From ede64bd43cf08598e568ba7736f310684fb0c3e3 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 23 Jul 2024 18:19:21 +0200 Subject: [PATCH 1/9] Create dependabot.yml --- .github/dependabot.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..c954950a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "pip" + directories: + - "/" + - "/core/base" + schedule: + interval: "daily" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" From 1139e0260a3249f36bd568c6c3addc541cd2f972 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jul 2024 16:26:10 +0000 Subject: [PATCH 2/9] Bump ASzc/change-string-case-action from 5 to 6 Bumps [ASzc/change-string-case-action](https://github.com/aszc/change-string-case-action) from 5 to 6. - [Release notes](https://github.com/aszc/change-string-case-action/releases) - [Commits](https://github.com/aszc/change-string-case-action/compare/v5...v6) --- updated-dependencies: - dependency-name: ASzc/change-string-case-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/mirror.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index 6d72f927..03c18647 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Helper to convert docker org to lowercase id: string - uses: ASzc/change-string-case-action@v5 + uses: ASzc/change-string-case-action@v6 with: string: ${{ github.repository_owner }} - name: Mirror images From 53b316dc20fae9a9ed35d4f97599980dbe216afe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jul 2024 14:59:20 +0000 Subject: [PATCH 3/9] Bump requests in /tests in the pip group across 1 directory Bumps the pip group with 1 update in the /tests directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.31.0...v2.32.2) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- tests/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/requirements.txt b/tests/requirements.txt index 8d06bd70..b556cb7e 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,4 +1,4 @@ docker==7.0.0 colorama==0.4.6 managesieve==0.7.1 -requests==2.31.0 +requests==2.32.2 From 2bc59797b9e918333cad393aa48f823640060285 Mon Sep 17 00:00:00 2001 From: Luca Bosin Date: Tue, 30 Jul 2024 12:35:34 +0200 Subject: [PATCH 4/9] Add `-e` to local PIP packages in requirements-dev.txt --- core/base/requirements-dev.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/base/requirements-dev.txt b/core/base/requirements-dev.txt index 94e3f552..41df0c1b 100644 --- a/core/base/requirements-dev.txt +++ b/core/base/requirements-dev.txt @@ -1,6 +1,6 @@ # core/base -libs/podop -libs/socrate +-e libs/podop +-e libs/socrate # core/admin alembic From d31aa72c620d46853a82731bd807cdf4b1902cb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 10:41:46 +0000 Subject: [PATCH 5/9] Bump the pip group across 1 directory with 4 updates Bumps the pip group with 4 updates in the /core/base directory: [requests](https://github.com/psf/requests), [setuptools](https://github.com/pypa/setuptools), [certifi](https://github.com/certifi/python-certifi) and [urllib3](https://github.com/urllib3/urllib3). Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.31.0...v2.32.2) Updates `setuptools` from 69.5.1 to 70.0.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v69.5.1...v70.0.0) Updates `certifi` from 2024.2.2 to 2024.7.4 - [Commits](https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04) Updates `urllib3` from 2.2.1 to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production dependency-group: pip - dependency-name: setuptools dependency-type: direct:production dependency-group: pip - dependency-name: certifi dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- core/base/requirements-build.txt | 2 +- core/base/requirements-prod.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/core/base/requirements-build.txt b/core/base/requirements-build.txt index ea2e4f3f..ad0f4a25 100644 --- a/core/base/requirements-build.txt +++ b/core/base/requirements-build.txt @@ -1,3 +1,3 @@ pip==24.0 -setuptools==69.5.1 +setuptools==70.0.0 wheel==0.43.0 diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index 175a1787..0625636b 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -7,7 +7,7 @@ attrs==23.2.0 Babel==2.15.0 bcrypt==4.1.3 blinker==1.8.1 -certifi==2024.2.2 +certifi==2024.7.4 cffi==1.16.0 charset-normalizer==3.3.2 click==8.1.7 @@ -69,7 +69,7 @@ PyYAML==6.0.1 Radicale==3.1.9 redis==5.0.4 referencing==0.35.1 -requests==2.31.0 +requests==2.32.2 rpds-py==0.18.0 six==1.16.0 socrate @ file:///app/libs/socrate @@ -78,7 +78,7 @@ srslib==0.1.4 tabulate==0.9.0 tenacity==8.2.3 typing_extensions==4.11.0 -urllib3==2.2.1 +urllib3==2.2.2 validators==0.28.1 visitor==0.1.3 vobject==0.9.7 From 9ad453a622bd8578d757d4934657c0db8f5e08ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 22:06:19 +0000 Subject: [PATCH 6/9] Bump docker from 7.0.0 to 7.1.0 Bumps [docker](https://github.com/docker/docker-py) from 7.0.0 to 7.1.0. - [Release notes](https://github.com/docker/docker-py/releases) - [Commits](https://github.com/docker/docker-py/compare/7.0.0...7.1.0) --- updated-dependencies: - dependency-name: docker dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- tests/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/requirements.txt b/tests/requirements.txt index b556cb7e..9a3efbae 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,4 +1,4 @@ -docker==7.0.0 +docker==7.1.0 colorama==0.4.6 managesieve==0.7.1 requests==2.32.2 From 8987ee1c0db647854296adb2160e0d42ed12cb76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 22:06:28 +0000 Subject: [PATCH 7/9] Bump docutils from 0.20.1 to 0.21.2 Bumps [docutils](https://docutils.sourceforge.io) from 0.20.1 to 0.21.2. --- updated-dependencies: - dependency-name: docutils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 56a54f27..360a793b 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -2,4 +2,4 @@ recommonmark==0.7.1 Sphinx==7.3.7 sphinx-autobuild==2024.4.16 sphinx-rtd-theme==2.0.0 -docutils==0.20.1 +docutils==0.21.2 From 33a90a7f7ec6de44a6a6cd0e14be851cf10c0a26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 22:06:32 +0000 Subject: [PATCH 8/9] Bump requests from 2.32.2 to 2.32.3 Bumps [requests](https://github.com/psf/requests) from 2.32.2 to 2.32.3. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.2...v2.32.3) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tests/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/requirements.txt b/tests/requirements.txt index b556cb7e..ebd01557 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,4 +1,4 @@ docker==7.0.0 colorama==0.4.6 managesieve==0.7.1 -requests==2.32.2 +requests==2.32.3 From ae0cddfef9013e2462b3b29c2c501a4b49ae5712 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 22:07:20 +0000 Subject: [PATCH 9/9] Bump requests from 2.32.2 to 2.32.3 in /core/base Bumps [requests](https://github.com/psf/requests) from 2.32.2 to 2.32.3. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.2...v2.32.3) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- core/base/requirements-prod.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/base/requirements-prod.txt b/core/base/requirements-prod.txt index 0625636b..596eedfc 100644 --- a/core/base/requirements-prod.txt +++ b/core/base/requirements-prod.txt @@ -69,7 +69,7 @@ PyYAML==6.0.1 Radicale==3.1.9 redis==5.0.4 referencing==0.35.1 -requests==2.32.2 +requests==2.32.3 rpds-py==0.18.0 six==1.16.0 socrate @ file:///app/libs/socrate