Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump coverage from 7.5.4 to 7.6.0 #10560

Merged
merged 1 commit into from
Jul 12, 2024
Merged

Bump coverage from 7.5.4 to 7.6.0 #10560

merged 1 commit into from
Jul 12, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 12, 2024

Bumps coverage from 7.5.4 to 7.6.0.

Changelog

Sourced from coverage's changelog.

Version 7.6.0 — 2024-07-11

  • Exclusion patterns can now be multi-line, thanks to Daniel Diniz <pull 1807_>. This enables many interesting exclusion use-cases, including those requested in issues 118 <issue 118_> (entire files), 996 <issue 996_>_ (multiple lines only when appearing together), 1741 <issue 1741_>_ (remainder of a function), and 1803 <issue 1803_>_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude section of the docs for more details and examples.

  • The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz <pull 1809_>_ for getting the work started. This closes issue 1793_ and issue 1532_.

  • Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.

  • Python 3.13.0b3 is supported.

.. _issue 118: nedbat/coveragepy#118 .. _issue 996: nedbat/coveragepy#996 .. _issue 1532: nedbat/coveragepy#1532 .. _issue 1741: nedbat/coveragepy#1741 .. _issue 1793: nedbat/coveragepy#1793 .. _issue 1803: nedbat/coveragepy#1803 .. _pull 1807: nedbat/coveragepy#1807 .. _pull 1809: nedbat/coveragepy#1809

.. _changes_7-5-4:

Commits
  • 59a3cd7 docs: sample HTML for 7.6.0
  • 7f27fa7 docs: prep for 7.6.0
  • 6a268b0 docs: issues closed by the json region reporting
  • 5bfe9e7 chore: bump actions/setup-python from 5.1.0 to 5.1.1 (#1814)
  • ab609ef docs: mention json region reporting in the changes
  • 92d96b9 fix: json report needs 'no class' and 'no function' also
  • e47e7e7 refactor: move duplicate code into methods
  • 3d6be2b fix: json format should bump for regions
  • a9992d2 test: add a test of json regions with branches
  • 8b89764 test: json expectations should have explicit format number
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump coverage from 7.5.4 to 7.6.0
536a50f 
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.5.4 to 7.6.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.5.4...7.6.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 12, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 12, 2024
edited
Loading

DryRun Security Summary

The provided code change updates the requirements.txt file for the DefectDojo application, including a version update for the coverage package and the use of custom versions of the django-multiselectfield and django-tagging packages pulled directly from the project's GitHub repositories.

Expand for full summary

Summary:

The provided code change is an update to the requirements.txt file for the DefectDojo application, which is a web-based tool for managing and tracking security vulnerabilities in software applications. The key changes in this update are the update of the coverage package to a newer version, and the use of custom versions of the django-multiselectfield and django-tagging packages pulled directly from the project's GitHub repositories.

From an application security perspective, the update to the coverage package is a positive change, as it helps ensure the quality and security of the codebase by providing detailed information about which parts of the code are exercised during testing. However, the use of custom versions of the django-multiselectfield and django-tagging packages should be reviewed carefully to ensure that they do not introduce any new security vulnerabilities or regressions. Additionally, the use of custom dependencies can increase the maintenance burden and make it more difficult to keep the application up-to-date with the latest security patches.

Files Changed:

  • requirements.txt: This file has been updated to include the following changes:
    1. The coverage package has been updated from version 7.5.4 to 7.6.0, which is a minor version update that may include bug fixes, performance improvements, or new features related to code coverage analysis.
    2. The django-multiselectfield and django-tagging packages are now being pulled directly from the project's GitHub repositories (git+https://...), suggesting that the project is using custom versions of these libraries, potentially with bug fixes or security-related changes that are not available in the official releases.

Code Analysis

We ran 7 analyzers against 1 file and 1 analyzer had findings. 6 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

mtesauro
mtesauro approved these changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 3462db0 into dev Jul 12, 2024
124 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dev/coverage-7.6.0 branch July 12, 2024 21:43
mwager added a commit to mwager/django-DefectDojo that referenced this pull request Jul 16, 2024
@mwager
Merge branch 'kiuwan-sca' of github.com:mwager/django-DefectDojo into…
b225ff2 
… kiuwan-sca

# By dependabot[bot] (13) and others
# Via GitHub
* 'kiuwan-sca' of github.com:mwager/django-DefectDojo: (39 commits)
  Deprecate Python-jose and migrate okta to python_social_auth (DefectDojo#10117)
  fix: dockerfile warnings (DefectDojo#10505)
  Ruff: Add and fix Q000 (DefectDojo#10095)
  Fix(django): Upgrade of 4.2 (DefectDojo#10553)
  fix(deps): build python psycopg3 dependency instead of use the pre-build binary (DefectDojo#10491)
  Bump coverage from 7.5.4 to 7.6.0 (DefectDojo#10560)
  Bump asteval from 1.0.0 to 1.0.1 (DefectDojo#10561)
  Bump djangorestframework from 3.14.0 to 3.15.2 (DefectDojo#10431)
  Bump boto3 from 1.34.142 to 1.34.143 (DefectDojo#10558)
  Bump django-debug-toolbar from 4.4.5 to 4.4.6 (DefectDojo#10557)
  Bump boto3 from 1.34.141 to 1.34.142 (DefectDojo#10551)
  Bump packageurl-python from 0.15.2 to 0.15.3 (DefectDojo#10541)
  Bump boto3 from 1.34.140 to 1.34.141 (DefectDojo#10542)
  Update helm lock file
  Update versions in application files
  Update versions in application files
  API: Convert get_filterset calls to get_queryset (DefectDojo#10543)
  Bump django-debug-toolbar from 4.4.4 to 4.4.5 (DefectDojo#10527)
  Fix ruff
  Ruff fix
  ...

# Conflicts:
#	dojo/settings/.settings.dist.py.sha256sum
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cneill @mtesauro