Merge branch 'main' into main

Author: nvuillam

.cspell.json

@@ -113,6 +113,7 @@
     "encryptable",
     "esktop",
     "esult",
+    "exploitability",
     "finlaymacklon",
     "forcelist",
     "fseventsd",
@@ -217,6 +218,7 @@
     "stefanzweifel",
     "svclog",
     "tada",
+    "timedelay",
     "timemachine",
     "tqdm",
     "traceback",

.github/workflows/build.yml

@@ -1,42 +1,51 @@
 name: build
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
 
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9"]
+        python-version: ["3.12"]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Install poetry
         run: make poetry-download
 
       - name: Set up cache
-        uses: actions/cache@v4.0.1
+        uses: actions/cache@v5
         with:
           path: .venv
           key: venv-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml') }}-${{ hashFiles('poetry.lock') }}
       - name: Install dependencies
         run: |
           poetry config virtualenvs.in-project true
-          poetry install
+          poetry install --with dev
 
       - name: Run style checks
         run: |
           make check-codestyle
 
-      - name: Run tests
-        run: |
-          make test
-
       - name: Run safety checks
+        if: github.repository == 'nvuillam/github-dependents-info' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)
+        env:
+          SAFETY_API_KEY: ${{ secrets.SAFETY_API_KEY }}
         run: |
           make check-safety
+
+      - name: Run tests
+        run: |
+          make test

.github/workflows/github-dependents-info.yml

@@ -29,7 +29,7 @@ jobs:
     steps:
       # Git Checkout
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0
@@ -54,7 +54,7 @@ jobs:
       # Create pull request
       - name: Create Pull Request
         id: cpr
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v8
         with:
           token: ${{ secrets.GITHUB_TOKEN  }}
           branch: github-dependents-info-auto-update

.github/workflows/mega-linter.yml

@@ -4,10 +4,12 @@
 name: MegaLinter
 
 on:
-  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to master
-  push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions)
+  push:
+    branches:
+      - main
   pull_request:
-    branches: [master, main]
+    branches:
+      - main
 
 env: # Comment env block if you do not want to apply fixes
   # Apply linter fixes configuration
@@ -26,7 +28,7 @@ jobs:
     steps:
       # Git Checkout
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
@@ -35,19 +37,19 @@ jobs:
       - name: MegaLinter
         id: ml
         # You can override MegaLinter flavor used to have faster performances
-        # More info at https://megalinter.io/flavors/
+        # More info at https://megalinter.io/latest/flavors/
         uses: oxsecurity/megalinter/flavors/python@beta
         env:
           # All available variables are described in documentation
-          # https://megalinter.io/config-file/
+          # https://megalinter.io/latest/config-file/
           VALIDATE_ALL_CODEBASE: true # Set ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} to validate only diff with main branch
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
 
       # Upload MegaLinter artifacts
       - name: Archive production artifacts
         if: success() || failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: MegaLinter reports
           path: |
@@ -58,7 +60,7 @@ jobs:
       - name: Create Pull Request with applied fixes
         id: cpr
         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v8
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           commit-message: "[MegaLinter] Apply linters automatic fixes"
@@ -76,7 +78,7 @@ jobs:
         run: sudo chown -Rc $UID .git/
       - name: Commit and push applied linter fixes
         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
-        uses: stefanzweifel/git-auto-commit-action@v5
+        uses: stefanzweifel/git-auto-commit-action@v7
         with:
           branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
           commit_message: "[MegaLinter] Apply linters fixes"

.github/workflows/release.yml

@@ -14,12 +14,12 @@ jobs:
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Run image
-        uses: abatilo/actions-poetry@v2.4.0
+        uses: abatilo/actions-poetry@v4.0.0
         with:
           poetry-version: ${{ matrix.poetry-version }}
       - name: Publish
@@ -38,7 +38,7 @@ jobs:
       packages: write
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -63,7 +63,7 @@ jobs:
         run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
 
       - name: Build & Push Docker Image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile

.mega-linter.yml

@@ -1,5 +1,5 @@
 # Configuration file for MegaLinter
-# See all available variables at https://megalinter.io/config-file/ and in linters documentation
+# See all available variables at https://megalinter.io/latest/config-file/ and in linters documentation
 
 APPLY_FIXES: all # all, none, or list of linter keys
 # ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default
@@ -16,6 +16,7 @@ DISABLE_ERRORS_LINTERS:
   - PYTHON_MYPY
   - PYTHON_PYRIGHT
   - REPOSITORY_GRYPE
+  - SPELL_LYCHEE
 FILTER_REGEX_EXCLUDE: (assets)
 SHOW_ELAPSED_TIME: true
 FILEIO_REPORTER: false

.safety-policy.yml

@@ -0,0 +1,55 @@
+version: "3.0"
+
+scanning-settings:
+  max-depth: 6
+  exclude: []
+  include-files: []
+  system:
+    targets: []
+
+report:
+  dependency-vulnerabilities:
+    enabled: true
+    auto-ignore-in-report:
+      python:
+        environment-results: true
+        unpinned-requirements: true
+      vulnerabilities:
+        "51457":
+          reason: Legacy ignore migrated from Safety 2.x `-i 51457` flag
+          expires: "2099-12-31"
+          specifications: []
+      cvss-severity: []
+
+fail-scan-with-exit-code:
+  dependency-vulnerabilities:
+    enabled: true
+    fail-on-any-of:
+      cvss-severity:
+        - high
+        - medium
+        - critical
+      exploitability:
+        - high
+        - medium
+        - critical
+
+security-updates:
+  dependency-vulnerabilities:
+    auto-security-updates-limit:
+      - patch
+
+installation:
+  default-action: allow
+  audit-logging:
+    enabled: true
+  allow:
+    packages: []
+    vulnerabilities: {}
+  deny:
+    packages: {}
+    vulnerabilities:
+      warning-on-any-of:
+        cvss-severity: []
+      block-on-any-of:
+        cvss-severity: []

.safety-project.ini

@@ -0,0 +1,5 @@
+[project]
+id = github-dependents-info
+url = /codebases/github-dependents-info/findings
+name = github-dependents-info
+

CHANGELOG.md

@@ -6,7 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## Beta
 
-- Add your updates here :)
+- Upgrade project
+- Upgrade dependencies
+- Fix total dependents count (#607)
+- Refactor update logic in sources_all_df to ensure proper data type handling
+- CI
+  - Upgrade MegaLinter
+  - Refactor test classes so they run faster
 
 ## [1.6.3] 2023-03-03
 

Dockerfile

@@ -1,7 +1,6 @@
-FROM python:3.12.2-alpine3.18
+FROM python:3.12.3-alpine3.18
 WORKDIR /
 ARG GITHUB_DEPENDENTS_INFO_VERSION=latest
-ARG GITHUB_TOKEN
 
 RUN pip install --no-cache-dir github-dependents-info