From d212fcb5715769b8185fbc23eccd23bfa48cecec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Aug 2022 15:32:00 +0000 Subject: [PATCH 01/10] Bump django from 4.0.6 to 4.0.7 in /requirements Bumps [django](https://github.com/django/django) from 4.0.6 to 4.0.7. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/4.0.6...4.0.7) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements/docker.txt | 2 +- requirements/local.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/docker.txt b/requirements/docker.txt index 7e5c429..ff2399c 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -1,7 +1,7 @@ asgiref==3.5.0 attrs==21.4.0 coverage==6.3 -Django==4.0.6 +Django==4.0.7 django-crispy-forms==1.14.0 django-filter==21.1 django-floppyforms==1.9.0 diff --git a/requirements/local.txt b/requirements/local.txt index 0a7c3b4..d9b95db 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -5,7 +5,7 @@ autopep8==1.6.0 black==21.12b0 click==8.0.3 coverage==6.2 -Django==4.0.6 +Django==4.0.7 django-crispy-forms==1.14.0 django-filter==21.1 django-floppyforms==1.9.0 From 62174df3f46a14e9201a1b50e235a445720556b1 Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Sat, 5 Nov 2022 22:39:09 +0100 Subject: [PATCH 02/10] Create dependabot.yml --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..91abb11 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From 96f2cbe6659230db94188b9fd807211d27e7f11c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Nov 2022 21:39:32 +0000 Subject: [PATCH 03/10] Bump coverage from 6.3 to 6.5.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3 to 6.5.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.3...6.5.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements/docker.txt | 2 +- requirements/local.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/docker.txt b/requirements/docker.txt index ff2399c..b8c09bc 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -1,6 +1,6 @@ asgiref==3.5.0 attrs==21.4.0 -coverage==6.3 +coverage==6.5.0 Django==4.0.7 django-crispy-forms==1.14.0 django-filter==21.1 diff --git a/requirements/local.txt b/requirements/local.txt index d9b95db..e6fbb4d 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -4,7 +4,7 @@ attrs==21.4.0 autopep8==1.6.0 black==21.12b0 click==8.0.3 -coverage==6.2 +coverage==6.5.0 Django==4.0.7 django-crispy-forms==1.14.0 django-filter==21.1 From 7a6446304f23998e72b0db699c6625a95a51ce27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Nov 2022 21:39:36 +0000 Subject: [PATCH 04/10] Bump wrapt from 1.13.3 to 1.14.1 Bumps [wrapt](https://github.com/GrahamDumpleton/wrapt) from 1.13.3 to 1.14.1. - [Release notes](https://github.com/GrahamDumpleton/wrapt/releases) - [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst) - [Commits](https://github.com/GrahamDumpleton/wrapt/compare/1.13.3...1.14.1) --- updated-dependencies: - dependency-name: wrapt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements/local.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/local.txt b/requirements/local.txt index d9b95db..0489bc1 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -53,5 +53,5 @@ text-unidecode==1.3 toml==0.10.2 tomli==1.2.3 typing-extensions==4.0.1 -wrapt==1.13.3 +wrapt==1.14.1 yapf==0.32.0 From 138133c1367c576e4844f88345f69f571a5fde65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Nov 2022 21:39:38 +0000 Subject: [PATCH 05/10] Bump psycopg2-binary from 2.8.6 to 2.9.5 Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.8.6 to 2.9.5. - [Release notes](https://github.com/psycopg/psycopg2/releases) - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](https://github.com/psycopg/psycopg2/commits) --- updated-dependencies: - dependency-name: psycopg2-binary dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements/docker.txt | 2 +- requirements/local.