From 4cb8f1734fd5a019c65391a88abd10f2f7e57593 Mon Sep 17 00:00:00 2001
From: Bruno FS Ciconelle <bciconel@redhat.com>
Date: Mon, 8 Jul 2024 16:57:56 -0300
Subject: [PATCH] chore: apply updates from template with `cruft update`

---
 .cruft.json                       |  2 +-
 .github/dependabot.yml            | 16 ++++++++--------
 .github/workflows/constraints.txt |  4 ++--
 .github/workflows/release.yml     |  8 ++++----
 .github/workflows/tests.yml       |  3 ++-
 .safety-policy.yml                |  4 ++++
 6 files changed, 21 insertions(+), 16 deletions(-)
 create mode 100644 .safety-policy.yml

diff --git a/.cruft.json b/.cruft.json
index 4a12ec1..c56bbc7 100644
--- a/.cruft.json
+++ b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/bruno-fs/cookiecutter-hypermodern-python",
-  "commit": "a516f7058ca67b612d08a933885c2bfa85d1f9e2",
+  "commit": "c6eb54be973f72077cc15aadf5eb43a9ebd7978c",
   "checkout": null,
   "context": {
     "cookiecutter": {
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 648a5df..fc0e0c6 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,10 +5,10 @@ updates:
     schedule:
       interval: weekly
     groups:
-      version-updates:
+      github-actions-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      github-actions-security-updates:
         applies-to: security-updates
         dependency-type: development
   - package-ecosystem: pip
@@ -16,10 +16,10 @@ updates:
     schedule:
       interval: weekly
     groups:
-      version-updates:
+      workflow-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      workflow-security-updates:
         applies-to: security-updates
         dependency-type: development
   - package-ecosystem: pip
@@ -27,10 +27,10 @@ updates:
     schedule:
       interval: weekly
     groups:
-      version-updates:
+      doc-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      doc-security-updates:
         applies-to: security-updates
         dependency-type: production
   - package-ecosystem: pip
@@ -41,9 +41,9 @@ updates:
     allow:
       - dependency-type: "all"
     groups:
-      version-updates:
+      pip-version-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      pip-security-updates:
         applies-to: security-updates
         dependency-type: production
diff --git a/.github/workflows/constraints.txt b/.github/workflows/constraints.txt
index ace4caa..750d46b 100644
--- a/.github/workflows/constraints.txt
+++ b/.github/workflows/constraints.txt
@@ -1,5 +1,5 @@
-pip==24.0
+pip==24.1.2
 nox==2024.4.15
 nox-poetry==1.0.3
 poetry==1.8.3
-virtualenv==20.26.2
+virtualenv==20.26.3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 546313f..ea81357 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,7 +39,7 @@ jobs:
       - name: Detect and tag new version
         id: check-version
         if: steps.check-parent-commit.outputs.sha
-        uses: salsify/action-detect-and-tag-new-version@v2.0.1
+        uses: salsify/action-detect-and-tag-new-version@v2.0.3
         with:
           version-command: |
             bash -o pipefail -c "poetry version | awk '{ print \$2 }'"
@@ -57,21 +57,21 @@ jobs:
 
       - name: Publish package on PyPI
         if: steps.check-version.outputs.tag
-        uses: pypa/gh-action-pypi-publish@v1.8.6
+        uses: pypa/gh-action-pypi-publish@v1.9.0
         with:
           user: __token__
           password: ${{ secrets.PYPI_TOKEN }}
 
       - name: Publish package on TestPyPI
         if: "! steps.check-version.outputs.tag"
-        uses: pypa/gh-action-pypi-publish@v1.8.6
+        uses: pypa/gh-action-pypi-publish@v1.9.0
         with:
           user: __token__
           password: ${{ secrets.TEST_PYPI_TOKEN }}
           repository_url: https://test.pypi.org/legacy/
 
       - name: Publish the release notes
-        uses: release-drafter/release-drafter@v5.23.0
+        uses: release-drafter/release-drafter@v6.0.0
         with:
           publish: ${{ steps.check-version.outputs.tag != '' }}
           tag: ${{ steps.check-version.outputs.tag }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 4ca8461..471cd36 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches: [main, master]
   pull_request:
+    branches: [main, master]
 
 jobs:
   tests:
@@ -226,4 +227,4 @@ jobs:
           nox --session=coverage -- xml
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v4.5.0
diff --git a/.safety-policy.yml b/.safety-policy.yml
new file mode 100644
index 0000000..51a4e69
--- /dev/null
+++ b/.safety-policy.yml
@@ -0,0 +1,4 @@
+security:
+  ignore-vulnerabilities:
+    "70612":
+      reason: Not a bug. This is the same as marking python as unsafe due to the existence of 'eval'. See https://bugzilla.redhat.com/show_bug.cgi?id=1677653