Dependabot updates for July 2024 #3222

imnasnainaec · 2024-07-03T14:34:12Z

This change is

Bumps [ejs](https://github.com/mde/ejs) from 3.1.9 to 3.1.10. - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) --- updated-dependencies: - dependency-name: ejs dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ansible](https://github.com/ansible-community/ansible-build-data) from 9.6.0 to 10.0.0. - [Changelog](https://github.com/ansible-community/ansible-build-data/blob/main/docs/release-process.md) - [Commits](ansible-community/ansible-build-data@9.6.0...10.0.0) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 4.7.2 to 4.7.3. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.7.2...4.7.3) --- updated-dependencies: - dependency-name: pymongo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.1...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps mongo from 7.0.11-jammy to 7.0.12-jammy. --- updated-dependencies: - dependency-name: mongo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [i18next-browser-languagedetector](https://github.com/i18next/i18next-browser-languageDetector) from 7.2.1 to 8.0.0. - [Changelog](https://github.com/i18next/i18next-browser-languageDetector/blob/master/CHANGELOG.md) - [Commits](i18next/i18next-browser-languageDetector@v7.2.1...v8.0.0) --- updated-dependencies: - dependency-name: i18next-browser-languagedetector dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps dotnet/sdk from 8.0.301-jammy-amd64 to 8.0.302-1-jammy-amd64. --- updated-dependencies: - dependency-name: dotnet/sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [SIL.DictionaryServices](https://github.com/sillsdev/libpalaso) and [SIL.Lift](https://github.com/sillsdev/libpalaso). These dependencies needed to be updated together. Updates `SIL.DictionaryServices` from 13.0.1 to 14.1.1 - [Release notes](https://github.com/sillsdev/libpalaso/releases) - [Changelog](https://github.com/sillsdev/libpalaso/blob/master/CHANGELOG.md) - [Commits](sillsdev/libpalaso@v13.0.1...v14.1.1) Updates `SIL.Lift` from 14.0.0 to 14.1.1 - [Release notes](https://github.com/sillsdev/libpalaso/releases) - [Changelog](https://github.com/sillsdev/libpalaso/blob/master/CHANGELOG.md) - [Commits](sillsdev/libpalaso@v14.0.0...v14.1.1) --- updated-dependencies: - dependency-name: SIL.DictionaryServices dependency-type: direct:production update-type: version-update:semver-major - dependency-name: SIL.Lift dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [SIL.Lift](https://github.com/sillsdev/libpalaso) from 14.0.0 to 14.1.1. - [Release notes](https://github.com/sillsdev/libpalaso/releases) - [Changelog](https://github.com/sillsdev/libpalaso/blob/master/CHANGELOG.md) - [Commits](sillsdev/libpalaso@v14.0.0...v14.1.1) --- updated-dependencies: - dependency-name: SIL.Lift dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [MongoDB.Driver](https://github.com/mongodb/mongo-csharp-driver) from 2.25.0 to 2.27.0. - [Release notes](https://github.com/mongodb/mongo-csharp-driver/releases) - [Commits](mongodb/mongo-csharp-driver@v2.25.0...v2.27.0) --- updated-dependencies: - dependency-name: MongoDB.Driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [MailKit](https://github.com/jstedfast/MailKit) from 4.6.0 to 4.7.0. - [Changelog](https://github.com/jstedfast/MailKit/blob/master/ReleaseNotes.md) - [Commits](https://github.com/jstedfast/MailKit/commits) --- updated-dependencies: - dependency-name: MailKit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [SIL.Lift](https://github.com/sillsdev/libpalaso) from 14.0.0 to 14.1.1. - [Release notes](https://github.com/sillsdev/libpalaso/releases) - [Changelog](https://github.com/sillsdev/libpalaso/blob/master/CHANGELOG.md) - [Commits](sillsdev/libpalaso@v14.0.0...v14.1.1) --- updated-dependencies: - dependency-name: SIL.Lift dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [MongoDB.Driver](https://github.com/mongodb/mongo-csharp-driver) from 2.25.0 to 2.27.0. - [Release notes](https://github.com/mongodb/mongo-csharp-driver/releases) - [Commits](mongodb/mongo-csharp-driver@v2.25.0...v2.27.0) --- updated-dependencies: - dependency-name: MongoDB.Driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0a5c615...82c7e63) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@a5ac7e5...692973e) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [sillsdev/FieldWorks](https://github.com/sillsdev/fieldworks) from 722b7f2f25c0a66160cda67a12979a0a942c7705 to 53b16bd9d629a65054d424cb059e4e2ce943ba97. - [Release notes](https://github.com/sillsdev/fieldworks/releases) - [Commits](sillsdev/FieldWorks@722b7f2...53b16bd) --- updated-dependencies: - dependency-name: sillsdev/FieldWorks dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.8.0 to 2.8.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@f086349...17d0e2b) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 4.7.2 to 4.8.0. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.7.2...4.8.0) --- updated-dependencies: - dependency-name: pymongo dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [kubernetes](https://github.com/kubernetes-client/python) from 29.0.0 to 30.1.0. - [Release notes](https://github.com/kubernetes-client/python/releases) - [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md) - [Commits](kubernetes-client/python@v29.0.0...v30.1.0) --- updated-dependencies: - dependency-name: kubernetes dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ansible](https://github.com/ansible-community/ansible-build-data) from 9.6.0 to 10.1.0. - [Changelog](https://github.com/ansible-community/ansible-build-data/blob/main/docs/release-process.md) - [Commits](ansible-community/ansible-build-data@9.6.0...10.1.0) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

