Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update skjold to 0.4.1 #101

Open
wants to merge 1 commit into
base: production
Choose a base branch
from
Open

Update skjold to 0.4.1 #101

wants to merge 1 commit into from

Conversation

pyup-bot
Copy link
Collaborator

This PR updates skjold from 0.2.0 to 0.4.1.

Changelog

0.4.1

Hotfix release.

**Changes**
- **Github**: Properly parse/handle `github` _fixed_ version specifiers e.g. `= 1.4.2`. Fixes 61. Thanks brondsem!
- **Github**: Show correct environment variable name if Github API Token is not defined. See 62. Thanks markus-k!

0.4.0

Feature/Maintenance release.

**Important!**: From this release onwards `skjold` depends on/uses `packaging` instead of `poetry-semver` (See 52 for details).

**Changes**
- Use `packaging` for parsing versions instead of `poetry-semver`. See 52
- Display helpful message if Github Token is not found/set when using the `github` source. See 56
- Updated dependencies.

0.3.2

Bugfix release.

**Changes**
- Removing `verbose` flag from `.pre-commit-hook.yaml` as it is only supposed to be used during debugging. See [Comment](https://github.com/twu/skjold/pull/48#discussion_r655524560) Thanks asottile!
- Bump types-pyyaml from 0.1.9 to 5.4.3 (49)

0.3.1

Bugfix release.

**Changes**
- Bumps minimal `click` version to `8.x` to fix issue with changed `get_default` signature.

0.3.0

Feature / Maintenance release.

**Important!**: When using `skjold` as a `pre-commit`-hook it only gets triggered if you want to commit changed dependency files (e.g. `Pipenv.lock`, `poetry.lock`, `requirements.txt`,...). It will not continuously check your dependencies on _every_ commit!

**Important!**: If you use `report_only` in any way make sure that you add `verbose: true` to your hook configuration otherwise `pre-commit` won't show you any output since the hook is always returning with a zero exit code due to `report_only` being set!

**Breaking Changes**
- **CLI**: `skjold` will now always write the number of ignored findings and vulnerable packages to `stderr`. The rest of the output `json` or `cli` are still written to `stdout` for easier redirection.

**Changes**
- **CLI**: Temporarily or permanently ignore findings based on their source identifiers added to `.skjoldignore`. (See 47) Thanks micheller!
- **CLI**: `skjold` now outputs ignored findings when using `cli` or `json` output formats.
- **OSV/PyPA Advisory DB**: Initial support for using either `osv` or `pypa` as sources. (See 45)
- **CLI**: Advisories with additional references are added to the `cli` output if present.
- Bumps **mypy** to `0.902`
 - Moves `mypy.ini` to `pyproject.toml`.
 - Adds `types-toml` and `types-PyYAML` as `dev` dependencies.
- Update `README.md`.

0.2.1

Bugfix / Maintenance release.

**Changes**
- **Gemnasium**: Assume all versions are affected if 'affected_versions' string is empty. (30). Thanks dermoumi!
- Bump **pyyaml** from 5.3.1 to 5.4.1 (24, 26)
- Bump **coverage** from 5.3.1 to 5.4 (29)
- Bump **pytest** from 6.2.1 to 6.2.2 (28)
- Bump **mypy** from 0.790 to 0.800 (27)
- Bump **pytest-cov** from 2.10.1 to 2.11.1 (23, 25)
- Bump **pytest-mock** from 3.4.0 to 3.5.1 (21, 22)
- Update `README.md`.
Links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pyup-bot