From 54886cd68e89c15c6847942fd52716ae493a0e4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 02:40:58 +0000 Subject: [PATCH 01/58] Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 581d9d24a..46e982725 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -28,7 +28,7 @@ pyflakes==1.6.0 pyparsing==2.4.7 pytest==6.2.2 PyYAML==6.0 -requests==2.26.0 +requests==2.31.0 responses==0.16.0 six==1.16.0 toml==0.10.2 From 44789c594c152530ddc1ff05fbadf4a50ecbc42e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jul 2023 15:40:11 +0000 Subject: [PATCH 02/58] Bump certifi from 2021.10.8 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2023.7.22. - [Commits](https://github.com/certifi/python-certifi/compare/2021.10.08...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 581d9d24a..90a5d88cb 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,6 +1,6 @@ attrs==21.4.0 backports.entry-points-selectable==1.1.1 -certifi==2021.10.8 +certifi==2023.7.22 cfgv==3.2.0 charset-normalizer==2.0.7 coverage==4.5.4 From 543c6d76e6efe5d51d44a1996dbca2cfc5f5856f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= Date: Mon, 4 Sep 2023 15:32:23 +0000 Subject: [PATCH 03/58] Catch index error when checking dollar prefix As shown by the test, we want to return False for the empty string when checking if it is prefixed with a dollar. --- detect_secrets/filters/heuristic.py | 8 +++----- tests/filters/heuristic_filter_test.py | 14 ++++++++++---- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py index 0dbdb4949..775657f1f 100644 --- a/detect_secrets/filters/heuristic.py +++ b/detect_secrets/filters/heuristic.py @@ -2,11 +2,9 @@ import re import string from functools import lru_cache -from typing import Optional -from typing import Pattern +from typing import Optional, Pattern -from detect_secrets.plugins.base import BasePlugin -from detect_secrets.plugins.base import RegexBasedDetector +from detect_secrets.plugins.base import BasePlugin, RegexBasedDetector def is_sequential_string(secret: str) -> bool: @@ -164,7 +162,7 @@ def is_prefixed_with_dollar_sign(secret: str) -> bool: # false negatives than `is_templated_secret` (e.g. secrets that actually start with a $). # This is best used with files that actually use this as a means of referencing variables. # TODO: More intelligent filetype handling? - return secret[0] == '$' + return bool(secret) and secret[0] == '$' def is_indirect_reference(line: str) -> bool: diff --git a/tests/filters/heuristic_filter_test.py b/tests/filters/heuristic_filter_test.py index a2f5dbb2b..91a4e7ef9 100644 --- a/tests/filters/heuristic_filter_test.py +++ b/tests/filters/heuristic_filter_test.py @@ -1,7 +1,6 @@ import os import pytest - from detect_secrets import filters from detect_secrets.core.scan import scan_line from detect_secrets.plugins.aws import AWSKeyDetector @@ -121,9 +120,16 @@ def test_is_templated_secret(line, result): assert bool(list(scan_line(line))) is result -def test_is_prefixed_with_dollar_sign(): - assert filters.heuristic.is_prefixed_with_dollar_sign('$secret') - assert not filters.heuristic.is_prefixed_with_dollar_sign('secret') +@pytest.mark.parametrize( + 'secret, result', + ( + ('$secret', True), + ('secret', False), + ('', False), + ), +) +def test_is_prefixed_with_dollar_sign(secret, result): + assert filters.heuristic.is_prefixed_with_dollar_sign(secret) == result @pytest.mark.parametrize( From 7f9ee129cf27b4d2d0f846b39b53dd8291aefd64 Mon Sep 17 00:00:00 2001 From: Lorenzo De Bernardini Date: Wed, 15 Nov 2023 13:18:38 -0800 Subject: [PATCH 04/58] Dropped support for Python 3.7, added support for Python 3.10, upgraded dependencies and updated project info --- detect_secrets/plugins/ibm_cloud_iam.py | 2 +- requirements-dev.txt | 10 +++++----- setup.py | 5 ++--- tox.ini | 3 +-- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/detect_secrets/plugins/ibm_cloud_iam.py b/detect_secrets/plugins/ibm_cloud_iam.py index 037d971b5..6920849c6 100644 --- a/detect_secrets/plugins/ibm_cloud_iam.py +++ b/detect_secrets/plugins/ibm_cloud_iam.py @@ -34,7 +34,7 @@ def verify(self, secret: str) -> VerifiedResult: def verify_cloud_iam_api_key(apikey: Union[str, bytes]) -> requests.Response: # pragma: no cover - if type(apikey) == bytes: + if type(apikey) is bytes: apikey = apikey.decode('UTF-8') headers = { diff --git a/requirements-dev.txt b/requirements-dev.txt index 6a78eaf9e..08abf99c3 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -4,8 +4,8 @@ certifi==2023.7.22 cfgv==3.2.0 charset-normalizer==2.0.7 coverage==4.5.4 -distlib==0.3.6 -filelock==3.0.12 +distlib==0.3.7 +filelock==3.12.2 flake8==3.5.0 gibberish-detector==0.1.1 identify==2.3.0 @@ -18,7 +18,7 @@ mypy==0.971 mypy-extensions==0.4.3 nodeenv==1.6.0 packaging==21.3 -platformdirs==2.0.2 +platformdirs==3.10.0 pluggy==0.13.1 pre-commit==2.17.0 py==1.11.0 @@ -26,7 +26,7 @@ pyahocorasick==1.4.4 pycodestyle==2.3.1 pyflakes==1.6.0 pyparsing==2.4.7 -pytest==6.2.2 +pytest==7.4.3 PyYAML==6.0 requests==2.31.0 responses==0.16.0 @@ -40,5 +40,5 @@ types-requests==2.28.9 typing-extensions==3.10.0.2 unidiff==0.7.4 urllib3==1.26.9 -virtualenv==20.6.0 +virtualenv==20.24.6 zipp==3.6.0 diff --git a/setup.py b/setup.py index 0ba463850..3613810f8 100644 --- a/setup.py +++ b/setup.py @@ -24,9 +24,8 @@ def get_version(): description='Tool for detecting secrets in the codebase', long_description=long_description, long_description_content_type='text/markdown', - license='Copyright Yelp, Inc. 2020', - author='Aaron Loo', - author_email='aaronloo@yelp.com', + author='Yelp, Inc.', + author_email='opensource@yelp.com', url='https://github.com/Yelp/detect-secrets', download_url='https://github.com/Yelp/detect-secrets/archive/{}.tar.gz'.format(VERSION), keywords=['secret-management', 'pre-commit', 'security', 'entropy-checks'], diff --git a/tox.ini b/tox.ini index 48f568f5d..2fcdae024 100644 --- a/tox.ini +++ b/tox.ini @@ -1,9 +1,8 @@ [tox] project = detect_secrets # These should match the ci python env list -envlist = py{37,38,39},mypy +envlist = py{38,39,310},mypy skip_missing_interpreters = true -tox_pip_extensions_ext_venv_update = true [testenv] passenv = SSH_AUTH_SOCK From b8e63440329f29de6a1c867056409956f1b9bae1 Mon Sep 17 00:00:00 2001 From: Lorenzo De Bernardini Date: Wed, 15 Nov 2023 13:20:31 -0800 Subject: [PATCH 05/58] Updated CI with currently supported python versions --- .github/workflows/ci.yml | 2 +- .github/workflows/pypi.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2299ab9d4..fb35f2226 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] - python: ['3.7', '3.8', '3.9'] + python: ['3.8', '3.9', '3.10'] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index d536a5732..d0d08a1a0 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -15,7 +15,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest] - python: ['3.7', '3.8', '3.9'] + python: ['3.8', '3.9', '3.10'] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 From 235242359513eaeb34b1d8f9667fd7d25ef26ef3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 23:30:28 +0000 Subject: [PATCH 06/58] Bump filelock from 3.0.12 to 3.13.1 Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.0.12 to 3.13.1. - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/py-filelock/compare/v3.0.12...3.13.1) --- updated-dependencies: - dependency-name: filelock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 08abf99c3..230d7e2a7 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -5,7 +5,7 @@ cfgv==3.2.0 charset-normalizer==2.0.7 coverage==4.5.4 distlib==0.3.7 -filelock==3.12.2 +filelock==3.13.1 flake8==3.5.0 gibberish-detector==0.1.1 identify==2.3.0 From 29e207cf0ba7755c4b064b7e09124bb181df67ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Nov 2023 23:30:33 +0000 Subject: [PATCH 07/58] Bump urllib3 from 1.26.9 to 2.1.0 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 2.1.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.9...2.1.0) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 08abf99c3..211979797 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -39,6 +39,6 @@ types-PyYAML==6.0.11 types-requests==2.28.9 typing-extensions==3.10.0.2 unidiff==0.7.4 -urllib3==1.26.9 +urllib3==2.1.0 virtualenv==20.24.6 zipp==3.6.0 From b455317876a51e0824adc893694b98e938c9661e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 15:10:54 +0000 Subject: [PATCH 08/58] Bump pyflakes from 1.6.0 to 3.1.0 Bumps [pyflakes](https://github.com/PyCQA/pyflakes) from 1.6.0 to 3.1.0. - [Changelog](https://github.com/PyCQA/pyflakes/blob/main/NEWS.rst) - [Commits](https://github.com/PyCQA/pyflakes/compare/1.6.0...3.1.0) --- updated-dependencies: - dependency-name: pyflakes dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 230d7e2a7..6b53686f6 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -24,7 +24,7 @@ pre-commit==2.17.0 py==1.11.0 pyahocorasick==1.4.4 pycodestyle==2.3.1 -pyflakes==1.6.0 +pyflakes==3.1.0 pyparsing==2.4.7 pytest==7.4.3 PyYAML==6.0 From 385e8c856475c083aab5be4e5463b6d8bf278928 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jul 2023 15:07:08 +0000 Subject: [PATCH 09/58] Bump importlib-metadata from 4.8.1 to 6.8.0 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.8.1 to 6.8.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v4.8.1...v6.8.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 6b53686f6..b7b981cc6 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -10,7 +10,7 @@ flake8==3.5.0 gibberish-detector==0.1.1 identify==2.3.0 idna==3.3 -importlib-metadata==4.8.1 +importlib-metadata==6.8.0 iniconfig==1.1.1 mccabe==0.6.1 monotonic==1.6 From 81aaf6f8814381b50a1cd341d1d07fdf6298a40f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Sep 2022 17:56:28 +0000 Subject: [PATCH 10/58] Bump typing-extensions from 3.10.0.2 to 4.3.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 3.10.0.2 to 4.3.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](https://github.com/python/typing_extensions/compare/3.10.0.2...4.3.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index b7b981cc6..04272fd61 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -37,7 +37,7 @@ tox-pip-extensions==1.6.0 typed-ast==1.5.4 types-PyYAML==6.0.11 types-requests==2.28.9 -typing-extensions==3.10.0.2 +typing-extensions==4.3.0 unidiff==0.7.4 urllib3==1.26.9 virtualenv==20.24.6 From 35308777d41b1c157543f568714165c823e9455d Mon Sep 17 00:00:00 2001 From: Lorenzo De Bernardini Date: Wed, 15 Nov 2023 15:48:00 -0800 Subject: [PATCH 11/58] Upgrade dependencies --- requirements-dev.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index a8b4a22c4..76619067c 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -6,13 +6,13 @@ charset-normalizer==2.0.7 coverage==4.5.4 distlib==0.3.7 filelock==3.13.1 -flake8==3.5.0 +flake8==6.1.0 gibberish-detector==0.1.1 identify==2.3.0 idna==3.3 -importlib-metadata==6.8.0 +importlib-metadata==6.6.0 iniconfig==1.1.1 -mccabe==0.6.1 +mccabe==0.7.0 monotonic==1.6 mypy==0.971 mypy-extensions==0.4.3 @@ -23,7 +23,7 @@ pluggy==0.13.1 pre-commit==2.17.0 py==1.11.0 pyahocorasick==1.4.4 -pycodestyle==2.3.1 +pycodestyle==2.11.0 pyflakes==3.1.0 pyparsing==2.4.7 pytest==7.4.3 From ee7e5c82ae9c34475d8d42794523c56ccaace5fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 15:05:50 +0000 Subject: [PATCH 12/58] Bump zipp from 3.6.0 to 3.17.0 Bumps [zipp](https://github.com/jaraco/zipp) from 3.6.0 to 3.17.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.6.0...v3.17.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 76619067c..e9e24c529 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -41,4 +41,4 @@ typing-extensions==4.3.0 unidiff==0.7.4 urllib3==2.1.0 virtualenv==20.24.6 -zipp==3.6.0 +zipp==3.17.0 From b106f92e8ad5aee93dade43abfeca80b5e1f7655 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 15:05:59 +0000 Subject: [PATCH 13/58] Bump importlib-metadata from 6.6.0 to 6.8.0 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 6.6.0 to 6.8.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v6.6.0...v6.8.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 76619067c..8aa900004 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -10,7 +10,7 @@ flake8==6.1.0 gibberish-detector==0.1.1 identify==2.3.0 idna==3.3 -importlib-metadata==6.6.0 +importlib-metadata==6.8.0 iniconfig==1.1.1 mccabe==0.7.0 monotonic==1.6 From c8370d10499940122120142f283c78824799d0a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 15:06:24 +0000 Subject: [PATCH 14/58] Bump idna from 3.3 to 3.4 Bumps [idna](https://github.com/kjd/idna) from 3.3 to 3.4. - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.3...v3.4) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 76619067c..0d6ee9ea6 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -9,7 +9,7 @@ filelock==3.13.1 flake8==6.1.0 gibberish-detector==0.1.1 identify==2.3.0 -idna==3.3 +idna==3.4 importlib-metadata==6.6.0 iniconfig==1.1.1 mccabe==0.7.0 From 3d764f7d70efa0aa9cfa6fc50f0d1a82841bd6e1 Mon Sep 17 00:00:00 2001 From: Lorenzo De Bernardini Date: Thu, 16 Nov 2023 16:18:00 -0800 Subject: [PATCH 15/58] Added support for py311 --- .github/workflows/ci.yml | 2 +- .github/workflows/pypi.yml | 2 +- tox.ini | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb35f2226..bfe15f4b1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] - python: ['3.8', '3.9', '3.10'] + python: ['3.8', '3.9', '3.10', '3.11'] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index d0d08a1a0..13b128ace 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -15,7 +15,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest] - python: ['3.8', '3.9', '3.10'] + python: ['3.8', '3.9', '3.10', '3.11'] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 diff --git a/tox.ini b/tox.ini index 2fcdae024..01f5d4d07 100644 --- a/tox.ini +++ b/tox.ini @@ -1,7 +1,7 @@ [tox] project = detect_secrets # These should match the ci python env list -envlist = py{38,39,310},mypy +envlist = py{38,39,310,311},mypy skip_missing_interpreters = true [testenv] From 1de2d787c44056e8e4f5fb79f6bd88e7bea67032 Mon Sep 17 00:00:00 2001 From: Lorenzo De Bernardini Date: Thu, 16 Nov 2023 17:17:47 -0800 Subject: [PATCH 16/58] Remove importlib-metadata from requirements-dev.txt --- requirements-dev.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 68fa8f13c..a41a8ceee 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -10,7 +10,6 @@ flake8==6.1.0 gibberish-detector==0.1.1 identify==2.3.0 idna==3.4 -importlib-metadata==6.8.0 iniconfig==1.1.1 mccabe==0.7.0 monotonic==1.6 From f5a3b6555335884f961a9c19403b2ed7fc463f32 Mon Sep 17 00:00:00 2001 From: Daniel Popescu Date: Thu, 16 Nov 2023 18:22:14 -0800 Subject: [PATCH 17/58] Use a newer version of coverage that knows how to properly report coverage metrics for python 3.11 --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index a41a8ceee..d78cb3b47 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -3,7 +3,7 @@ backports.entry-points-selectable==1.1.1 certifi==2023.7.22 cfgv==3.2.0 charset-normalizer==2.0.7 -coverage==4.5.4 +coverage==7.3.2 distlib==0.3.7 filelock==3.13.1 flake8==6.1.0 From 93715bddb117bab74fd6d7768e22da565382a7b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 15:59:39 +0000 Subject: [PATCH 18/58] Bump pyahocorasick from 1.4.4 to 2.0.0 Bumps [pyahocorasick](https://github.com/WojciechMula/pyahocorasick) from 1.4.4 to 2.0.0. - [Release notes](https://github.com/WojciechMula/pyahocorasick/releases) - [Changelog](https://github.com/WojciechMula/pyahocorasick/blob/master/CHANGELOG.rst) - [Commits](https://github.com/WojciechMula/pyahocorasick/compare/1.4.4...2.0.0) --- updated-dependencies: - dependency-name: pyahocorasick dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 68fa8f13c..a8171776b 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -22,7 +22,7 @@ platformdirs==3.10.0 pluggy==0.13.1 pre-commit==2.17.0 py==1.11.0 -pyahocorasick==1.4.4 +pyahocorasick==2.0.0 pycodestyle==2.11.0 pyflakes==3.1.0 pyparsing==2.4.7 From b6b6420fc4c0695108a2f66f68df2081637c6971 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 15:59:44 +0000 Subject: [PATCH 19/58] Bump pluggy from 0.13.1 to 1.3.0 Bumps [pluggy](https://github.com/pytest-dev/pluggy) from 0.13.1 to 1.3.0. - [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pluggy/compare/0.13.1...1.3.0) --- updated-dependencies: - dependency-name: pluggy dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 68fa8f13c..7b9668d92 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -19,7 +19,7 @@ mypy-extensions==0.4.3 nodeenv==1.6.0 packaging==21.3 platformdirs==3.10.0 -pluggy==0.13.1 +pluggy==1.3.0 pre-commit==2.17.0 py==1.11.0 pyahocorasick==1.4.4 From ba9369b0e04b54540b1120d519089b41a16e58e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 16:56:02 +0000 Subject: [PATCH 20/58] Bump cfgv from 3.2.0 to 3.4.0 Bumps [cfgv](https://github.com/asottile/cfgv) from 3.2.0 to 3.4.0. - [Commits](https://github.com/asottile/cfgv/compare/v3.2.0...v3.4.0) --- updated-dependencies: - dependency-name: cfgv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index d78cb3b47..3f79c851f 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,7 +1,7 @@ attrs==21.4.0 backports.entry-points-selectable==1.1.1 certifi==2023.7.22 -cfgv==3.2.0 +cfgv==3.4.0 charset-normalizer==2.0.7 coverage==7.3.2 distlib==0.3.7 From 9d790dbbb57318ecb59e955f97379cdaf87924b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindri=20Gu=C3=B0mundsson?= Date: Mon, 20 Nov 2023 09:57:05 +0000 Subject: [PATCH 21/58] Revert import order changes --- detect_secrets/filters/heuristic.py | 6 ++++-- tests/filters/heuristic_filter_test.py | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/detect_secrets/filters/heuristic.py b/detect_secrets/filters/heuristic.py index 775657f1f..7fb078181 100644 --- a/detect_secrets/filters/heuristic.py +++ b/detect_secrets/filters/heuristic.py @@ -2,9 +2,11 @@ import re import string from functools import lru_cache -from typing import Optional, Pattern +from typing import Optional +from typing import Pattern -from detect_secrets.plugins.base import BasePlugin, RegexBasedDetector +from detect_secrets.plugins.base import BasePlugin +from detect_secrets.plugins.base import RegexBasedDetector def is_sequential_string(secret: str) -> bool: diff --git a/tests/filters/heuristic_filter_test.py b/tests/filters/heuristic_filter_test.py index 91a4e7ef9..90e1eb0de 100644 --- a/tests/filters/heuristic_filter_test.py +++ b/tests/filters/heuristic_filter_test.py @@ -1,6 +1,7 @@ import os import pytest + from detect_secrets import filters from detect_secrets.core.scan import scan_line from detect_secrets.plugins.aws import AWSKeyDetector From d542e6078c84423df78cf542bb422f9530b5b289 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:36:17 +0000 Subject: [PATCH 22/58] Bump certifi from 2023.7.22 to 2023.11.17 Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2023.11.17. - [Commits](https://github.com/certifi/python-certifi/compare/2023.07.22...2023.11.17) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index c055abe56..b75a85b00 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,6 +1,6 @@ attrs==21.4.0 backports.entry-points-selectable==1.1.1 -certifi==2023.7.22 +certifi==2023.11.17 cfgv==3.4.0 charset-normalizer==2.0.7 coverage==7.3.2 From a1a5e253bf6b3ffb8b385f8bdd31910e43f5b379 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:36:19 +0000 Subject: [PATCH 23/58] Bump types-requests from 2.28.9 to 2.31.0.10 Bumps [types-requests](https://github.com/python/typeshed) from 2.28.9 to 2.31.0.10. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index c055abe56..e7ebf020a 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -35,7 +35,7 @@ tox==3.24.4 tox-pip-extensions==1.6.0 typed-ast==1.5.4 types-PyYAML==6.0.11 -types-requests==2.28.9 +types-requests==2.31.0.10 typing-extensions==4.3.0 unidiff==0.7.4 urllib3==2.1.0 From 4ed2fa91bcb7cfb27a41cf09e30720611130f67e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:36:23 +0000 Subject: [PATCH 24/58] Bump identify from 2.3.0 to 2.5.32 Bumps [identify](https://github.com/pre-commit/identify) from 2.3.0 to 2.5.32. - [Commits](https://github.com/pre-commit/identify/compare/v2.3.0...v2.5.32) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index c055abe56..a44aa5d4a 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -8,7 +8,7 @@ distlib==0.3.7 filelock==3.13.1 flake8==6.1.0 gibberish-detector==0.1.1 -identify==2.3.0 +identify==2.5.32 idna==3.4 iniconfig==1.1.1 mccabe==0.7.0 From d332ef9636ebe0e42c52d92902a9cfd838227bc0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 15:54:50 +0000 Subject: [PATCH 25/58] Bump nodeenv from 1.6.0 to 1.8.0 Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.6.0 to 1.8.0. - [Release notes](https://github.com/ekalinin/nodeenv/releases) - [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES) - [Commits](https://github.com/ekalinin/nodeenv/compare/1.6.0...1.8.0) --- updated-dependencies: - dependency-name: nodeenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 0f3d08e55..4cbf37c50 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -15,7 +15,7 @@ mccabe==0.7.0 monotonic==1.6 mypy==0.971 mypy-extensions==0.4.3 -nodeenv==1.6.0 +nodeenv==1.8.0 packaging==21.3 platformdirs==3.10.0 pluggy==1.3.0 From 2b0e32c5112ba038ba563d165d6986863c58a18b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 15:54:59 +0000 Subject: [PATCH 26/58] Bump responses from 0.16.0 to 0.24.1 Bumps [responses](https://github.com/getsentry/responses) from 0.16.0 to 0.24.1. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](https://github.com/getsentry/responses/compare/0.16.0...0.24.1) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 0f3d08e55..b2cd71102 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -28,7 +28,7 @@ pyparsing==2.4.7 pytest==7.4.3 PyYAML==6.0 requests==2.31.0 -responses==0.16.0 +responses==0.24.1 six==1.16.0 toml==0.10.2 tox==3.24.4 From f92c3dba7e28f2f5f18a02abb248e55c08987f14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Nov 2023 15:54:58 +0000 Subject: [PATCH 27/58] Bump pre-commit from 2.17.0 to 3.5.0 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.17.0 to 3.5.0. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v2.17.0...v3.5.0) --- updated-dependencies: - dependency-name: pre-commit dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 4ac6fb129..19c424a37 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -19,7 +19,7 @@ nodeenv==1.8.0 packaging==21.3 platformdirs==3.10.0 pluggy==1.3.0 -pre-commit==2.17.0 +pre-commit==3.5.0 py==1.11.0 pyahocorasick==2.0.0 pycodestyle==2.11.0 From a3a51276cfdc124ff4c0bc8ce24657fb4cc13b46 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Nov 2023 15:55:02 +0000 Subject: [PATCH 28/58] Bump unidiff from 0.7.4 to 0.7.5 Bumps [unidiff](https://github.com/matiasb/python-unidiff) from 0.7.4 to 0.7.5. - [Release notes](https://github.com/matiasb/python-unidiff/releases) - [Changelog](https://github.com/matiasb/python-unidiff/blob/master/HISTORY) - [Commits](https://github.com/matiasb/python-unidiff/compare/v0.7.4...v0.7.5) --- updated-dependencies: - dependency-name: unidiff dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 4ac6fb129..d409340c9 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -37,7 +37,7 @@ typed-ast==1.5.4 types-PyYAML==6.0.11 types-requests==2.31.0.10 typing-extensions==4.3.0 -unidiff==0.7.4 +unidiff==0.7.5 urllib3==2.1.0 virtualenv==20.24.6 zipp==3.17.0 From e2d72f3ac826e7941e0b3424282b5004f8875a15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 15:46:51 +0000 Subject: [PATCH 29/58] Bump backports-entry-points-selectable from 1.1.1 to 1.2.0 Bumps [backports-entry-points-selectable](https://github.com/jaraco/backports.entry_points_selectable) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/jaraco/backports.entry_points_selectable/releases) - [Changelog](https://github.com/jaraco/backports.entry_points_selectable/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/backports.entry_points_selectable/compare/v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: backports-entry-points-selectable dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index ae97a1afb..06f5b3253 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,5 +1,5 @@ attrs==21.4.0 -backports.entry-points-selectable==1.1.1 +backports.entry-points-selectable==1.2.0 certifi==2023.11.17 cfgv==3.4.0 charset-normalizer==2.0.7 From 704bfd5e4f21f991bc17abaa9cade68ac7d84935 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 15:47:04 +0000 Subject: [PATCH 30/58] Bump charset-normalizer from 2.0.7 to 3.3.2 Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 2.0.7 to 3.3.2. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md) - [Upgrade guide](https://github.com/Ousret/charset_normalizer/blob/master/UPGRADE.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/2.0.7...3.3.2) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index ae97a1afb..aa8b1c3ae 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -2,7 +2,7 @@ attrs==21.4.0 backports.entry-points-selectable==1.1.1 certifi==2023.11.17 cfgv==3.4.0 -charset-normalizer==2.0.7 +charset-normalizer==3.3.2 coverage==7.3.2 distlib==0.3.7 filelock==3.13.1 From ba45efba02464f5e9e9bba768c56d035527ca883 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 15:29:33 +0000 Subject: [PATCH 31/58] Bump backports-entry-points-selectable from 1.2.0 to 1.3.0 Bumps [backports-entry-points-selectable](https://github.com/jaraco/backports.entry_points_selectable) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/jaraco/backports.entry_points_selectable/releases) - [Changelog](https://github.com/jaraco/backports.entry_points_selectable/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/backports.entry_points_selectable/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: backports-entry-points-selectable dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 05ecf79ac..fc4589c4e 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,5 +1,5 @@ attrs==21.4.0 -backports.entry-points-selectable==1.2.0 +backports.entry-points-selectable==1.3.0 certifi==2023.11.17 cfgv==3.4.0 charset-normalizer==3.3.2 From 83d98cf4130d848c610e7340e22a01203bbf0c49 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 