Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: bump the pip-packages group across 1 directory with 3 updates #198

Merged
merged 1 commit into from
May 6, 2024
Merged

update: bump the pip-packages group across 1 directory with 3 updates #198

merged 1 commit into from
May 6, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 3, 2024

Bumps the pip-packages group with 3 updates in the / directory: semgrep, mkdocs-material and mike.

Updates semgrep from 1.70.0 to 1.71.0

Release notes

Sourced from semgrep's releases.

Release v1.71.0

1.71.0 - 2024-05-03

Added

  • Pro: const-prop: Previously inter-procedural const-prop could only infer whether a function returned an arbitrary string constant. Now it will be able to infer whether a function returns a concrete constant value, e.g.:

    def bar():
  return "bar"
def test():
x = bar()
foo(x) # now also matches pattern foo("bar"), previously only foo("...")
</code></pre>
</li>
<li>
<p>Python: const-prop: Semgrep will now recognize &quot;...&quot; * N expression as arbitrary
constant string literals (thus matching the pattern &quot;...&quot;). (flow-75)</p>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The <code>--beta-testing-secrets-enabled</code> option, deprecated for several months, is now removed. Use <code>--secrets</code> as its replacement. (<a href="https://redirect.github.com/returntocorp/semgrep/issues/9987">gh-9987</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>
<p>When using semgrep --test --json, we now report in the
config_missing_fixtests field in the JSON output not just rule files
containing a <code>fix:</code> without a corresponding &quot;.fixed&quot; test file; we now also
report rule files using a <code>fix-regex:</code> but without a corresponding a
.fixed test file, and the <code>fix:</code> or <code>fix-regex:</code> can be in
any rule in the file (not just the first rule). (fixtest)</p>
</li>
<li>
<p>Fixes matching for go struct field tags metadata.</p>
<p>For example given the program:</p>
<pre><code>type Rectangle struct {
    Top    int `json:&quot;top&quot;`
    Left   int `json:&quot;left&quot;`
    Width  int `json:&quot;width&quot;`
    Height int `json:&quot;height&quot;`
}
</code></pre>
<p>The pattern,</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md&quot;&gt;semgrep's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/returntocorp/semgrep/releases/tag/v1.71.0&quot;&gt;1.71.0&lt;/a> - 2024-05-03</h2>
<h3>Added</h3>
<ul>
<li>
<p>Pro: const-prop: Previously inter-procedural const-prop could only infer whether
a function returned an arbitrary string constant. Now it will be able to infer
whether a function returns a concrete constant value, e.g.:</p>
<pre lang="python"><code>def bar():
return &quot;bar&quot;
def test():
x = bar()
foo(x) # now also matches pattern foo(&amp;quot;bar&amp;quot;), previously only foo(&amp;quot;...&amp;quot;)
&lt;/code&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;Python: const-prop: Semgrep will now recognize &amp;quot;...&amp;quot; * N expression as arbitrary
constant string literals (thus matching the pattern &amp;quot;...&amp;quot;). (flow-75)&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Changed&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;The &lt;code&gt;--beta-testing-secrets-enabled&lt;/code&gt; option, deprecated for several months, is now removed. Use &lt;code&gt;--secrets&lt;/code&gt; as its replacement. (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/9987&quot;&gt;gh-9987&lt;/a&gt;)&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;Fixed&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;When using semgrep --test --json, we now report in the
config_missing_fixtests field in the JSON output not just rule files
containing a &lt;code&gt;fix:&lt;/code&gt; without a corresponding &amp;quot;.fixed&amp;quot; test file; we now also
report rule files using a &lt;code&gt;fix-regex:&lt;/code&gt; but without a corresponding a
.fixed test file, and the &lt;code&gt;fix:&lt;/code&gt; or &lt;code&gt;fix-regex:&lt;/code&gt; can be in
any rule in the file (not just the first rule). (fixtest)&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;Fixes matching for go struct field tags metadata.&lt;/p&gt;
&lt;p&gt;For example given the program:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;type Rectangle struct {
    Top    int `json:&amp;quot;top&amp;quot;`
    Left   int `json:&amp;quot;left&amp;quot;`
    Width  int `json:&amp;quot;width&amp;quot;`
    Height int `json:&amp;quot;height&amp;quot;`
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The pattern,&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;&lt;/code&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;!-- raw HTML omitted --&gt;
&lt;/blockquote&gt;
&lt;p&gt;... (truncated)&lt;/p&gt;
&lt;/details&gt;
&lt;details&gt;
&lt;summary&gt;Commits&lt;/summary&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/6d69592387a191344f91dd5d6e8937c0ff46be50&quot;&gt;&lt;code&gt;6d69592&lt;/code&gt;&lt;/a&gt; chore: Bump version to 1.71.0&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/3427e0382711eea42d3c2aa0fa00c868a097d5dd&quot;&gt;&lt;code&gt;3427e03&lt;/code&gt;&lt;/a&gt; Handle the new Low/Medium/High/Critical in pysemgrep (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10202&quot;&gt;#10202&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/643f7e8625dbeeebdd3475d4ace5faf8e5e47fda&quot;&gt;&lt;code&gt;643f7e8&lt;/code&gt;&lt;/a&gt; Add Critical/High/Medium/Low for rule and match severity (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10165&quot;&gt;#10165&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/75e123b3740de88f049ce466a2920427a5c56f92&quot;&gt;&lt;code&gt;75e123b&lt;/code&gt;&lt;/a&gt; osemgrep: finish porting the --test and fixtest (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10195&quot;&gt;#10195&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/c38124cf2e9eaf2331f1194e73e4703a6f87a656&quot;&gt;&lt;code&gt;c38124c&lt;/code&gt;&lt;/a&gt; refactor: tainting: Prepare for list/tuple unpacking (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10190&quot;&gt;#10190&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/5689cb9e267ef55bbf44c8f0a5a799c6d1f90226&quot;&gt;&lt;code&gt;5689cb9&lt;/code&gt;&lt;/a&gt; refactor: Remove dependency on SSC from search and taint engines (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10188&quot;&gt;#10188&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/6e8c79b568fe060a660f4b9f2c4e56392fff0266&quot;&gt;&lt;code&gt;6e8c79b&lt;/code&gt;&lt;/a&gt; fixtest: report in config_missing_fixtests also rules using fix-regex: (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10194&quot;&gt;#10194&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/d46804a9f2f0962e0e9f29e51c5df838a3b7a30b&quot;&gt;&lt;code&gt;d46804a&lt;/code&gt;&lt;/a&gt; osemgrep: resume work on osemgrep test (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10176&quot;&gt;#10176&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/be4ee4efc90e4a134f89d6c2b3df4f7377a97a46&quot;&gt;&lt;code&gt;be4ee4e&lt;/code&gt;&lt;/a&gt; cleanup cli/tests/default/e2e/test_test.py (was test_cli_test.py) (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10189&quot;&gt;#10189&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/semgrep/semgrep/commit/92595d92ec96b4574440dfdfa71bbad8774d601f&quot;&gt;&lt;code&gt;92595d9&lt;/code&gt;&lt;/a&gt; Cron - update semgrep-rules (&lt;a href=&quot;https://redirect.github.com/returntocorp/semgrep/issues/10192&quot;&gt;#10192&lt;/a&gt;)&lt;/li&gt;
&lt;li&gt;Additional commits viewable in &lt;a href=&quot;https://github.com/returntocorp/semgrep/compare/v1.70.0...v1.71.0&quot;&gt;compare view&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/details&gt;

