Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ruff from 0.4.10 to 0.5.0 #10471

Closed
wants to merge 1 commit into from
Closed

Bump ruff from 0.4.10 to 0.5.0 #10471

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 28, 2024

Bumps ruff from 0.4.10 to 0.5.0.

Release notes

Sourced from ruff's releases.

0.5.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

  • Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
  • Selecting ALL now excludes deprecated rules
  • The released archives now include an extra level of nesting, which can be removed with --strip-components=1 when untarring.
  • The release artifact's file name no longer includes the version tag. This enables users to install via /latest URLs on GitHub.
  • The diagnostic ranges for some flake8-bandit rules were modified (#10667).

Deprecations

The following rules are now deprecated:

Remapped rules

The following rules have been remapped to new rule codes:

Stabilization

The following rules have been stabilized and are no longer in preview:

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

  • Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
  • Selecting ALL now excludes deprecated rules
  • The released archives now include an extra level of nesting, which can be removed with --strip-components=1 when untarring.
  • The release artifact's file name no longer includes the version tag. This enables users to install via /latest URLs on GitHub.
  • The diagnostic ranges for some flake8-bandit rules were modified (#10667).

Deprecations

The following rules are now deprecated:

Remapped rules

The following rules have been remapped to new rule codes:

Stabilization

The following rules have been stabilized and are no longer in preview:

... (truncated)

Commits
  • 244b923 Add necessary permissions for cargo-dist Docker build (#12072)
  • a8b48fc Release v0.5.0 (#12068)
  • 04c8597 [flake8-simplify] Stabilize detection of Yoda conditions for "constant" col...
  • 4029a25 [Ruff v0.5] Stabilise 15 pylint rules (#12051)
  • 0917ce1 Update documentation to mention etcetera crate instead of dirs for user c...
  • 22cebdf Add server config to filter out syntax error diagnostics (#12059)
  • 72b6c26 Simplify LinterResult, avoid cloning ParseError (#11903)
  • 73851e7 Avoid displaying syntax error as log message (#11902)
  • e7b4969 Remove E999 as a rule, disallow any disablement methods for syntax error (#...
  • c98d8a0 [pyflakes] Stabilize detection of is comparisons to lists, etc. (F632) (#...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ruff from 0.4.10 to 0.5.0
9b1e1fa 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.10 to 0.5.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@v0.4.10...0.5.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 28, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jun 28, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
SQL Injection Analyzer 0 findings
IDOR Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Server-Side Request Forgery Analyzer 0 findings
Sensitive Files Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The change in this Pull Request is updating the version of the 'ruff' Python linter from 0.4.10 to 0.5.0 in the 'requirements-lint.txt' file. From an application security perspective, this change does not appear to introduce any immediate security concerns. Upgrading the 'ruff' linter to a newer version is generally a good practice, as it may include bug fixes, performance improvements, and potentially new security features. However, it is always important to review the release notes and change logs of the updated dependency to ensure that there are no known security vulnerabilities or breaking changes that could impact the application. Additionally, it is recommended to have a comprehensive test suite and security testing process in place to validate the changes and ensure that the application's security posture is not compromised. Overall, this change seems reasonable and does not raise any major security red flags, as long as the necessary testing and validation are performed.

Files Changed:

  • requirements-lint.txt: This file has been updated to use the newer version 0.5.0 of the 'ruff' Python linter, up from the previous version 0.4.10.

Powered by DryRun Security

@cneill cneill mentioned this pull request Jun 28, 2024
Merged
1 task
@cneill
Copy link
Contributor

cneill commented Jun 28, 2024

Closing this one as a duplicate of #10466

@cneill cneill closed this Jun 28, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 28, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/dev/ruff-0.5.0 branch June 28, 2024 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cneill