build(release): v1.1#695
Merged
Merged
Conversation
The legacy Location.csv has a SiteNames column that was never transferred into the ThingIdLink table. This left site_name null for all wells in the API response. The script reads SiteNames from the CSV and inserts NMBGMR ThingIdLink rows for all matched wells. It is idempotent and safe to re-run after future well transfers.
Org-only contacts (no personal name) were returning a null label in search results. Use c.name or c.organization so those contacts appear with their organization name instead of a blank title.
PointID is not unique across all rows in Location.csv (MB-1005 appears twice with different SiteNames). Switch to matching LocationId against Thing.nma_pk_location, which is the UUID primary key from NM_Aquifer and has higher fidelity. Suggested by jacob-a-brown in PR #668.
…ntact-Names Fall back to organization name for org-only contacts in search
…script BDMS-787 site_name script
Added Cerro MDWCA, White Oaks Pottery, and El Rito MDWCA sa organizations to support the well inventory ingestion on 2026-05-01.
…ations Add new organization terms for well inventory ingestion
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.26 to 0.0.27. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.26...0.0.27) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.27 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [mako](https://github.com/sqlalchemy/mako) from 1.3.11 to 1.3.12. - [Release notes](https://github.com/sqlalchemy/mako/releases) - [Changelog](https://github.com/sqlalchemy/mako/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/mako/commits) --- updated-dependencies: - dependency-name: mako dependency-version: 1.3.12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.3...2.7.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.11 to 1.6.12. - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.11...1.6.12) --- updated-dependencies: - dependency-name: authlib dependency-version: 1.6.12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
NO TICKET: Add new required env to .env.example
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) --- updated-dependencies: - dependency-name: idna dependency-version: '3.15' dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ge of Hope, and WSP
…for-well-inventory-ingestion-20260526 feat(lexicon): add new organization terms in support of the 2026-05-26 well inventory ingestion
…679) Bumps the gha-minor-and-patch group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v6.0.2...v6.0.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary
Adopt the Data Services Versioning Standard on OcotilloAPI. Wires
release-please + tag-triggered deploy per spec §§5–10.
- Bump `pyproject.toml` to **1.0.0**, add
`.release-please-manifest.json` + `release-please-config.json`.
- Add `release-please` workflow watching `production` and `hotfix/v*`.
- Add `hotfix-start` workflow (`workflow_dispatch`) that branches
`hotfix/vX.Y.(Z+1)` off the latest (or specified) `v*.*.*` tag.
- Add PR title lint (Conventional Commits).
- Retarget `CD (Production)` to fire on `v*.*.*` tag push (no more
push-to-branch deploys); drop the self-tagging step; inject
`APP_VERSION` into App Engine env.
- Surface version: `Settings.version` reads `APP_VERSION` env, falls
back to `importlib.metadata.version("OcotilloAPI")`. Public OpenAPI uses
`settings.version` (was hardcoded `0.0.1`). New `/health` returns
`{status, version}`.
- Remove obsolete Sentry release workflow.
## Why
Implements the Data Services Versioning Standard. Pins the public
contract at **1.0.0** so SemVer rules engage going forward.
## Release flow after merge
1. Merge this PR to `staging` (CD Staging deploys to staging env as
usual).
2. Open separate `staging` -> `production` promotion PR when ready to
cut 1.0.0.
3. On merge to `production`, `release-please` opens a Release PR titled
`chore(production): release 1.0.0`.
4. Merge the Release PR -> `v1.0.0` tag + GitHub Release created
automatically.
5. Tag push fires `CD (Production)` -> Alembic migrations + App Engine
deploy.
## Follow-up (manual, not in this PR)
- Apply branch protection on `production` (required reviews + status
checks). Squash-only merge is already enforced at the repo level.
## Test plan
- [ ] CI: `pr-title-lint` passes.
- [ ] CI: `unit-tests` / `bdd-tests` pass against the new `/health`
endpoint + `settings.version` change.
- [ ] Local: `curl localhost:8000/health` returns
`{"status":"ok","version":"1.0.0"}`.
- [ ] After staging deploy: hit the staging `/health` and confirm
version field present.
- [ ] After staging -> production promotion: `release-please` Release PR
appears on `production`.
- [ ] After Release PR merge: `v1.0.0` tag exists, `CD (Production)`
succeeds, prod `/health` returns the tagged version.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DataIntegrationGroup/OcotilloAPI/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…load (BDMS-828) (#683) Adds a single endpoint that uploads a digital asset to GCS and records it in the database in one step. Accepts multipart/form-data with the file, a required thing_id, and optional label/name fields. ### **Why** - The existing API required two separate calls to upload a photo: `POST /asset/upload` (GCS only) then `POST /asset` (DB only), forcing the UI to chain requests and handle intermediate state - The ticket requires a single endpoint where the back-end handles both the GCS upload and database record creation atomically ### **How** - Added `POST /asset/upload-and-record` to `api/asset.py` with multipart form fields: `file` (required), `thing_id` (required), `label` and `name` (optional) - Validates file type before uploading — accepts JPEG, PNG, GIF, WebP, TIFF, PDF, and plain text; rejects all others with 400 - Enforces a 250 MB size limit with 400 on violation - Guards against duplicate uploads — if the same file is re-uploaded for the same Thing, the existing asset record is returned instead of creating a duplicate - Creates `Asset` DB record and `AssetThingAssociation` in one transaction using existing `gcs_upload`, `check_asset_exists`, and `audit_add` helpers - Fixed a pre-existing bug in `audit_helper.py` where `AUTHENTIK_DISABLE_AUTHENTICATION=1` caused a `TypeError` by returning `True` instead of a user claims dict ### **Notes** - The `audit_helper.py` fix affects all endpoints that call `audit_add`, not just this one — it is a defensive guard (`isinstance(user, dict)`) that is a no-op in production where auth is always enabled - The existing `/asset/upload` and `POST /asset` two-step endpoints are unchanged and still available - 649 tests passing, 0 failures - Manually tested via Swagger (`/docs-auth`) — uploaded a JPEG (88,964 bytes), file was stored in GCS as `test_49e37e503db40eeb09e1e4d0f7c76c8c.JPG`, DB record created with id=1, uri=https://storage.cloud.google.com/ocotillo/uploads/test_49e37e503db40eeb09e1e4d0f7c76c8c.JPG, release_status=draft, storage_service=gcs Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.32.0 to 21.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/virtualenv/releases">virtualenv's releases</a>.</em></p> <blockquote> <h2>21.2.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Move SECURITY.md to .github/SECURITY.md by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3077">pypa/virtualenv#3077</a></li> <li>Standardize .github files to .yaml suffix by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3079">pypa/virtualenv#3079</a></li> <li>Add type annotations to embed wheel generator output by <a href="https://github.com/rahuldevikar"><code>@rahuldevikar</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3085">pypa/virtualenv#3085</a></li> <li>fix broken README heading introduced in docs restructure by <a href="https://github.com/rahuldevikar"><code>@rahuldevikar</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3088">pypa/virtualenv#3088</a></li> <li>🐛 fix(bash): use BASH_SOURCE in activate relocation by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3091">pypa/virtualenv#3091</a></li> <li>🐛 fix(create): prevent venv from racing virtualenv on gitignore creation by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3092">pypa/virtualenv#3092</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/21.1.0...21.2.0">https://github.com/pypa/virtualenv/compare/21.1.0...21.2.0</a></p> <h2>21.1.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>add comprehensive type annotations across the entire codebase by <a href="https://github.com/rahuldevikar"><code>@rahuldevikar</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3076">pypa/virtualenv#3076</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/21.0.0...21.1.0">https://github.com/pypa/virtualenv/compare/21.0.0...21.1.0</a></p> <h2>21.0.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>♻️ refactor(discovery): extract py_discovery as self-contained package by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3070">pypa/virtualenv#3070</a></li> <li>📝 docs(changelog): add removal entry for python-discovery extraction by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3074">pypa/virtualenv#3074</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/20.39.1...21.0.0">https://github.com/pypa/virtualenv/compare/20.39.1...21.0.0</a></p> <h2>20.39.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Align dependency versions across projects by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3069">pypa/virtualenv#3069</a></li> <li>✨ feat(create): add RustPython support by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3071">pypa/virtualenv#3071</a></li> <li>🐛 fix(create): add pythonw3.exe to Windows venvs by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3073">pypa/virtualenv#3073</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/virtualenv/compare/20.39.0...20.39.1">https://github.com/pypa/virtualenv/compare/20.39.0...20.39.1</a></p> <h2>20.39.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Move from extras to dependency-groups by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3056">pypa/virtualenv#3056</a></li> <li>🐛 fix(sdist): include tox.toml in sdist by <a href="https://github.com/gaborbernat"><code>@gaborbernat</code></a> in <a href="https://redirect.github.com/pypa/virtualenv/pull/3063">pypa/virtualenv#3063</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst">virtualenv's changelog</a>.</em></p> <blockquote> <h1>Features - 21.2.0</h1> <ul> <li>Update embed wheel generator (<code>tasks/upgrade_wheels.py</code>) to include type annotations in generated output - by :user:<code>rahuldevikar</code>. (:issue:<code>3075</code>)</li> </ul> <h1>Bugfixes - 21.2.0</h1> <ul> <li>Pass <code>--without-scm-ignore-files</code> to subprocess venv on Python 3.13+ so virtualenv controls <code>.gitignore</code> creation, fixing flaky <code>test_create_no_seed</code> and <code>--no-vcs-ignore</code> being ignored in subprocess path - by :user:<code>gaborbernat</code>. (:issue:<code>3089</code>)</li> <li>Use <code>BASH_SOURCE[0]</code> instead of <code>$0</code> in the bash activate script relocation fallback, fixing incorrect <code>PATH</code> when sourcing the activate script from a different directory - by :user:<code>gaborbernat</code>. (:issue:<code>3090</code>)</li> </ul> <hr /> <p>v21.1.0 (2026-02-27)</p> <hr /> <h1>Features - 21.1.0</h1> <ul> <li>Add comprehensive type annotations across the entire codebase and ship a PEP 561 <code>py.typed</code> marker so downstream consumers and type checkers recognize virtualenv as an inline-typed package - by :user:<code>rahuldevikar</code>. (:issue:<code>3075</code>)</li> </ul> <hr /> <p>v21.0.0 (2026-02-25)</p> <hr /> <h1>Deprecations and Removals - 21.0.0</h1> <ul> <li>The Python discovery logic has been extracted into a standalone <code>python-discovery</code> package on PyPI (<code>documentation <https://python-discovery.readthedocs.io/></code>_) and is now consumed as a dependency. If you previously imported discovery internals directly (e.g. <code>from virtualenv.discovery.py_info import PythonInfo</code>), switch to <code>from python_discovery import PythonInfo</code>. Backward-compatibility re-export shims are provided at <code>virtualenv.discovery.py_info</code>, <code>virtualenv.discovery.py_spec</code>, and <code>virtualenv.discovery.cached_py_info</code>, however these are considered unsupported and may be removed in a future release - by :user:<code>gaborbernat</code>. (:issue:<code>3070</code>)</li> </ul> <hr /> <p>v20.39.1 (2026-02-25)</p> <hr /> <h1>Features - 20.39.1</h1> <ul> <li>Add support for creating virtual environments with RustPython - by :user:<code>elmjag</code>. (:issue:<code>3010</code>)</li> </ul> <hr /> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/virtualenv/commit/0b6f4445da2560cb11c4808ead464d94ffdf1b05"><code>0b6f444</code></a> release 21.2.0</li> <li><a href="https://github.com/pypa/virtualenv/commit/e1af35dc7808e75410c55490c35421f461af2920"><code>e1af35d</code></a> 🐛 fix(create): prevent venv from racing virtualenv on gitignore creation (<a href="https://redirect.github.com/pypa/virtualenv/issues/3092">#3092</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/f05bf08f6e2b6fe313aa7378475a30d6151180e2"><code>f05bf08</code></a> 🐛 fix(bash): use BASH_SOURCE in activate relocation (<a href="https://redirect.github.com/pypa/virtualenv/issues/3091">#3091</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/0cd0e09526863f46f91a4afc057f179fdacf3878"><code>0cd0e09</code></a> fix broken README heading introduced in docs restructure (<a href="https://redirect.github.com/pypa/virtualenv/issues/3088">#3088</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/b7ab17e4739322cf2793ff348e8b2c15c6ebcffe"><code>b7ab17e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/pypa/virtualenv/issues/3087">#3087</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/f2062bc8ece1d142523209af4785d302f83e6807"><code>f2062bc</code></a> chore(deps): bump astral-sh/setup-uv from 4 to 7 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3086">#3086</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/eb27e55d716d8836b24296efa3a73b98ff1b29e8"><code>eb27e55</code></a> Add type annotations to embed wheel generator output (<a href="https://redirect.github.com/pypa/virtualenv/issues/3085">#3085</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/fbb3bd183f2f98bfa68211e014db8995dae64b79"><code>fbb3bd1</code></a> chore(deps): bump peter-evans/create-pull-request from 7 to 8 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3081">#3081</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/a1d3963f1c078a2a7b56af14cf824e254531de65"><code>a1d3963</code></a> chore(deps): bump actions/setup-python from 5 to 6 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3080">#3080</a>)</li> <li><a href="https://github.com/pypa/virtualenv/commit/e768d5632065d45a06c4d2e99610e1c92a267166"><code>e768d56</code></a> chore(deps): bump actions/upload-artifact from 4 to 7 (<a href="https://redirect.github.com/pypa/virtualenv/issues/3082">#3082</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/virtualenv/compare/20.32.0...21.2.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.7.1 to 9.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/importlib_metadata/blob/main/NEWS.rst">importlib-metadata's changelog</a>.</em></p> <blockquote> <h1>v9.0.0</h1> <h2>Deprecations and Removals</h2> <ul> <li>Added <code>MetadataNotFound</code> (subclass of <code>FileNotFoundError</code>) and updated <code>Distribution.metadata</code>/<code>metadata()</code> to raise it when the metadata files are missing instead of returning <code>None</code><code>python/cpython#143387</code><a href="https://redirect.github.com/python/importlib_metadata/issues/532">#532</a>)</li> </ul> <h1>v8.9.0</h1> <h2>Features</h2> <ul> <li><code>python/cpython#110937</code><a href="https://redirect.github.com/python/cpython/issues/140141">python/cpython#140141</a>, <a href="https://redirect.github.com/python/cpython/issues/143658">python/cpython#143658</a>)</li> </ul> <h1>v8.8.0</h1> <h2>Features</h2> <ul> <li>Removed Python 3.9 compatibility.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/importlib_metadata/commit/a9f883fef337c667a81a987bc0cbc0dbb43b2bfe"><code>a9f883f</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/9b0dfdfe2e187dca6644007570189aadc6c97a34"><code>9b0dfdf</code></a> Raise an exception when no metadata file is found (<a href="https://redirect.github.com/python/importlib_metadata/issues/532">#532</a>)</li> <li><a href="https://github.com/python/importlib_metadata/commit/0f2229ca84f20be2ceaaa4c62a276fa9b003f5bc"><code>0f2229c</code></a> Merge branch 'main' into feature/no-metadata-exception</li> <li><a href="https://github.com/python/importlib_metadata/commit/2f4088e490a73ac7f39b86214d2da16d2eb1ff39"><code>2f4088e</code></a> Remove news fragments about internal details.