15:29:39 +0000 Subject: [PATCH 32/58] Bump pyparsing from 2.4.7 to 3.1.1 Bumps [pyparsing](https://github.com/pyparsing/pyparsing) from 2.4.7 to 3.1.1. - [Release notes](https://github.com/pyparsing/pyparsing/releases) - [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES) - [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_2.4.7...3.1.1) --- updated-dependencies: - dependency-name: pyparsing dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 05ecf79ac..b05525fc9 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -24,7 +24,7 @@ py==1.11.0 pyahocorasick==2.0.0 pycodestyle==2.11.0 pyflakes==3.1.0 -pyparsing==2.4.7 +pyparsing==3.1.1 pytest==7.4.3 PyYAML==6.0 requests==2.31.0 From ce9b5ddad38666cb89b70dbd5b5d9b9c37a6f155 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Nov 2023 15:55:14 +0000 Subject: [PATCH 33/58] Bump pyyaml from 6.0 to 6.0.1 Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1. - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/6.0...6.0.1) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 513c79849..aa68f235b 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -26,7 +26,7 @@ pycodestyle==2.11.0 pyflakes==3.1.0 pyparsing==3.1.1 pytest==7.4.3 -PyYAML==6.0 +PyYAML==6.0.1 requests==2.31.0 responses==0.24.1 six==1.16.0 From 70fa0ad7ca8475703204ff86e8b2273b3ce9abb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Nov 2023 15:55:17 +0000 Subject: [PATCH 34/58] Bump iniconfig from 1.1.1 to 2.0.0 Bumps [iniconfig](https://github.com/pytest-dev/iniconfig) from 1.1.1 to 2.0.0. - [Release notes](https://github.com/pytest-dev/iniconfig/releases) - [Changelog](https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG) - [Commits](https://github.com/pytest-dev/iniconfig/compare/v1.1.1...v2.0.0) --- updated-dependencies: - dependency-name: iniconfig dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 513c79849..41d44ded1 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -10,7 +10,7 @@ flake8==6.1.0 gibberish-detector==0.1.1 identify==2.5.32 idna==3.4 -iniconfig==1.1.1 +iniconfig==2.0.0 mccabe==0.7.0 monotonic==1.6 mypy==0.971 From 51215843d98ceb57cddb0ae2e15a46f87eb95af5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:53:06 +0000 Subject: [PATCH 35/58] Bump mypy-extensions from 0.4.3 to 1.0.0 Bumps [mypy-extensions](https://github.com/python/mypy_extensions) from 0.4.3 to 1.0.0. - [Commits](https://github.com/python/mypy_extensions/compare/0.4.3...1.0.0) --- updated-dependencies: - dependency-name: mypy-extensions dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 48e600fd3..0576b9295 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -14,7 +14,7 @@ iniconfig==2.0.0 mccabe==0.7.0 monotonic==1.6 mypy==0.971 -mypy-extensions==0.4.3 +mypy-extensions==1.0.0 nodeenv==1.8.0 packaging==21.3 platformdirs==3.10.0 From 4eebb4ec78f79cb2b936909d406451f3690f7305 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:53:13 +0000 Subject: [PATCH 36/58] Bump virtualenv from 20.24.6 to 20.24.7 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.24.6 to 20.24.7. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/20.24.7/docs/changelog.rst) - [Commits](https://github.com/pypa/virtualenv/compare/20.24.6...20.24.7) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 48e600fd3..27a73f856 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -39,5 +39,5 @@ types-requests==2.31.0.10 typing-extensions==4.3.0 unidiff==0.7.5 urllib3==2.1.0 -virtualenv==20.24.6 +virtualenv==20.24.7 zipp==3.17.0 From 8a1e438189b3fe3c5c70ff670676d4ed66304560 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 16:56:59 +0000 Subject: [PATCH 37/58] Bump platformdirs from 3.10.0 to 4.0.0 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 3.10.0 to 4.0.0. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/platformdirs/platformdirs/compare/3.10.0...4.0.0) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 849d43bbc..0e6a029e3 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -17,7 +17,7 @@ mypy==0.971 mypy-extensions==1.0.0 nodeenv==1.8.0 packaging==21.3 -platformdirs==3.10.0 +platformdirs==4.0.0 pluggy==1.3.0 pre-commit==3.5.0 py==1.11.0 From 52bff4dcb2f7c52b0450a2a6d4629b4d679b2676 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 15:32:06 +0000 Subject: [PATCH 38/58] Bump typed-ast from 1.5.4 to 1.5.5 Bumps [typed-ast](https://github.com/python/typed_ast) from 1.5.4 to 1.5.5. - [Changelog](https://github.com/python/typed_ast/blob/master/release_process.md) - [Commits](https://github.com/python/typed_ast/compare/1.5.4...1.5.5) --- updated-dependencies: - dependency-name: typed-ast dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 0e6a029e3..c3fa543ba 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -33,7 +33,7 @@ six==1.16.0 toml==0.10.2 tox==3.24.4 tox-pip-extensions==1.6.0 -typed-ast==1.5.4 +typed-ast==1.5.5 types-PyYAML==6.0.11 types-requests==2.31.0.10 typing-extensions==4.3.0 From 35023ced2ace110225de703dec482bd157b0df32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 15:32:22 +0000 Subject: [PATCH 39/58] Bump packaging from 21.3 to 23.2 Bumps [packaging](https://github.com/pypa/packaging) from 21.3 to 23.2. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/21.3...23.2) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 0e6a029e3..70527cdd9 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -16,7 +16,7 @@ monotonic==1.6 mypy==0.971 mypy-extensions==1.0.0 nodeenv==1.8.0 -packaging==21.3 +packaging==23.2 platformdirs==4.0.0 pluggy==1.3.0 pre-commit==3.5.0 From 107ba469927145c238ef3061006bf067afc4fd39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 15:32:29 +0000 Subject: [PATCH 40/58] Bump pycodestyle from 2.11.0 to 2.11.1 Bumps [pycodestyle](https://github.com/PyCQA/pycodestyle) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/PyCQA/pycodestyle/releases) - [Changelog](https://github.com/PyCQA/pycodestyle/blob/main/CHANGES.txt) - [Commits](https://github.com/PyCQA/pycodestyle/compare/2.11.0...2.11.1) --- updated-dependencies: - dependency-name: pycodestyle dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 0e6a029e3..1a71a5439 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -22,7 +22,7 @@ pluggy==1.3.0 pre-commit==3.5.0 py==1.11.0 pyahocorasick==2.0.0 -pycodestyle==2.11.0 +pycodestyle==2.11.1 pyflakes==3.1.0 pyparsing==3.1.1 pytest==7.4.3 From b047d28d6c378ac8abb690a982c1304ff9254148 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 17:34:23 +0000 Subject: [PATCH 41/58] Bump tox from 3.24.4 to 4.11.4 Bumps [tox](https://github.com/tox-dev/tox) from 3.24.4 to 4.11.4. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.24.4...4.11.4) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index ee1202a05..6662dd53f 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -31,7 +31,7 @@ requests==2.31.0 responses==0.24.1 six==1.16.0 toml==0.10.2 -tox==3.24.4 +tox==4.11.4 tox-pip-extensions==1.6.0 typed-ast==1.5.5 types-PyYAML==6.0.11 From 95d57cfb588b4012f206c05dc8d67bf4ed2cdbd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 15:24:56 +0000 Subject: [PATCH 42/58] Bump virtualenv from 20.24.7 to 20.25.0 Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.24.7 to 20.25.0. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](https://github.com/pypa/virtualenv/compare/20.24.7...20.25.0) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 6662dd53f..7f68959f9 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -39,5 +39,5 @@ types-requests==2.31.0.10 typing-extensions==4.3.0 unidiff==0.7.5 urllib3==2.1.0 -virtualenv==20.24.7 +virtualenv==20.25.0 zipp==3.17.0 From a2e9e38bdbf144ecab65032406e302ac276570dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 15:24:58 +0000 Subject: [PATCH 43/58] Bump idna from 3.4 to 3.6 Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.6. - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.4...v3.6) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 6662dd53f..5952c15c5 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -9,7 +9,7 @@ filelock==3.13.1 flake8==6.1.0 gibberish-detector==0.1.1 identify==2.5.32 -idna==3.4 +idna==3.6 iniconfig==2.0.0 mccabe==0.7.0 monotonic==1.6 From 503084da3bce4beb32e204f98aab87eeedd13b23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 15:25:05 +0000 Subject: [PATCH 44/58] Bump platformdirs from 4.0.0 to 4.1.0 Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/platformdirs/platformdirs/compare/4.0.0...4.1.0) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 6662dd53f..e25d610ae 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -17,7 +17,7 @@ mypy==0.971 mypy-extensions==1.0.0 nodeenv==1.8.0 packaging==23.2 -platformdirs==4.0.0 +platformdirs==4.1.0 pluggy==1.3.0 pre-commit==3.5.0 py==1.11.0 From 84598e1a970737ef1704e425a304d7b4d4175989 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:14:11 +0000 Subject: [PATCH 45/58] Bump typing-extensions from 4.3.0 to 4.9.0 Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.3.0 to 4.9.0. - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](https://github.com/python/typing_extensions/compare/4.3.0...4.9.0) --- updated-dependencies: - dependency-name: typing-extensions dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 54bc25a70..94308b5cd 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -36,7 +36,7 @@ tox-pip-extensions==1.6.0 typed-ast==1.5.5 types-PyYAML==6.0.11 types-requests==2.31.0.10 -typing-extensions==4.3.0 +typing-extensions==4.9.0 unidiff==0.7.5 urllib3==2.1.0 virtualenv==20.25.0 From 3bc35e2b1fc99bad43582da52fbfe5a0df75249b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:14:32 +0000 Subject: [PATCH 46/58] Bump identify from 2.5.32 to 2.5.33 Bumps [identify](https://github.com/pre-commit/identify) from 2.5.32 to 2.5.33. - [Commits](https://github.com/pre-commit/identify/compare/v2.5.32...v2.5.33) --- updated-dependencies: - dependency-name: identify dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 54bc25a70..ab41f835f 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -8,7 +8,7 @@ distlib==0.3.7 filelock==3.13.1 flake8==6.1.0 gibberish-detector==0.1.1 -identify==2.5.32 +identify==2.5.33 idna==3.6 iniconfig==2.0.0 mccabe==0.7.0 From 56e6d21382bca6992850de1ce5b4a9bc93c02418 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:04:38 +0000 Subject: [PATCH 47/58] Bump attrs from 21.4.0 to 23.1.0 Bumps [attrs](https://github.com/python-attrs/attrs) from 21.4.0 to 23.1.0. - [Release notes](https://github.com/python-attrs/attrs/releases) - [Changelog](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-attrs/attrs/compare/21.4.0...23.1.0) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 509f5c712..32947a6e8 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,4 +1,4 @@ -attrs==21.4.0 +attrs==23.1.0 backports.entry-points-selectable==1.3.0 certifi==2023.11.17 cfgv==3.4.0 From bd078e383fd46c3b80e53d15908e3813656f0f43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:04:41 +0000 Subject: [PATCH 48/58] Bump types-pyyaml from 6.0.11 to 6.0.12.12 Bumps [types-pyyaml](https://github.com/python/typeshed) from 6.0.11 to 6.0.12.12. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-pyyaml dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 509f5c712..7f1ed8ccf 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -34,7 +34,7 @@ toml==0.10.2 tox==4.11.4 tox-pip-extensions==1.6.0 typed-ast==1.5.5 -types-PyYAML==6.0.11 +types-PyYAML==6.0.12.12 types-requests==2.31.0.10 typing-extensions==4.9.0 unidiff==0.7.5 From 2525d1877be352964762532fc9da653f4c58b27a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 15:04:47 +0000 Subject: [PATCH 49/58] Bump distlib from 0.3.7 to 0.3.8 Bumps [distlib](https://github.com/pypa/distlib) from 0.3.7 to 0.3.8. - [Release notes](https://github.com/pypa/distlib/releases) - [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst) - [Commits](https://github.com/pypa/distlib/compare/0.3.7...0.3.8) --- updated-dependencies: - dependency-name: distlib dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 509f5c712..963c2c33d 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -4,7 +4,7 @@ certifi==2023.11.17 cfgv==3.4.0 charset-normalizer==3.3.2 coverage==7.3.2 -distlib==0.3.7 +distlib==0.3.8 filelock==3.13.1 flake8==6.1.0 gibberish-detector==0.1.1 From f1ebf085743d9d9fe32d39700c2eb855bec01727 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 15:50:58 +0000 Subject: [PATCH 50/58] Bump coverage from 7.3.2 to 7.3.3 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.2 to 7.3.3. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.3.2...7.3.3) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 4ab9fa1f9..fdfaef3dc 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -3,7 +3,7 @@ backports.entry-points-selectable==1.3.0 certifi==2023.11.17 cfgv==3.4.0 charset-normalizer==3.3.2 -coverage==7.3.2 +coverage==7.3.3 distlib==0.3.8 filelock==3.13.1 flake8==6.1.0 From 5e518dca3509cccadbacf954c082701ccb38053d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Dec 2023 15:37:05 +0000 Subject: [PATCH 51/58] Bump coverage from 7.3.3 to 7.4.0 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.3 to 7.4.