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/docker.txt b/requirements/docker.txt index ff2399c..124e783 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -17,7 +17,7 @@ iniconfig==1.1.1 mixer==7.2.0 packaging==21.3 pluggy==1.0.0 -psycopg2-binary==2.8.6 +psycopg2-binary==2.9.5 py==1.11.0 pyaml==21.10.1 pyparsing==3.0.7 diff --git a/requirements/local.txt b/requirements/local.txt index d9b95db..e519bc5 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -36,7 +36,7 @@ pycodestyle==2.8.0 pyflakes==2.4.0 pylint==2.12.2 pyparsing==3.0.6 -psycopg2-binary==2.8.6 +psycopg2-binary==2.9.5 pytest==6.2.5 pytest-cov==3.0.0 pytest-django==4.5.2 From f751c9916928f1c5387786f6edf2e85a4ac9e8b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Nov 2022 21:39:45 +0000 Subject: [PATCH 06/10] Bump sqlparse from 0.4.2 to 0.4.3 Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.2 to 0.4.3. - [Release notes](https://github.com/andialbrecht/sqlparse/releases) - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](https://github.com/andialbrecht/sqlparse/compare/0.4.2...0.4.3) --- updated-dependencies: - dependency-name: sqlparse dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements/docker.txt | 2 +- requirements/local.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/docker.txt b/requirements/docker.txt index ff2399c..c86d66f 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -31,7 +31,7 @@ python-monkey-business==1.0.0 pytz==2021.3 PyYAML==6.0 six==1.16.0 -sqlparse==0.4.2 +sqlparse==0.4.3 text-unidecode==1.3 toml==0.10.2 tomli==2.0.0 diff --git a/requirements/local.txt b/requirements/local.txt index d9b95db..4e5d5e6 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -48,7 +48,7 @@ pytz==2021.3 PyYAML==6.0 rope==0.22.0 six==1.16.0 -sqlparse==0.4.2 +sqlparse==0.4.3 text-unidecode==1.3 toml==0.10.2 tomli==1.2.3 From d6c4f72d4d5f30f7b84346574222c7868de989d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Nov 2022 21:48:47 +0000 Subject: [PATCH 07/10] Bump django from 4.0.7 to 4.0.8 in /requirements Bumps [django](https://github.com/django/django) from 4.0.7 to 4.0.8. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/4.0.7...4.0.8) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements/docker.txt | 2 +- requirements/local.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/docker.txt b/requirements/docker.txt index f248cd1..ae009b4 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -1,7 +1,7 @@ asgiref==3.5.0 attrs==21.4.0 coverage==6.5.0 -Django==4.0.7 +Django==4.0.8 django-crispy-forms==1.14.0 django-filter==21.1 django-floppyforms==1.9.0 diff --git a/requirements/local.txt b/requirements/local.txt index 60f574e..8ad35ce 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -5,7 +5,7 @@ autopep8==1.6.0 black==21.12b0 click==8.0.3 coverage==6.5.0 -Django==4.0.7 +Django==4.0.8 django-crispy-forms==1.14.0 django-filter==21.1 django-floppyforms==1.9.0 From a23e072ed5360e914673d12e699a5469b6ebfc22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 5 Nov 2022 21:49:28 +0000 Subject: [PATCH 08/10] Bump django from 4.0.7 to 4.1.3 Bumps [django](https://github.com/django/django) from 4.0.7 to 4.1.3. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/4.0.7...4.1.3) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements/docker.txt | 2 +- requirements/local.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/docker.txt b/requirements/docker.txt index 050241e..d4731ee 100644 --- a/requirements/docker.txt +++ b/requirements/docker.txt @@ -1,7 +1,7 @@ asgiref==3.5.0 attrs==21.4.0 coverage==6.5.0 -Django==4.0.8 +Django==4.1.3 django-crispy-forms==1.14.0 django-filter==21.1 django-floppyforms==1.9.0 diff --git a/requirements/local.txt b/requirements/local.txt index 3219280..801ae1d 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -5,7 +5,7 @@ autopep8==1.6.0 black==21.12b0 click==8.0.3 coverage==6.5.0 -Django==4.0.8 +Django==4.1.3 django-crispy-forms==1.14.0 django-filter==21.1 django-floppyforms==1.9.0 From 78cc9f528d28aee777842bb44c8e732138862ede Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Sat, 5 Nov 2022 22:57:54 +0100 Subject: [PATCH 09/10] Create codeql.yml --- .github/workflows/codeql.yml | 74 ++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..107ef8e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,74 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '27 23 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript', 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From 2bc3ca84b69aa3e77424d0b9ac96515d056c2d79 Mon Sep 17 00:00:00 2001 From: Andreas Zweili Date: Sat, 5 Nov 2022 22:58:43 +0100 Subject: [PATCH 10/10] Revert "Bump wrapt from 1.13.3 to 1.14.1" --- requirements/local.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/local.txt b/requirements/local.txt index 3219280..02ac6be 100644 --- a/requirements/local.txt +++ b/requirements/local.txt @@ -53,5 +53,5 @@ text-unidecode==1.3 toml==0.10.2 tomli==1.2.3 typing-extensions==4.0.1 -wrapt==1.14.1 +wrapt==1.13.3 yapf==0.32.0