-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix black security vulnerability #5306
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine with me (even though I'm not sure this really has any security impact). Was there a reason that we capped black
at a specific minor version (24.3)?
Since the format check was skipped in CI, it seems possible that changed black
defaults in version 25
might break our style checks which we can't see here.
Good point, let's make the workflow to get triggered by a change in |
Now let me just figure out how to make |
e925675
to
099568a
Compare
I made the linting workflow to check the entire repository whenever
|
Ignoring flake8-docstrings in |
7827b62
to
09b67c1
Compare
@wisp3rwind black = ">=24.3,<25" Relatedly,
It's constrained at least or above this version, as indicated by the security vulnerability details If you have a glance at |
Merging this in as I think I addressed your comments @wisp3rwind |
Nice!
Obviously, I wasn't sufficiently awake when I commented here yesterday 😅 |
See https://github.com/beetbox/beets/security/dependabot/7