Skip to content

Release#2368

Merged
rjdbcm merged 104 commits into
release/2.xfrom
main
Apr 5, 2026
Merged

Release#2368
rjdbcm merged 104 commits into
release/2.xfrom
main

Conversation

@rjdbcm

@rjdbcm rjdbcm commented Apr 5, 2026

Copy link
Copy Markdown
Member

No description provided.

dependabot Bot and others added 30 commits November 11, 2025 12:15
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…tor_generic_slsa3.yml

Bumps [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps oss-fuzz-base/base-builder from `ef00f80` to `a651f09`.

---
updated-dependencies:
- dependency-name: oss-fuzz-base/base-builder
  dependency-version: v1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [exceptiongroup](https://github.com/agronholm/exceptiongroup) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/agronholm/exceptiongroup/releases)
- [Changelog](https://github.com/agronholm/exceptiongroup/blob/main/CHANGES.rst)
- [Commits](agronholm/exceptiongroup@1.3.0...1.3.1)

---
updated-dependencies:
- dependency-name: exceptiongroup
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [atheris](https://github.com/google/atheris) from 2.3.0 to 3.0.0.
- [Commits](google/atheris@2.3.0...3.0.0)

---
updated-dependencies:
- dependency-name: atheris
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [flake8-pyproject](https://github.com/john-hen/Flake8-pyproject) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/john-hen/Flake8-pyproject/releases)
- [Commits](john-hen/Flake8-pyproject@1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: flake8-pyproject
  dependency-version: 1.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the pip group with 1 update in the /ozi/test/pytest directory: [urllib3](https://github.com/urllib3/urllib3).


Updates `urllib3` from 2.5.0 to 2.6.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.5 to 9.0.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.3.5...9.0.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mypy](https://github.com/python/mypy) from 1.18.2 to 1.19.1.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.18.2...v1.19.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 10.5.2 to 10.5.3.
- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases)
- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst)
- [Commits](python-semantic-release/python-semantic-release@v10.5.2...v10.5.3)

---
updated-dependencies:
- dependency-name: python-semantic-release
  dependency-version: 10.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pyright](https://github.com/RobertCraigie/pyright-python) from 1.1.407 to 1.1.408.
- [Release notes](https://github.com/RobertCraigie/pyright-python/releases)
- [Commits](RobertCraigie/pyright-python@v1.1.407...v1.1.408)

---
updated-dependencies:
- dependency-name: pyright
  dependency-version: 1.1.408
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.5.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [flake8-type-checking](https://github.com/snok/flake8-type-checking) from 3.0.0 to 3.1.1.
- [Release notes](https://github.com/snok/flake8-type-checking/releases)
- [Commits](snok/flake8-type-checking@v3.0.0...v3.1.1)

---
updated-dependencies:
- dependency-name: flake8-type-checking
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...de0fac2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [sigstore](https://github.com/sigstore/sigstore-python) from 3.6.3 to 3.6.7.
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/v3.6.7/CHANGELOG.md)
- [Commits](sigstore/sigstore-python@v3.6.3...v3.6.7)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 3.6.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 6.18.0 to 6.19.0.
- [Release notes](https://github.com/pyinstaller/pyinstaller/releases)
- [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst)
- [Commits](pyinstaller/pyinstaller@v6.18.0...v6.19.0)

---
updated-dependencies:
- dependency-name: pyinstaller
  dependency-version: 6.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cibuildwheel](https://github.com/pypa/cibuildwheel) from 2.23.3 to 2.23.4.
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@v2.23.3...v2.23.4)

---
updated-dependencies:
- dependency-name: cibuildwheel
  dependency-version: 2.23.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 7.0.0 to 7.1.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tox](https://github.com/tox-dev/tox) from 4.32.0 to 4.52.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.32.0...4.52.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-version: 4.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
fix: create symlink updated for windows env
…uzzlite/tox-4.52.0

