Sourced from safety's releases.

2.3.4

No release notes provided.

2.3.3

No release notes provided.

2.3.2

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

2.3.1

No release notes provided.

2.3.0

What's Changed

• Safety Alerts: GitHub PRs and GitHub issues support by @​cb22 in pyupio/safety#411
• Safety 2.3.0 patch by @​cb22 in pyupio/safety#415

Full Changelog: https://github.com/pyupio/safety/compare/2.2.1...2.3.0

2.2.1

What's Changed

• Pull from Master by @​yeisonvargasf in pyupio/safety#410
• Common fixes for next release by @​yeisonvargasf in pyupio/safety#412
• 2.2.1 Patch by @​yeisonvargasf in pyupio/safety#414

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

PyUp is excited to release Safety 2.0 CLI and Safety as a GitHub Action!

Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs. The new GitHub Action enables you to configure Python dependency security and compliance scans on your repositories on new commits, new branches, pull requests, and more.

... (truncated)

Sourced from safety's changelog.

[2.3.4] - 2022-12-07

• Removed LegacyVersion use; this fixes the issue with packaging 22.0.
• Fixed typos in the README.
• Added Python 3.11 to the classifiers in the setup.cfg.

[2.3.3] - 2022-11-27

• Fixed recursive requirements issue when an unpinned package is found.

[2.3.2] - 2022-11-21

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

[2.3.1] - 2022-10-05

• Add safety.alerts module to setup.cfg

[2.3.0] - 2022-10-05

• Safety can now create GitHub PRs and Issues for vulnerabilities directly, with the new safety alert subcommand.
• Support for GitHub PR and Issue alerting has been added to the GitHub Action.

[2.2.1] - 2022-10-04

• Fixed the use of the SAFETY_COLOR environment variable
• Fixed bug in the case of vulnerabilities without a CVE linked
• Fixed GitHub version in the README

[2.2.0] - 2022-09-19

• Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
• Added logic for custom integrations like pipenv check.
• The --db flag is compatible remote sources too.
• Added more logging
• Upgrade dparse dependency to avoid a possible ReDos security issue
• Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

Updated outputs:

• Text & screen output: If a scan has been logged, this is now mentioned in the output.
• JSON output: The JSON output now includes git metadata about the folder Safety was run in. It also includes a version field, and telemetry information that would be sent separately. There are no breaking changes in the output.

... (truncated)

• 46d54bc Version 2.3.4
• 9e4f843 Merge pull request #440 from pyupio/develop
• 68049bb Merge pull request #433 from cclauss/patch-1
• 7c72120 Merge pull request #439 from pyupio/fix/packaging-LegacyVersion
• 2c4bb4b Remove the LegacyVersion import.
• a9da481 Merge pull request #434 from cclauss/patch-2
• 2105d42 Starting 2.3.4.dev version.
• 8b6b34f Merge pull request #436 from pyupio/main
• 6e5f76a setup.cfg: Programming Language :: Python :: 3.11
• 34827f3 Fix typos
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• a19e733 v3.3.0
• 3879369 Merge pull request #764 from rominf/rominf/datetime-utc-alias
• 6bc3509 rewrite to datetime.UTC
• 28db01a v3.2.3
• c1c97ba Merge pull request #762 from asottile/f-strings-no-u-prefix
• 43293bb fix rewrite of u strings to f strings
• a389e99 Merge pull request #760 from asottile/pre-commit-ci-update-config
• 5bae913 [pre-commit.ci] pre-commit autoupdate
• 4c7ee5a Merge pull request #758 from asottile/pre-commit-ci-update-config
• aa860f0 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 28db01a v3.2.3
• c1c97ba Merge pull request #762 from asottile/f-strings-no-u-prefix
• 43293bb fix rewrite of u strings to f strings
• a389e99 Merge pull request #760 from asottile/pre-commit-ci-update-config
• 5bae913 [pre-commit.ci] pre-commit autoupdate
• 4c7ee5a Merge pull request #758 from asottile/pre-commit-ci-update-config
• aa860f0 [pre-commit.ci] pre-commit autoupdate
• 5b527ac Merge pull request #756 from asottile/all-repos_autofix_no-implicit-optional
• 23b9a87 remove no_implicit_optional
• 27239c1 Merge pull request #752 from asottile/pre-commit-ci-update-config
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from safety's releases.

