Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump pygithub from 1.58.2 to 2.4.0 #10808

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 26, 2024

Bumps pygithub from 1.58.2 to 2.4.0.

Release notes

Sourced from pygithub's releases.

v2.4.0

New features

Improvements

Bug Fixes

Maintenance

v2.3.0

New features

Improvements

Bug Fixes

Maintenance

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.4.0 (August 26, 2024)

Breaking Changes ^^^^^^^^^^^^^^^^

  • The github.Commit.Commit class provides a files property that used to return a list[github.File.File], which has now been changed to PaginatedList[github.File.File]. This breaks user code that assumes a list:

.. code-block:: python

files = repo.get_commit("7266e812ed2976ea36a4303edecfe5d75522343f").files
no_of_files = len(files)

This will raise a TypeError: object of type 'PaginatedList' has no len(), as the returned PaginatedList does not support the len() method. Use the totalCount property instead:

.. code-block:: python

files = repo.get_commit("7266e812ed2976ea36a4303edecfe5d75522343f").files
no_of_files = files.totalCount
  • Removed support for Python 3.7.

New features ^^^^^^^^^^^^

  • Allow custom authentication (#2987) (32b826fd)

Improvements ^^^^^^^^^^^^

  • Add has_discussions to AuthenticatedUser and Repository classes (#3020) (75224167)
  • Update more SecurityAndAnalysis attributes (#3025) (fa168279)
  • Implement support for re-running only failed workflow jobs. (#2983) (23e87563)
  • Add possibility to mark a thread/notification as done (#2985) (5ba24379)
  • Add "pull_request_review_id" to PullRequestComment object (#3000) (6a59cf82)
  • Add minimize and unminimize functions for IssueComment class (#3005) (09c4f58e)
  • Support Organization/Repository custom properties (#2968) (c5e6b702)
  • Add dict type to add_attribute script (#2977) (2a04f9cc)
  • Allow for deleting and restoring branch associated with PR (#1784) (4ba1e412)
  • Add "archived_at" to Organization object. (#2974) (cc766a6f)
  • Adds Security & Analysis To Repository (#2960) (f22af54d)
  • Add added_by and last_used attributes to RepositoryKey (#2952) (5dffa64d)
  • Add make_latest to GitRelease.update_release (#2888) (60136105)
  • Make Commit.files return PaginatedList (#2939) (fa885f00)

Bug Fixes ^^^^^^^^^

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 26, 2024
Copy link

dryrunsecurity bot commented Aug 26, 2024

DryRun Security Summary

The provided code changes focus on updating the PyGithub library from version 1.58.2 to 2.4.0 in the requirements.txt file, which should be carefully reviewed to ensure no breaking changes or security implications, and the dependencies in the requirements.txt file should be regularly reviewed and updated to maintain the security and stability of the application.

Expand for full summary

Summary:

The provided code changes in this pull request focus on updating the PyGithub library from version 1.58.2 to version 2.4.0 in the requirements.txt file. This is a significant version bump, and it's important to review the changes in the new version to ensure that there are no breaking changes or security implications.

From an application security perspective, the PyGithub library is used for interacting with the GitHub API, which could potentially be used for various security-related tasks, such as monitoring code repositories for vulnerabilities or automating security checks. The version update should be carefully reviewed to ensure that any security-related features or bug fixes are properly addressed. Additionally, the requirements.txt file contains a large number of dependencies, which can increase the attack surface of the application. It's important to regularly review and update these dependencies to ensure that they are up-to-date and free of known vulnerabilities.

Files Changed:

  • requirements.txt: This file has been updated to include a new version of the PyGithub library, from 1.58.2 to 2.4.0. This is a significant version bump, and it's crucial to review the changes in the new version to ensure that there are no breaking changes or security implications. Additionally, the requirements.txt file contains a large number of dependencies, which should be regularly reviewed and updated to maintain the security and stability of the application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@cneill
Copy link
Contributor

cneill commented Aug 26, 2024

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/pip/dev/pygithub-2.4.0 branch from cbb655b to 739cd92 Compare August 26, 2024 18:14
Copy link
Contributor

@cneill cneill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've asked Dependabot to rebase this one just so it's not failing tests for irrelevant reasons, but this still isn't ready to be merged. See this comment from the prior PR about breaking changes

@mtesauro
Copy link
Contributor

@dependabot recreate

Bumps [pygithub](https://github.com/pygithub/pygithub) from 1.58.2 to 2.4.0.
- [Release notes](https://github.com/pygithub/pygithub/releases)
- [Changelog](https://github.com/PyGithub/PyGithub/blob/main/doc/changes.rst)
- [Commits](PyGithub/PyGithub@v1.58.2...v2.4.0)

---
updated-dependencies:
- dependency-name: pygithub
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 7, 2024

Superseded by #11215.

@dependabot dependabot bot closed this Nov 7, 2024
@dependabot dependabot bot deleted the dependabot/pip/dev/pygithub-2.4.0 branch November 7, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants