Detection Updates #897
Open
Detection Updates #897
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* update core bits to convert files to local filesystem * update test assertions to be os local path * add type cast * Improve `DiscordBotTokenDetector` and its tests. (Yelp#628) Fixes Yelp#627. * Drop py36 support (Yelp#672) * Drop py36 support * Update contributing doc to remove instance of py36 * Remove custom logic for py36.0 * Run CI Daily (Yelp#674) * Run ci daily at 730am * Update action syntax * Update to once a month * Add String Implementation - StatisticsAggregator (Yelp#678) * Add string output for statistics due to not implementation error * Add return type annotations * Empty commit * Do not add duplicate lines for yaml transformer (Yelp#679) * The colon equal sign regex should contain both colon and equal. Neither is optional. Specific for assignment and declaration in golang (Yelp#675) * Add test cases for ipv4 adresses * Add a plguin for public ip passing the tests * Update documentation for new feature : IPPublic plguin * Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2021.10.8 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2023.7.22. - [Commits](certifi/python-certifi@2021.10.08...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Catch index error when checking dollar prefix As shown by the test, we want to return False for the empty string when checking if it is prefixed with a dollar. * Better error if plugin file in baseline not found Fixes: Yelp#718 * Dropped support for Python 3.7, added support for Python 3.10, upgraded dependencies and updated project info * Updated CI with currently supported python versions * Bump filelock from 3.0.12 to 3.13.1 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.0.12 to 3.13.1. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@v3.0.12...3.13.1) --- updated-dependencies: - dependency-name: filelock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump urllib3 from 1.26.9 to 2.1.0 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 2.1.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.9...2.1.0) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pyflakes from 1.6.0 to 3.1.0 Bumps [pyflakes](https://github.com/PyCQA/pyflakes) from 1.6.0 to 3.1.0. - [Changelog](https://github.com/PyCQA/pyflakes/blob/main/NEWS.rst) - [Commits](PyCQA/pyflakes@1.6.0...3.1.0) --- updated-dependencies: - dependency-name: pyflakes dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump importlib-metadata from 4.8.1 to 6.8.0 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.8.1 to 6.8.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v4.8.1...v6.8.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typing-extensions from 3.10.0.2 to 4.3.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 3.10.0.2 to 4.3.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@3.10.0.2...4.3.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Upgrade dependencies * Bump zipp from 3.6.0 to 3.17.0 Bumps [zipp](https://github.com/jaraco/zipp) from 3.6.0 to 3.17.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.6.0...v3.17.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump importlib-metadata from 6.6.0 to 6.8.0 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 6.6.0 to 6.8.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v6.6.0...v6.8.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump idna from 3.3 to 3.4 Bumps [idna](https://github.com/kjd/idna) from 3.3 to 3.4. - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.3...v3.4) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Added support for py311 * Remove importlib-metadata from requirements-dev.txt * Use a newer version of coverage that knows how to properly report coverage metrics for python 3.11 * Fix double quoted strings * Fix python code style * Bump pyahocorasick from 1.4.4 to 2.0.0 Bumps [pyahocorasick](https://github.com/WojciechMula/pyahocorasick) from 1.4.4 to 2.0.0. - [Release notes](https://github.com/WojciechMula/pyahocorasick/releases) - [Changelog](https://github.com/WojciechMula/pyahocorasick/blob/master/CHANGELOG.rst) - [Commits](WojciechMula/pyahocorasick@1.4.4...2.0.0) --- updated-dependencies: - dependency-name: pyahocorasick dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pluggy from 0.13.1 to 1.3.0 Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 0.13.1 to 1.3.0. - [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pluggy@0.13.1...1.3.0) --- updated-dependencies: - dependency-name: pluggy dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cfgv from 3.2.0 to 3.4.0 Bumps [cfgv](https://github.com/asottile/cfgv) from 3.2.0 to 3.4.0. - [Commits](asottile/cfgv@v3.2.0...v3.4.0) --- updated-dependencies: - dependency-name: cfgv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update test case to unflag invalid ipv4 * Update regex to pass updated test * Revert import order changes * Bump certifi from 2023.7.22 to 2023.11.17 Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2023.11.17. - [Commits](certifi/python-certifi@2023.07.22...2023.11.17) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump types-requests from 2.28.9 to 2.31.0.10 Bumps [types-requests](https://github.com/python/typeshed) from 2.28.9 to 2.31.0.10. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump identify from 2.3.0 to 2.5.32 Bumps [identify](https://github.com/pre-commit/identify) from 2.3.0 to 2.5.32. - [Commits](pre-commit/identify@v2.3.0...v2.5.32) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Reword audit prompt message for clarity The old audit prompt message was confusing in the case of a false positive. This new wording suits both genuine findings and false positives. Fixes Yelp#734 * Update docs and tests for new prompt wording. * Adjust test case to return false for invalid ipv4 * Adjust regex to pass new test * Bump nodeenv from 1.6.0 to 1.8.0 Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.6.0 to 1.8.0. - [Release notes](https://github.com/ekalinin/nodeenv/releases) - [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES) - [Commits](ekalinin/nodeenv@1.6.0...1.8.0) --- updated-dependencies: - dependency-name: nodeenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump responses from 0.16.0 to 0.24.1 Bumps [responses](https://github.com/getsentry/responses) from 0.16.0 to 0.24.1. