Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 2 updates #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the pip group across 1 directory with 2 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Sep 20, 2024

Bumps the pip group with 2 updates in the / directory: gitpython and codecov.

Updates gitpython from 2.1.1 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates codecov from 2.0.15 to 2.1.13

Release notes

Sourced from codecov's releases.

v2.1.13

What's Changed

Full Changelog: codecov/codecov-python@v2.1.12...v2.1.13

v2.1.12

2.1.12

Fixes

  • #322 Add Cirrus CI

Dependencies and Misc

  • #311 Bump coverage from 5.3 to 5.3.1
  • #312 Bump coverage from 5.3.1 to 5.4
  • #314 Bump coverage from 5.4 to 5.5
  • #320 Upgrade to GitHub-native Dependabot

v2.1.11

2.1.11

Fixes

  • #305 Added option to disable printing of gcov-out
  • #308 Handle exceptions that don't have a returncode

Dependencies and Misc

  • #301 Update to Python 3.9

v2.1.10

Fixes

  • #148 Output elapsed time with S3 upload
  • #153 Improve error reporting in the "try_run" function and correctly include original command output in the error message
  • #295 Added sleep between upload retries.
  • #297 Ignore emacs lisp files
  • #298 Fix error try_to_run using | without shell=True (fix #284)

Dependencies and Misc

  • #290 Bump coverage from 4.5.4 to 5.2.1
  • #291 Update python versions
  • #292 Add license scan report and status
  • #294 Update README with accurate links
  • #296 Bump coverage from 5.2.1 to 5.3

v2.1.9

  • #289 Remove token restrictions

2.1.8

No release notes provided.

Changelog

Sourced from codecov's changelog.

2.1.12

Fixes

  • #322 Add Cirrus CI

Dependencies and Misc

  • #311 Bump coverage from 5.3 to 5.3.1
  • #312 Bump coverage from 5.3.1 to 5.4
  • #314 Bump coverage from 5.4 to 5.5
  • #320 Upgrade to GitHub-native Dependabot

2.1.11

Fixes

  • #305 Added option to disable printing of gcov-out
  • #308 Handle exceptions that don't have a returncode

Dependencies and Misc

  • #301 Update to Python 3.9

2.1.10

Fixes

  • #148 Output elapsed time with S3 upload
  • #153 Improve error reporting in the "try_run" function and correctly include original command output in the error message
  • #295 Added sleep between upload retries.
  • #297 Ignore emacs lisp files
  • #298 Fix error try_to_run using | without shell=True (fix #284)

Dependencies and Misc

  • #290 Bump coverage from 4.5.4 to 5.2.1
  • #291 Update python versions
  • #292 Add license scan report and status
  • #294 Update README with accurate links
  • #296 Bump coverage from 5.2.1 to 5.3

2.1.9

  • #289Remove token restriction as it is changed server-side

2.1.8

  • #285Add support for CODECOV_FLAGS
  • #276Add ability to specify number of upload retries

2.1.7

  • #279 Fix pinned coverage version

2.1.6

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 2 updates
dfeff2b 
Bumps the pip group with 2 updates in the / directory: [gitpython](https://github.com/gitpython-developers/GitPython) and [codecov](https://github.com/codecov/codecov-python).


Updates `gitpython` from 2.1.1 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@2.1.1...3.1.41)

Updates `codecov` from 2.0.15 to 2.1.13
- [Release notes](https://github.com/codecov/codecov-python/releases)
- [Changelog](https://github.com/codecov/codecov-python/blob/master/CHANGELOG.md)
- [Commits](codecov/codecov-python@v2.0.15...v2.1.13)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: codecov
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 20, 2024
@Geek912
Copy link

Geek912 commented Dec 1, 2024

Bumps the pip group with 2 updates in the / directory: gitpython and codecov.

Updates gitpython from 2.1.1 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates codecov from 2.0.15 to 2.1.13

Release notes

Sourced from codecov's releases.

v2.1.13

What's Changed

Full Changelog: codecov/codecov-python@v2.1.12...v2.1.13

v2.1.12

2.1.12

Fixes

  • #322 Add Cirrus CI

Dependencies and Misc

  • #311 Bump coverage from 5.3 to 5.3.1
  • #312 Bump coverage from 5.3.1 to 5.4
  • #314 Bump coverage from 5.4 to 5.5
  • #320 Upgrade to GitHub-native Dependabot

v2.1.11

2.1.11

Fixes

  • #305 Added option to disable printing of gcov-out
  • #308 Handle exceptions that don't have a returncode

Dependencies and Misc

  • #301 Update to Python 3.9

v2.1.10

Fixes

  • #148 Output elapsed time with S3 upload
  • #153 Improve error reporting in the "try_run" function and correctly include original command output in the error message
  • #295 Added sleep between upload retries.
  • #297 Ignore emacs lisp files
  • #298 Fix error try_to_run using | without shell=True (fix #284)

Dependencies and Misc

  • #290 Bump coverage from 4.5.4 to 5.2.1
  • #291 Update python versions
  • #292 Add license scan report and status
  • #294 Update README with accurate links
  • #296 Bump coverage from 5.2.1 to 5.3

v2.1.9

  • #289 Remove token restrictions

2.1.8

No release notes provided.

Changelog

Sourced from codecov's changelog.

2.1.12

Fixes

  • #322 Add Cirrus CI

Dependencies and Misc

  • #311 Bump coverage from 5.3 to 5.3.1
  • #312 Bump coverage from 5.3.1 to 5.4
  • #314 Bump coverage from 5.4 to 5.5
  • #320 Upgrade to GitHub-native Dependabot

2.1.11

Fixes

  • #305 Added option to disable printing of gcov-out
  • #308 Handle exceptions that don't have a returncode

Dependencies and Misc

  • #301 Update to Python 3.9

2.1.10

Fixes

  • #148 Output elapsed time with S3 upload
  • #153 Improve error reporting in the "try_run" function and correctly include original command output in the error message
  • #295 Added sleep between upload retries.
  • #297 Ignore emacs lisp files
  • #298 Fix error try_to_run using | without shell=True (fix #284)

Dependencies and Misc

  • #290 Bump coverage from 4.5.4 to 5.2.1
  • #291 Update python versions
  • #292 Add license scan report and status
  • #294 Update README with accurate links
  • #296 Bump coverage from 5.2.1 to 5.3

2.1.9

  • #289Remove token restriction as it is changed server-side

2.1.8

  • #285Add support for CODECOV_FLAGS
  • #276Add ability to specify number of upload retries

2.1.7

  • #279 Fix pinned coverage version

2.1.6

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Geek912