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.3.3...7.4.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index fdfaef3dc..7753c3452 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -3,7 +3,7 @@ backports.entry-points-selectable==1.3.0 certifi==2023.11.17 cfgv==3.4.0 charset-normalizer==3.3.2 -coverage==7.3.3 +coverage==7.4.0 distlib==0.3.8 filelock==3.13.1 flake8==6.1.0 From b7bb877d75aeda9297f8a37453da8763fe62f67f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 15:45:22 +0000 Subject: [PATCH 52/58] Bump attrs from 23.1.0 to 23.2.0 Bumps [attrs](https://github.com/sponsors/hynek) from 23.1.0 to 23.2.0. - [Commits](https://github.com/sponsors/hynek/commits) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 7753c3452..2b8c0819a 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,4 +1,4 @@ -attrs==23.1.0 +attrs==23.2.0 backports.entry-points-selectable==1.3.0 certifi==2023.11.17 cfgv==3.4.0 From 31dc69f2cd145ea506a39ccf98b3db3578ad81cd Mon Sep 17 00:00:00 2001 From: Kirill Wedenin Date: Mon, 8 Jan 2024 13:30:30 +0100 Subject: [PATCH 53/58] introducing GitLab token detector analogous to GitHubTokenDetector as described on: https://docs.gitlab.com/ee/security/token_overview.html#gitlab-tokens tokens are typically of the form: `glpat-[\alnum]{20}`, ie. ~20 char token 'suffix' with a set of prefixes --- README.md | 1 + detect_secrets/plugins/gitlab_token.py | 27 ++++++++++++ tests/plugins/gitlab_token_test.py | 60 ++++++++++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 detect_secrets/plugins/gitlab_token.py create mode 100644 tests/plugins/gitlab_token_test.py diff --git a/README.md b/README.md index 03e7e36fb..cf734df99 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,7 @@ BasicAuthDetector CloudantDetector DiscordBotTokenDetector GitHubTokenDetector +GitLabTokenDetector Base64HighEntropyString HexHighEntropyString IbmCloudIamDetector diff --git a/detect_secrets/plugins/gitlab_token.py b/detect_secrets/plugins/gitlab_token.py new file mode 100644 index 000000000..a8da90436 --- /dev/null +++ b/detect_secrets/plugins/gitlab_token.py @@ -0,0 +1,27 @@ +""" +This plugin searches for GitLab tokens +""" +import re + +from detect_secrets.plugins.base import RegexBasedDetector + + +class GitLabTokenDetector(RegexBasedDetector): + """Scans for GitLab tokens.""" + + secret_type = 'GitLab Token' + + denylist = [ + # ref. https://docs.gitlab.com/ee/security/token_overview.html#gitlab-tokens + # `gl..-` prefix and a token of length >20 + # chars are alphanumeric, underscore, dash + + # Default is a `Devise.friendly_token`-generated token, it has a default length + # of 20 chars. But it may be longer depending on the type of token, and probably + # even GL-settings in the future. + # We assume that 20 chars is the minimum length and 50 chars is the maximum length. + re.compile( + r'(glpat|gloas|gldt|glrt|glcbt|glptt|glft|glimt|glagent|glsoat)-' + r'[A-Za-z0-9_\-]{20,50}(?!\w)', + ), + ] diff --git a/tests/plugins/gitlab_token_test.py b/tests/plugins/gitlab_token_test.py new file mode 100644 index 000000000..14343429a --- /dev/null +++ b/tests/plugins/gitlab_token_test.py @@ -0,0 +1,60 @@ +import pytest + +from detect_secrets.plugins.gitlab_token import GitLabTokenDetector + + +class TestGitLabTokenDetector: + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ( + # valid PAT prefix and token length + 'glpat-hellOworld380_testin', + True, + ), + ( + # spaces are not part of the token + 'glpat-hellOWorld380 testin', + False, + ), + ( + # invalid separator (underscore VS dash) + 'glpat_hellOworld380_testin', + False, + ), + ( + # valid different prefix and token length + 'gldt-HwllOuhfw-wu0rlD_yep', + True, + ), + ( + # token < 20 chars should be too short + 'gldt-seems_too000Sshorty', + False, + ), + ( + # invalid prefix, but valid token length + 'foo_hello-world80_testin', + False, + ), + ( + # token length may vary depending on the impl., but <= 50 chars should be fine + 'glsoat-PREfix_helloworld380_testin_pretty_long_token_long', + True, + ), + ( + # token > 50 chars is too long + 'glsoat-PREfix_helloworld380_testin_pretty_long_token_long_', + False, + ), + ( + # GitLab is not GitHub + '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', + False, + ), + ], + ) + def test_analyze(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) From cc99075fdb87c57414a39721dfa0566ce843791b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 15:39:03 +0000 Subject: [PATCH 54/58] Bump types-requests from 2.31.0.10 to 2.31.0.20240106 Bumps [types-requests](https://github.com/python/typeshed) from 2.31.0.10 to 2.31.0.20240106. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 7753c3452..cf37dfaf2 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -35,7 +35,7 @@ tox==4.11.4 tox-pip-extensions==1.6.0 typed-ast==1.5.5 types-PyYAML==6.0.12.12 -types-requests==2.31.0.10 +types-requests==2.31.0.20240106 typing-extensions==4.9.0 unidiff==0.7.5 urllib3==2.1.0 From 1a0fd30e7dcabbfedb859a4b5fc89216ea146187 Mon Sep 17 00:00:00 2001 From: Kirill Wedenin Date: Fri, 12 Jan 2024 18:58:59 +0100 Subject: [PATCH 55/58] GitLab token detector, differentiating token types --- detect_secrets/plugins/gitlab_token.py | 46 ++++++++++++--- tests/plugins/gitlab_token_test.py | 82 +++++++++++++++++++++++++- 2 files changed, 119 insertions(+), 9 deletions(-) diff --git a/detect_secrets/plugins/gitlab_token.py b/detect_secrets/plugins/gitlab_token.py index a8da90436..ed197fd7d 100644 --- a/detect_secrets/plugins/gitlab_token.py +++ b/detect_secrets/plugins/gitlab_token.py @@ -12,16 +12,48 @@ class GitLabTokenDetector(RegexBasedDetector): secret_type = 'GitLab Token' denylist = [ - # ref. https://docs.gitlab.com/ee/security/token_overview.html#gitlab-tokens + # ref: + # - https://docs.gitlab.com/ee/security/token_overview.html#gitlab-tokens + # - https://gitlab.com/groups/gitlab-org/-/epics/8923 + # - https://github.com/gitlabhq/gitlabhq/blob/master/gems + # /gitlab-secret_detection/lib/gitleaks.toml#L6-L76 + # `gl..-` prefix and a token of length >20 - # chars are alphanumeric, underscore, dash + # characters are typically alphanumeric, underscore, dash + # Most tokens are generated either with: + # - `Devise.friendly_token`, a string with a default length of 20, or + # - `SecureRandom.hex`, default data size of 16 bytes, encoded in different ways. + # String length may vary depending on the type of token, and probably + # even GL-settings in the future, so we expect between 20 and 50 chars. - # Default is a `Devise.friendly_token`-generated token, it has a default length - # of 20 chars. But it may be longer depending on the type of token, and probably - # even GL-settings in the future. - # We assume that 20 chars is the minimum length and 50 chars is the maximum length. + # Personal Access Token - glpat + # Deploy Token - gldt + # Feed Token - glft + # OAuth Access Token - glsoat + # Runner Token - glrt re.compile( - r'(glpat|gloas|gldt|glrt|glcbt|glptt|glft|glimt|glagent|glsoat)-' + r'(glpat|gldt|glft|glsoat|glrt)-' r'[A-Za-z0-9_\-]{20,50}(?!\w)', ), + + # Runner Registration Token + re.compile(r'GR1348941[A-Za-z0-9_\-]{20,50}(?!\w)'), + + # CI/CD Token - `glcbt` or `glcbt-XY_` where XY is a 2-char hex 'partition_id' + re.compile(r'glcbt-([0-9a-fA-F]{2}_)?[A-Za-z0-9_\-]{20,50}(?!\w)'), + + # Incoming Mail Token - generated by SecureRandom.hex, default length 16 bytes + # resulting token length is 26 when Base-36 encoded + re.compile(r'glimt-[A-Za-z0-9_\-]{25}(?!\w)'), + + # Trigger Token - generated by `SecureRandom.hex(20)` + re.compile(r'glptt-[A-Za-z0-9_\-]{40}(?!\w)'), + + # Agent Token - generated by `Devise.friendly_token(50)` + # tokens have a minimum length of 50 chars, up to 1024 chars + re.compile(r'glagent-[A-Za-z0-9_\-]{50,1024}(?!\w)'), + + # GitLab OAuth Application Secret - generated by `SecureRandom.hex(32)` + # -> becomes 64 base64-encoded characters + re.compile(r'gloas-[A-Za-z0-9_\-]{64}(?!\w)'), ] diff --git a/tests/plugins/gitlab_token_test.py b/tests/plugins/gitlab_token_test.py index 14343429a..e75085a99 100644 --- a/tests/plugins/gitlab_token_test.py +++ b/tests/plugins/gitlab_token_test.py @@ -34,7 +34,7 @@ class TestGitLabTokenDetector: ), ( # invalid prefix, but valid token length - 'foo_hello-world80_testin', + 'foo-hello-world80_testin', False, ), ( @@ -54,7 +54,85 @@ class TestGitLabTokenDetector: ), ], ) - def test_analyze(self, payload, should_flag): + def test_base_token_format(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('GR1348941PREfix_helloworld380', True), + ('GR1348941PREfix_helloworld380_testin_pretty_long_token_long', True), + ('GR1348941PREfix_helloworld380_testin_pretty_long_token_long_', False), # too long + ('GR1348941helloWord0', False), # too short + ], + ) + def test_runner_registration_token(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('glcbt-helloworld380_testin', True), + ], + ) + def test_cicd_token(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('glimt-my-tokens_are-correctAB38', True), + ('glimt-my-tokens_are-correctAB', False), # too short + ('glimt-my-tokens_are-correctAB38_280', False), # too long + ], + ) + def test_incoming_mail_token(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('glptt-Need5_T00-be-exactly-40-chars--ELse_fail', True), + ('glptt-Need5_T00-be-exactly-40-chars--ELse_failing', False), # too long + ('glptt-hellOworld380_testin', False), # too short + ], + ) + def test_trigger_token(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('glagent-Need5_T00-bee-longer-than-50_chars-or-else-failING', True), + ('glagent-Need5_T00-bee-longer-than-50_chars-or-else-failING-still_OK', True), + (('glagent-' + 'X' * 1025), False), # 2 long + ('glagent-hellOworld380_testin', False), # len 20 is too short + ], + ) + def test_agent_token(self, payload, should_flag): + logic = GitLabTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag) + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('gloas-checking_Length-Is-_exactly_64--checking_Length-Is-_exactly_64--', True), + ('gloas-checking_Length-Is-checking_Length-Is-', False), # too short + ('gloas-checking_Length-Is-_exactly_64--Xchecking_Length-Is-_longer_longer', False), + ], + ) + def test_oauth_application_secret(self, payload, should_flag): logic = GitLabTokenDetector() output = logic.analyze_line(filename='mock_filename', line=payload) assert len(output) == int(should_flag) From daebd8bfdc4967f0fb54b9ed776171d095b4d9aa Mon Sep 17 00:00:00 2001 From: Mike DiDomizio Date: Sat, 2 Mar 2024 10:03:41 -0500 Subject: [PATCH 56/58] Add detection of other AWS access key id prefixes --- detect_secrets/plugins/aws.py | 2 +- tests/plugins/aws_key_test.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/detect_secrets/plugins/aws.py b/detect_secrets/plugins/aws.py index ee822b6f7..3676bda80 100644 --- a/detect_secrets/plugins/aws.py +++ b/detect_secrets/plugins/aws.py @@ -25,7 +25,7 @@ class AWSKeyDetector(RegexBasedDetector): secret_keyword = r'(?:key|pwd|pw|password|pass|token)' denylist = ( - re.compile(r'AKIA[0-9A-Z]{16}'), + re.compile(r'(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}'), # This examines the variable name to identify AWS secret tokens. # The order is important since we want to prefer finding `AKIA`-based diff --git a/tests/plugins/aws_key_test.py b/tests/plugins/aws_key_test.py index 6174a857c..9139c9dd6 100644 --- a/tests/plugins/aws_key_test.py +++ b/tests/plugins/aws_key_test.py @@ -32,6 +32,22 @@ def setup(self): 'AKIAZZZ', False, ), + ( + 'A3T0ZZZZZZZZZZZZZZZZ', + True, + ), + ( + 'ABIAZZZZZZZZZZZZZZZZ', + True, + ), + ( + 'ACCAZZZZZZZZZZZZZZZZ', + True, + ), + ( + 'ASIAZZZZZZZZZZZZZZZZ', + True, + ), ( 'aws_access_key = "{}"'.format(EXAMPLE_SECRET), True, From 2ff569a5f5270c5d60ddc5a8bc25086f8a4c1613 Mon Sep 17 00:00:00 2001 From: Mike DiDomizio Date: Sat, 2 Mar 2024 10:21:46 -0500 Subject: [PATCH 57/58] Update comment to be access keys and not specifically AKIA --- detect_secrets/plugins/aws.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detect_secrets/plugins/aws.py b/detect_secrets/plugins/aws.py index 3676bda80..94af367de 100644 --- a/detect_secrets/plugins/aws.py +++ b/detect_secrets/plugins/aws.py @@ -28,7 +28,7 @@ class AWSKeyDetector(RegexBasedDetector): re.compile(r'(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}'), # This examines the variable name to identify AWS secret tokens. - # The order is important since we want to prefer finding `AKIA`-based + # The order is important since we want to prefer finding access # keys (since they can be verified), rather than the secret tokens. re.compile( From 5e0e55c1f743eaa6399f1a0a4c3d9ee9a5007218 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Apr 2024 04:15:09 +0000 Subject: [PATCH 58/58] Bump idna from 3.6 to 3.7 Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 60a7a9824..1bcaa309a 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -9,7 +9,7 @@ filelock==3.13.1 flake8==6.1.0 gibberish-detector==0.1.1 identify==2.5.33 -idna==3.6 +idna==3.7 iniconfig==2.0.0 mccabe==0.7.0 monotonic==1.6