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.16.0...0.24.1) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pre-commit from 2.17.0 to 3.5.0 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.17.0 to 3.5.0. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v2.17.0...v3.5.0) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump unidiff from 0.7.4 to 0.7.5 Bumps [unidiff](https://github.com/matiasb/python-unidiff) from 0.7.4 to 0.7.5. - [Release notes](https://github.com/matiasb/python-unidiff/releases) - [Changelog](https://github.com/matiasb/python-unidiff/blob/master/HISTORY) - [Commits](matiasb/python-unidiff@v0.7.4...v0.7.5) --- updated-dependencies: - dependency-name: unidiff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update prompt wording per request from @lorenzodb1 * Bump backports-entry-points-selectable from 1.1.1 to 1.2.0 Bumps [backports-entry-points-selectable](https://github.com/jaraco/backports.entry_points_selectable) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/jaraco/backports.entry_points_selectable/releases) - [Changelog](https://github.com/jaraco/backports.entry_points_selectable/blob/main/NEWS.rst) - [Commits](jaraco/backports.entry_points_selectable@v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: backports-entry-points-selectable dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump charset-normalizer from 2.0.7 to 3.3.2 Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 2.0.7 to 3.3.2. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Upgrade guide](https://github.com/Ousret/charset_normalizer/blob/master/UPGRADE.md) - [Commits](jawah/charset_normalizer@2.0.7...3.3.2) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump backports-entry-points-selectable from 1.2.0 to 1.3.0 Bumps [backports-entry-points-selectable](https://github.com/jaraco/backports.entry_points_selectable) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/jaraco/backports.entry_points_selectable/releases) - [Changelog](https://github.com/jaraco/backports.entry_points_selectable/blob/main/NEWS.rst) - [Commits](jaraco/backports.entry_points_selectable@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: backports-entry-points-selectable dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pyparsing from 2.4.7 to 3.1.1 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 2.4.7 to 3.1.1. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](pyparsing/pyparsing@pyparsing_2.4.7...3.1.1) --- updated-dependencies: - dependency-name: pyparsing dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pyyaml from 6.0 to 6.0.1 Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1. - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](yaml/pyyaml@6.0...6.0.1) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump iniconfig from 1.1.1 to 2.0.0 Bumps [iniconfig](https://github.com/pytest-dev/iniconfig) from 1.1.1 to 2.0.0. - [Release notes](https://github.com/pytest-dev/iniconfig/releases) - [Changelog](https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG) - [Commits](pytest-dev/iniconfig@v1.1.1...v2.0.0) --- updated-dependencies: - dependency-name: iniconfig dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump mypy-extensions from 0.4.3 to 1.0.0 Bumps [mypy-extensions](https://github.com/python/mypy_extensions) from 0.4.3 to 1.0.0. - [Commits](python/mypy_extensions@0.4.3...1.0.0) --- updated-dependencies: - dependency-name: mypy-extensions dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump virtualenv from 20.24.6 to 20.24.7 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.24.6 to 20.24.7. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/20.24.7/docs/changelog.rst) - [Commits](pypa/virtualenv@20.24.6...20.24.7) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump platformdirs from 3.10.0 to 4.0.0 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 3.10.0 to 4.0.0. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@3.10.0...4.0.0) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typed-ast from 1.5.4 to 1.5.5 Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.4 to 1.5.5. - [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) - [Commits](python/typed_ast@1.5.4...1.5.5) --- updated-dependencies: - dependency-name: typed-ast dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump packaging from 21.3 to 23.2 Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 23.2. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@21.3...23.2) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pycodestyle from 2.11.0 to 2.11.1 Bumps [pycodestyle](https://github.com/PyCQA/pycodestyle) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/PyCQA/pycodestyle/releases) - [Changelog](https://github.com/PyCQA/pycodestyle/blob/main/CHANGES.txt) - [Commits](PyCQA/pycodestyle@2.11.0...2.11.1) --- updated-dependencies: - dependency-name: pycodestyle dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump tox from 3.24.4 to 4.11.4 Bumps [tox](https://github.com/tox-dev/tox) from 3.24.4 to 4.11.4. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@3.24.4...4.11.4) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump virtualenv from 20.24.7 to 20.25.0 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.24.7 to 20.25.0. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.24.7...20.25.0) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump idna from 3.4 to 3.6 Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.6. - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.4...v3.6) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump platformdirs from 4.0.0 to 4.1.0 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@4.0.0...4.1.0) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typing-extensions from 4.3.0 to 4.9.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.3.0 to 4.9.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.3.0...4.9.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump identify from 2.5.32 to 2.5.33 Bumps [identify](https://github.com/pre-commit/identify) from 2.5.32 to 2.5.33. - [Commits](pre-commit/identify@v2.5.32...v2.5.33) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump attrs from 21.4.0 to 23.1.0 Bumps [attrs](https://github.com/python-attrs/attrs) from 21.4.0 to 23.1.0. - [Release notes](https://github.com/python-attrs/attrs/releases) - [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md) - [Commits](python-attrs/attrs@21.4.0...23.1.0) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump types-pyyaml from 6.0.11 to 6.0.12.12 Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.11 to 6.0.12.12. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-pyyaml dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump distlib from 0.3.7 to 0.3.8 Bumps [distlib](https://github.com/pypa/distlib) from 0.3.7 to 0.3.8. - [Release notes](https://github.com/pypa/distlib/releases) - [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst) - [Commits](pypa/distlib@0.3.7...0.3.8) --- updated-dependencies: - dependency-name: distlib dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump coverage from 7.3.2 to 7.3.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.2 to 7.3.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.3.2...7.3.3) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump coverage from 7.3.3 to 7.4.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.3 to 7.4.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.3.3...7.4.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump attrs from 23.1.0 to 23.2.0 Bumps [attrs](https://github.com/sponsors/hynek) from 23.1.0 to 23.2.0. - [Commits](https://github.com/sponsors/hynek/commits) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * introducing GitLab token detector analogous to GitHubTokenDetector as described on: https://docs.gitlab.com/ee/security/token_overview.html#gitlab-tokens tokens are typically of the form: `glpat-[\alnum]{20}`, ie. ~20 char token 'suffix' with a set of prefixes * Bump types-requests from 2.31.0.10 to 2.31.0.20240106 Bumps [types-requests](https://github.com/python/typeshed) from 2.31.0.10 to 2.31.0.20240106. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flake8 from 3.5.0 to 7.0.0 Bumps [flake8](https://github.com/pycqa/flake8) from 3.5.0 to 7.0.0. - [Commits](PyCQA/flake8@3.5.0...7.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * GitLab token detector, differentiating token types * Add detection of other AWS access key id prefixes * Update comment to be access keys and not specifically AKIA * Bump idna from 3.6 to 3.7 Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.6...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * YelpGH-768: Plugin to detect Telegram bot tokens * Added support for Python 3.12 * Fixed pre-commit check failures * Upgraded pyflakes to 3.2.0 * Removed support for Python 3.8 * Bump identify from 2.5.33 to 2.5.36 Bumps [identify](https://github.com/pre-commit/identify) from 2.5.33 to 2.5.36. - [Commits](pre-commit/identify@v2.5.33...v2.5.36) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump responses from 0.24.1 to 0.25.0 Bumps [responses](https://github.com/getsentry/responses) from 0.24.1 to 0.25.0. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.24.1...0.25.0) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump tox from 4.11.4 to 4.15.0 Bumps [tox](https://github.com/tox-dev/tox) from 4.11.4 to 4.15.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.11.4...4.15.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump platformdirs from 4.1.0 to 4.2.1 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.1.0 to 4.2.1. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@4.1.0...4.2.1) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typing-extensions from 4.9.0 to 4.11.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.9.0 to 4.11.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.9.0...4.11.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pyahocorasick from 2.0.0 to 2.1.0 Bumps [pyahocorasick](https://github.com/WojciechMula/pyahocorasick) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/WojciechMula/pyahocorasick/releases) - [Changelog](https://github.com/WojciechMula/pyahocorasick/blob/master/CHANGELOG.rst) - [Commits](WojciechMula/pyahocorasick@2.0.0...2.1.0) --- updated-dependencies: - dependency-name: pyahocorasick dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Plugin for PyPI api tokens * Bump virtualenv from 20.25.0 to 20.26.1 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.25.0 to 20.26.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.25.0...20.26.1) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump pyparsing from 3.1.1 to 3.1.2 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](pyparsing/pyparsing@3.1.1...pyparsing_3.1.2) --- updated-dependencies: - dependency-name: pyparsing dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Add regex to detect test.pypi.org tokens * New plugin for OpenAI tokens * Update README for OpenAIDetector * Fix pre-commit * Bump pluggy from 1.3.0 to 1.5.0 Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 1.3.0 to 1.5.0. - [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pluggy@1.3.0...1.5.0) --- updated-dependencies: - dependency-name: pluggy dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump zipp from 3.17.0 to 3.18.1 Bumps [zipp](https://github.com/jaraco/zipp) from 3.17.0 to 3.18.1. