Lineage pull request for: skeleton #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…orrect staticcheck package URL Co-Authored By: @mcdonnnj <[email protected]>
Co-authored-by: Shane Frasier <[email protected]>
We generally only use quotes when they are strictly necessary to ensure data is interpreted as a string value.
Our standard practice for YAML files is to sort keys alphabetically.
Co-authored-by: David Harris <[email protected]>
Co-authored-by: Nick <[email protected]>
cisagovbot
requested review from
dav3r,
felddy,
jasonodoom,
jsf9k and
mcdonnnj
as code owners
cisagovbot
added
the
upstream update
…b-action" This reverts commit ddbf6f7. This can be done now that cisagov/setup-env-github-action#65 has been merged.
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Add crazy-max/ghaction-github-labeler as a commented out dependency to ignore in the dependabot configuration file. This should be enabled in downstream projects to consolidate updating this Action to the cisagov/skeleton-generic repository.
Add go packages for pre-commit
Use the correct repo name for the ansible-lint pre-commit hook
…nfiguration Update the Dependabot configuration
Delete duplicate word "are"
Add nixfmt pre-commit hook
…s/checkout-4 Bump actions/checkout from 3 to 4
Update the version of the `crazy-max/ghaction-github-labeler` Action and add a dependabot ignore directive
…hooks Add additional hooks from `pre-commit/pre-commit-hooks`
…oks_are_sorted Sort hook ids in each `pre-commit` hook entry
We should use the same version of bandit throughout the pre-commit configuration.
This Python library is used in this project, so we should include it.
…nitor task for jobs that lack them
Add a directive for hashicorp/setup-packer that was missed when it was added to the `build` workflow. Add a directive for cisagov/setup-env-github-action that is not strictly necessary since we currently just pull from the `develop` branch, but is good to have in case we were to change that in the future.
Add missing dependabot ignore directives
# Conflicts: # .github/dependabot.yml
This is being done because the pip-audit pre-commit hook identifies a vulnerability in ansible-core version 2.16.13. Note that this requires that we bump up ansible to version 10 since all versions of ansible 9 have a dependency on ~=2.16.X.
Version 24.10.0 is the first version that supports Fedora 41 as a valid platform.
The pin of ansible-core was originally put in place because the pip-audit pre-commit hook identifies a vulnerability in ansible-core 2.16.13. Normally we would pin ansible-core to >2.16.13, but in the spirit of the earlier, optional pin of ansible>=10 we pin ansible-core to >=2.17. This effectively also pins ansible to >=10. Co-authored-by: Nick M <[email protected]>
This adds even more evidence for why it is a good idea to go ahead and upgrade ansible and ansible-core, in addition to the vulnerability that pip-audit turned up. Co-authored-by: Nick M <[email protected]>
…n-for-ansible-core Bump up the lower bound on `ansible-core`
…-pre-commit-hook-version Update the version of the `ansible-lint` `pre-commit` hook
Remove support for Python 3.7 and 3.8
Add the `--non-interactive` flag when installing type stubs via `mypy`
Improve pytest configuration
⚠️ CONFLICT! Lineage pull request for: skeleton
Add `dev` dependencies section
…ary-pins Remove two unnecessary pins
Support Python 3.13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Lineage Pull Request
Lineage has created this pull request to incorporate new changes found in an
upstream repository:
Upstream repository:
https://github.com/cisagov/skeleton-python-library.gitRemote branch:
HEADCheck the changes in this pull request to ensure they won't cause issues with
your project.
✅ Pre-approval checklist
Remove any of the following that do not apply. If you're unsure about
any of these, don't hesitate to ask. We're here to help!
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
Remove any of the following that do not apply. These boxes should
remain unchecked until the pull request has been approved.
appropriate
via the
bump_version.shscript if this repository isversioned and the changes in this PR warrant a version
bump.
✅ Post-merge checklist
Remove any of the following that do not apply.
For more information:
🛠 Lineage configurations for this project are stored in
.github/lineage.yml📚 Read more about Lineage