&lt;br /&gt;
</code></pre>

Updates `mkdocs-material` from 9.5.20 to 9.5.21
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/squidfunk/mkdocs-material/releases">mkdocs-material's releases</a>.</em></p>
<blockquote>
<h2>mkdocs-material-9.5.21</h2>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7133">#7133</a>: Ensure latest version of Mermaid.js is used</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7125">#7125</a>: Added warning for dotfiles in info plugin</li>
</ul>
<p>Thanks to <a href="https://github.com/kamilkrzyskow"><code>@​kamilkrzyskow</code></a> for their contributions</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG">mkdocs-material's changelog</a>.</em></p>
<blockquote>
<p>mkdocs-material-9.5.21 (2024-05-03)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7133">#7133</a>: Ensure latest version of Mermaid.js is used</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7125">#7125</a>: Added warning for dotfiles in info plugin</li>
</ul>
<p>mkdocs-material-9.5.20 (2024-04-29)</p>
<ul>
<li>Fixed deprecation warning in privacy plugin (9.5.19 regression)</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7119">#7119</a>: Tags plugin emits deprecation warning (9.5.19 regression)</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7118">#7118</a>: Social plugin crashes if fonts are disabled (9.5.19 regression)</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7085">#7085</a>: Social plugin crashes on Windows when downloading fonts</li>
</ul>
<p>mkdocs-material-9.5.19+insiders-4.53.8 (2024-04-26)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7052">#7052</a>: Preview extension automatically including all pages</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7051">#7051</a>: Instant previews mounting on footnote references</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/5165">#5165</a>: Improved tooltips not mounting in sidebar for typeset plugin</li>
</ul>
<p>mkdocs-material-9.5.19+insiders-4.53.7 (2024-04-25)</p>
<ul>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7060">#7060</a>: Incorrect resolution of translation when using static-i18n</li>
</ul>
<p>mkdocs-material-9.5.19 (2024-04-25)</p>
<ul>
<li>Updated MkDocs to 1.6 and limited version to &lt; 2</li>
<li>Updated Docker image to latest Alpine Linux</li>
<li>Removed setup.py, now that GitHub fully understands pyproject.toml</li>
<li>Improved interop of social plugin with third-party MkDocs themes</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7099">#7099</a>: Blog reading time not rendered correctly for Japanese</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7097">#7097</a>: Improved resilience of tags plugin when no tags are given</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7090">#7090</a>: Active tab indicator in nested content tabs rendering bug</li>
</ul>
<p>mkdocs-material-9.5.18 (2024-04-16)</p>
<ul>
<li>Refactored tooltips implementation to fix positioning issues</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7044">#7044</a>: Rendering glitch when hovering contributor avatar in Chrome</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7043">#7043</a>: Highlighted lines in code blocks cutoff on mobile</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/6910">#6910</a>: Incorrect position of tooltip for page status in sidebar</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/6760">#6760</a>: Incorrect position and overly long tooltip in tables</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/6488">#6488</a>: Incorrect position and cutoff tooltip in content tabs</li>
</ul>
<p>mkdocs-material-9.5.17+insiders-4.53.6 (2024-04-05)</p>
<ul>
<li>Ensure working directory is set for projects when using projects plugin</li>
<li>Fixed <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/6970">#6970</a>: Incorrect relative paths in git submodules with projects plugin</li>
</ul>
<p>mkdocs-material-9.5.17+insiders-4.53.5 (2024-04-02)</p>
<ul>
<li>Fixed social plugin crashing when no colors are specified in palettes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/d1161b431f391c3be2bf3617b8c62c2477309ff6"><code>d1161b4</code></a> Prepare 9.5.21 release</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/aef6175f04244870e7c356d00a48a19e0cde90db"><code>aef6175</code></a> Added type selection to icon and emoji search</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/b0c5fe6aeffabb270465604e50582e8cdea9889c"><code>b0c5fe6</code></a> Updated JSON schema (<a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7150">#7150</a>)</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/0e0a678b7849db824a6a18b55a595e927a5c28cc"><code>0e0a678</code></a> Merge pull request <a href="https://redirect.github.com/squidfunk/mkdocs-material/issues/7142">#7142</a> from kamilkrzyskow/info-dotfile-warning</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/75d87eaf7ea696cccf99b96c915412b16ea3f079"><code>75d87ea</code></a> Widen Mermaid.js import to 10.x (current major version)</li>
<li><a href="https://github.com/squidfunk/mkdocs-material/commit/f724bb901a18bc0813ab38a716536d3bf7212435"><code>f724bb9</code></a> Add warning for dotfiles in info plugin</li>
<li>See full diff in <a href="https://github.com/squidfunk/mkdocs-material/compare/9.5.20...9.5.21">compare view</a></li>
</ul>
</details>
<br />

