Skip to content

Actualización de dependencia idna de 3.4 a 3.7 en scripts de upgrade de CodeQL #940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Actualización de dependencia idna de 3.4 a 3.7 en scripts de upgrade de CodeQL #940

wants to merge 11 commits into from
+7 −7

Conversation

AndresMaqueo
Copy link

Description

please enter the description of your change here

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql, .qll, .qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • rule number here
  • Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

  • Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

dependabot bot and others added 6 commits August 5, 2025 08:38
@dependabot
Bump jinja2 from 2.11.3 to 3.1.6 in /scripts
3d6b327 
Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.3 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@2.11.3...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump idna from 3.4 to 3.7 in /scripts/upgrade-codeql-dependencies
7cc4838 
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.4...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.7'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@AndresMaqueo
Merge pull request #3 from AndresMaqueo/dependabot/pip/scripts/upgrad…
1e9f9f8 
…e-codeql-dependencies/idna-3.7

Bump idna from 3.4 to 3.7 in /scripts/upgrade-codeql-dependencies
@dependabot
Bump certifi from 2023.7.22 to 2024.7.4 in /scripts
7c01dae 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4.
- [Commits](certifi/python-certifi@2023.07.22...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2024.7.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump urllib3 in /scripts/upgrade-codeql-dependencies
9d10a4c 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 2.5.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.18...2.5.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump requests from 2.31.0 to 2.32.4 in /scripts
dd3387a 
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Copilot Copilot AI review requested due to automatic review settings August 9, 2025 15:25
Copilot
Copilot AI reviewed Aug 9, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the idna dependency from version 3.4 to 3.7 in the CodeQL upgrade scripts' requirements file. This is a routine dependency update to keep the project current with newer versions of the idna library.

  • Updated idna package version from 3.4 to 3.7

AndresMaqueo
AndresMaqueo commented Aug 9, 2025
View reviewed changes
Copy link
Author

@AndresMaqueo AndresMaqueo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

He revisado la actualización de la dependencia idna de la versión 3.4 a la 3.7 en el archivo requirements.txt dentro de /scripts/upgrade-codeql-dependencies. Esta actualización es necesaria para resolver una alerta de seguridad moderada detectada por Dependabot.

No se identifican cambios disruptivos ni incompatibilidades en el entorno tras esta actualización. Recomiendo proceder con la fusión para mantener la seguridad y actualización del proyecto. Sugiero monitorear el pipeline de integración continua para asegurar que los tests pasen correctamente y no haya impactos inesperados.

@AndresMaqueo
Merge pull request #5 from AndresMaqueo/dependabot/pip/scripts/upgrad…
839d2dc 
…e-codeql-dependencies/urllib3-2.5.0

Bump urllib3 from 1.26.18 to 2.5.0 in /scripts/upgrade-codeql-dependencies
@AndresMaqueo
Merge pull request #4 from AndresMaqueo/dependabot/pip/scripts/reques…
9278cdf 
…ts-2.32.4

Bump requests from 2.31.0 to 2.32.4 in /scripts
@AndresMaqueo
Merge pull request #2 from AndresMaqueo/dependabot/pip/scripts/jinja2…
f876d22 
…-3.1.6

Bump jinja2 from 2.11.3 to 3.1.6 in /scripts
@AndresMaqueo
Merge pull request #1 from AndresMaqueo/dependabot/pip/scripts/certif…
8db576f 
…i-2024.7.4

Bump certifi from 2023.7.22 to 2024.7.4 in /scripts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AndresMaqueo