</li> <li><a href="https://github.com/python/importlib_metadata/commit/0ac27203f8044daf634c22f385838122a0707449"><code>0ac2720</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/a5c2154835facb4a9d0a6f5b3aac1f3d1ff86170"><code>a5c2154</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/e66e22634f7522e7778b66e8a8b19782a11d4943"><code>e66e226</code></a> Drop support for EOL Python 3.9 (<a href="https://redirect.github.com/python/importlib_metadata/issues/530">#530</a>)</li> <li><a href="https://github.com/python/importlib_metadata/commit/6027933ae96c9e51dd0b7ce392cb30f6fcae1940"><code>6027933</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/b89388a53bf857127e0a6860dfcfe2cd69a79ab8"><code>b89388a</code></a> Import os_helper directly.</li> <li><a href="https://github.com/python/importlib_metadata/commit/2dcb761d940b0115b786ab3b6f336af7d94630f4"><code>2dcb761</code></a> Add uniform exclusions for test.support.</li> <li>Additional commits viewable in <a href="https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…inor-and-patch group (#687) Bumps the gha-minor-and-patch group with 1 update: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv). Updates `astral-sh/setup-uv` from 8.1.0 to 8.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v8.2.0 🌈 New inputs <code>quiet</code> and <code>download-from-astral-mirror</code></h2> <h2>Changes</h2> <p>This release brings two new inputs and a few bug fixes.</p> <h3>New inputs</h3> <p>Lets talk about the new inputs first.</p> <h4>quiet</h4> <p>Pretty simple. It turns of all <code>info</code> loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"</p> <blockquote> <p>[!NOTE]<br /> Warnings and errors are always logged.</p> </blockquote> <h4>download-from-astral-mirror</h4> <p>In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting <code>download-from-astral-mirror: false</code> allows you to do that.</p> <h3>Bugfixes</h3> <p>When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.</p> <p>We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.</p> <h2>🐛 Bug fixes</h2> <ul> <li>fix: report unexpected cache save failures <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/896">#896</a>)</li> <li>fix: report unexpected setup failures <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/895">#895</a>)</li> <li>fix: add timeout to fetch to prevent silent hangs <a href="https://github.com/eifinger-bot"><code>@eifinger-bot</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/883">#883</a>)</li> <li>Limit GitHub tokens to github.com download URLs <a href="https://github.com/zsol"><code>@zsol</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/878">#878</a>)</li> <li>increase libuv-workaround timeout to 100ms <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/880">#880</a>)</li> </ul> <h2>🚀 Enhancements</h2> <ul> <li>Add quiet input to suppress info-level log output <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/898">#898</a>)</li> <li>feat: add <code>download-from-astral-mirror</code> input <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/897">#897</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>docs: update dependabot rollup biome guidance <a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/902">#902</a>)</li> <li>chore: update known checksums for 0.11.18 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/899">#899</a>)</li> <li>chore: update known checksums for 0.11.17 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/892">#892</a>)</li> <li>chore: update known checksums for 0.11.16 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/889">#889</a>)</li> <li>chore: update known checksums for 0.11.15 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/885">#885</a>)</li> <li>chore: update known checksums for 0.11.14 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/879">#879</a>)</li> <li>chore: update known checksums for 0.11.13 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/877">#877</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/setup-uv/commit/fac544c07dec837d0ccb6301d7b5580bf5edae39"><code>fac544c</code></a> chore(deps): roll up dependabot updates (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/903">#903</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/7390f777b051d6c47c9cb905ff80e7d5d85a7068"><code>7390f77</code></a> docs: update dependabot rollup biome guidance (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/902">#902</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/363c64a728451954156ddb9e3f368b879eeee5da"><code>363c64a</code></a> chore(deps): roll up dependabot updates (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/901">#901</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/c4fcbafce4f941a09e04c45c42db7a2e3ba5cd91"><code>c4fcbaf</code></a> chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/900">#900</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/8e642c5e623b521f8b6b15bbc2ba54bae583fe45"><code>8e642c5</code></a> chore: update known checksums for 0.11.18 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/899">#899</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/a92cb430984b4b2b34c9c47e020cf035089958fa"><code>a92cb43</code></a> Add quiet input to suppress info-level log output (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/898">#898</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/e07f2ac4b796a5fa8dc51ebf0a5187d0463eb4d6"><code>e07f2ac</code></a> chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/842">#842</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/bc4034eedf3a6f77238660a28089c6b201eae39f"><code>bc4034e</code></a> chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/893">#893</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/df42d4f6ba41cdcf6eda832c32439db37cc28b39"><code>df42d4f</code></a> chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/891">#891</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/b9c8c4c7baf912cbda30843477d08b3f63b0f660"><code>b9c8c4c</code></a> feat: add <code>download-from-astral-mirror</code> input (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/897">#897</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/setup-uv/compare/v8.1.0...v8.2.