Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ruff from 0.6.9 to 0.7.0 #11090

Closed
wants to merge 1 commit into from
Closed

Bump ruff from 0.6.9 to 0.7.0 #11090

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 18, 2024
edited
Loading

Bumps ruff from 0.6.9 to 0.7.0.

Release notes

Sourced from ruff's releases.

0.7.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

  • The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
  • The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
  • The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

  • Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

  • [refurb] implement hardcoded-string-charset (FURB156) (#13530)
  • [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

Rule changes

  • [pylint] Mark PLE1141 fix as unsafe (#13629)
  • [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#13639)
  • [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#13656)
  • [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#13640)
  • [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#13704)
  • [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files being opened from a wider range of standard-library functions (#12959).

CLI

  • Add explanation of fixable in --statistics command (#13774)

Bug fixes

  • [pyflakes] Allow ipytest cell magic (F401) (#13745)
  • [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#13616)
  • [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#13574)
  • [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#13727)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.7.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

  • The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
  • The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
  • The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

  • Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

  • [refurb] implement hardcoded-string-charset (FURB156) (#13530)
  • [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

Rule changes

  • [pylint] Mark PLE1141 fix as unsafe (#13629)
  • [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#13639)
  • [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#13656)
  • [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#13640)
  • [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#13704)
  • [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files being opened from a wider range of standard-library functions (#12959).

CLI

  • Add explanation of fixable in --statistics command (#13774)

Bug fixes

  • [pyflakes] Allow ipytest cell magic (F401) (#13745)
  • [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#13616)
  • [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#13574)
  • [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#13727)
Commits
  • 5e6de4e Changelog for Ruff v0.7 (#13794)
  • 70e5c4a Recode TRY302 to TRY203 (#13502)
  • 9218d6b Remove allow-unused-imports setting from the common lint options (#13677)
  • 1b79ae9 [ruff-0.7] Stabilise the expansion of open-file-with-context-handler to wor...
  • 2b87587 [flake8-pytest-style] Fix defaults when lint.flake8-pytest-style config s...
  • d1e15f6 Remove tab-size setting (#12835)
  • 89a8215 Remove error messages for removed CLI aliases (#12833)
  • 202c6a6 Remove output-format=text setting (#12836)
  • 5c3c0c4 [red-knot] Inference for comparison of union types (#13781)
  • 6b7a738 Add explanation of fixable in --statistics command (#13774)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ruff from 0.6.9 to 0.7.0
894b9d5 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.9 to 0.7.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.9...0.7.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 18, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request updates the version of the ruff package in the requirements-lint.txt file from 0.6.9 to 0.7.0, which is a routine maintenance task to keep the project's dependencies up-to-date, and it does not introduce any obvious security concerns, but it is important to review the release notes or change log for the ruff package to ensure that the update does not introduce any breaking changes or security-related issues.

Expand for full summary

Summary:

The code change in this pull request updates the version of the ruff package in the requirements-lint.txt file from 0.6.9 to 0.7.0. From an application security perspective, this change is relatively minor and does not introduce any obvious security concerns. Updating dependencies to their latest versions is a common maintenance task to keep the project's dependencies up-to-date.

However, it is important to carefully review any dependency updates, as newer versions may introduce new features, bug fixes, or even security vulnerabilities. In this case, the change is limited to a single dependency, and the version update appears to be a minor one, so the risk is likely low. Nevertheless, it would be prudent to review the release notes or change log for the ruff package to ensure that the update does not introduce any breaking changes or security-related issues that could impact the project. Additionally, having a comprehensive test suite and automated security scanning processes in place is recommended to catch any potential issues that may arise from dependency updates.

Files Changed:

  • requirements-lint.txt: The version of the ruff package has been updated from 0.6.9 to 0.7.0. This is a routine maintenance task to keep the project's dependencies up-to-date, and it does not introduce any obvious security concerns. However, it is important to review the release notes or change log for the ruff package to ensure that the update does not introduce any breaking changes or security-related issues.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

kiblik added a commit to kiblik/django-DefectDojo that referenced this pull request Oct 18, 2024
@kiblik
Ruff: Fix DefectDojo#11090
2ecfba6
@kiblik kiblik mentioned this pull request Oct 18, 2024
Merged
kiblik added a commit to kiblik/django-DefectDojo that referenced this pull request Oct 18, 2024
@kiblik
Ruff: Fix DefectDojo#11090
02e5504
mtesauro pushed a commit that referenced this pull request Oct 19, 2024
@kiblik @dependabot
Ruff: Fix #11090 (#11093)
e24aa1b 
* Bump ruff from 0.6.9 to 0.7.0

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.9 to 0.7.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.9...0.7.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump boto3 from 1.35.42 to 1.35.43 (#11091)

Bumps [boto3](https://github.com/boto/boto3) from 1.35.42 to 1.35.43.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.42...1.35.43)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Ruff: Fix #11090

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 19, 2024

Looks like ruff is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Oct 19, 2024
@dependabot dependabot bot deleted the dependabot/pip/dev/ruff-0.7.0 branch October 19, 2024 20:47
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@kiblik @dependabot
Ruff: Fix DefectDojo#11090 (DefectDojo#11093)
e3d4df3 
* Bump ruff from 0.6.9 to 0.7.0

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.9 to 0.7.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.9...0.7.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump boto3 from 1.35.42 to 1.35.43 (DefectDojo#11091)

Bumps [boto3](https://github.com/boto/boto3) from 1.35.42 to 1.35.43.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.42...1.35.43)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Ruff: Fix DefectDojo#11090

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants