24.11.1
  • b5ee5dd greenlet.py: remove unneeded pylint directive. [skip ci]
  • c80b9fe Merge pull request #2077 from gevent/issue2076
  • 98999e8 stathelper.c: compatibility with Cython 3.1a1. Seems like there used to be a ...
  • 02311dd Make the PeriodicMonitorThreadStartedEvent actually implement the interface; ...
  • 71f046f Merge pull request #2074 from gevent/dependabot/github_actions/github-actions...
  • a6f6eca Remove some legacy Python 2 support code for compatibility with the upcoming ...
  • a454337 Bump pypa/gh-action-pypi-publish in the github-actions group
  • 07d2b7e Back to development: 24.10.4
  • See full diff in compare view

Updates jedi from 0.19.1 to 0.19.2

Changelog

Sourced from jedi's changelog.

0.19.2 (2024-11-10) +++++++++++++++++++

  • Python 3.13 support
Commits
  • 41e9e95 Increase Jedi version
  • b225678 Add a release for Python 3.13
  • 30adf43 Merge pull request #2027 from WutingjiaX/feat/filterImported
  • be6df62 filter imported names during completion
  • e53359a Fix a test that had issues with a minor upgrade of Python 3.12
  • 6e5d5b7 Enable workflow_dispatch in CI
  • 91ffdea Sort completions by input resemblance. (#2018)
  • 2859e4f Support inferring not expr to bool (#2016)
  • 8ee4c26 Merge pull request #2014 from WutingjiaX/feat/in_operator
  • 4d09ac0 When inferring comparison operators, return a definite type instead of NO_VAL...
  • Additional commits viewable in compare view

Updates pyinstaller from 6.11.0 to 6.11.1

Release notes

Sourced from pyinstaller's releases.

v6.11.1

Please see the v6.11.1 section of the changelog for a list of the changes since v6.11.0.

Changelog

Sourced from pyinstaller's changelog.

6.11.1 (2024-11-10)

Bugfix


* (GNU/Linux) Fix resolving binary dependencies linked using ``$ORIGIN``.
  (:issue:`8868`)
* (Linux) Fix discovery and collection of Python shared library when using
  ``uv``-installed or ``rye``-installed Python that happens to be of same
  version as the system-installed Python. (:issue:`8850`)
* (Linux/musl) Prevent ``ld-musl-x86_64.so.1`` from being collected.
  (:issue:`8868`)
* (Windows) Add a retry loop to ``onefile`` temporary directory cleanup
  as an attempt to mitigate situations when bundled DLLs and python
  extension modules remain locked by the OS and/or anti-virus program
  for a short while after the application process exits. (:issue:`8870`)
* (Windows) Fix Qt run-time hooks failing to add the top-level application
  directory to ``PATH`` when the latter already contains a sub-directory
  of the top-level application directory (for example, ``pywin32_system32``
  sub-directory added to ``PATH`` by ``pywin32`` run-time hook). This
  failure prevented QtNetwork from discovering bundled OpenSSL DLLs, and
  caused it to (attempt to) load them from other locations that happened
  to be in ``PATH``. (:issue:`8857`)
* Fix macOS's default icons being missing from wheels (regression introduced in
  v6.11.0) (:issue:`8855`)
* Prevent :mod:`tkinter` from being collected if it is unusable.
  (:issue:`8868`)

Hooks


* Prevent ``IPython`` from being packaged redundantly if ``matplotlib`` is
  imported. (:issue:`8868`)
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1318b8bc26d348147c4e99c0a7b60052a27eb1cc&quot;&gt;&lt;code&gt;1318b8b&lt;/code&gt;&lt;/a> Release v6.11.1. [skip ci]</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/9a113fed6bd245f602a9a636c9f9f86a86157bd3&quot;&gt;&lt;code&gt;9a113fe&lt;/code&gt;&lt;/a> tests: increase the waiting time in test_onefile_signal_handling</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1ddbbe0dc8ffb1602edf798772a9d0aacbec257d&quot;&gt;&lt;code&gt;1ddbbe0&lt;/code&gt;&lt;/a> bootloader: add a retry loop for deleting onefile temp. dir. on Windows</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/160475ce4d6f715f43a44e89998091930f4074c5&quot;&gt;&lt;code&gt;160475c&lt;/code&gt;&lt;/a> bootloader: attempt to remove temp dir again only if some DLLs were unloaded</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/3e3a768a7152c7dd9ffcfa901fd5f4fad4960408&quot;&gt;&lt;code&gt;3e3a768&lt;/code&gt;&lt;/a> bootloader: move mitigation of locked temporary directory into helper function</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/235f6b97368d0ae58c4bf65953c391b0522fee36&quot;&gt;&lt;code&gt;235f6b9&lt;/code&gt;&lt;/a> bootloader: POSIX: install signal handlers before forking the child process</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/e073700b4c50e1954e93fa826f993bfb5c70a6e0&quot;&gt;&lt;code&gt;e073700&lt;/code&gt;&lt;/a> tests: nested multiprocessing: do not assume order of results</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/d0d767b4ca0df9ef39ccd11958b8fecea4df2356&quot;&gt;&lt;code&gt;d0d767b&lt;/code&gt;&lt;/a> ci: Increase pytest-xdist forks</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/eabd58f7b76ec58482279d8357b0ffefaefc659c&quot;&gt;&lt;code&gt;eabd58f&lt;/code&gt;&lt;/a> hooks: Exclude IPython as a dependency of matplotlib.{pyplot,backend_bases}</li>
<li><a href="https://github.com/pyinstaller/pyinstaller/commit/cc12d93359d7378344a4dc39f87c9386e64899e6&quot;&gt;&lt;code&gt;cc12d93&lt;/code&gt;&lt;/a> Prevent broken tkinter from being packaged</li>
<li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v6.11.0...v6.11.1&quot;&gt;compare view</a></li>
</ul>
</details>

<br />

Updates pyinstaller-hooks-contrib from 2024.9 to 2024.10

Release notes

Sourced from pyinstaller-hooks-contrib's releases.

v2024.10

Please see the changelog for more details

Changelog

Sourced from pyinstaller-hooks-contrib's changelog.

2024.10 (2024-11-10)

New hooks


* Add hook for ``h3`` to collect its metadata (required with ``h3`` v4.0.0
  and later). (`[#825](https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/825)
  <https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/825>`_)
* Add hook for ``numbers_parser`` to ensure that package's data file is
  collected. (`[#823](https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/823)
  <https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/823>`_)
* Add hook for ``sv_ttk`` to ensure that its resources (.tcl files and
  images) are collected. (`[#826](https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/826)
  <https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/826>`_)

Updated hooks

  • Update falcon hook for compatibility with falcon v4.0.0. ([#820](https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/820) <https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/820>_)
  • Update tensorflow hook to automatically raise recursion limit to 5000 (if not already set to a higher value) in order to avoid recursion limit errors in certain import chains (dependent on build environment and other packages installed in it). ([#825](https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/825) <https://github.com/pyinstaller/pyinstaller-hooks-contrib/issues/825>_)
Commits
  • 7e7d08d Release v2024.10
  • 9403e99 Scheduled weekly dependency update for week 44 (#829)
  • 9c5eb90 cleanup: remove old (and now empty) license files
  • 6e64bcd Add hook for sv_ttk (#826)
  • f6922d0 hooks: tensorflow: automatically raise recursion limit
  • 5818893 hooks: add hook for h3
  • 7b505ad ci: pr-test: query installed packages to determine extra dependencies
  • 4626e15 Scheduled weekly dependency update for week 43 (#825)
  • a08c1e5 ci: add python 3.12 and 3.13, and use macos-13 and macos-14
  • d4f1599 hooks: add hook for numbers_parser
  • Additional commits viewable in compare view

Updates setuptools from 75.3.0 to 75.4.0

Changelog

Sourced from setuptools's changelog.

v75.4.0

Features

  • Added support for the environment variable SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true, allowing users to bypass the validation of pyproject.toml. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that pyproject.toml complies with setuptools requirements. (#4611)
  • Require Python 3.9 or later. (#4718)
  • Remove dependency on importlib_resources and the vendored copy of the library. Instead, setuptools consistently rely on stdlib's importlib.resources (available on Python 3.9+). (#4718)
  • Setuptools' bdist_wheel implementation no longer produces wheels with the m SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:sys.abiflags). (#4718)
  • Updated vendored packaging version to 24.2. (#4740)