…10' into dependabot-2024-07

….0.0' into dependabot-2024-07

…go-4.7.3' into dependabot-2024-07

…b3-2.2.2' into dependabot-2024-07

…2.2' into dependabot-2024-07

…browser-languagedetector-8.0.0' into dependabot-2024-07

…/sdk-8.0.302-1-jammy-amd64' into dependabot-2024-07

…ulti-02e359d141' into dependabot-2024-07

…IL.Lift-14.1.1' into dependabot-2024-07

…ongoDB.Driver-2.27.0' into dependabot-2024-07

…ailKit-4.7.0' into dependabot-2024-07

…-4.7.0' into dependabot-2024-07

…t-14.1.1' into dependabot-2024-07

….Driver-2.27.0' into dependabot-2024-07

…s/setup-python-5.1.0' into dependabot-2024-07

…corecard-action-2.3.3' into dependabot-2024-07

…s/checkout-4.1.7' into dependabot-2024-07

…ev/FieldWorks-53b16bd9d629a65054d424cb059e4e2ce943ba97' into dependabot-2024-07

…ecurity/harden-runner-2.8.1' into dependabot-2024-07

…go-4.8.0' into dependabot-2024-07

…netes-30.1.0' into dependabot-2024-07

…-30.1.0' into dependabot-2024-07

….1.0' into dependabot-2024-07

github-actions · 2024-07-03T14:34:32Z

⚠️ Commit Message Format Issues ⚠️
commit dc91691e5f:
3: B1 Line exceeds max length (94>80): "Bumps ansible from 9.6.0 to 10.1.0."
4: B1 Line exceeds max length (104>80): "- Changelog"
5: B1 Line exceeds max length (91>80): "- Commits"

commit 067bc64e81:
3: B1 Line exceeds max length (86>80): "Bumps kubernetes from 29.0.0 to 30.1.0."
5: B1 Line exceeds max length (83>80): "- Changelog"
6: B1 Line exceeds max length (82>80): "- Commits"

commit 17c8dfe6c6:
3: B1 Line exceeds max length (86>80): "Bumps kubernetes from 29.0.0 to 30.1.0."
5: B1 Line exceeds max length (83>80): "- Changelog"
6: B1 Line exceeds max length (82>80): "- Commits"

commit 1cbc44ad73:
3: B1 Line exceeds max length (84>80): "Bumps pymongo from 4.7.2 to 4.8.0."
5: B1 Line exceeds max length (91>80): "- Changelog"
6: B1 Line exceeds max length (81>80): "- Commits"

commit 1ed46218e1:
3: B1 Line exceeds max length (104>80): "Bumps step-security/harden-runner from 2.8.0 to 2.8.1."
5: B1 Line exceeds max length (151>80): "- Commits"

commit 47fc8186a0:
3: B1 Line exceeds max length (158>80): "Bumps sillsdev/FieldWorks from 722b7f2f25c0a66160cda67a12979a0a942c7705 to 53b16bd9d629a65054d424cb059e4e2ce943ba97."
5: B1 Line exceeds max length (143>80): "- Commits"

commit 904e79c94b:
3: B1 Line exceeds max length (82>80): "Bumps actions/checkout from 4.1.6 to 4.1.7."
6: B1 Line exceeds max length (140>80): "- Commits"

commit 05d0379f40:
3: B1 Line exceeds max length (92>80): "Bumps ossf/scorecard-action from 2.3.1 to 2.3.3."
6: B1 Line exceeds max length (145>80): "- Commits"

commit 4862f70470:
3: B1 Line exceeds max length (90>80): "Bumps actions/setup-python from 5.0.0 to 5.1.0."
5: B1 Line exceeds max length (144>80): "- Commits"

commit b260b3ee89:
3: B1 Line exceeds max length (93>80): "Bumps MongoDB.Driver from 2.25.0 to 2.27.0."
5: B1 Line exceeds max length (85>80): "- Commits"

commit 49deb4adec:
3: B1 Line exceeds max length (93>80): "Bumps MongoDB.Driver from 2.25.0 to 2.27.0."
5: B1 Line exceeds max length (85>80): "- Commits"

commit 4267cc4780:
3: B1 Line exceeds max length (174>80): "Bumps SIL.DictionaryServices and SIL.Lift. These dependencies needed to be updated together."

commit 331e1b7dc7:
3: B1 Line exceeds max length (122>80): "Bumps i18next-browser-languagedetector from 7.2.1 to 8.0.0."
4: B1 Line exceeds max length (99>80): "- Changelog"
5: B1 Line exceeds max length (96>80): "- Commits"

commit b7fa1ad56a:
3: B1 Line exceeds max length (84>80): "Bumps pymongo from 4.7.2 to 4.7.3."
5: B1 Line exceeds max length (91>80): "- Changelog"
6: B1 Line exceeds max length (81>80): "- Commits"

commit 593c12be96:
3: B1 Line exceeds max length (94>80): "Bumps ansible from 9.6.0 to 10.0.0."
4: B1 Line exceeds max length (104>80): "- Changelog"
5: B1 Line exceeds max length (91>80): "- Commits"

codecov · 2024-07-03T14:39:22Z

Codecov Report

Attention: Patch coverage is 62.45211% with 98 lines in your changes missing coverage. Please review.

Project coverage is 74.86%. Comparing base (565a7f7) to head (99ab90b).
Report is 4 commits behind head on master.

Files	Patch %	Lines
src/components/ProjectSettings/ProjectDomains.tsx	50.96%	50 Missing and 1 partial ⚠️
Backend/Services/LiftService.cs	52.94%	21 Missing and 3 partials ⚠️
...rc/components/ProjectSettings/ProjectLanguages.tsx	50.00%	7 Missing ⚠️
Backend/Controllers/LiftController.cs	28.57%	5 Missing ⚠️
src/components/DataEntry/index.tsx	44.44%	3 Missing and 2 partials ⚠️
src/components/TreeView/utilities.ts	88.46%	1 Missing and 2 partials ⚠️
Backend/Models/SemanticDomain.cs	97.43%	1 Missing ⚠️
src/components/TreeView/Redux/TreeViewActions.ts	80.00%	0 Missing and 1 partial ⚠️
src/components/TreeView/index.tsx	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3222      +/-   ##
==========================================
- Coverage   75.08%   74.86%   -0.23%     
==========================================
  Files         275      277       +2     
  Lines       10431    10622     +191     
  Branches     1237     1270      +33     
==========================================
+ Hits         7832     7952     +120     
- Misses       2239     2307      +68     
- Partials      360      363       +3

