Skip to content

Lineage pull request for: skeleton#110

Merged
jsf9k merged 29 commits intodevelopfrom
lineage/skeleton
Mar 27, 2026
Merged

Lineage pull request for: skeleton#110
jsf9k merged 29 commits intodevelopfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link
Copy Markdown

@cisagovbot cisagovbot commented Mar 26, 2026
edited by jsf9k
Loading

Lineage Pull Request

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-generic.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

✅ Pre-approval checklist

  • All future TODOs are captured in issues, which are referenced in code comments.
  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage

dependabot bot and others added 29 commits March 2, 2026 20:23
@dependabot
Bump crazy-max/ghaction-github-labeler from 5 to 6
816d175 
Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v5...v6)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump hashicorp/setup-terraform from 3 to 4
3d2fe82 
Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3 to 4.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@v3...v4)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Add E203 to ignore list for flake8
2c37bcc 
This warning contradicts the Black style so it must be ignored.
@mcdonnnj
Reformat .flake8 configuration
0f44a77 
Make the ignore commenting consistent with the select commenting. Break
up each comment/directive with an empty line.
@mcdonnnj
Add the flake8-bugbear plugin
57ce573 
This adds the flake8-bugbear plugin to our pre-commit configuration.
Note that flake8 is already configured to use this plugin's warnings.
@mcdonnnj
Add dlint plugin for flake8
d1356e9 
Add the dlint plugin to our flake8 configuration for pre-commit. Update
the flake8 configuration to select these new warnings.
@mcdonnnj
Add the flake8-noqa plugin for flake8
0fd3256 
Add the flake8-noqa plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@mcdonnnj
Add pep8-naming plugin for flake8
f3bf99f 
Add the pep8-naming plugin to the flake8 portion of our pre-commit
configuration. Update the flake8 configuration to select these new
warnings.
@mcdonnnj
Add flake8-comprehensions plugin for flake8
b1503a0 
Add the flake8-comprehensions plugin to the flake8 portion of our
pre-commit configuration. Update the flake8 configuration to select
these new warnings.
@mcdonnnj
Adjust flake8 configuration comment format
3056053 
When explaining the items selected or ignored in the configuration we
now preface each line with the prefix/code it pertains to in the
configuration. Also break apart the pycodestyle prefixes into their own
lines.
@mcdonnnj
Install the go-critic command instead of gocritic
2024429 
The `go-critic` pre-commit hook from the TekWizely/pre-commit-golang
repo expects the binary to be called `go-critic` now. As a result, the
current tool installation in the `build.yml` workflow results in the
following error when pre-commit is run in GitHub Actions:
error: command not found: go-critic
@mcdonnnj
Remove the bandit configuration file
ad4cd80 
The file is not used to configure anything bandit does by default so we
can safely remove it and updated the pre-commit configuration. This is
also acceptable because the configuration file has been removed
downstream in cisagov/skeleton-python-library already.
@mcdonnnj
Use https:// instead of http:// in referenced URLs
175c410 
Change two reference URLs in the flake8 configuration to use `https://`
instead of `http://`.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Update a reference URL
a2e2621 
Change a reference URL in the flake8 configuration because
`pydocstyle.org` domain ownership appears to have lapsed. Instead point
to the source file in the archived GitHub repository.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Update ignore comment in the flake8 configuration
c85cbef 
Attribute the error codes we are ignoring to the correct source
package.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@mcdonnnj
Add pre-commit hook to lock Terraform providers automatically
f094a60 
This extends our usage of the antonbabenko/pre-commit-terraform hook
collection. This new hook will automatically ensure that a Terraform
lock file includes hashes for all of our supported platforms.
@jsf9k @mcdonnnj
Ignore a vulnerability originating from pygments
ffe59bd 
We have to ignore this vulnerability for now since an update for
pygments has not yet been released.

In any event, this vulnerability is unlikely to cause us any problems
since we don't feed any regexes to pygments directly.

See also:
- cisagov/skeleton-generic#257
- https://nvd.nist.gov/vuln/detail/CVE-2026-4539
- pygments/pygments#3058

Co-authored-by: Nick M <50747025+mcdonnnj@users.noreply.github.com>
@jsf9k
Correct reference to ticket in TODO comment
a1cdc78
@jsf9k
Merge pull request #258 from cisagov/ignore-pygments-vuln
71bbac4 
Ignore a vulnerability originating from `pygments`
@jsf9k
Merge pull request #252 from cisagov/dependabot/github_actions/hashic…
2f729bb 
…orp/setup-terraform-4

Bump hashicorp/setup-terraform from 3 to 4
@jsf9k
Merge pull request #251 from cisagov/dependabot/github_actions/crazy-…
391e54b 
…max/ghaction-github-labeler-6

Bump crazy-max/ghaction-github-labeler from 5 to 6
@mcdonnnj
Update pre-commit hook versions
811785c 
This is done automatically with the pre-commit autoupdate command.
@mcdonnnj
Revert version bump of the ansible-lint pre-commit hook
df57f2a 
Newer versions of the hook require Python 3.14, but we are still using
Python 3.13 in our GitHub Actions configuration.
@mcdonnnj
Merge pull request #254 from cisagov/bug/adjust_gocritic_install
60c481a 
Install the `go-critic` command instead of `gocritic` in the `build.yml` workflow
@mcdonnnj
Merge pull request #255 from cisagov/improvement/update_flake8_config…
24bc1e0 
…uration

Add additional plugins to the `flake8` pre-commit configuration
@mcdonnnj
Merge pull request #256 from cisagov/improvement/add_pre-commit_hook_…
5103fb6 
…to_lock_terraform_providers

Add a pre-commit hook to lock Terraform providers automatically
@mcdonnnj
Merge pull request #259 from cisagov/maintenance/update_pre-commit_hooks
52df901 
Update `pre-commit` hook versions
@mcdonnnj
Merge pull request #253 from cisagov/improvement/remove_bandit_config…
72ac03a 
…uration_file

Remove the bandit configuration file
Merge https://github.com/cisagov/skeleton-generic into lineage/skeleton
a2d8736
@cisagovbot cisagovbot requested a review from dav3r as a code owner March 26, 2026 01:20
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Mar 26, 2026
@github-actions github-actions bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code test This issue or pull request adds or otherwise modifies test code labels Mar 26, 2026
@jsf9k
Copy link
Copy Markdown
Member

jsf9k commented Mar 26, 2026

@mcdonnnj - Are you OK if we set the verify check to not be required and merge this one? It doesn't always run, this PR being one case of that.

@jsf9k jsf9k enabled auto-merge March 26, 2026 14:06
@jsf9k jsf9k merged commit 9fb4663 into develop Mar 27, 2026
15 checks passed
@jsf9k jsf9k deleted the lineage/skeleton branch March 27, 2026 18:27
@mcdonnnj
Copy link
Copy Markdown
Member

mcdonnnj commented Mar 27, 2026

@mcdonnnj - Are you OK if we set the verify check to not be required and merge this one? It doesn't always run, this PR being one case of that.

Yep that was an oversight on my part. I removed it from the required checks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

Assignees

@jsf9k jsf9k

@mcdonnnj mcdonnnj

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code test This issue or pull request adds or otherwise modifies test code upstream update This issue or pull request pulls in upstream updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cisagovbot @jsf9k @mcdonnnj @dav3r @felddy