Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump ruff from 0.6.4 to 0.6.5 #10909

Merged
merged 1 commit into from
Sep 16, 2024
Merged

Bump ruff from 0.6.4 to 0.6.5 #10909

merged 1 commit into from
Sep 16, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 16, 2024

Bumps ruff from 0.6.4 to 0.6.5.

Release notes

Sourced from ruff's releases.

0.6.5

Release Notes

Preview features

  • [pydoclint] Ignore DOC201 when function name is "new" (#13300)
  • [refurb] Implement slice-to-remove-prefix-or-suffix (FURB188) (#13256)

Rule changes

  • [eradicate] Ignore script-comments with multiple end-tags (ERA001) (#13283)
  • [pyflakes] Improve error message for UndefinedName when a builtin was added in a newer version than specified in Ruff config (F821) (#13293)

Server

  • Add support for extensionless Python files for server (#13326)
  • Fix configuration inheritance for configurations specified in the LSP settings (#13285)

Bug fixes

  • [ruff] Handle unary operators in decimal-from-float-literal (RUF032) (#13275)

CLI

  • Only include rules with diagnostics in SARIF metadata (#13268)

Playground

  • Add "Copy as pyproject.toml/ruff.toml" and "Paste from TOML" (#13328)
  • Fix errors not shown for restored snippet on page load (#13262)

Contributors

Install ruff 0.6.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.6.5/ruff-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.5

Preview features

  • [pydoclint] Ignore DOC201 when function name is "new" (#13300)
  • [refurb] Implement slice-to-remove-prefix-or-suffix (FURB188) (#13256)

Rule changes

  • [eradicate] Ignore script-comments with multiple end-tags (ERA001) (#13283)
  • [pyflakes] Improve error message for UndefinedName when a builtin was added in a newer version than specified in Ruff config (F821) (#13293)

Server

  • Add support for extensionless Python files for server (#13326)
  • Fix configuration inheritance for configurations specified in the LSP settings (#13285)

Bug fixes

  • [ruff] Handle unary operators in decimal-from-float-literal (RUF032) (#13275)

CLI

  • Only include rules with diagnostics in SARIF metadata (#13268)

Playground

  • Add "Copy as pyproject.toml/ruff.toml" and "Paste from TOML" (#13328)
  • Fix errors not shown for restored snippet on page load (#13262)
Commits
  • 8558126 Bump version to 0.6.5 (#13346)
  • 9bd9981 Create insta snapshot for SARIF output (#13345)
  • 21bfab9 Playground: Add Copy as pyproject.toml/ruff.toml and paste from TOML (#13328)
  • 43a5922 [red-knot] add BitSet::is_empty and BitSet::union (#13333)
  • 175d067 [red-knot] add initial Type::is_equivalent_to and Type::is_assignable_to (#13...
  • 4dc2c25 [red-knot] Fix type inference for except* definitions (#13320)
  • b72d49b Add support for extensionless Python files for server (#13326)
  • eded78a [pyupgrade] Fix broken doc link and clarify that deprecated aliases were re...
  • a7b8cc0 [red-knot] Fix .to_instance() for union types (#13319)
  • b93d0ab [red-knot] Add control flow for for loops (#13318)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.4 to 0.6.5.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.4...0.6.5)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 16, 2024
Copy link

dryrunsecurity bot commented Sep 16, 2024

DryRun Security Summary

The pull request updates the "ruff" Python linter to version 0.6.5 in the "requirements-lint.txt" file, which is a routine update that does not introduce any significant security concerns.

Expand for full summary

Summary:

The changes in this pull request appear to be a simple version update for the "ruff" Python linter, updating the "requirements-lint.txt" file to use version 0.6.5 instead of the previous version 0.6.4. From an application security perspective, this change does not introduce any significant security concerns, as version updates for development tools and dependencies are generally considered low-risk, focusing on bug fixes, performance improvements, and new features rather than security vulnerabilities.

However, it's always a good practice to review the release notes or change logs for the updated dependency to ensure that there are no known security issues that have been addressed in the new version. Additionally, it's recommended to have a process in place to regularly review and update all dependencies to the latest stable versions, as this helps mitigate the risk of potential vulnerabilities being introduced over time. Overall, this code change appears to be a routine update and does not raise any immediate security concerns.

Files Changed:

  • requirements-lint.txt: This file has been updated to use version 0.6.5 of the "ruff" Python linter, instead of the previous version 0.6.4.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 79daae0 into dev Sep 16, 2024
73 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dev/ruff-0.6.5 branch September 16, 2024 19:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants