Skip to content

Release v7.5.0#349

Merged
jtherrmann merged 11 commits into
mainfrom
develop
May 23, 2025
Merged

Release v7.5.0#349
jtherrmann merged 11 commits into
mainfrom
develop

Conversation

@jtherrmann
Copy link
Copy Markdown
Contributor

@jtherrmann jtherrmann commented May 22, 2025

No description provided.

dependabot Bot and others added 11 commits May 12, 2025 03:19
@dependabot
Bump ruff from 0.11.8 to 0.11.9
02586e6 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.8 to 0.11.9.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.8...0.11.9)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jtherrmann
Merge pull request #345 from ASFHyP3/dependabot/pip/ruff-0.11.9
e3f56f6 
Bump ruff from 0.11.8 to 0.11.9
@dependabot
Bump ASFHyP3/actions from 0.18.1 to 0.19.0
42277b9 
Bumps [ASFHyP3/actions](https://github.com/asfhyp3/actions) from 0.18.1 to 0.19.0.
- [Release notes](https://github.com/asfhyp3/actions/releases)
- [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md)
- [Commits](ASFHyP3/actions@v0.18.1...v0.19.0)

---
updated-dependencies:
- dependency-name: ASFHyP3/actions
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump ruff from 0.11.9 to 0.11.10
2d8474f 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.9 to 0.11.10.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.9...0.11.10)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.11.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@jtherrmann
Merge pull request #346 from ASFHyP3/dependabot/github_actions/ASFHyP…
dc87c7c 
…3/actions-0.19.0

Bump ASFHyP3/actions from 0.18.1 to 0.19.0
@jtherrmann
Merge pull request #347 from ASFHyP3/dependabot/pip/ruff-0.11.10
9154c7f 
Bump ruff from 0.11.9 to 0.11.10
@jtherrmann
Support EDC Sandbox API URLs
576adc0
@jtherrmann
test hyp3 api path and cookie
a530d99
@jtherrmann
add more endpoint url test cases
1904827
@jtherrmann
changelog
a2884cb
@jtherrmann
Merge pull request #348 from ASFHyP3/api-url-paths
000bbbf 
Support EDC Sandbox API URLs
@jtherrmann jtherrmann requested review from a team as code owners May 22, 2025 23:52
github-advanced-security[bot]
github-advanced-security AI found potential problems May 22, 2025
View reviewed changes
Comment thread .github/workflows/changelog.yml
jobs:
call-changelog-check-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 year ago

To fix the issue, we will add a permissions block at the root of the workflow file. Since this workflow is only triggering a reusable workflow for a changelog check, it likely only needs contents: read permissions. This will ensure that the GITHUB_TOKEN used in the workflow has minimal privileges, reducing the risk of unintended write operations.

Suggested changeset 1
.github/workflows/changelog.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@@ -1,2 +1,4 @@
 name: Changelog updated?
+permissions:
+  contents: read
 on:
EOF
@@ -1,2 +1,4 @@
name: Changelog updated?
permissions:
contents: read
on:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Comment thread .github/workflows/labeled-pr.yml
jobs:
call-labeled-pr-check-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.18.1
uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.19.0

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 year ago

To fix the issue, we will add a permissions block at the root of the workflow file. This block will define the minimal permissions required for the workflow. Since the workflow is related to pull requests and labels, it likely requires contents: read and pull-requests: write. These permissions will allow the workflow to read repository contents and modify pull request labels without granting unnecessary write access to other resources.

Suggested changeset 1
.github/workflows/labeled-pr.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/labeled-pr.yml b/.github/workflows/labeled-pr.yml
--- a/.github/workflows/labeled-pr.yml
+++ b/.github/workflows/labeled-pr.yml
@@ -2,2 +2,6 @@
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
EOF
@@ -2,2 +2,6 @@

permissions:
contents: read
pull-requests: write

on:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2025
edited by asjohnston-asf
Loading

Developer checklist

  • Indicated the level of changes to this package by affixing one of these labels:
    • major -- Major changes to the API that may break current workflows
    • minor -- Minor changes to the API that do not break current workflows
    • patch -- Patches and bugfixes for the current version that do not break current workflows
    • bumpless -- Changes to documentation, CI/CD pipelines, etc. that don't affect the software's version
  • (If applicable) Updated the dependencies and indicated any downstream changes that are required
  • Added/updated documentation for these changes
  • Added/updated tests for these changes
  • Verified changes in test deployment and summarized results, e.g. in PR description or comments on the related issue(s)

Reviewer checklist

  • Have all dependencies been updated?
  • Is the level of changes labeled appropriately?
  • Are all the changes described appropriately in CHANGELOG.md?
  • Has the documentation been adequately updated?
  • Are the tests adequate?
  • Have the changes been verified in the test deployment?

@jtherrmann jtherrmann added the minor Bump the minor version number of this project label May 22, 2025
@jtherrmann jtherrmann merged commit 2aea5f1 into main May 23, 2025
18 of 19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asjohnston-asf asjohnston-asf asjohnston-asf approved these changes

Assignees

No one assigned

Labels

minor Bump the minor version number of this project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jtherrmann @asjohnston-asf @github-advanced-security