Bump https://github.com/astral-sh/ruff-pre-commit from v0.15.16 to 0.15.17 in the pre-commit group#7536
Conversation
Bumps the pre-commit group with 1 update: [https://github.com/astral-sh/ruff-pre-commit](https://github.com/astral-sh/ruff-pre-commit). Updates `https://github.com/astral-sh/ruff-pre-commit` from v0.15.16 to 0.15.17 - [Release notes](https://github.com/astral-sh/ruff-pre-commit/releases) - [Commits](astral-sh/ruff-pre-commit@v0.15.16...v0.15.17) --- updated-dependencies: - dependency-name: https://github.com/astral-sh/ruff-pre-commit dependency-version: 0.15.17 dependency-type: direct:production dependency-group: pre-commit ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
psf added a requirement that all transitive dependencies be strictly pinned. This is causing issues with semi-retired pre-commit's GHA that uses actions/cache pinned at a tag. We could reach out to Anthony and see if he'll move to a strict pin. Otherwise, we could move the action directly into our workflows (it's small) and pin it ourselves. We could also move to pre-k, but that introduces a significant number of JS dependencies I don't want in our CI. @psf/organization-owners just noting this. While I agree this is probably a good move for the org, I think many of the "fixes" are actually regressing our posture more than the problem it's fixing. |
|
@asottile, apologies for the ping, it looks like issues are shut off for the action repo but it doesn't appear to be archived. Would you be willing to move the |
|
@nateprewitt search the issues and you can probably find the answer |
|
Added #7539 to resolve this issue. |
2 participants
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps the pre-commit group with 1 update: https://github.com/astral-sh/ruff-pre-commit.
Updates
https://github.com/astral-sh/ruff-pre-commitfrom v0.15.16 to 0.15.17Release notes
Sourced from https://github.com/astral-sh/ruff-pre-commit's releases.
Commits
3b3f7c3Mirror: 0.15.1799e6029Various hardenings (#170)f69224bBump the github-actions group with 2 updates (#169)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions