Skip to content

Bump safety from 2.3.5 to 3.2.13#1206

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/safety-3.2.13
Open

Bump safety from 2.3.5 to 3.2.13#1206
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/safety-3.2.13

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 11, 2025
edited by sourcery-ai bot
Loading

Bumps safety from 2.3.5 to 3.2.13.

Release notes

Sourced from safety's releases.

3.2.13

No release notes provided.

3.2.12

No release notes provided.

3.2.11

No release notes provided.

3.2.10

No release notes provided.

3.2.9

No release notes provided.

3.2.8

No release notes provided.

3.2.3

No release notes provided.

3.2.0

What's Changed

New Contributors

Full Changelog: pyupio/safety@3.1.0...3.2.0

3.1.0

What's Changed

Full Changelog: pyupio/safety@3.0.1...3.1.0

3.0.1

What's Changed

Full Changelog: pyupio/safety@3.0.0...3.0.1

... (truncated)

Changelog

Sourced from safety's changelog.

[3.2.13] - 2024-12-10

  • Remove email verification for running scans (#645)

[3.2.12] - 2024-12-10

  • Add CVE Details and Single-Key Filtering for JSON Output in safety scan (#643)
  • feature/add-branch-name (#641)
  • feat/add --headless to --help (#636)

[3.2.11] - 2024-11-12

  • chore/upgrade-dparse (#633)
  • Migrate to PyPI Trusted Publisher for Automated Package Deployment (#632)
  • fix/fix-test-validate-func (#631)
  • feat: api keys now work without specifying the env (#630)
  • fix:jupyter notebook rich format removal (#628)

[3.2.10] - 2024-10-25

  • Support for scanning pyproject.toml files (#625)
  • Update safety-schemas version used (#624)
  • Fix basic poloicy test (#622)

[3.2.9] - 2024-10-23

  • chore: deprection-message-for-license-command (4149b70)
  • feat: add-pull-request-template (#604) (61b2fe2)
  • fix: devcontainer fix (be42d8e)
  • fix: safety error when scan is run without being authed (5ec80dd)
  • feat: add-devcontainers-support (0591838)
  • fix: internal-server-error (04d7efb)
  • fix: clarify-vulnerabilities-found/ Fixed the issue where the vulnerabilities (07bc5b7)
  • chore: added check arg depreciation warning (78109e5)
  • feature: release-script: add release script (#602) (cc49542)

[3.2.8] - 2024-09-27

  • feat: enhance version comparison logic for check-updates command (#605)
  • docs: add demo Jupyter Notebook (#601)
  • feat: add script to generate CONTRIBUTORS.md with Shields.io badges based on merged PRs (#600)
  • chore: fix CLI help text by removing rich formatting for cleaner output (#599)
  • chore: hide system scan from help text (#598)
  • chore: add LICENSES.md file to document dependency licenses (#597)
  • docs: add SECURITY.md file with security policy and bug bounty details (#593)

[3.2.7] - 2024-08-29

  • fix/increase-auth-timeout: increase timeout to 5s (#583)
  • Update Issue Templates: Add Feature Request Template and Improve Issue Submission Process (#580)

[3.2.6] - 2024-08-21

  • fix/update-schemas-0-0-4 (#581)
  • chore/update-coc-email (#579)
  • docs(contributing): add CONTRIBUTING.md with guidelines for contributors (#571)
  • chore: update-network-url (#569)

... (truncated)

Commits
  • 1b5a104 Merge pull request #646 from pyupio/feat/update-version
  • 24e86d9 feat(changelog): update version
  • 8435529 Merge pull request #645 from pyupio/feat(utils.py)-remove-email-verification
  • c2ca852 feat(utils.py): remove email verification
  • 728c7c1 chore/release-3.2.12 (#644)
  • 25abf95 feature/cve-data-filter-flag (#643)
  • 7654596 Merge pull request #618 from pyupio/chore/use-specific-safety-schemas-release
  • b87d13f chore:Use specific safety schema version
  • 4b18043 feature/add-branch-name (#641)
  • 223ad60 feat/add --headless to --help (#636)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by Sourcery

Build:

  • Update the safety dependency in pyproject.toml.

@dependabot
Bump safety from 2.3.5 to 3.2.13
e380f7a 
Bumps [safety](https://github.com/pyupio/safety) from 2.3.5 to 3.2.13.
- [Release notes](https://github.com/pyupio/safety/releases)
- [Changelog](https://github.com/pyupio/safety/blob/main/CHANGELOG.md)
- [Commits](pyupio/safety@2.3.5...3.2.13)

---
updated-dependencies:
- dependency-name: safety
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 11, 2025
@sourcery-ai
Copy link
Contributor

sourcery-ai bot commented Feb 11, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request updates the safety dependency from version 2.3.5 to 3.2.13. The changes are implemented by modifying the version specification in the pyproject.toml file and updating the corresponding lock file (poetry.lock) to reflect the new dependency version.

Flow Diagram for Safety Dependency Update

flowchart LR
    A[Start Dependency Update]
    B[Read pyproject.toml file]
    C[Update safety version from 2.3.5 to 3.2.13]
    D[Update poetry.lock to reflect new dependency version]
    E[Commit and Merge PR]

    A --> B
    B --> C
    C --> D
    D --> E
Loading

File-Level Changes

Change Details Files
Update the safety dependency version.
  • Changed the safety package version in pyproject.toml from '^2.3.5' to '^3.2.13'.
  • Updated the poetry.lock file to synchronize the dependency tree with the new version.
 pyproject.toml
poetry.lock
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Feb 11, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants