Bump pygithub from 1.58.2 to 2.5.0

[dependabot]

Bumps pygithub from 1.58.2 to 2.5.0.

Release notes

Sourced from pygithub's releases.

v2.5.0

Breaking Changes

• Parameters of method github.Requester.Requester.graphql_named_mutation have been renamed:
  • Parameter variables renamed to mutation_input
  • Parameter output renamed to output_schema
  • Default value of parameter output has been removed

New features

• Rework GraphQL mutations @​EnricoMi (#3046)
• Make pagination work with GraphQL response data @​EnricoMi (#3047)
• Add RepositoryDiscussion powered by GraphQL API @​EnricoMi (#3048)
• Add Repository.get_discussion() to get a single Discussion @​tiangolo (#3072)

Improvements

• Adds List organization memberships for the authenticated user @​eduramirezh (#3040)
• Add actor property to WorkflowRun @​gbhand (#2764)
• Make requester a public attribute @​minrk (#3056)

Bug Fixes

• Fix requesting urls containing parameters with parameters dict @​EnricoMi (#2929)
• PullRequest.delete_branch: fix the remaining pull requests check @​fetsko (#3063)

Maintenance

• Remove stale bot @​EnricoMi (510c1402)
• Upgrade Github actions @​EnricoMi (#3075)
• Add top issues dashboard action @​EnricoMi (#3049)
• Make tests pass some more years @​bmwiedemann (#3045)
• Run top issues workflow only in PyGithub repo @​EnricoMi (0d395d4e)
• Replace pre-commit action in order to pin pre-commit @​minrk (#3059)

v2.4.0

New features

• Allow custom authentication @​kliem (#2987)

Improvements

• Add has_discussions to AuthenticatedUser and Repository classes @​cwlls (#3020)
• Update more SecurityAndAnalysis attributes @​squatched (#3025)
• Implement support for re-running only failed workflow jobs. @​chrisgavin (#2983)
• Add possibility to mark a thread/notification as done @​m42e (#2985)
• Add "pull_request_review_id" to PullRequestComment object @​stroebs (#3000)
• Add minimize and unminimize functions for IssueComment class @​arash77 (#3005)
• Support Organization/Repository custom properties @​jackylamhk (#2968)

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.5.0 (November 06, 2024)

Breaking Changes ^^^^^^^^^^^^^^^^

• Parameters of method github.Requester.Requester.graphql_named_mutation have been renamed:

  • Parameter variables renamed to mutation_input
  • Parameter output renamed to output_schema
  • Default value of parameter output has been removed

New features ^^^^^^^^^^^^

• Rework GraphQL mutations (#3046) (27222251)
• Make pagination work with GraphQL response data (#3047) (cd30e379)
• Add RepositoryDiscussion powered by GraphQL API (#3048) (29359f3c)
• Add Repository.get_discussion() to get a single Discussion (#3072) (44120b1e)

Improvements ^^^^^^^^^^^^

• Adds List organization memberships for the authenticated user (#3040) (cf443955)
• Add actor property to WorkflowRun (#2764) (612ba68e)
• Make requester a public attribute (#3056) (c44ec523)

Bug Fixes ^^^^^^^^^

• Fix requesting urls containing parameters with parameters dict (#2929) (e1d67ada)
• PullRequest.delete_branch: fix the remaining pull requests check (#3063) (72fa6278)

Maintenance ^^^^^^^^^^^

• Remove stale bot (510c1402)
• Upgrade Github actions (#3075) (323e2828)
• Add top issues dashboard action (#3049) (c91f26a7)
• Make tests pass some more years (#3045) (352c55aa)
• Run top issues workflow only in PyGithub repo (0d395d4e)
• Replace pre-commit Github action in order to pin pre-commit version (#3059) (1a05b43d)

Version 2.4.0 (August 26, 2024)

Breaking Changes ^^^^^^^^^^^^^^^^

• The github.Commit.Commit class provides a files property that used to return a list[github.File.File],

... (truncated)

Commits

• 19ddb9f Release v2.5.0 (#3079)
• 44120b1 Add support for Repository.get_discussion() to get a single Discussion (#3072)
• 323e282 Upgrade Github actions (#3075)
• 29359f3 Add RepositoryDiscussion powered by GraphQL API (#3048)
• cd30e37 Make pagination work with GraphQL response data (#3047)
• 2722225 Rework GraphQL mutations (#3046)
• 72fa627 PullRequest.delete_branch: fix the remaining pull requests check (#3063)
• 352c55a Make tests pass some more years (#3045)
• cf44395 Adds List organization memberships for the authenticated user (#3040)
• 612ba68 Add actor property to WorkflowRun (#2764)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

DryRun Security Summary

The provided code change updates the requirements.txt file for the DefectDojo application, with the key change being the upgrade of the PyGithub library from version 1.58.2 to 2.5.0, which is used to interact with the GitHub API, and the rest of the changes appear to be updates to other Python dependencies to keep the application up-to-date and secure.

Expand for full summary

Summary:

The provided code change is an update to the requirements.txt file, which lists the Python dependencies required for the DefectDojo application. The key change is the update of the PyGithub library from version 1.58.2 to 2.5.0. This library is used to interact with the GitHub API, and the update may introduce new features or bug fixes.

From an application security perspective, the update to the PyGithub library is worth reviewing. While library upgrades can often improve security, it's important to review the changelog and release notes to understand if there were any security-related fixes or improvements. Additionally, it's a good practice to test the changes thoroughly to ensure that the update does not introduce any regressions or new vulnerabilities. The rest of the changes appear to be updates to other Python dependencies, which is a common practice to keep the application up-to-date and secure. However, it's still important to review the changes to these dependencies to ensure that there are no known security vulnerabilities in the updated versions.

Files Changed:

• requirements.txt: This file has been updated to include the latest version of the PyGithub library, which has been upgraded from 1.58.2 to 2.5.0. The rest of the changes appear to be updates to other Python dependencies, which is a common practice to keep the application up-to-date and secure.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Blocking merge

See #9948 (review)