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/amannn/action-semantic-pull-request/releases">amannn/action-semantic-pull-request's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.5.3...v6.0.0">6.0.0</a> (2025-08-13)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>Upgrade action to use Node.js 24 and ESM (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/287">#287</a>)</li> </ul> <h3>Features</h3> <ul> <li>Upgrade action to use Node.js 24 and ESM (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/287">#287</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/bc0c9a79abfe07c0f08c498dd4a040bd22fe9b79">bc0c9a7</a>)</li> </ul> <h2>v5.5.3</h2> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.5.2...v5.5.3">5.5.3</a> (2024-06-28)</h2> <h3>Bug Fixes</h3> <ul> <li>Bump <code>braces</code> dependency (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/269">#269</a>. by <a href="https://github.com/EelcoLos"><code>@EelcoLos</code></a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/2d952a1bf90a6a7ab8f0293dc86f5fdf9acb1915">2d952a1</a>)</li> </ul> <h2>v5.5.2</h2> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.5.1...v5.5.2">5.5.2</a> (2024-04-24)</h2> <h3>Bug Fixes</h3> <ul> <li>Bump tar from 6.1.11 to 6.2.1 (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/262">#262</a> by <a href="https://github.com/EelcoLos"><code>@EelcoLos</code></a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/9a90d5a5ac979326e3bb9272750cdd4f192ce24a">9a90d5a</a>)</li> </ul> <h2>v5.5.1</h2> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.5.0...v5.5.1">5.5.1</a> (2024-04-24)</h2> <h3>Bug Fixes</h3> <ul> <li>Bump ip from 2.0.0 to 2.0.1 (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/263">#263</a> by <a href="https://github.com/EelcoLos"><code>@EelcoLos</code></a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/5e7e9acca3ddc6a9d7b640fe1f905c4fff131f4a">5e7e9ac</a>)</li> </ul> <h2>v5.5.0</h2> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.4.0...v5.5.0">5.5.0</a> (2024-04-23)</h2> <h3>Features</h3> <ul> <li>Add outputs for <code>type</code>, <code>scope</code> and <code>subject</code> (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/261">#261</a> by <a href="https://github.com/bcaurel"><code>@bcaurel</code></a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/b05f5f6423ef5cdfc7fdff00c4c10dd9a4f54aff">b05f5f6</a>)</li> </ul> <h2>v5.4.0</h2> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.3.0...v5.4.0">5.4.0</a> (2023-11-03)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md">amannn/action-semantic-pull-request's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.2.0...v5.3.0">5.3.0</a> (2023-09-25)</h2> <h3>Features</h3> <ul> <li>Use Node.js 20 in action (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/240">#240</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/4c0d5a21fc86635c67cc57ffe89d842c34ade284">4c0d5a2</a>)</li> </ul> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.1.0...v5.2.0">5.2.0</a> (2023-03-16)</h2> <h3>Features</h3> <ul> <li>Update dependencies by <a href="https://github.com/EelcoLos"><code>@EelcoLos</code></a> (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/229">#229</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/e797448a07516738bcfdd6f26ad1d1f84c58d0cc">e797448</a>)</li> </ul> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.0.2...v5.1.0">5.1.0</a> (2023-02-10)</h2> <h3>Features</h3> <ul> <li>Add regex support to <code>scope</code> and <code>disallowScopes</code> configuration (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/226">#226</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/403a6f89242a0d0d3acde94e6141b2e0f4da8838">403a6f8</a>)</li> </ul> <h3><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.0.1...v5.0.2">5.0.2</a> (2022-10-17)</h3> <h3>Bug Fixes</h3> <ul> <li>Upgrade <code>@actions/core</code> to avoid deprecation warnings (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/208">#208</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/91f4126c9e8625b9cadd64b02a03018fa22fc498">91f4126</a>)</li> </ul> <h3><a href="https://github.com/amannn/action-semantic-pull-request/compare/v5.0.0...v5.0.1">5.0.1</a> (2022-10-14)</h3> <h3>Bug Fixes</h3> <ul> <li>Upgrade GitHub Action to use Node v16 (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/207">#207</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/6282ee339b067cb8eab05026f91153f873ad37fb">6282ee3</a>)</li> </ul> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v4.6.0...v5.0.0">5.0.0</a> (2022-10-11)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>Enum options need to be newline delimited (to allow whitespace within them) (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/205">#205</a>)</li> </ul> <h3>Features</h3> <ul> <li>Enum options need to be newline delimited (to allow whitespace within them) (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/205">#205</a>) (<a href="https://github.com/amannn/action-semantic-pull-request/commit/c906fe1e5a4bcc61624931ca94da9672107bd448">c906fe1</a>)</li> </ul> <h2><a href="https://github.com/amannn/action-semantic-pull-request/compare/v4.5.0...v4.6.0">4.6.0</a> (2022-09-26)</h2> <h3>Features</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/48f256284bd46cdaab1048c3721360e808335d50"><code>48f2562</code></a> chore: Release 6.1.1 [skip ci]</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/800da4c97f618e44f972ff9bc21ab5daecc97773"><code>800da4c</code></a> fix: Parse <code>headerPatternCorrespondence</code> properly (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/295">#295</a>)</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/677b89571e961351de6fcbd96c8b2503787962e2"><code>677b895</code></a> test: Fix broken test</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/24e6f016c1e110f5353026c0b6129a4118b9146c"><code>24e6f01</code></a> ci: Fix permissions for tagger</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/7f33ba792281b034f64e96f4c0b5496782dd3b37"><code>7f33ba7</code></a> chore: Release 6.1.0 [skip ci]</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/afa4edb1c465fb22230da8ff4776a163ab5facdf"><code>afa4edb</code></a> fix: Remove trailing whitespace