2.3.3

No release notes provided.

2.3.2

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

2.3.1

No release notes provided.

2.3.0

What's Changed

• Safety Alerts: GitHub PRs and GitHub issues support by @​cb22 in pyupio/safety#411
• Safety 2.3.0 patch by @​cb22 in pyupio/safety#415

Full Changelog: https://github.com/pyupio/safety/compare/2.2.1...2.3.0

2.2.1

What's Changed

• Pull from Master by @​yeisonvargasf in pyupio/safety#410
• Common fixes for next release by @​yeisonvargasf in pyupio/safety#412
• 2.2.1 Patch by @​yeisonvargasf in pyupio/safety#414

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

PyUp is excited to release Safety 2.0 CLI and Safety as a GitHub Action!

Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs. The new GitHub Action enables you to configure Python dependency security and compliance scans on your repositories on new commits, new branches, pull requests, and more.

Summary:

... (truncated)

Sourced from safety's changelog.

[2.3.3] - 2022-11-27

• Fixed recursive requirements issue when an unpinned package is found.

[2.3.2] - 2022-11-21

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

[2.3.1] - 2022-10-05

• Add safety.alerts module to setup.cfg

[2.3.0] - 2022-10-05

• Safety can now create GitHub PRs and Issues for vulnerabilities directly, with the new safety alert subcommand.
• Support for GitHub PR and Issue alerting has been added to the GitHub Action.

[2.2.1] - 2022-10-04

• Fixed the use of the SAFETY_COLOR environment variable
• Fixed bug in the case of vulnerabilities without a CVE linked
• Fixed GitHub version in the README

[2.2.0] - 2022-09-19

• Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
• Added logic for custom integrations like pipenv check.
• The --db flag is compatible remote sources too.
• Added more logging
• Upgrade dparse dependency to avoid a possible ReDos security issue
• Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

Updated outputs:

• Text & screen output: If a scan has been logged, this is now mentioned in the output.
• JSON output: The JSON output now includes git metadata about the folder Safety was run in. It also includes a version field, and telemetry information that would be sent separately. There are no breaking changes in the output.

New inputs:

• New command line flags
  • The --disable-audit-and-monitor flag can be set to disable sending a scan's result to pyup.io
  • The --project flag can be set to manually specify a project to associate these scans with. By default, it'll autodetect based on the current folder and git.

... (truncated)

• 78e2525 Version 2.3.3
• 57a73c4 Merge pull request #432 from pyupio/develop
• 7869401 Merge pull request #431 from pyupio/fix/recursive-deps-parsing
• 77b46da Returning deps after one unpinned dependency.
• eadcbe1 Merge pull request #430 from pyupio/main
• ab5a57c Update version file to the current live version.
• e6bceee Starting version 2.3.3.dev
• f55c927 Version 2.3.2
• a8c8c96 Merge pull request #429 from pyupio/develop
• d180854 Revert "Remove ignore flags in the CI config."
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from safety's releases.

2.3.2

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

2.3.1

No release notes provided.

2.3.0

What's Changed

• Safety Alerts: GitHub PRs and GitHub issues support by @​cb22 in pyupio/safety#411
• Safety 2.3.0 patch by @​cb22 in pyupio/safety#415

Full Changelog: https://github.com/pyupio/safety/compare/2.2.1...2.3.0

2.2.1

What's Changed

• Pull from Master by @​yeisonvargasf in pyupio/safety#410
• Common fixes for next release by @​yeisonvargasf in pyupio/safety#412
• 2.2.1 Patch by @​yeisonvargasf in pyupio/safety#414

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

PyUp is excited to release Safety 2.0 CLI and Safety as a GitHub Action!

Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs. The new GitHub Action enables you to configure Python dependency security and compliance scans on your repositories on new commits, new branches, pull requests, and more.

Summary:

• Safety 2.0 major release (notes below) and GitHub Action release

Updated outputs:

... (truncated)

Sourced from safety's changelog.

[2.3.2] - 2022-11-21

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

[2.3.1] - 2022-10-05

• Add safety.alerts module to setup.cfg

[2.3.0] - 2022-10-05

• Safety can now create GitHub PRs and Issues for vulnerabilities directly, with the new safety alert subcommand.
• Support for GitHub PR and Issue alerting has been added to the GitHub Action.

[2.2.1] - 2022-10-04

• Fixed the use of the SAFETY_COLOR environment variable
• Fixed bug in the case of vulnerabilities without a CVE linked
• Fixed GitHub version in the README

[2.2.0] - 2022-09-19

• Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
• Added logic for custom integrations like pipenv check.
• The --db flag is compatible remote sources too.
• Added more logging
• Upgrade dparse dependency to avoid a possible ReDos security issue
• Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

Updated outputs:

• Text & screen output: If a scan has been logged, this is now mentioned in the output.
• JSON output: The JSON output now includes git metadata about the folder Safety was run in. It also includes a version field, and telemetry information that would be sent separately. There are no breaking changes in the output.

New inputs:

• New command line flags
  • The --disable-audit-and-monitor flag can be set to disable sending a scan's result to pyup.io
  • The --project flag can be set to manually specify a project to associate these scans with. By default, it'll autodetect based on the current folder and git.

[2.0.0] - 2022-06-28

Summary:

... (truncated)

• f55c927 Version 2.3.2
• a8c8c96 Merge pull request #429 from pyupio/develop
• d180854 Revert "Remove ignore flags in the CI config."
• 7eef5a4 Remove ignore flags in the CI config.
• 7171e3e Merge pull request #428 from pyupio/main
• e7b4c0c Merge pull request #427 from pyupio/fix/integrations
• 14db471 Fix announcements load and telemetry.
• be1a7a8 Send announcements to stderr when not isatty only when the type announcement ...
• 6cd1ae3 Fix logic output for integrations, resource warnings fixed, and ruamel fix.
• f1b86b8 Merge pull request #426 from pyupio/develop
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 2be47ac Update pyenv version
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• c1b1c53 v3.2.2
• 02b8cdc Merge pull request #751 from asottile/file
• a89ff42 remove abspath(file) rewrite
• b736e95 v3.2.1
• bba6fec Merge pull request #750 from mhils/optional-forward-ref
• 9796546 fix Optional["ForwardRef"] rewriting
• 5c27928 Merge pull request #747 from asottile/pre-commit-ci-update-config
• 9b72ee9 [pre-commit.ci] pre-commit autoupdate
• fe81c25 v3.2.0
• 1268511 Merge pull request #745 from tusharsadhwani/unpack
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b736e95 v3.2.1
• bba6fec Merge pull request #750 from mhils/optional-forward-ref
• 9796546 fix Optional["ForwardRef"] rewriting
• 5c27928 Merge pull request #747 from asottile/pre-commit-ci-update-config
• 9b72ee9 [pre-commit.ci] pre-commit autoupdate
• fe81c25 v3.2.0
• 1268511 Merge pull request #745 from tusharsadhwani/unpack
• 848751f Add PEP646 Unpack plugin
• b1f3615 Merge pull request #741 from asottile/py311-release
• e6669bd regenerate import symbols
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b71dc3d Remove +dev from version
• 719cef9 Add support for exception groups and except* (#14020)
• 91b6fc3 Fix crash on nested unions in recursive types (#14007)
• 42a4c69 Make TryStar not crash (#13991)
• 5fad1ac Warn on invalid *args and **kwargs with ParamSpec (#13892)
• 184add9 Revert sum literal integer change (#13961)
• 74e0dff Add hidden options to disable bytes promotion (#13952)
• ec6d9d9 [mypyc] Fix ircheck if register is initialized through LoadAddress (#13944)
• 8ef701d Use 3.11 instead of 3.11-dev (#13945)
• ec149da [mypyc] Fix glue methods with native int types (#13939)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 4ebc28d Bump version numbers to 2022.6 / 2022f
• f1bd81b IANA 2022f
• 5797f88 Squashed 'tz/' changes from c4eb3fcf2..623631d84
• dacb1a1 Upgrade unittest asserts
• d1abcdd Bump GitHub Actions
• 7ff7f35 Add support for Python 3.11
• 1ab3481 Bump version numbers to 2022.5 / 2022e
• 872168c Squashed 'tz/' changes from 0fc8f915a..16bd7a384
• c5900e5 IANA 2022e
• 04b5402 Bump version numbers to 2022.4/2022d
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from shellingham's releases.

Release 1.5.0.post1

What's Changed

• Add syntax highlighting to readme by @​swaldhoer in sarugaku/shellingham#63
• Limit package installation to Python >= 3.7 by @​hswong3i in sarugaku/shellingham#62

New Contributors

• @​swaldhoer made their first contribution in sarugaku/shellingham#63
• @​hswong3i made their first contribution in sarugaku/shellingham#62

Full Changelog: https://github.com/sarugaku/shellingham/compare/1.5.0...1.5.0.post1

1.5.0

What's Changed

• Bump bleach from 3.2.1 to 3.3.0 by @​dependabot in sarugaku/shellingham#44
• Bump cryptography from 3.3.1 to 3.3.2 by @​dependabot in sarugaku/shellingham#45
• Bump urllib3 from 1.26.3 to 1.26.4 by @​dependabot in sarugaku/shellingham#46
• Modern python by @​JeppeKlitgaard in sarugaku/shellingham#50
• Update README.rst by @​davidlatwe in sarugaku/shellingham#51
• Bump urllib3 from 1.26.4 to 1.26.5 by @​dependabot in sarugaku/shellingham#54
• Add "nu" to _core.py to support detect NuShell by @​gunungpw in sarugaku/shellingham#56
• Fix typos by @​kianmeng in sarugaku/shellingham#58
• Add release job by @​ofek in sarugaku/shellingham#59
• chore: prepare for release 1.5.0 by @​frostming in sarugaku/shellingham#60

New Contributors

• @​JeppeKlitgaard made their first contribution in sarugaku/shellingham#50
• @​davidlatwe made their first contribution in sarugaku/shellingham#51
• @​gunungpw made their first contribution in sarugaku/shellingham#56
• @​kianmeng made their first contribution in sarugaku/shellingham#58
• @​ofek made their first contribution in sarugaku/shellingham#59
• @​frostming made their first contribution in sarugaku/shellingham#60

Full Changelog: https://github.com/sarugaku/shellingham/compare/1.4.0...1.5.0

Sourced from shellingham's changelog.

1.5.0.post1 (2023-01-03)

• Fix package metadata to disallow installation on Python prior to 3.7. This was already done in 1.5.0, but the metadata of the release was incorrectly set to >=3.4.

1.5.0 (2022-08-04)

Features

• Drop support for Python version older than 3.7. [#50](https://github.com/sarugaku/shellingham/issues/50) <https://github.com/sarugaku/shellingham/issues/50>_
• Support detecting NuShell. [#56](https://github.com/sarugaku/shellingham/issues/56) <https://github.com/sarugaku/shellingham/issues/56>_

• 7646358 Prepare for release 1.5.0.post1
• eb61246 Merge pull request #62 from alvistack/python_ge_37
• 57ed4fe Add syntax highlighting to readme (#63)
• ee99294 Add syntax highlighting
• 32bcc83 [1.5.0] Incorrectly List by Pypi as Available for Python < 3.7
• ace4525 chore: prepare for release 1.5.0 (#60)
• b68e3df Add release job (#59)
• 6025d91 Fix typos (#58)
• 23cb5cb Add "nu" to _core.py to support detect NuShell (#56)
• 325c643 Bump urllib3 from 1.26.4 to 1.26.5 (#54)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from release-drafter/release-drafter's releases.

v5.22.0

What's Changed

New

• Only use last full release when drafting (#1240) @​ssbarnea

Full Changelog: https://github.com/release-drafter/release-drafter/compare/v5.21.1...v5.22.0

v5.21.1

What's Changed

Dependency Updates

• Address set-output deprecation (#1247) @​NotMyFault

Full Changelog: https://github.com/release-drafter/release-drafter/compare/v5.21.0...v5.21.1

• cfc5540 v5.22.0
• 7ef15e2 Only use last full release when drafting (#1240)
• 6df64e4 v5.21.1
• 26be07d Address set-output deprecation (#1247)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 309a457 Update i18n section of README
• 67b32d0 Separete legacy tests to run in legacy container
• ce19dbe Bump version numbers to 2022.7/2022g
• 7285e70 IANA 2022g
• 3a52798 Squashed 'tz/' changes from d3dc2a9d6..9baf0d34d
• 8656870 Let _all_timezones_unchecked be garbage collected when no longer needed
• bd3e51f Rename all_timezones_unchecked to strongly indicate it is not public
• 01592a9 Merge pull request #90 from eendebakpt/import_time_lazy_list
• 5e9f112 lazy timezone
• 4ebc28d Bump version numbers to 2022.6 / 2022f
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from mkdocstrings's releases.