⬆️(cflite): Bump tox from 4.32.0 to 4.52.0 in /.clusterfuzzlite
Bumps [hypothesis](https://github.com/HypothesisWorks/hypothesis) from 6.147.0 to 6.151.10.
- [Release notes](https://github.com/HypothesisWorks/hypothesis/releases)
- [Commits](HypothesisWorks/hypothesis@hypothesis-python-6.147.0...hypothesis-python-6.151.10)

---
updated-dependencies:
- dependency-name: hypothesis
  dependency-version: 6.151.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…uzzlite/hypothesis-6.151.10

⬆️(cflite): Bump hypothesis from 6.147.0 to 6.151.10 in /.clusterfuzzlite
dependabot Bot and others added 27 commits April 3, 2026 12:05
Bumps oss-fuzz-base/base-builder from `f129d5c` to `dc62848`.

---
updated-dependencies:
- dependency-name: oss-fuzz-base/base-builder
  dependency-version: v1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
🔨 Python 3.9 support deprecated
Removed black package and its hashes from requirements.

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
🔨(test/pytest): remove black from requirements.txt
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
🔨 remove all extra from hypothesis
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
🔨 update black version to 26.3.1
Updated package versions and hashes in requirements.txt.

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
⬆️ upgrade black from 25.11.0 to 26.3.1
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
🔨(test/pytest): update pygments version to 2.19.2
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
🔨 update pygments version to 2.19.2
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
⬆️(lint/bandit): update pygments version to 2.19.2
* ⬆️ update pygments version to 2.20.0

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>

* ⬆️ update pygments version to 2.20.0

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>

* ⬆️ upgrade pygments to version 2.20.0

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>

* ⬆️ update pygments version to 2.20.0

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>

* ⬆️ update pygments to version 2.20.0

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>

---------

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
* ⬆️ Update ozi-build requirement from ~=2.3.12 to >=2.3.12,<2.5.0

Updates the requirements on [ozi-build](https://github.com/OZI-Project/OZI.build) to permit the latest version.
- [Release notes](https://github.com/OZI-Project/OZI.build/releases)
- [Changelog](https://github.com/OZI-Project/OZI.build/blob/master/CHANGELOG.md)
- [Commits](OZI-Project/OZI.build@2.3.12...2.4.0)

---
updated-dependencies:
- dependency-name: ozi-build
  dependency-version: 2.4.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* 🔨 update fallback version in meson.build

Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eden Ross Duff, MSc <ozi.project@outlook.com>
…antic_release/python-semantic-release-10.5.3

⬆️ Bump python-semantic-release from 10.5.2 to 10.5.3 in /ozi/dist/semantic_release
…i-5f359a55cc

⬆️ Bump the ci group across 1 directory with 2 updates
Bumps [sigstore](https://github.com/sigstore/sigstore-python) from 3.6.3 to 3.6.7.
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/v3.6.7/CHANGELOG.md)
- [Commits](sigstore/sigstore-python@v3.6.3...v3.6.7)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 3.6.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…uzzlite/atheris-3.0.0

⬆️(cflite): Bump atheris from 2.3.0 to 3.0.0 in /.clusterfuzzlite
…erfuzzlite/oss-fuzz-base/base-builder-dc62848

build(deps): bump oss-fuzz-base/base-builder from `f129d5c` to `dc62848` in /.clusterfuzzlite
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Comment thread .clusterfuzzlite/build.sh
# Build and install project (using current CFLAGS, CXXFLAGS). This is required
# for projects with C extensions so that they're built with the proper flags.
tox -e invoke -- release
pip install -U pyinstaller-hooks-contrib

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 9: pipCommand not pinned by hash
Click Remediation section below to solve this issue
# Currently this action needs to be referred by tag. More details at:
# https://github.com/slsa-framework/slsa-github-generator#verification-of-provenance
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 9: third-party GitHubAction not pinned by hash
Remediation tip: update your workflow using https://app.stepsecurity.io
Click Remediation section below for further remediation help
@rjdbcm rjdbcm merged commit a9ea5f5 into release/2.x Apr 5, 2026
12 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants