Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: bump poetry.lock dependencies and pre-commit hooks #185

Merged
merged 2 commits into from
Jan 9, 2023
Merged

build: bump poetry.lock dependencies and pre-commit hooks #185

merged 2 commits into from
Jan 9, 2023

Conversation

phylum-bot
Copy link
Collaborator

Bump dependencies in poetry.lock and hooks in .pre-commit-config.yaml.

@phylum-bot phylum-bot requested a review from a team as a code owner January 9, 2023 14:40
@github-actions
Copy link

github-actions bot commented Jan 9, 2023

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE

The analysis contains 1 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

View this project in the Phylum UI

@maxrake maxrake self-requested a review January 9, 2023 15:28
@maxrake maxrake self-assigned this Jan 9, 2023
@maxrake maxrake mentioned this pull request Jan 9, 2023
Closed
@github-actions
Copy link

github-actions bot commented Jan 9, 2023

Phylum OSS Supply Chain Risk Analysis - SUCCESS

The Phylum risk analysis is complete and did not identify any issues.

View this project in the Phylum UI

maxrake
maxrake approved these changes Jan 9, 2023
View reviewed changes
Copy link
Contributor

@maxrake maxrake left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There were two (2) packages with a major dependency version update:

  • iniconfig went from 1.1.1 to 2.0.0
    • Review of the changelog showed no breaking changes affecting phylum-ci
  • packaging went from 22.0 to 23.0
    • Review of the changelog showed no breaking changes affecting phylum-ci

The ruamel-yaml-clib package had to be reverted to the ruamel.yaml.clib form of the name since that feature/bugfix is still not available, but is tracked here:

The Phylum analysis came back clean. LGTM.

Another member of the team will need to approve this PR since I made the last change to the branch. Adding @kylewillmon and @cd-work ...

@maxrake maxrake requested review from kylewillmon and cd-work and removed request for andreaphylum January 9, 2023 15:48
@maxrake maxrake enabled auto-merge (squash) January 9, 2023 15:49
@maxrake maxrake merged commit 75de60e into main Jan 9, 2023
@maxrake maxrake deleted the workflow-auto-updates branch January 9, 2023 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylewillmon kylewillmon kylewillmon approved these changes

@maxrake maxrake maxrake approved these changes

@cd-work cd-work Awaiting requested review from cd-work

Assignees

@maxrake maxrake

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@phylum-bot @kylewillmon @maxrake