From af95c8b236ca6dfc0fdfba71c4b100781f270fad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 18:06:47 +0000
Subject: [PATCH 1/5] Bump requests from 2.31.0 to 2.32.2 in /lib/poseidon_core

Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.31.0...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 lib/poseidon_core/poetry.lock    | 12 ++++++------
 lib/poseidon_core/pyproject.toml |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/poseidon_core/poetry.lock b/lib/poseidon_core/poetry.lock
index e636fece6..adcc8c003 100644
--- a/lib/poseidon_core/poetry.lock
+++ b/lib/poseidon_core/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
 
 [[package]]
 name = "anyio"
@@ -1963,13 +1963,13 @@ testing = ["coverage", "nose"]
 
 [[package]]
 name = "requests"
-version = "2.31.0"
+version = "2.32.2"
 description = "Python HTTP for Humans."
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"},
-    {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"},
+    {file = "requests-2.32.2-py3-none-any.whl", hash = "sha256:fc06670dd0ed212426dfeb94fc1b983d917c4f9847c863f313c9dfaaffb7c23c"},
+    {file = "requests-2.32.2.tar.gz", hash = "sha256:dd951ff5ecf3e3b3aa26b40703ba77495dab41da839ae72ef3c8e5d8e2433289"},
 ]
 
 [package.dependencies]
@@ -2379,4 +2379,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = ">=3.8 <3.11"
-content-hash = "b3b3fd9273691436f26dc361b13e1d8bce3de3b5b1693b24e8ba8675ceccb8e2"
+content-hash = "2d0c0ecdbd7980ffa828dfea584e260fd5df90c3fe37e93da4bf8d1a260c22ed"
diff --git a/lib/poseidon_core/pyproject.toml b/lib/poseidon_core/pyproject.toml
index c351e74a5..151bc302f 100644
--- a/lib/poseidon_core/pyproject.toml
+++ b/lib/poseidon_core/pyproject.toml
@@ -18,7 +18,7 @@ prometheus_client = "^0.17.0"
 pyyaml = "6.0"
 schedule = "1.2.0"
 transitions = "0.9.0"
-requests = "<2.31.1"
+requests = "<2.32.3"
 urllib3 = "<2.0.8"
 
 [tool.poetry.dev-dependencies]

From 184bcf74ec61f951ca037bead9b6f08934b490db Mon Sep 17 00:00:00 2001
From: cglewis <clewis@quantumscape.com>
Date: Tue, 4 Jun 2024 11:19:21 -0700
Subject: [PATCH 2/5] update codeql

---
 .github/workflows/codeql-analysis.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index a9a7c7ceb..f915f0f4b 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -35,11 +35,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

From 2d66f1ce98689454acb3617c7a9f8dcd2dcac911 Mon Sep 17 00:00:00 2001
From: cglewis <clewis@quantumscape.com>
Date: Tue, 4 Jun 2024 11:21:45 -0700
Subject: [PATCH 3/5] only upload for main

---
 .github/workflows/ci-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml
index 8bdd38b46..13b6def9d 100644
--- a/.github/workflows/ci-test.yml
+++ b/.github/workflows/ci-test.yml
@@ -68,7 +68,7 @@ jobs:
           cd lib/poseidon_core && poetry run pip install 'setuptools==64.0.3' && poetry run pytest --cov-report term-missing --cov=. --cov-report=xml && cd ../../
       - name: Upload coverage
         uses: codecov/codecov-action@v4
-        if: github.repository == 'faucetsdn/poseidon' && github.event_name == 'push'
+        if: github.repository == 'faucetsdn/poseidon' && github.ref_name == 'main'
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: /home/runner/work/poseidon/poseidon/lib/poseidon_api/coverage.xml,/home/runner/work/poseidon/poseidon/lib/poseidon_cli/coverage.xml,/home/runner/work/poseidon/poseidon/lib/poseidon_core/coverage.xml

From 0809e49aa6e31fba5537f95a7454a2d875b988fe Mon Sep 17 00:00:00 2001
From: cglewis <clewis@quantumscape.com>
Date: Tue, 4 Jun 2024 11:36:38 -0700
Subject: [PATCH 4/5] include needed permissions for codeql

---
 .github/workflows/codeql-analysis.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f915f0f4b..85b178bb8 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -22,6 +22,10 @@ on:
 
 jobs:
   analyze:
+    permissions:
+      actions: read
+      contents: write
+      security-events: write
     name: Analyze
     runs-on: ubuntu-latest
 

From c90fd21f689202a65fe39bf6ceac5e7efeb58d34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 19:38:00 +0000
Subject: [PATCH 5/5] Bump jinja2 from 3.1.3 to 3.1.4 in /lib/poseidon_core

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 lib/poseidon_core/poetry.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/poseidon_core/poetry.lock b/lib/poseidon_core/poetry.lock
index adcc8c003..a51ecd47b 100644
--- a/lib/poseidon_core/poetry.lock
+++ b/lib/poseidon_core/poetry.lock
@@ -947,13 +947,13 @@ requirements-deprecated-finder = ["pip-api", "pipreqs"]
 
 [[package]]
 name = "jinja2"
-version = "3.1.3"
+version = "3.1.4"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"},
-    {file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"},
+    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
+    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
 ]
 
 [package.dependencies]