Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do dependabots job #1827

Merged
merged 5 commits into from
Feb 7, 2022
Merged

Do dependabots job #1827

merged 5 commits into from
Feb 7, 2022

Conversation

jku
Copy link
Member

@jku jku commented Feb 7, 2022

Here's a bunch of dependency updates we never heard of before this.

I'm filing a related issue about dependabot being broken.

@dependabot
build(deps): bump pynacl from 1.4.0 to 1.5.0
7d48588 
Bumps [pynacl](https://github.com/pyca/pynacl) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/pyca/pynacl/releases)
- [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pynacl@1.4.0...1.5.0)

---
updated-dependencies:
- dependency-name: pynacl
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
@dependabot
build(deps): bump requests from 2.26.0 to 2.27.1
a03381f 
Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.27.1.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.26.0...v2.27.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
@dependabot
build(deps): bump urllib3 from 1.26.7 to 1.26.8
59064d5 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.7 to 1.26.8.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.7...1.26.8)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
@dependabot
build(deps): bump charset-normalizer from 2.0.7 to 2.0.11
e2ce7e8 
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.7 to 2.0.11.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@2.0.7...2.0.11)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
@dependabot
build(deps): bump cryptography from 35.0.0 to 36.0.1
cd95ff0 
Bumps [cryptography](https://github.com/pyca/cryptography) from 35.0.0 to 36.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@35.0.0...36.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
@jku jku added the dependencies Pull requests that update a dependency file label Feb 7, 2022
@coveralls
Copy link

Pull Request Test Coverage Report for Build 1805144014

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 97.89%
Totals Coverage Status
Change from base Build 1795054635: 0.0%
Covered Lines: 1112
Relevant Lines: 1132
💛 - Coveralls

@jku
Copy link
Member Author

jku commented Feb 7, 2022

I guess I should mention: I didn't just play dependabot here, I did look at the changes they look fine to me.

@lukpueh
Copy link
Member

lukpueh commented Feb 7, 2022

Where do these commits come from?

@jku
Copy link
Member Author

jku commented Feb 7, 2022

I added a fake setup.py in my own fork and configured dependabot to run there.

@lukpueh
Copy link
Member

lukpueh commented Feb 7, 2022

Oh, should have looked at new issues first, before asking questions about new prs :) --> #1828

lukpueh
lukpueh approved these changes Feb 7, 2022
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (based on skimming the corresponding changelog entries and passing ci/cd)

@lukpueh lukpueh merged commit 8a0bb88 into theupdateframework:develop Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jku @coveralls @lukpueh