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.17.0...v3.18.1) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Changelog for v1.5.0 release * Updated baseline file * Fixed version in baseline file * Revert "Fixed version in baseline file" This reverts commit 16e3452. * Revert "Updated baseline file" This reverts commit e11ed89. * Revert "Changelog for v1.5.0 release" This reverts commit eaee543. * Bump packaging from 23.2 to 24.0 Bumps [packaging](https://github.com/pypa/packaging) from 23.2 to 24.0. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@23.2...24.0) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump coverage from 7.4.0 to 7.5.1 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.4.0 to 7.5.1. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.4.0...7.5.1) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update changelog v1.5.0 release (Yelp#829) * Update changelog for v1.5.0 release * Update date * Bump version: 1.4.0 → 1.5.0 * Bump filelock from 3.13.1 to 3.14.0 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.13.1 to 3.14.0. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@3.13.1...3.14.0) --- updated-dependencies: - dependency-name: filelock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2023.11.17 to 2024.2.2 Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.11.17 to 2024.2.2. - [Commits](certifi/python-certifi@2023.11.17...2024.02.02) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump urllib3 from 2.1.0 to 2.2.1 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.1.0 to 2.2.1. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.1.0...2.2.1) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump platformdirs from 4.2.1 to 4.2.2 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](tox-dev/platformdirs@4.2.1...4.2.2) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump zipp from 3.18.1 to 3.19.2 Bumps [zipp](https://github.com/jaraco/zipp) from 3.18.1 to 3.19.2. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.18.1...v3.19.2) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump requests from 2.31.0 to 2.32.3 Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.3. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.3) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump coverage from 7.5.1 to 7.5.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.5.1 to 7.5.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.5.1...7.5.3) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typing-extensions from 4.11.0 to 4.12.2 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.11.0 to 4.12.2. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.11.0...4.12.2) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump nodeenv from 1.8.0 to 1.9.1 Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.8.0 to 1.9.1. - [Release notes](https://github.com/ekalinin/nodeenv/releases) - [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES) - [Commits](ekalinin/nodeenv@1.8.0...1.9.1) --- updated-dependencies: - dependency-name: nodeenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump urllib3 from 2.2.1 to 2.2.2 Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.1...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * Bump packaging from 24.0 to 24.1 Bumps [packaging](https://github.com/pypa/packaging) from 24.0 to 24.1. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@24.0...24.1) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump responses from 0.25.0 to 0.25.3 Bumps [responses](https://github.com/getsentry/responses) from 0.25.0 to 0.25.3. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.25.0...0.25.3) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2024.2.2 to 2024.7.4 Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.2.2 to 2024.7.4. - [Commits](certifi/python-certifi@2024.02.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * Bump virtualenv from 20.26.1 to 20.26.3 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.26.1 to 20.26.3. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.26.1...20.26.3) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix(telegram_bot_token): Regex must match just bot tokens * test(telegram_bot_token): AWS ARN should not match * fix(telegram_bot_token): `bot` should not be in the token `bot` is only used while verifying the token, as per https://core.telegram.org/bots/api#authorizing-your-bot * fix(test): something with `^bot` should not match * fix: format trailing comma * fix(ip_public): Exclude IPv4 Link Local * Bump pre-commit from 3.5.0 to 4.0.1 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.5.0 to 4.0.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v3.5.0...v4.0.1) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: eddiez9 <[email protected]> Co-authored-by: Nuztalgia <[email protected]> Co-authored-by: John-Paul Dakran <[email protected]> Co-authored-by: Jingchao Zhong <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sindri Guðmundsson <[email protected]> Co-authored-by: Marc Abramowitz <[email protected]> Co-authored-by: Lorenzo De Bernardini <[email protected]> Co-authored-by: Jingchao Zhong <[email protected]> Co-authored-by: Daniel Popescu <[email protected]> Co-authored-by: Brendan Jurd <[email protected]> Co-authored-by: Brendan Jurd <[email protected]> Co-authored-by: Kirill Wedenin <[email protected]> Co-authored-by: Mike DiDomizio <[email protected]> Co-authored-by: Chandra Prakash <[email protected]> Co-authored-by: lorenzodb1 <[email protected]> Co-authored-by: Chandra Prakash <[email protected]> Co-authored-by: John-Paul Dakran <[email protected]> Co-authored-by: Pepe Fagoaga <[email protected]> Co-authored-by: Pepe Fagoaga <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR made by mistake - please close it.