Updates `mike` from 2.0.0 to 2.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jimporter/mike/releases">mike's releases</a>.</em></p>
<blockquote>
<h2>v2.1.1</h2>
<h3>Bug fixes</h3>
<ul>
<li>Support using environment variables for <code>INHERIT</code> when injecting the <code>mike</code> plugin into <code>mkdocs.yml</code></li>
</ul>
<h2>v2.1.0</h2>
<h3>New features</h3>
<ul>
<li>When calling <code>set-default</code>, you can now pass <code>--allow-undefined</code> to set the default to a version that doesn't exist yet</li>
<li>Add global-level <code>-q</code> / <code>--quiet</code> option to suppress warning messages</li>
<li>Add support for handling <code>!relative</code> in <code>mkdocs.yml</code></li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>When loading an MkDocs config, mike now runs the <code>startup</code> and <code>shutdown</code> events</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jimporter/mike/blob/master/CHANGES.md">mike's changelog</a>.</em></p>
<blockquote>
<h2>v2.1.1 (2024-05-03)</h2>
<h3>Bug fixes</h3>
<ul>
<li>Support using environment variables for <code>INHERIT</code> when injecting the <code>mike</code>
plugin into <code>mkdocs.yml</code></li>
</ul>
<hr />
<h2>v2.1.0 (2024-05-01)</h2>
<h3>New features</h3>
<ul>
<li>When calling <code>set-default</code>, you can now pass <code>--allow-undefined</code> to set the
default to a version that doesn't exist yet</li>
<li>Add global-level <code>-q</code> / <code>--quiet</code> option to suppress warning messages</li>
<li>Add support for handling <code>!relative</code> in <code>mkdocs.yml</code></li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>When loading an MkDocs config, mike now runs the <code>startup</code> and <code>shutdown</code>
events</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jimporter/mike/commit/0bdfe24c20fb0774652230a7abe8466b98098da4"><code>0bdfe24</code></a> Update version to 2.1.1</li>
<li><a href="https://github.com/jimporter/mike/commit/3351d5feabff8ee107f4ad6d1f86055843c7dbf1"><code>3351d5f</code></a> Expand environment variables when injecting the mike plugin; resolves <a href="https://redirect.github.com/jimporter/mike/issues/217">#217</a></li>
<li><a href="https://github.com/jimporter/mike/commit/e4d83eda046b1dea0493f91fcacbf86634c93db5"><code>e4d83ed</code></a> Update version to 2.2.0.dev0</li>
<li><a href="https://github.com/jimporter/mike/commit/6e6cfbb9a3e78d2ab2a529b72b84e8918c101f6c"><code>6e6cfbb</code></a> Update version to 2.1.0</li>
<li><a href="https://github.com/jimporter/mike/commit/5773be928d1a6e99e61755df0d73a8b2ce16660f"><code>5773be9</code></a> Fix CI</li>
<li><a href="https://github.com/jimporter/mike/commit/7904925595827ccba3908775b2f9b5add3ae9030"><code>7904925</code></a> Further tests for deserializing Python objects during <code>inject_plugin</code></li>
<li><a href="https://github.com/jimporter/mike/commit/01219bddfeea16f8d6dd6d65d0d84581cf183a3f"><code>01219bd</code></a> Allow arbitrary Python object in YAML config</li>
<li><a href="https://github.com/jimporter/mike/commit/ac7b2403cacb0a16892ce915478bac70bd7faf39"><code>ac7b240</code></a> Handle <code>!relative</code> (and any future constructors) in mkdocs.yml; resolves <a href="https://redirect.github.com/jimporter/mike/issues/199">#199</a></li>
<li><a href="https://github.com/jimporter/mike/commit/fdcc9126b5ded0a273f7d3be3dd1d698f53157ec"><code>fdcc912</code></a> Add <code>--quiet</code> option; resolves <a href="https://redirect.github.com/jimporter/mike/issues/210">#210</a></li>
<li><a href="https://github.com/jimporter/mike/commit/a39ea731c810627341980f4e28b0b5afa55c1c08"><code>a39ea73</code></a> Add <code>set-default --allow-undefined</code>; see <a href="https://redirect.github.com/jimporter/mike/issues/210">#210</a></li>
<li>Additional commits viewable in <a href="https://github.com/jimporter/mike/compare/v2.0.0...v2.1.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions


</details>

@dependabot
update: bump the pip-packages group across 1 directory with 3 updates
13e0aec 
Bumps the pip-packages group with 3 updates in the / directory: [semgrep](https://github.com/returntocorp/semgrep), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mike](https://github.com/jimporter/mike).


Updates `semgrep` from 1.70.0 to 1.71.0
- [Release notes](https://github.com/returntocorp/semgrep/releases)
- [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md)
- [Commits](semgrep/semgrep@v1.70.0...v1.71.0)

Updates `mkdocs-material` from 9.5.20 to 9.5.21
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.20...9.5.21)

Updates `mike` from 2.0.0 to 2.1.1
- [Release notes](https://github.com/jimporter/mike/releases)
- [Changelog](https://github.com/jimporter/mike/blob/master/CHANGES.md)
- [Commits](jimporter/mike@v2.0.0...v2.1.1)

---
updated-dependencies:
- dependency-name: semgrep
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-packages
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: pip-packages
- dependency-name: mike
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented May 3, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 13e0aec.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/mike 2.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1010 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/mkdocs-material 9.5.21 🟢 5.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 8/23 approved changesets -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/semgrep 1.71.0 UnknownUnknown
pip/mike 2.0.0 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1010 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/mkdocs-material 9.5.20 🟢 5.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 8/23 approved changesets -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
pip/semgrep 1.70.0 UnknownUnknown
pip/semgrep 1.71.0 UnknownUnknown
pip/semgrep 1.70.0 UnknownUnknown

Scanned Manifest Files

poetry.lock
pyproject.toml

@github-actions GitHub Actions
Copy link

github-actions bot commented May 3, 2024

Coverage

Coverage Report
FileStmtsMissCoverMissing
semgr8s
   __main__.py16160%5–29
   app.py78396%116, 175–176
   k8s_api.py22291%43–44
   updater.py29293%49–50
TOTAL1972388% 

Tests Skipped Failures Errors Time
18 0 💤 0 ❌ 0 🔥 2.092s ⏱️

@xopham
Copy link
Contributor

xopham commented May 6, 2024

@dependabot squash and merge

@dependabot dependabot bot merged commit 2a4c8a4 into dev May 6, 2024
31 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dev/pip-packages-8c5997f952 branch May 6, 2024 14:53
@xopham xopham mentioned this pull request May 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@xopham