0.19.0

Highlights

We decided to deprecate a few things to pave the way towards a more stable code base, bringing us closer to a v1.

• Selection and rendering options are now combined into a single options key. Using the old keys will emit a deprecation warning.
• The BaseCollector and BaseRenderer classes are deprecated in favor of BaseHandler, which merges their functionality. Using the old classes will emit a deprecation warning.

New versions of the Python handler and the legacy Python handler were also released in coordination with mkdocstrings 0.19. See their respective changelogs: python, python-legacy. Most notably, the Python handler gained the members and filters options that prevented many users to switch to it.

mkdocstrings stopped depending directly on the legacy Python handler. It means you now have to explicitely depend on it, directly or through the extra provided by mkdocstrings, if you want to continue using it.

Packaging / Dependencies

• Stop depending directly on mkdocstrings-python-legacy (9055d58 by Timothée Mazzucotelli). [Issue #376](mkdocstrings/mkdocstrings#376)

Features

• Pass config file path to handlers (cccebc4 by Timothée Mazzucotelli). [Issue #311](mkdocstrings/mkdocstrings#311), [PR #425](mkdocstrings/mkdocstrings#425)

Code Refactoring

• Support options / deprecated options mix-up (7c71f26 by Timothée Mazzucotelli).
• Deprecate watch feature in favor of MkDocs' built-in one (c20022e by Timothée Mazzucotelli).
• Log relative template paths if possible, instead of absolute (91f5f83 by Timothée Mazzucotelli).
• Deprecate selection and rendering YAML keys (3335310 by Timothée Mazzucotelli). [PR #420](mkdocstrings/mkdocstrings#420)
• Deprecate BaseCollector and BaseRenderer (eb822cb by Timothée Mazzucotelli). [PR #413](mkdocstrings/mkdocstrings#413)

Sourced from mkdocstrings's changelog.

0.19.1 - 2022-12-13

Compare with 0.19.0

Bug Fixes

• Fix regular expression for Sphinx inventory parsing (348bdd5 by Luis Michaelis). [Issue #496](mkdocstrings/mkdocstrings#496), [PR #497](mkdocstrings/mkdocstrings#497)

Code Refactoring

• Small fixes to type annotations (9214b74 by Oleh Prypin). [PR #470](mkdocstrings/mkdocstrings#470)
• Report usage-based warnings as user-facing messages (03dd7a6 by Oleh Prypin). [PR #464](mkdocstrings/mkdocstrings#464)

0.19.0 - 2022-05-28

Compare with 0.18.1

Highlights

We decided to deprecate a few things to pave the way towards a more stable code base, bringing us closer to a v1.

• Selection and rendering options are now combined into a single options key. Using the old keys will emit a deprecation warning.
• The BaseCollector and BaseRenderer classes are deprecated in favor of BaseHandler, which merges their functionality. Using the old classes will emit a deprecation warning.

New versions of the Python handler and the legacy Python handler were also released in coordination with mkdocstrings 0.19. See their respective changelogs: python, python-legacy. Most notably, the Python handler gained the members and filters options that prevented many users to switch to it.

mkdocstrings stopped depending directly on the legacy Python handler. It means you now have to explicitely depend on it, directly or through the extra provided by mkdocstrings, if you want to continue using it.