Bugfixes

  • Merge with pypa/distutils@251797602, including fix for dirutil.mkpath handling in pypa/distutils#304.
Commits
  • 8f5559c Bump version: 75.3.0 → 75.4.0
  • 6cc5f08 Update mypy requirement from ==1.12.* to >=1.12,<1.14 (#4700)
  • 748c851 Update mypy requirement from ==1.12.* to >=1.12,<1.14
  • c9d980f Refactor/unify/extract shutil.rmtree callbacks (and avoid repetition) (#4682)
  • db2b206 Extract test for shutil.rmtree callback to its own file
  • bb93502 Add docstring
  • 8272bc3 Refactor usage of shutil.rmtree in other parts of setuptools
  • 6ddac39 Ignore some lines for coverage
  • b9be144 Attempt to solve typechecking problems
  • 1678730 Extract common pattern to remove dir if exists to setuptools._shutil
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the general group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [gevent](https://github.com/gevent/gevent) | `24.10.3` | `24.11.1` |
| [jedi](https://github.com/davidhalter/jedi) | `0.19.1` | `0.19.2` |
| [pyinstaller](https://github.com/pyinstaller/pyinstaller) | `6.11.0` | `6.11.1` |
| [pyinstaller-hooks-contrib](https://github.com/pyinstaller/pyinstaller-hooks-contrib) | `2024.9` | `2024.10` |
| [setuptools](https://github.com/pypa/setuptools) | `75.3.0` | `75.4.0` |


Updates `gevent` from 24.10.3 to 24.11.1
- [Release notes](https://github.com/gevent/gevent/releases)
- [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst)
- [Commits](gevent/gevent@24.10.3...24.11.1)

Updates `jedi` from 0.19.1 to 0.19.2
- [Changelog](https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst)
- [Commits](davidhalter/jedi@v0.19.1...v0.19.2)

Updates `pyinstaller` from 6.11.0 to 6.11.1
- [Release notes](https://github.com/pyinstaller/pyinstaller/releases)
- [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst)
- [Commits](pyinstaller/pyinstaller@v6.11.0...v6.11.1)

Updates `pyinstaller-hooks-contrib` from 2024.9 to 2024.10
- [Release notes](https://github.com/pyinstaller/pyinstaller-hooks-contrib/releases)
- [Changelog](https://github.com/pyinstaller/pyinstaller-hooks-contrib/blob/master/CHANGELOG.rst)
- [Commits](pyinstaller/pyinstaller-hooks-contrib@v2024.9...v2024.10)

Updates `setuptools` from 75.3.0 to 75.4.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v75.3.0...v75.4.0)

---
updated-dependencies:
- dependency-name: gevent
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: general
- dependency-name: jedi
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: general
- dependency-name: pyinstaller
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: general
- dependency-name: pyinstaller-hooks-contrib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: general
- dependency-name: setuptools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: general
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 11, 2024
Copy link

sonarcloud bot commented Nov 11, 2024

Copy link

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

License Issues

requirements.txt

PackageVersionLicenseIssue Type
gevent24.11.1NullUnknown License
jedi0.19.2NullUnknown License
pyinstaller6.11.1NullUnknown License
pyinstaller-hooks-contrib2024.10NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/gevent 24.11.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Packaging🟢 10packaging workflow detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
pip/jedi 0.19.2 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 7Found 10/13 approved changesets -- score normalized to 7
Maintained🟢 104 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/pyinstaller 6.11.1 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 9Found 16/17 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
License🟢 9license file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/pyinstaller-hooks-contrib 2024.10 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 8Found 22/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/setuptools 75.4.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 5Found 7/13 approved changesets -- score normalized to 5
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • requirements.txt

@Nick2bad4u Nick2bad4u merged commit d40f54c into main Nov 12, 2024
46 checks passed
@dependabot dependabot bot deleted the dependabot/pip/general-1c41bccbd2 branch November 12, 2024 04:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant