Skip to content

Bump python-gitlab from 4.9.0 to 4.10.0#10822

Merged
mtesauro merged 1 commit intodevfrom
dependabot/pip/dev/python-gitlab-4.10.0
Aug 30, 2024
Merged

Bump python-gitlab from 4.9.0 to 4.10.0#10822
mtesauro merged 1 commit intodevfrom
dependabot/pip/dev/python-gitlab-4.10.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Aug 28, 2024

Bumps python-gitlab from 4.9.0 to 4.10.0.

Release notes

Sourced from python-gitlab's releases.

v4.10.0 (2024-08-28)

Chore

  • chore(release): track tags for renovate (d600444)

  • chore(deps): update python-semantic-release/upload-to-gh-release digest to 17c75b7 (12caaa4)

  • chore(deps): update dependency types-setuptools to v73 (d55c045)

  • chore(deps): update all non-major dependencies (2ade0d9)

  • chore(deps): update gitlab/gitlab-ee docker tag to v17.3.1-ee.0 (3fdd130)

  • chore(deps): update all non-major dependencies (0578bf0)

  • chore(deps): update gitlab/gitlab-ee docker tag to v17.3.0-ee.0 (e5a46f5)

  • chore(deps): update dependency myst-parser to v4 (930d4a2)

  • chore(deps): update dependency sphinx to v8 (cb65ffb)

  • chore(deps): update gitlab/gitlab-ee docker tag to v17.2.2-ee.0 (b2275f7)

  • chore(deps): update all non-major dependencies (31786a6)

Documentation

  • docs(faq): correct the attribute fetching example

There is an example about object attributes in the FAQ. It shows how to properly fetch all attributes of all projects, by using list() followed by a get(id) call.

Unfortunately this example used a wrong variable name, which caused it not to work and which could have made it slightly confusing to readers. This commit fixes that, by changing the variable name.

Now the example uses one variable for two Python objects. As they correspond to the same GitLab object and the intended behavior is to obtain that very object, just with all attributes, this is fine and is probably what readers will find most useful in this context. (43a16ac)

Feature

  • feat(api): project/group hook test triggering

Add the ability to trigger tests of project and group hooks.

Fixes #2924 (9353f54)

... (truncated)

Changelog

Sourced from python-gitlab's changelog.

v4.10.0 (2024-08-28)

Chore

  • chore(release): track tags for renovate (d600444)

  • chore(deps): update python-semantic-release/upload-to-gh-release digest to 17c75b7 (12caaa4)

  • chore(deps): update dependency types-setuptools to v73 (d55c045)

  • chore(deps): update all non-major dependencies (2ade0d9)

  • chore(deps): update gitlab/gitlab-ee docker tag to v17.3.1-ee.0 (3fdd130)

  • chore(deps): update all non-major dependencies (0578bf0)

  • chore(deps): update gitlab/gitlab-ee docker tag to v17.3.0-ee.0 (e5a46f5)

  • chore(deps): update dependency myst-parser to v4 (930d4a2)

  • chore(deps): update dependency sphinx to v8 (cb65ffb)

  • chore(deps): update gitlab/gitlab-ee docker tag to v17.2.2-ee.0 (b2275f7)

  • chore(deps): update all non-major dependencies (31786a6)

Documentation

  • docs(faq): correct the attribute fetching example

There is an example about object attributes in the FAQ. It shows how to properly fetch all attributes of all projects, by using list() followed by a get(id) call.

Unfortunately this example used a wrong variable name, which caused it not to work and which could have made it slightly confusing to readers. This commit fixes that, by changing the variable name.

Now the example uses one variable for two Python objects. As they correspond to the same GitLab object and the intended behavior is to obtain that very object, just with all attributes, this is fine and is probably what readers will find most useful in this context. (43a16ac)

Feature

  • feat(api): project/group hook test triggering

Add the ability to trigger tests of project and group hooks.

Fixes #2924 (9353f54)

... (truncated)

Commits
  • bcef988 chore: release v4.10.0
  • d600444 chore(release): track tags for renovate
  • 12caaa4 chore(deps): update python-semantic-release/upload-to-gh-release digest to 17...
  • d55c045 chore(deps): update dependency types-setuptools to v73
  • 2ade0d9 chore(deps): update all non-major dependencies
  • 3fdd130 chore(deps): update gitlab/gitlab-ee docker tag to v17.3.1-ee.0
  • 0578bf0 chore(deps): update all non-major dependencies
  • e5a46f5 chore(deps): update gitlab/gitlab-ee docker tag to v17.3.0-ee.0
  • 43a16ac docs(faq): correct the attribute fetching example
  • bdc155b test(cli): allow up to 30 seconds for a project export
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump python-gitlab from 4.9.0 to 4.10.0
c440bf5 
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 4.9.0 to 4.10.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](python-gitlab/python-gitlab@v4.9.0...v4.10.0)

---
updated-dependencies:
- dependency-name: python-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 28, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Aug 28, 2024
edited
Loading

DryRun Security Summary

The provided code change is a routine update to the requirements.txt file, which updates the python-gitlab library from version 4.9.0 to 4.10.0, and does not raise any immediate security concerns, but it is important to maintain vigilance and regularly review the security posture of the application, including its dependencies.

Expand for full summary

Summary:

The provided code change is an update to the requirements.txt file, which lists the Python dependencies required for the DefectDojo project. The specific change is an update to the python-gitlab library from version 4.9.0 to 4.10.0. From an application security perspective, this change is not particularly interesting, as it is likely a routine version update that may include bug fixes, performance improvements, or minor feature additions. Unless there are known security vulnerabilities in the previous version of the library, this change does not directly impact the security of the application.

However, it is always important to review dependency updates, even minor ones, to ensure that there are no unintended consequences or regressions introduced by the change. Additionally, it is a good practice to monitor the security advisories and release notes of the libraries used in the project to stay informed about any potential security issues that may arise. Overall, this code change appears to be a routine dependency update and does not raise any immediate security concerns, but it is important to maintain vigilance and regularly review the security posture of the application, including its dependencies.

Files Changed:

  • requirements.txt: The requirements.txt file has been updated to include version 4.10.0 of the python-gitlab library, which is a routine version update that is unlikely to have a direct impact on the security of the application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Aug 28, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 7ad0215 into dev Aug 30, 2024
@dependabot dependabot Bot deleted the dependabot/pip/dev/python-gitlab-4.10.0 branch August 30, 2024 00:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

+1 more reviewer

@cneill cneill cneill approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cneill @mtesauro