Packaging / Dependencies

• Stop depending directly on mkdocstrings-python-legacy (9055d58 by Timothée Mazzucotelli). [Issue #376](mkdocstrings/mkdocstrings#376)

Features

• Pass config file path to handlers (cccebc4 by Timothée Mazzucotelli). [Issue #311](mkdocstrings/mkdocstrings#311), [PR #425](mkdocstrings/mkdocstrings#425)

Code Refactoring

• Support options / deprecated options mix-up (7c71f26 by Timothée Mazzucotelli).
• Deprecate watch feature in favor of MkDocs' built-in one (c20022e by Timothée Mazzucotelli).
• Log relative template paths if possible, instead of absolute (91f5f83 by Timothée Mazzucotelli).
• Deprecate selection and rendering YAML keys (3335310 by Timothée Mazzucotelli). [PR #420](mkdocstrings/mkdocstrings#420)
• Deprecate BaseCollector and BaseRenderer (eb822cb by Timothée Mazzucotelli). [PR #413](mkdocstrings/mkdocstrings#413)

• d965ccc chore: Prepare release 0.19.1
• 348bdd5 fix: Fix regular expression for Sphinx inventory parsing
• a5ed211 chore: Add JSON schema for plugin's options
• 6c3ef79 docs: Small improvement
• 34a1512 chore: Template upgrade
• eeeb97b chore: Template upgrade
• 995e5dc docs: Remove mention of deprecated watch feature from recipes
• 20f6ea4 Merge branch 'master' of github.com:mkdocstrings/mkdocstrings
• efa00b2 docs: Clarify custom_templates folder location in options documentation
• e2fb97b chore: Template upgrade
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from safety's releases.

2.3.5

No release notes provided.

2.3.4

No release notes provided.

2.3.3

No release notes provided.

2.3.2

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

2.3.1

No release notes provided.

2.3.0

What's Changed

• Safety Alerts: GitHub PRs and GitHub issues support by @​cb22 in pyupio/safety#411
• Safety 2.3.0 patch by @​cb22 in pyupio/safety#415

Full Changelog: https://github.com/pyupio/safety/compare/2.2.1...2.3.0

2.2.1

What's Changed

• Pull from Master by @​yeisonvargasf in pyupio/safety#410
• Common fixes for next release by @​yeisonvargasf in pyupio/safety#412
• 2.2.1 Patch by @​yeisonvargasf in pyupio/safety#414

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

... (truncated)

Sourced from safety's changelog.

[2.3.5] - 2022-12-08

• Pinned packaging dependency to a compatible range.
• Pinned the CI actions to the runner image with Python 3.6 support.

[2.3.4] - 2022-12-07

• Removed LegacyVersion use; this fixes the issue with packaging 22.0.
• Fixed typos in the README.
• Added Python 3.11 to the classifiers in the setup.cfg.

[2.3.3] - 2022-11-27

• Fixed recursive requirements issue when an unpinned package is found.

[2.3.2] - 2022-11-21

• Fixed #423: Bare output includes extra line in non-screen output with no vulnerabilities.
• Fixed #422: ResourceWarning (unclosed socket) in safety v.2.3.1.
• Fixed telemetry data missing when the CLI mode is used.
• Fixed wrong database fetching when the KEY and the database arguments are used at the same time.
• Added SAFETY_PURE_YAML env var, used for cases that require pure Python in the YAML parser.

[2.3.1] - 2022-10-05

• Add safety.alerts module to setup.cfg

[2.3.0] - 2022-10-05

• Safety can now create GitHub PRs and Issues for vulnerabilities directly, with the new safety alert subcommand.
• Support for GitHub PR and Issue alerting has been added to the GitHub Action.

[2.2.1] - 2022-10-04

• Fixed the use of the SAFETY_COLOR environment variable
• Fixed bug in the case of vulnerabilities without a CVE linked
• Fixed GitHub version in the README

[2.2.0] - 2022-09-19

• Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
• Added logic for custom integrations like pipenv check.
• The --db flag is compatible remote sources too.
• Added more logging
• Upgrade dparse dependency to avoid a possible ReDos security issue
• Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

... (truncated)

• d8bd6f7 Version 2.3.5
• a10fbd8 Merge pull request #444 from pyupio/develop
• 7b24998 Test integration for 2.3.4
• 7d6dd5e Update the OS mapping in the binaries file.
• b62b75c Merge pull request #443 from pyupio/fix/pin-compatible-packaging-versions
• 93598ae Pin the ubuntu version to be used for the CI.
• aa1b153 Use packaging versions < 22.0 to prevent issues.
• f78823c Starting version 2.3.5.dev
• 9164106 Merge pull request #442 from pyupio/main
• 46d54bc Version 2.3.4
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)