from "unknown release type" error message (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/291">#291</a>)</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/a30288bf13b78cca17c3abdc144db5977476fc8b"><code>a30288b</code></a> feat: Support providing regexps for types (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/292">#292</a>)</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/a46a7c8dc4bb34503174eba2f2f7ef80dffc8ed7"><code>a46a7c8</code></a> build: Move Vitest to <code>devDependencies</code> (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/290">#290</a>)</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/fdd4d3ddf614fbcd8c29e4b106d3bbe0cb2c605d"><code>fdd4d3d</code></a> chore: Release 6.0.1 [skip ci]</li> <li><a href="https://github.com/amannn/action-semantic-pull-request/commit/58e4ab40f59be79f2c432bf003e34a31174e977a"><code>58e4ab4</code></a> fix: Actually execute action (<a href="https://redirect.github.com/amannn/action-semantic-pull-request/issues/289">#289</a>)</li> <li>Additional commits viewable in <a href="https://github.com/amannn/action-semantic-pull-request/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [googleapis/release-please-action](https://github.com/googleapis/release-please-action) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/release-please-action/releases">googleapis/release-please-action's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.4.1...v5.0.0">5.0.0</a> (2026-04-22)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>upgrade to node24 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1188">#1188</a>)</li> </ul> <h3>Features</h3> <ul> <li>upgrade to node24 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1188">#1188</a>) (<a href="https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88">46dfc01</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>bump release-please from 17.3.0 to 17.6.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1199">#1199</a>) (<a href="https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765">f533c26</a>)</li> </ul> <h2>v4.4.1</h2> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.4.0...v4.4.1">4.4.1</a> (2026-02-20)</h2> <h3>Bug Fixes</h3> <ul> <li>bump release-please from 17.1.3 to 17.3.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1183">#1183</a>) (<a href="https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409">ef9c274</a>)</li> </ul> <h2>v4.4.0</h2> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.3.0...v4.4.0">4.4.0</a> (2025-10-09)</h2> <h3>Features</h3> <ul> <li>add ability to select versioning-strategy and release-as (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1121">#1121</a>) (<a href="https://github.com/googleapis/release-please-action/commit/ee0f5bae453367755be0c4340193531b3f538374">ee0f5ba</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><code>changelog-host</code> parameter ignored when using manifest configuration (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1151">#1151</a>) (<a href="https://github.com/googleapis/release-please-action/commit/535c4130c1030110bdacd1b3076f98c046c3a227">535c413</a>)</li> <li>bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1149">#1149</a>) (<a href="https://github.com/googleapis/release-please-action/commit/3612a99d75bd7a010bb03d6e2ee3e2392b7392fb">3612a99</a>)</li> <li>bump release-please from 17.1.2 to 17.1.3 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1158">#1158</a>) (<a href="https://github.com/googleapis/release-please-action/commit/66fbfe9439cb7a3660ecdc00d42573ef0bd00764">66fbfe9</a>)</li> </ul> <h2>v4.3.0</h2> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.2.0...v4.3.0">4.3.0</a> (2025-08-20)</h2> <h3>Features</h3> <ul> <li><strong>deps:</strong> update release-please to 17.1.2 (<a href="https://github.com/googleapis/release-please-action/commit/f07192c046b10acd083f4665a3d8b6350526f9df">f07192c</a>)</li> </ul> <h2>v4.2.0</h2> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.1.5...v4.2.0">4.2.0</a> (2025-03-07)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md">googleapis/release-please-action's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.1.0...v4.1.1">4.1.1</a> (2024-05-14)</h2> <h3>Bug Fixes</h3> <ul> <li>bump release-please from 16.10.0 to 16.10.2 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/969">#969</a>) (<a href="https://github.com/googleapis/release-please-action/commit/aa764e0b5db70af7b607fa690b4d1799ceb802d6">aa764e0</a>)</li> <li>bump the npm_and_yarn group with 1 update (<a href="https://redirect.github.com/googleapis/release-please-action/issues/967">#967</a>) (<a href="https://github.com/googleapis/release-please-action/commit/ce529d4a4014c4760ec75d3ba6482e3b80d58862">ce529d4</a>)</li> </ul> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.0.3...v4.1.0">4.1.0</a> (2024-03-11)</h2> <h3>Features</h3> <ul> <li>add <code>changelog-host</code> input to <code>action.yml</code> (<a href="https://redirect.github.com/googleapis/release-please-action/issues/948">#948</a>) (<a href="https://github.com/googleapis/release-please-action/commit/863b06fd1cd7f36c1d74d697ddebe3cf5be4c6b0">863b06f</a>)</li> </ul> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.0.2...v4.0.3">4.0.3</a> (2024-03-11)</h2> <h3>Bug Fixes</h3> <ul> <li>bump release-please from 16.5.0 to 16.10.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/953">#953</a>) (<a href="https://github.com/googleapis/release-please-action/commit/d7e88e0fd9e1a56d1075f610183d571f8347ff9b">d7e88e0</a>)</li> </ul> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.0.1...v4.0.2">4.0.2</a> (2023-12-18)</h2> <h3>Bug Fixes</h3> <ul> <li>bump release-please from 16.4.0 to 16.5.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/905">#905</a>) (<a href="https://github.com/googleapis/release-please-action/commit/df719633a752e335dfde3e62e037315a25ecf6fc">df71963</a>)</li> <li>log release-please version (<a href="https://redirect.github.com/googleapis/release-please-action/issues/910">#910</a>) (<a href="https://github.com/googleapis/release-please-action/commit/2a496d1db5f8860ae46f6066f5dcb73490a99d02">2a496d1</a>), closes <a href="https://redirect.github.com/googleapis/release-please-action/issues/325">#325</a></li> </ul> <h2><a href="https://github.com/googleapis/release-please-action/compare/v4.0.0...v4.0.1">4.0.1</a> (2023-12-07)</h2> <h3>Bug Fixes</h3> <ul> <li>bump release-please from 16.3.1 to 16.4.