⚠️ CONFLICT! Lineage pull request for: skeleton #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
This commit will make a few changes. The orginal version of the semantic checking function was a bit more difficult to read. It is now somewhat easier to follow how the regex is structured. Also the function has been renamed to check_python_version since it has 2 functions, making sure that the version is semantically correct and the second is to make sure that it is installed on the user's machine. This makes it easier to follow the logic for the flags, -p or --python-version and -l or --list-versions
…ttps://github.com/cisagov/skeleton-generic into improvement/correct-semantic-python-version-checks
Co-authored-by: dav3r <[email protected]>
Co-authored-by: dav3r <[email protected]>
Add the `check-useless-excludes` meta hook to verify that any defined `exclude` directives apply to at least one file in the repository.
Instead of manually installing Packer we can instead leverage the hashicorp/setup-packer Action just as we do for Terraform.
He is no longer a member of @cisagov/vm-dev.
Previously we only provided a lower bound for the version, but pinning to a specific version aligns with what has been done with the prettier hook and how pre-commit hooks are pinned in general. The flake8-docstrings package is rarely updated, so there is no real downside to pinning to a specific version. Co-authored-by: Nick <[email protected]>
This flag forces mypy to hide the errors about missing stubs and instead simply install stubs without asking for confirmation. It also does not return an error code, which it does without this flag even if you opt to let it install the missing type stubs.
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [crazy-max/ghaction-github-status](https://github.com/crazy-max/ghaction-github-status) from 3 to 4. - [Release notes](https://github.com/crazy-max/ghaction-github-status/releases) - [Commits](crazy-max/ghaction-github-status@v3...v4) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-status dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
* Use long flag names when possible * Enable debug logging * Add a helpful explanatory comment Co-authored-by: felddy <[email protected]>
This is done automatically with the `pre-commit autoupdate` command. The pre-commit/mirrors-prettier hook was manually held back because the latest tags are for alpha releases of the next major version.
Use the latest v3 release available from NPM.
…max/ghaction-github-status-4 Bump crazy-max/ghaction-github-status from 3 to 4
…s/cache-4 Bump actions/cache from 3 to 4
Use an Action to install Packer in our GitHub Actions workflows
…hon-version-checks Add checks for correct semantic version of Python
Remove @jasonodoom as a codeowner
The pip-audit tool will audit any supplied pip requirements files for vulnerable packages.
…nitor task for jobs that lack them
Add a directive for hashicorp/setup-packer that was missed when it was added to the `build` workflow. Add a directive for cisagov/setup-env-github-action that is not strictly necessary since we currently just pull from the `develop` branch, but is good to have in case we were to change that in the future.
Add missing dependabot ignore directives
# Conflicts: # .github/dependabot.yml
This is being done because the pip-audit pre-commit hook identifies a vulnerability in ansible-core version 2.16.13. Note that this requires that we bump up ansible to version 10 since all versions of ansible 9 have a dependency on ~=2.16.X.
Version 24.10.0 is the first version that supports Fedora 41 as a valid platform.
The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core to >2.16.13, but in the spirit of the earlier, optional pin of ansible>=10 we pin ansible-core to >=2.17. This effectively also pins ansible to >=10. Co-authored-by: Nick M <[email protected]>
This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <[email protected]>
…n-for-ansible-core Bump up the lower bound on `ansible-core`
…-pre-commit-hook-version Update the version of the `ansible-lint` `pre-commit` hook
Remove support for Python 3.7 and 3.8
Add the `--non-interactive` flag when installing type stubs via `mypy`
Improve pytest configuration
⚠️ CONFLICT! Lineage pull request for: skeleton
Add `dev` dependencies section
…ary-pins Remove two unnecessary pins
Support Python 3.13
…/skeleton # Conflicts: # .github/workflows/build.yml # pytest.ini # setup-env # setup.py # src/example/example.py # tests/test_example.py
cisagovbot
added
the
upstream update
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| # Access some data from our package data (see the setup.py) | ||
| secret_message: str = ( | ||
| pkg_resources.resource_string("example", "data/secret.txt") | ||
| .decode("utf-8") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 13 hours ago
To fix the problem, we should avoid logging the content of secret_message directly. Instead, we can log a message indicating that the secret message was accessed without revealing its content. This way, we maintain the functionality of logging the event without exposing sensitive information.
- Replace the line that logs the
secret_messagewith a line that logs a generic message indicating that the secret message was accessed. - Ensure that the new log message does not contain any sensitive information.
Suggested changeset
1
src/example/example.py
| @@ -102,3 +102,3 @@ | ||
| ) | ||
| logging.info('Secret="%s"', secret_message) | ||
| logging.info('Secret message accessed successfully.') | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request: CONFLICT
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
The
lineage/skeletonbranch has one or more unresolved merge conflictsthat you must resolve before merging this pull request!
How to resolve the conflicts
Take ownership of this pull request by removing any other assignees.
Clone the repository locally, and reapply the merge:
Review the changes displayed by the
statuscommand. Fix any conflicts andpossibly incorrect auto-merges.
After resolving each of the conflicts,
addyour changes to thebranch,
commit, andpushyour changes:Note that you may append to the default merge commit message
that git creates for you, but please do not delete the existing
content. It provides useful information about the merge that is
being performed.
Wait for all the automated tests to pass.
Confirm each item in the "Pre-approval checklist" below.
Remove any of the checklist items that do not apply.
Ensure every remaining checkbox has been checked.
Mark this draft pull request "Ready for review".
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
Note
You are seeing this because one of this repository's maintainers has
configured Lineage to open pull requests.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage