Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump yamale from 1.7.0 to 3.0.8 #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump yamale from 1.7.0 to 3.0.8 #21

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 12, 2021

Bumps yamale from 1.7.0 to 3.0.8.

Release notes

Sourced from yamale's releases.

3.0.8

This release fixes a bug where a well-formed schema file can execute arbitrary code on the system running Yamale.

3.0.2

Fixes #119, strict mode was not the default on the command line....but it was for the API. This fix ensures strict mode is the default in all uses.

3.0.0

Note: Due to a packaging bug, users running Python 2.x should pin the major version of Yamale to 2.x.

We're doing a major version jump to include the following changes:

  • Remove Python 2.x support
  • Make the default validation "strict". The --strict command line is now replaced with --no-strict for those that want the old behavior. See the README for more details.
  • Prevent int and num validators from accepting bool values. #109

2.2.0

Ability to specify schema and data without a filename #104

2.1.0

Removed the printing of stacktraces to the command line (#83) Add support for a "key" constraint to the "map" validator (#95) Make any() accept anything (#93) Empty data file should fail if schema requires something (#81) Add a check for an empty schema file (#70)

2.0.1

Fixed a bug when using a schema with a static list and trying to validate a list with a missing element. 23andMe/Yamale#66

2.0

This release brings strict mode to Yamale. With strict mode, elements defined in your YAML that aren't specified in the schema will cause a validation error. You can also validate dynamic keys and include validators.

We've bumped the version to 2.x due to an incompatibility. In the 1.x branch, if all the children of a node are optional, then the parent is optional as well. In the 2.x branch, the parent will no longer be optional in this case.

1.9.0

New regex validator! See README for details.

1.8.1

Added fixes for Python 3.8.

1.8.0

Added none kwarg to all validators. See documentation for usage.

1.7.1

Just updating setup.py so the README displays correctly in PyPI.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump yamale from 1.7.0 to 3.0.8
0309fe2 
Bumps [yamale](https://github.com/23andMe/Yamale) from 1.7.0 to 3.0.8.
- [Release notes](https://github.com/23andMe/Yamale/releases)
- [Commits](23andMe/Yamale@1.7.0...3.0.8)

---
updated-dependencies:
- dependency-name: yamale
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants