Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump pygithub from 1.58.2 to 2.3.0 #9948

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 17, 2024

Bumps pygithub from 1.58.2 to 2.3.0.

Release notes

Sourced from pygithub's releases.

v2.3.0

New features

Improvements

Bug Fixes

Maintenance

v2.2.0

Breaking Changes

The github.Comparison.Comparison instance returned by Repository.compare provides a commits property that used to return a list[github.Commit.Commit], which has now been changed to PaginatedList[github.Commit.Commit]. This breaks user code that assumes a list:

commits = repo.compare("v0.6", "v0.7").commits
no_of_commits = len(commits)  # will raise a TypeError

This will raise a TypeError: object of type 'PaginatedList' has no len(), as the returned PaginatedList does not support the len() method. Use the totalCount property instead:

commits = repo.compare("v0.6", "v0.7").commits
no_of_commits = commits.totalCount

New features

  • Add support to call GraphQL API

Improvements

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.3.0 (March 21, 2024)

New features ^^^^^^^^^^^^

  • Support OAuth for enterprise (#2780) (e4106e00)
  • Support creation of Dependabot Organization and Repository Secrets (#2874) (0784f835)

Improvements ^^^^^^^^^^^^

  • Create release with optional name and message when generate_release_notes is true (#2868) (d65fc30d)
  • Add missing attributes to WorkflowJob (#2921) (9e092458)
  • Add created and check_suite_id filter for Repository WorkflowRuns (#2891) (c788985c)
  • Assert requester argument type in Auth (#2912) (0b8435fc)

Bug Fixes ^^^^^^^^^

  • Revert having allowed values for add_to_collaborators (#2905) (b542438e)

Maintenance ^^^^^^^^^^^

  • Fix imports in authentication docs (#2923) (e3d36535)
  • CI: add docformatter to precommit (#2614) (96ad19ae)
  • Add .swp files to gitignore (#2903) (af529abe)
  • Fix instructions building docs in CONTRIBUTING.md (#2900) (cd8e528d)
  • Explicitly name the modules built in pyproject.toml (#2894) (4d461734)

Version 2.2.0 (January 28, 2024)

Breaking Changes ^^^^^^^^^^^^^^^^

  • The github.Comparison.Comparison instance returned by Repository.compare provides a commits property that used to return a list[github.Commit.Commit], which has now been changed to PaginatedList[github.Commit.Commit]. This breaks user code that assumes a list:

.. code-block:: python

commits = repo.compare("v0.6", "v0.7").commits
no_of_commits = len(commits)

This will raise a TypeError: object of type 'PaginatedList' has no len(), as the returned PaginatedList does not support the len() method. Use the totalCount property instead:

.. code-block:: python

... (truncated)

Commits
  • 7266e81 Release v2.3.0 (#2926)
  • e4106e0 Support oauth for enterprise (#2780)
  • d65fc30 Create release with optional name and message when generate_release_notes is ...
  • 0784f83 Support creation of Dependabot Organization and Repository Secrets (#2874)
  • 9e09245 Add missing attributes to WorkflowJob (#2921)
  • e3d3653 Fix imports in authentication docs (#2923)
  • c788985 Add created and check_suite_id filter for Repository WorkflowRuns (#2891)
  • 0b8435f Assert requester argument type in Auth (#2912)
  • 96ad19a CI: add docformatter to precommit (#2614)
  • b542438 Revert having allowed values for add_to_collaborators (#2905)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 17, 2024
Copy link

dryrunsecurity bot commented Apr 17, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 1 finding
AppSec Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Powered by DryRun Security

@dependabot dependabot bot force-pushed the dependabot/pip/dev/pygithub-2.3.0 branch 5 times, most recently from 28ffa9b to d88099b Compare April 23, 2024 01:17
@mtesauro
Copy link
Contributor

breaking changes. See comment from #8296 & #8771

@mtesauro mtesauro force-pushed the dependabot/pip/dev/pygithub-2.3.0 branch from d88099b to b8e1e60 Compare April 25, 2024 14:39
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests integration_tests ui parser helm localization labels Apr 25, 2024
@mtesauro
Copy link
Contributor

@dependabot rebase

Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 25, 2024

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@mtesauro
Copy link
Contributor

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/pip/dev/pygithub-2.3.0 branch from e9c18c3 to 36f524f Compare April 25, 2024 19:39
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions github-actions bot removed docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests integration_tests ui parser helm localization labels Apr 25, 2024
Copy link
Contributor

@cneill cneill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm surprised this one is passing tests... PyGithub deprecated the positional argument we use to instantiate the Github class back in 1.59.0 (you can see it marked deprecated in their docs for the class here)

Here are examples of us using that positional argument:

Dependabot couldn't find the original pull request head commit, d88099b2a2780f399bce56ee81da0d816bbe868c.
@dependabot dependabot bot force-pushed the dependabot/pip/dev/pygithub-2.3.0 branch from 36f524f to 78d29bb Compare May 13, 2024 14:55
@kiblik
Copy link
Contributor

kiblik commented Jul 9, 2024

May I ask what is status of this PR? It is one of the blockers for #10473.

Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@mtesauro
Copy link
Contributor

@kiblik See cneill's comments at #9948 (review)

The short answer is that changes are needed to update this Python module and there's not a PR for that or tests for Github integration. Since this GHA were green and this definitely had breaking changes, we obviously don't have good test coverage for the Github integration as well.

Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 26, 2024

Superseded by #10808.

@dependabot dependabot bot closed this Aug 26, 2024
@dependabot dependabot bot deleted the dependabot/pip/dev/pygithub-2.3.0 branch August 26, 2024 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
conflicts-detected dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants