Bump python-gitlab from 5.3.0 to 5.3.1

[dependabot]

Bumps python-gitlab from 5.3.0 to 5.3.1.

Release notes

Sourced from python-gitlab's releases.

v5.3.1 (2025-01-07)

Bug Fixes

• api: Allow configuration of keep_base_url from file (f4f7d7a)

• registry-protection: Fix api url (8c1aaa3)

See: https://docs.gitlab.com/ee/api/container_repository_protection_rules.html#list-container-repository-protection-rules

Chores

• Bump to 5.3.1 (912e1a0)

• deps: Update dependency jinja2 to v3.1.5 [security] (01d4194)

---

Detailed Changes: v5.3.0...v5.3.1

Changelog

Sourced from python-gitlab's changelog.

v5.3.1 (2025-01-07)

Bug Fixes

• api: Allow configuration of keep_base_url from file (f4f7d7a)

• registry-protection: Fix api url (8c1aaa3)

See: https://docs.gitlab.com/ee/api/container_repository_protection_rules.html#list-container-repository-protection-rules

Chores

• Bump to 5.3.1 (912e1a0)

• deps: Update dependency jinja2 to v3.1.5 [security] (01d4194)

Commits

• e4c5c74 chore: release v5.3.1
• 912e1a0 chore: bump to 5.3.1
• 8c1aaa3 fix(registry-protection): fix api url
• f4f7d7a fix(api): allow configuration of keep_base_url from file
• 01d4194 chore(deps): update dependency jinja2 to v3.1.5 [security]
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The code change updates the python-gitlab library from version 5.3.0 to 5.3.1 in the requirements.txt file, which is a routine dependency update that should be reviewed for potential security implications.

Expand for full summary

Summary:

The provided code change is an update to the requirements.txt file, which is a file that lists the Python dependencies required for a project. The specific change is an update to the python-gitlab library, from version 5.3.0 to 5.3.1. From an application security perspective, the change to the python-gitlab library is not immediately concerning, as version updates for dependencies are generally a good practice, as they often include bug fixes and security improvements. However, it's important to review the changelog or release notes for the new version to ensure that there are no known security vulnerabilities that have been addressed.

Additionally, the requirements.txt file contains a wide range of dependencies, many of which could have security implications if not properly managed. It's crucial to ensure that all dependencies are using the latest stable versions, scan the dependencies for any known security vulnerabilities, remove any unused dependencies, pin the version numbers of dependencies, and review the configurations and settings for each dependency to ensure they are set up securely.

Files Changed:

• requirements.txt: The specific change in this file is an update to the python-gitlab library, from version 5.3.0 to 5.3.1. While this update is not immediately concerning, the entire requirements.txt file should be reviewed thoroughly to ensure the project's security posture.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.