From 94f4a10e8571dbe5106a209c6c66a71e9808db4b Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Mon, 21 Oct 2024 18:55:23 -0500 Subject: [PATCH 01/10] Add dependabot for dependency upgrades https://github.com/akaihola/darker/issues/341 --- .github/dependabot.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 000000000..39d93f1bf --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" # Adjust this if your setup.cfg is in a subdirectory + schedule: + interval: "weekly" # or "weekly", "monthly" + groups: + python-packages: + patterns: + - "*" From 1947589bea4c2c151ced44d79f9d96f7a02fbf8c Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 21:55:05 -0500 Subject: [PATCH 02/10] add changelog for dependabot --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 8f7bbb1b2..9f03adf0d 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,6 +5,8 @@ These features will be included in the next release: Added ----- +- Dependabot configuration for automatically opening prs for package version + upgrades - New exit codes 2 for file not found, 3 for invalid command line arguments, 4 for missing dependencies and 123 for unknown failures. - Display exit code in parentheses after error message. From 2643834845b6ff1955e058f975ef55d5490e38b6 Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:01:54 -0500 Subject: [PATCH 03/10] bump black dependency to get unstuck --- constraints-oldest.txt | 2 +- setup.cfg | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/constraints-oldest.txt b/constraints-oldest.txt index 70d16afb2..8f73c0805 100644 --- a/constraints-oldest.txt +++ b/constraints-oldest.txt @@ -3,7 +3,7 @@ # still works against oldest supported versions of both the Python # interpreter and Python ependencies. Keep this up-to-date with minimum # versions in `setup.cfg`. -black==22.3.0 +black==24.1.0 darkgraylib==2.0.1 defusedxml==0.7.1 flake8-2020==1.6.1 diff --git a/setup.cfg b/setup.cfg index 4739438df..7fbbe6439 100644 --- a/setup.cfg +++ b/setup.cfg @@ -60,7 +60,7 @@ color = Pygments>=2.4.0 test = # NOTE: remember to keep `constraints-oldest.txt` in sync with these - black>=22.3.0 + black>=24.1.0 cryptography>=3.3.2 # through twine, fixes CVE-2020-36242 defusedxml>=0.7.1 flynt>=0.76 From 79d9333422620717d5dc18932e63772587d1e90d Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:04:42 -0500 Subject: [PATCH 04/10] dependabot update setup.cfg as well --- .github/dependabot.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 39d93f1bf..176285b23 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -8,3 +8,8 @@ updates: python-packages: patterns: - "*" +- package-ecosystem: "pip" + directory: "/" # Adjust this if your setup.cfg is in a subdirectory + schedule: + interval: "weekly" # or "weekly", "monthly" + file: "setup.cfg" From 7454835f09bfdb88ff8bfdeec57fddd27ba43b59 Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:06:13 -0500 Subject: [PATCH 05/10] dependabot fix syntax error --- .github/dependabot.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 176285b23..60d9aaa21 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -8,8 +8,8 @@ updates: python-packages: patterns: - "*" -- package-ecosystem: "pip" - directory: "/" # Adjust this if your setup.cfg is in a subdirectory - schedule: - interval: "weekly" # or "weekly", "monthly" - file: "setup.cfg" + - package-ecosystem: "pip" + directory: "/" # Adjust this if your setup.cfg is in a subdirectory + schedule: + interval: "weekly" # or "weekly", "monthly" + file: "setup.cfg" From 44575cfcedd8b189a001642240dba5125626d890 Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:07:13 -0500 Subject: [PATCH 06/10] fix file overlap --- .github/dependabot.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 60d9aaa21..e3b930e3a 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -4,10 +4,7 @@ updates: directory: "/" # Adjust this if your setup.cfg is in a subdirectory schedule: interval: "weekly" # or "weekly", "monthly" - groups: - python-packages: - patterns: - - "*" + file: "constraints-oldest.txt" - package-ecosystem: "pip" directory: "/" # Adjust this if your setup.cfg is in a subdirectory schedule: From 7aeb0a25c308186b37626ff8ef01c08ccb47d2a5 Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:11:15 -0500 Subject: [PATCH 07/10] changes --- .github/dependabot.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index e3b930e3a..31a0204e5 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -4,9 +4,8 @@ updates: directory: "/" # Adjust this if your setup.cfg is in a subdirectory schedule: interval: "weekly" # or "weekly", "monthly" - file: "constraints-oldest.txt" - - package-ecosystem: "pip" - directory: "/" # Adjust this if your setup.cfg is in a subdirectory - schedule: - interval: "weekly" # or "weekly", "monthly" - file: "setup.cfg" + allow: + - dependency-type: "direct" + additional-files: + - "setup.cfg" + - "constraints-oldest.txt" From 7b34215b6c0c3d8d812b355c343e4bfd477865b0 Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:21:07 -0500 Subject: [PATCH 08/10] change --- .github/dependabot.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 31a0204e5..77b8c8012 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -1,11 +1,6 @@ version: 2 updates: - package-ecosystem: "pip" - directory: "/" # Adjust this if your setup.cfg is in a subdirectory + directory: "/" schedule: - interval: "weekly" # or "weekly", "monthly" - allow: - - dependency-type: "direct" - additional-files: - - "setup.cfg" - - "constraints-oldest.txt" + interval: "daily" From 3eee4d4145212a663089399d5ae34ca9ce915c52 Mon Sep 17 00:00:00 2001 From: CJ Steiner Date: Wed, 30 Oct 2024 22:22:07 -0500 Subject: [PATCH 09/10] fix lint --- .github/dependabot.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 77b8c8012..f5071b653 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -1,3 +1,4 @@ +--- version: 2 updates: - package-ecosystem: "pip" From f162643aca0f7ee0a067db682feb10ababde4104 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Oct 2024 03:23:58 +0000 Subject: [PATCH 10/10] build(deps): bump pygments from 2.4.0 to 2.18.0 Bumps [pygments](https://github.com/pygments/pygments) from 2.4.0 to 2.18.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](https://github.com/pygments/pygments/compare/2.4.0...2.18.0) --- updated-dependencies: - dependency-name: pygments dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- constraints-oldest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/constraints-oldest.txt b/constraints-oldest.txt index 8f73c0805..d38b7d876 100644 --- a/constraints-oldest.txt +++ b/constraints-oldest.txt @@ -11,7 +11,7 @@ flake8-bugbear==22.1.11 flake8-comprehensions==3.7.0 flynt==0.76 mypy==0.990 -Pygments==2.4.0 +Pygments==2.18.0 pytest==6.2.0 pytest-kwparametrize==0.0.3 regex==2021.4.4