Flag	Coverage Δ
backend	`83.92% <69.38%> (-0.14%)`	⬇️
frontend	`66.83% <58.28%> (-0.22%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jmgrady

Reviewed 22 of 22 files at r1, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @imnasnainaec)

dependabot bot and others added 30 commits May 3, 2024 22:20

Bump mongo from 7.0.11-jammy to 7.0.12-jammy in /database

f5405e1

Bumps mongo from 7.0.11-jammy to 7.0.12-jammy. --- updated-dependencies: - dependency-name: mongo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bump dotnet/sdk in /Backend

c375314

Bumps dotnet/sdk from 8.0.301-jammy-amd64 to 8.0.302-1-jammy-amd64. --- updated-dependencies: - dependency-name: dotnet/sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/ejs-3.1.…

111e12b

…10' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/deploy/ansible-10…

8416763

….0.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/maintenance/pymon…

c0b3f42

…go-4.7.3' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/maintenance/urlli…

d272d5a

…b3-2.2.2' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/deploy/urllib3-2.…

d4b603f

…2.2' into dependabot-2024-07

imnasnainaec added 19 commits July 3, 2024 10:12

Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/i18next-…

218a05f

…browser-languagedetector-8.0.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/docker/Backend/dotnet…

de778ae

…/sdk-8.0.302-1-jammy-amd64' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend.Tests/m…

5f6ba49

…ulti-02e359d141' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend.Tests/S…

6ff1f10

…IL.Lift-14.1.1' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend.Tests/M…

37e69cd

…ongoDB.Driver-2.27.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend.Tests/M…

5abc431

…ailKit-4.7.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend/MailKit…

8a0b9c0

…-4.7.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend/SIL.Lif…

c38ac84

…t-14.1.1' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/nuget/Backend/MongoDB…

bd1145d

….Driver-2.27.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/github_actions/action…

fbd81da

…s/setup-python-5.1.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/github_actions/ossf/s…

7ca0e83

…corecard-action-2.3.3' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/github_actions/action…

984ecac

…s/checkout-4.1.7' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/github_actions/sillsd…

7abe509

…ev/FieldWorks-53b16bd9d629a65054d424cb059e4e2ce943ba97' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/github_actions/step-s…

fa4bfaf

…ecurity/harden-runner-2.8.1' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/maintenance/pymon…

1c59187

…go-4.8.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/maintenance/kuber…

6e21bde

…netes-30.1.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/deploy/kubernetes…

808deb6

…-30.1.0' into dependabot-2024-07

Merge remote-tracking branch 'origin/dependabot/pip/deploy/ansible-10…

1c6c68b

….1.0' into dependabot-2024-07

Update license reports

99ab90b

imnasnainaec added python dependencies Pull requests that update a dependency file .NET Pull requests that update .net code github_actions Pull requests that update GitHub Actions code labels Jul 3, 2024

imnasnainaec self-assigned this Jul 3, 2024

jmgrady approved these changes Jul 3, 2024

View reviewed changes

imnasnainaec merged commit 74f10c1 into master Jul 3, 2024
17 of 18 checks passed

imnasnainaec deleted the dependabot-2024-07 branch July 3, 2024 15:57

imnasnainaec mentioned this pull request Jul 3, 2024

[GHA] Update OSSF URL in Harden Runner #3224

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot updates for July 2024 #3222

Dependabot updates for July 2024 #3222

imnasnainaec commented Jul 3, 2024 •

edited by jasonleenaylor

Loading

github-actions bot commented Jul 3, 2024

codecov bot commented Jul 3, 2024 •

edited

Loading

jmgrady left a comment

Dependabot updates for July 2024 #3222

Dependabot updates for July 2024 #3222

Conversation

imnasnainaec commented Jul 3, 2024 • edited by jasonleenaylor Loading

github-actions bot commented Jul 3, 2024

codecov bot commented Jul 3, 2024 • edited Loading

Codecov Report

jmgrady left a comment

Choose a reason for hiding this comment

imnasnainaec commented Jul 3, 2024 •

edited by jasonleenaylor

Loading

codecov bot commented Jul 3, 2024 •

edited

Loading