From 9f98ffcab3a9f0296678f0620bb73b5942291348 Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Mon, 7 Aug 2023 20:15:40 -0400 Subject: [PATCH 01/11] fix: Replace `ignore` with `unset` in Editor Configuration --- .editorconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.editorconfig b/.editorconfig index 6abb2823..24c146bf 100644 --- a/.editorconfig +++ b/.editorconfig @@ -24,8 +24,8 @@ indent_size = 2 # minified JavaScript files should not be modified [**.min.js] -indent_style = ignore -insert_final_newline = ignore +indent_style = unset +insert_final_newline = unset [*.md] indent_style = space From 801da1c04759416f640376bb3e0f464cb21cf3b9 Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Mon, 7 Aug 2023 20:10:09 -0400 Subject: [PATCH 02/11] chore: Add EditorConfig-Checker configuration Documentation: https://github.com/editorconfig-checker/editorconfig-checker/blob/ec3af1e3/README.md#configuration --- .ecrc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .ecrc diff --git a/.ecrc b/.ecrc new file mode 100644 index 00000000..fb7235dd --- /dev/null +++ b/.ecrc @@ -0,0 +1,18 @@ +{ + "Verbose": false, + "Debug": false, + "IgnoreDefaults": false, + "SpacesAftertabs": false, + "NoColor": false, + "Exclude": [], + "AllowedContentTypes": [], + "PassedFiles": [], + "Disable": { + "EndOfLine": false, + "Indentation": false, + "InsertFinalNewline": false, + "TrimTrailingWhitespace": false, + "IndentSize": true, + "MaxLineLength": true + } +} From c95a0db555b61086954c90d4e72a777bc3b0d62b Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Mon, 7 Aug 2023 20:10:50 -0400 Subject: [PATCH 03/11] chore: Enable Editor Configuration validation in Super-Linter --- .github/workflows/super-linter.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index dad2e42a..23ce3bc0 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -32,4 +32,5 @@ jobs: default_git_branch: develop validate_all_codebase: false + validate_editorconfig: true validate_markdown: true From 79d1d0cb40f96ece873781b76d0eab76b6a0f9e5 Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Tue, 8 Aug 2023 10:43:08 -0400 Subject: [PATCH 04/11] chore(deps): Update `pydantic` from 1.10.4 to 1.10.12 - [Software Repository](https://pypi.org/project/pydantic/1.10.12/) - [Release notes](https://github.com/pydantic/pydantic/releases/tag/v1.10.12) - [Changelog](https://github.com/pydantic/pydantic/blob/v1.10.12/HISTORY.md#v11012-2023-07-24) - [Commits](https://github.com/pydantic/pydantic/compare/v1.10.4...v1.10.12) --- requirements.in | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.in b/requirements.in index 1672903c..4a4d47f2 100644 --- a/requirements.in +++ b/requirements.in @@ -13,7 +13,7 @@ importlib-metadata==6.1.0 jsonschema==4.17.3 lxml==4.9.2 marshmallow==3.19.0 -pydantic==1.10.4 +pydantic==1.10.12 pyOpenSSL==23.2.0 pytz==2023.3 signxml==3.2.0 diff --git a/requirements.txt b/requirements.txt index 99577cca..6ff2334f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -43,7 +43,7 @@ pkgutil-resolve-name==1.3.10 # via jsonschema pycparser==2.20 # via cffi -pydantic==1.10.4 +pydantic==1.10.12 # via -r requirements.in pyopenssl==23.2.0 # via From 326074687b7a50a7b9cc6de0244f9fbbc3c3e14b Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Wed, 9 Aug 2023 19:25:46 -0400 Subject: [PATCH 05/11] fix: Fix type checking of Setuptools configuration - Fix incorrect type annotation of `get_version()` in `setup.py`. - Add missing type annotations to `setup_requirements` and `test_requirements` in `setup.py`. - Update Mypy configuration to ignore missing imports for `setuptools`. --- mypy.ini | 3 +++ setup.py | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/mypy.ini b/mypy.ini index 849c4612..64634425 100644 --- a/mypy.ini +++ b/mypy.ini @@ -31,6 +31,9 @@ ignore_missing_imports = True [mypy-rest_framework.*] ignore_missing_imports = True +[mypy-setuptools.*] +ignore_missing_imports = True + [pydantic-mypy] init_forbid_extra = True init_typed = True diff --git a/setup.py b/setup.py index 1ab992c0..0ec8a63a 100644 --- a/setup.py +++ b/setup.py @@ -6,7 +6,7 @@ from setuptools import find_packages, setup -def get_version(*file_paths: Sequence[str]) -> str: +def get_version(*file_paths: str) -> str: filename = os.path.join(os.path.dirname(__file__), *file_paths) version_file = open(filename).read() version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", version_file, re.M) @@ -37,9 +37,9 @@ def get_version(*file_paths: Sequence[str]) -> str: 'djangorestframework': ['djangorestframework>=3.10.3,<3.15'], } -setup_requirements = [] +setup_requirements: Sequence[str] = [] -test_requirements = [ +test_requirements: Sequence[str] = [ # note: include here only packages **imported** in test code (e.g. 'requests-mock'), NOT those # like 'coverage' or 'tox'. ] From 243f82edc8d70368f96bc41b343ae31c0146e608 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Aug 2023 14:56:41 +0000 Subject: [PATCH 06/11] chore: Bump cryptography from 41.0.2 to 41.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- requirements.in | 2 +- requirements.txt | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index cea034d7..f1ad5180 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -30,7 +30,7 @@ colorama==0.4.6 # via tox coverage==7.2.7 # via -r requirements-dev.in -cryptography==41.0.2 +cryptography==41.0.3 # via # -c requirements.txt # secretstorage diff --git a/requirements.in b/requirements.in index 4a4d47f2..3a162b66 100644 --- a/requirements.in +++ b/requirements.in @@ -5,7 +5,7 @@ # Note: To install a package from a Git VCS repository, see the following example: # git+https://github.com/example/example.git@example-vcs-ref#egg=example-pkg[foo,bar]==1.42.3 -cryptography==41.0.2 +cryptography==41.0.3 defusedxml==0.7.1 Django>=2.2.24 djangorestframework>=3.10.3,<3.15 diff --git a/requirements.txt b/requirements.txt index 6ff2334f..1b7a85b6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,7 @@ certifi==2023.7.22 # via signxml cffi==1.15.1 # via cryptography -cryptography==41.0.2 +cryptography==41.0.3 # via # -r requirements.in # pyopenssl @@ -27,7 +27,7 @@ djangorestframework==3.14.0 # via -r requirements.in importlib-metadata==6.1.0 # via -r requirements.in -importlib-resources==6.0.0 +importlib-resources==6.0.1 # via jsonschema jsonschema==4.17.3 # via -r requirements.in From b123f1b3952d5efab3f9cc53a7dfcdb247f51f1d Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Mon, 28 Aug 2023 18:25:54 -0400 Subject: [PATCH 07/11] chore: Exclude `bumpversion` from Dependabot updates We will not update `bumpversion` with Dependabot until we have examined the changes in the new version and determined that it is safe to update. --- .github/dependabot.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5d905b01..746566a5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,6 +11,9 @@ version: 2 updates: - package-ecosystem: pip directory: / + ignore: + - dependency-name: "bumpversion" + update-types: ["version-update:semver-major", "version-update:semver-minor"] schedule: interval: monthly open-pull-requests-limit: 5 From 7f0f42d64094bb78bfe2bb28727aafbbd05693b6 Mon Sep 17 00:00:00 2001 From: Jose Tomas Robles Hahn Date: Mon, 28 Aug 2023 18:26:17 -0400 Subject: [PATCH 08/11] chore: Add dependency groups to Dependabot configuration > Dependabot grouped updates are currently in beta and is subject to change. > > By default, Dependabot raises a single pull request for each dependency > that needs to be updated to a newer version. You can use `groups` to > create sets of dependencies (per package manager), so that Dependabot > opens a single pull request to update multiple dependencies at the > same time. - Add group for development dependencies to Python dependencies. - Add group for production dependencies to GitHub Actions dependencies. Related documentation: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 746566a5..fdcd4be2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,11 @@ updates: ignore: - dependency-name: "bumpversion" update-types: ["version-update:semver-major", "version-update:semver-minor"] + groups: + development-dependencies: + dependency-type: development + exclude-patterns: + - "bumpversion" schedule: interval: monthly open-pull-requests-limit: 5 @@ -22,6 +27,9 @@ updates: - package-ecosystem: github-actions directory: / + groups: + production-dependencies: + dependency-type: production schedule: interval: monthly commit-message: From 7c494122212c339140e20f78e3310ad5f8fb56e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 22:42:04 +0000 Subject: [PATCH 09/11] chore: Bump the production-dependencies group with 2 updates Bumps the production-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action). Updates `actions/checkout` from 3.5.3 to 3.6.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.3...v3.6.0) Updates `actions/dependency-review-action` from 3.0.6 to 3.0.8 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/v3.0.6...v3.0.8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/dependency-review.yaml | 4 ++-- .github/workflows/deploy.yaml | 2 +- .github/workflows/release.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6146c728..13993dde 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,7 +34,7 @@ jobs: steps: - name: Check Out VCS Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set Up Python ${{ matrix.python_version }} uses: actions/setup-python@v4.7.0 @@ -75,7 +75,7 @@ jobs: steps: - name: Check Out VCS Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set Up Python ${{ matrix.python_version }} uses: actions/setup-python@v4.7.0 diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index fa84e1d8..ceeb48b3 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -17,9 +17,9 @@ jobs: steps: - name: Check Out VCS Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Dependency Review - uses: actions/dependency-review-action@v3.0.6 + uses: actions/dependency-review-action@v3.0.8 with: fail-on-severity: critical diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index a778b74d..358f58cf 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -38,7 +38,7 @@ jobs: steps: - name: Check Out VCS Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set Up Python id: set_up_python diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d9d3676d..4ee1b478 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: steps: - name: Check Out VCS Repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Set Up Python id: set_up_python From 7f2c5c7c560c9a7bbd24c2aa0744d82bf980048a Mon Sep 17 00:00:00 2001 From: Samuel Villegas Date: Tue, 5 Sep 2023 13:25:16 -0300 Subject: [PATCH 10/11] chore: Update history for new version --- HISTORY.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/HISTORY.md b/HISTORY.md index 9f0140e6..e58ca321 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,14 @@ # History +## 0.23.2 (2023-09-05) + +- (PR #522, 2023-08-07) Enable Editor Configuration validation in Super-Linter +- (PR #523, 2023-08-08) chore(deps): Update `pydantic` from 1.10.4 to 1.10.12 +- (PR #524, 2023-08-10) Fix type checking of Setuptools configuration +- (PR #521, 2023-08-10) chore: Bump cryptography from 41.0.2 to 41.0.3 +- (PR #525, 2023-08-28) Add dependency groups to Dependabot configuration +- (PR #526, 2023-08-28) chore: Bump the production-dependencies group with 2 updates + ## 0.23.1 (2023-07-26) - (PR #478, 2023-04-05) Fix Git alias `lg-github-pr-summary` in Contributing Guidelines From cd79f31de07a5a3709de333ce6ab8b9d73ed436e Mon Sep 17 00:00:00 2001 From: Samuel Villegas Date: Tue, 5 Sep 2023 13:25:28 -0300 Subject: [PATCH 11/11] chore: Bump version from 0.23.1 to 0.23.2 --- .bumpversion.cfg | 2 +- cl_sii/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.bumpversion.cfg b/.bumpversion.cfg index a99c94bf..23e77450 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.23.1 +current_version = 0.23.2 commit = True tag = False message = chore: Bump version from {current_version} to {new_version} diff --git a/cl_sii/__init__.py b/cl_sii/__init__.py index 73eac80b..b50016a8 100644 --- a/cl_sii/__init__.py +++ b/cl_sii/__init__.py @@ -5,4 +5,4 @@ """ -__version__ = '0.23.1' +__version__ = '0.23.2'