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/897">#897</a>) (<a href="https://github.com/googleapis/release-please-action/commit/2463dad9b20163a40708db720b9fde34c2a2ab0e">2463dad</a>)</li> </ul> <h2><a href="https://github.com/googleapis/release-please-action/compare/v3.7.13...v4.0.0">4.0.0</a> (2023-12-01)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>remove most configuration options in favor of manifest configuration to configure the release-please-action</li> <li>rewrite in typescript</li> <li>remove command option in favor of setting <code>release-type</code> and <code>skip-github-release</code>/<code>skip-github-pull-request</code></li> <li>run on node20</li> <li><strong>deps:</strong> upgrade release-please to v16</li> <li>v4 release</li> </ul> <h3>Features</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/release-please-action/commit/45996ed1f6d02564a971a2fa1b5860e934307cf7"><code>45996ed</code></a> chore(main): release 5.0.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1200">#1200</a>)</li> <li><a href="https://github.com/googleapis/release-please-action/commit/a8121b99c9779b09ad890de46417b7cad74eb3a2"><code>a8121b9</code></a> chore: build dist (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1201">#1201</a>)</li> <li><a href="https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765"><code>f533c26</code></a> fix: bump release-please from 17.3.0 to 17.6.0 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1199">#1199</a>)</li> <li><a href="https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88"><code>46dfc01</code></a> feat!: upgrade to node24 (<a href="https://redirect.github.com/googleapis/release-please-action/issues/1188">#1188</a>)</li> <li>See full diff in <a href="https://github.com/googleapis/release-please-action/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Switch the workflow trigger from push of v*.*.* tags to the GitHub release `published` event so production only deploys when a release is actually cut (e.g. via release-please), not on every matching tag push. Check out the release tag explicitly and use github.event.release.tag_name for APP_VERSION since github.ref on a release event points to the default branch, not the tag. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…to-staging-3 chore: merge production into staging (real merge commit)
Preserve the safety rail the previous push.tags trigger provided. A release.published event will fire for any tag, so add: - job-level if: startsWith(tag, 'v') as a cheap pre-filter - first-step bash regex (^v[0-9]+\.[0-9]+\.[0-9]+(-.+|[a-z].*)?$) that fails the run on a mismatch Matches the original v*.*.*, v*.*.*-*, v*.*.*[a-z]* patterns so an ad-hoc release on a non-version tag no longer deploys to production. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
actions/checkout's ref accepts ambiguous short names. If a branch were ever created with the same name as a release tag, the deploy would check out the branch instead of the tagged commit. Use the fully-qualified refs/tags/<tag> form to remove the ambiguity. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…-release-published ci: trigger CD (Production) on release publish
### Why - `test_associate_assets_command_calls_service` fails: `AttributeError: 'CliRunner' object has no attribute 'isolated_filesystem'` - Click's `CliRunner` dropped the `isolated_filesystem()` context manager in the version now resolved. ### How - Use the pytest `tmp_path` fixture to create the `asset_import_batch` dir, matching the pattern other tests in this file already use ([tests/test_cli_commands.py:257](tests/test_cli_commands.py:257)). - Black additionally normalized one unrelated `textwrap.dedent` block in `test_water_levels_cli_persists_observations` (pre-existing format drift the pre-commit hook fixed). ### Notes - Local run still blocked by Postgres auth in dev `.env`; CI exercises it. --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: jirhiker <2035568+jirhiker@users.noreply.github.com>
### Why Two related groups of fixes, combined here (asset changes migrated from #701, which is now closed): **CD workflow indentation** - `steps:` blocks in `CD_staging.yml`, `CD_production.yml`, `CD_testing.yml` had list items at the same column as `steps:`. Valid YAML but unconventional; confused review tooling. **Asset upload orphan-blob safety** (`POST /asset/upload-and-record`) - File was uploaded to GCS before validating `thing_id` and before the DB write; a failure left an orphaned blob with no Asset row. ### How **Workflows** - Reindent all three CD workflows to standard 2-space style (`git diff -w` ≈ no-op on deploy logic). - Join a broken multi-line `git tag -m "..."` in CD_testing.yml. - Includes Copilot autofix commits on the workflow files. **Asset upload** - `gcs_upload` now returns `(uri, blob_name, created)`; `created=False` on hash-dedup hit. All callers updated. - On DB-write failure: rollback, then delete the blob **only** when this request created it AND no Asset row still references it (blobs are content-hash-named and can be shared across Things). - Entire cleanup path wrapped so rollback / reference-query / delete failures are logged but never mask the original commit exception. - `session.refresh()` moved outside the cleanup block (post-commit; must not trigger deletion). - 3 new tests in `tests/test_asset.py` cover the failure paths. ### Notes - **Merge with "Create a merge commit"** if it touches release flow; otherwise standard squash is fine since this is a feature branch into staging. --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
### Why - Deploy buildpack fails: ``` ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not: joserfc>=1.6.0 ... (from authlib==1.7.2->-r requirements.txt (line 225)) ``` - authlib `1.6.x → 1.7.2` added **joserfc** as a new runtime dependency. The lockfile bump updated `uv.lock` / `pyproject.toml` but `requirements.txt` was not regenerated, so joserfc was missing. pip then resolved it transitively as the unpinned `joserfc>=1.6.0`, which `--require-hashes` rejects. ### How - Add `joserfc==1.7.1` with its sdist + `py3-none-any` wheel hashes copied from `uv.lock`. Pure-python wheel → platform-independent, so both hashes are complete. - Verified joserfc is the **only** non-dev dependency present in `uv.lock` but missing from `requirements.txt` (all other gaps are dev-group deps excluded by `--no-dev`). ### Notes - Surgical one-package insert rather than a full `uv export` regen (local uv 0.9.7 emits a different per-platform hash set than CI, which would churn ~1000 lines). - **Production is currently broken by this** — staging→production release will carry the fix; if production needs it sooner, cherry-pick to a `hotfix/v*` branch. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
…y) (#705) ### Why Deploy buildpack fails again — next unpinned transitive after the joserfc fix ([#704](#704)): ``` ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not: python-discovery>=1.4 (from virtualenv==21.4.2->-r requirements.txt (line 2393)) ``` Root cause: `pre-commit` was listed in main `[project.dependencies]`, so it (and its whole toolchain — virtualenv, identify, nodeenv, cfgv, distlib, platformdirs) shipped to production. `virtualenv 21.x` introduced the unpinned transitive `python-discovery>=1.4`, which pip `--require-hashes` rejects. ### How - Move `pre-commit` from `[project.dependencies]` → `[dependency-groups] dev`. It's a dev-only tool, never imported by app code. - `uv lock` + `uv export --no-dev` regenerate the lock and requirements. - Result: pre-commit + entire chain (incl. virtualenv → python-discovery) removed from the production requirement set. ### Verification - Every non-dev package in `uv.lock` is still pinned + hashed in `requirements.txt`; only dev-group deps are absent. - Confirmed the linux `cp313` x86_64 wheels the buildpack installs are present (checked yarl). - `uv lock --check` passes. ### Notes - Large `requirements.txt` churn: besides removing the pre-commit chain, local `uv 0.9.7` emits only the py3.13-relevant wheel hashes (lock `requires-python >=3.13`) vs the old broader set. Functionally complete for the deploy target; CD regenerates with the same `uv export --no-dev` anyway. - `uv.lock` `revision` bumped 2 → 3 by uv; CD uses `setup-uv` latest (forward-compatible). - Unblocks the release build on [#695](#695) once merged to staging. --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tlsfuzzer/python-ecdsa/releases">ecdsa's releases</a>.</em></p> <blockquote> <h2>0.19.2</h2> <p>Bug fixes:</p> <ul> <li>Fix CVE-2026-33936, a DER parsing issue in <code>remove_octet_string()</code>, <code>remove_constructed()</code>, and <code>remove_implitic()</code> where a truncated buffer wasn't detected. This can lead to high level functions, like <code>SigningKey.from_der()</code> to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))</li> </ul> <p>Maintenance:</p> <ul> <li>Update CI to use newer version of Ubuntu.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS">ecdsa's changelog</a>.</em></p> <blockquote> <ul> <li>Release 0.19.2 (26 Mar 2026)</li> </ul> <p>Bug fixes:</p> <ul> <li>Fix CVE-2026-33936, a DER parsing issue in <code>remove_octet_string()</code>, <code>remove_constructed()</code>, and <code>remove_implitic()</code> where a truncated buffer wasn't detected. This can lead to high level functions, like <code>SigningKey.from_der()</code> to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))</li> </ul> <p>Maintenance:</p> <ul> <li> <p>Update CI to use newer version of Ubuntu.</p> </li> <li> <p>Release 0.19.1 (13 Mar 2025)</p> </li> </ul> <p>New API:</p> <ul> <li><code>der.remove_implitic</code> and <code>der.encode_implicit</code> for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes</li> </ul> <p>Bug fixes:</p> <ul> <li>Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)</li> <li>Fix arithmetic to work with curves that have (0, 0) on the curve</li> <li>Fix canonicalization of signatures when <code>s</code> is just slightly above half of curve order</li> </ul> <p>Maintenance:</p> <ul> <li> <p>Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)</p> </li> <li> <p>Officialy support Python 3.12 and 3.13 (add them to CI)</p> </li> <li> <p>Removal of few more unnecessary <code>six.b</code> literals (Alexandre Detiste)</p> </li> <li> <p>Fix typos in warning messages</p> </li> <li> <p>Release 0.19.0 (08 Apr 2024)</p> </li> </ul> <p>New API:</p> <ul> <li><code>to_ssh</code> in <code>VerifyingKey</code> and <code>SigningKey</code>, supports Ed25519 keys only (Pablo Mazzini)</li> </ul> <p>New features:</p> <ul> <li>Support for twisted Brainpool curves</li> </ul> <p>Doc fix:</p> <ul> <li>Fix curve equation in glossary</li> <li>Documentation for signature encoding and signature decoding functions</li> </ul> <p>Maintenance:</p> <ul> <li>Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3"><code>bd66899</code></a> Merge commit from fork</li> <li><a href="https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db"><code>9c046ee</code></a> tests: reject truncated DER lengths</li> <li><a href="https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface"><code>acc40fd</code></a> der: reject truncated lengths in octet/implicit/constructed</li> <li><a href="https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec"><code>55aca78</code></a> Merge pull request <a href="https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363">#363</a> from gstarovo/ubuntu20-deprecation</li> <li><a href="https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf"><code>c4f0df1</code></a> chore: change to ubuntu-22 since u-20 is deprecated</li> <li>See full diff in <a href="https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DataIntegrationGroup/OcotilloAPI/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
This PR addresses the following problem / context:
How
Implementation summary - the following was changed / added / removed:
Notes
Any special considerations, workarounds, or follow-up work to note?