chore(deps-dev): bump pyfakefs from 6.1.4 to 6.1.5#469
chore(deps-dev): bump pyfakefs from 6.1.4 to 6.1.5#469dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
Bumps [pyfakefs](https://github.com/pytest-dev/pyfakefs) from 6.1.4 to 6.1.5. - [Release notes](https://github.com/pytest-dev/pyfakefs/releases) - [Changelog](https://github.com/pytest-dev/pyfakefs/blob/v6.1.5/CHANGES.md) - [Commits](pytest-dev/pyfakefs@v6.1.4...v6.1.5) --- updated-dependencies: - dependency-name: pyfakefs dependency-version: 6.1.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![codecov[bot]](https://avatars.githubusercontent.com/in/254?s=60&v=4){kind=small}
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
We are downgrading the version of Poetry from 2.3.2 to 2.2.1. Ensure this is intentional and does not remove any functionalities that the project might be relying on.
|
|
||
| [[package]] | ||
| name = "pyfakefs" | ||
| version = "6.1.4" |
There was a problem hiding this comment.
The version of 'pyfakefs' package is being upgraded from 6.1.4 to 6.1.5. Verify that the new version is compatible with the rest of your system, and that it doesn't introduce any breaking changes.
| groups = ["dev"] | ||
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, |
There was a problem hiding this comment.
Ensure the updated hashes for the 'pyfakefs' files are correct and match the ones provided by the source to avoid any potential security risks.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
The Poetry version has been downgraded from 2.3.2 to 2.2.1. If there's no pressing reason for this downgrade, it would generally be a good idea to keep the tooling as up-to-date as possible to leverage the latest fixes and features.
|
|
||
| [[package]] | ||
| name = "pyfakefs" | ||
| version = "6.1.4" |
There was a problem hiding this comment.
The 'pyfakefs' package version has been upgraded from 6.1.4 to 6.1.5 which is good for ensuring the use of latest features and bug fixes from the library. Ensure that this upgrade has been tested properly to not cause any regressions.
| groups = ["dev"] | ||
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, |
There was a problem hiding this comment.
Note the updated hash values in line 24 and 25 for the 'pyfakefs' 6.1.5 package files. This change is expected with the version upgrade but it's always a good idea to double check these hash values with the ones provided by the package maintainers to ensure the integrity of the packages being used.
There was a problem hiding this comment.
This code review pertains to changes in the poetry.lock file. The revision seems to include an update of the 'pyfakefs' package from version 6.1.4 to 6.1.5, as well as a rollback to an older version of Poetry from 2.3.2 to 2.2.1. While the update to the 'pyfakefs' package seems reasonable, if it includes required bug fixes or new features, the rollback of the Poetry version might have unintended consequences.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
The version of Poetry has been rolled back from 2.3.2 to 2.2.1. Please verify if this is intended. If not, restore the version to 2.3.2, as the newer version might include important bug fixes and features.
|
|
||
| [[package]] | ||
| name = "pyfakefs" | ||
| version = "6.1.4" |
There was a problem hiding this comment.
The 'pyfakefs' package was updated from version 6.1.4 to 6.1.5. If the update provides required additional features or bug fixes, this is good. Ensure the new version doesn't introduce any breaking changes to your project.
| groups = ["dev"] | ||
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, |
There was a problem hiding this comment.
When updating the 'pyfakefs' package, the hash for the wheel file was also updated. This is a good practice, to ensure the dependencies are correctly validated.
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, | ||
| {file = "pyfakefs-6.1.5-py3-none-any.whl", hash = "sha256:2c482f36bad7d1f7516d58d17818fb0dbe397a3372ec5274869386a9b7cd4883"}, |
There was a problem hiding this comment.
Similarly, the hash value for 'pyfakefs' tar.gz file was updated along with the version of the package. This kind of verification helps to maintain code integrity.
There was a problem hiding this comment.
The changes in the presented diff relate to Poetry lock file. The version of Poetry used to generate the file is downgraded from 2.3.2 to 2.2.1, and it seems the PyFakeFS package has been updated from 6.1.4 to 6.1.5, with the associated file hashes also updated to match. The use of an older Poetry version could potentially cause issues with poetry.lock file interoperability and/or correctness. Furthermore, while the upgrade of PyFakeFS appears proper, it would be crucial to ensure the new version is compatible with the existing code.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
The Poetry version used to generate the lock file has been downgraded from 2.3.2 to 2.2.1. It's not immediately clear why this is being done, but we need to be cautious. The newer version of Poetry might have introduced changes that the older version can't handle. If at all possible, it would likely be best to keep using the current version of Poetry (2.3.2) unless there's a compelling reason to downgrade it.
|
|
||
| [[package]] | ||
| name = "pyfakefs" | ||
| version = "6.1.4" |
There was a problem hiding this comment.
The version of 'pyfakefs' has been updated from 6.1.4 to 6.1.5. This is typically a minor version update, and would not generally be considered risky. However, it would be prudent to verify that this newer version doesn't introduce a breaking change or other issue that could negatively affect our codebase.
| groups = ["dev"] | ||
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, |
There was a problem hiding this comment.
You've updated the hash for 'pyfakefs' WHL file after version upgrade, which is correct and necessary. It guarantees the compatibility and security of the codebase.
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, | ||
| {file = "pyfakefs-6.1.5-py3-none-any.whl", hash = "sha256:2c482f36bad7d1f7516d58d17818fb0dbe397a3372ec5274869386a9b7cd4883"}, |
There was a problem hiding this comment.
Similarly, you've also updated the hash for the 'pyfakefs' TAR file. Good job, these hashes must be updated together with the version number.
There was a problem hiding this comment.
The changes made in the 'poetry.lock' file involve the downgrade of the 'Poetry' version and an upgrade of the 'pyfakefs' package version. Although these changes might not cause immediate issues, they can potentially introduce problems down the line if not sufficiently justified or tested. Comments are provided below to further discuss this.
| @@ -1,4 +1,4 @@ | |||
| # This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. | |||
| # This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. | |||
There was a problem hiding this comment.
This diff indicates that the version of Poetry used has been downgraded from 2.3.2 to 2.2.1. Downgrading a tool or library in a project should be done with caution and should be justified with a valid reason like compatibility issues. Please confirm if this is a necessary downgrade and test thoroughly if it doesn't affect any other dependencies.
|
|
||
| [[package]] | ||
| name = "pyfakefs" | ||
| version = "6.1.4" |
There was a problem hiding this comment.
The version of 'pyfakefs' package has been changed from 6.1.4 to 6.1.5. This appears to be a minor upgrade and likely includes bug fixes or minor feature improvements. Though this seems safe, I recommend making sure to read the change logs for this version and test it thoroughly to ensure the upgrade doesn't introduce unexpected behaviors.
| groups = ["dev"] | ||
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, |
There was a problem hiding this comment.
The hash values for the files related to 'pyfakefs' changed as the version got updated. This is expected as the content of files would have changed. However, it's important to validate these new hashes to ensure the legitimized versions of files are being used.
| files = [ | ||
| {file = "pyfakefs-6.1.4-py3-none-any.whl", hash = "sha256:46bbc7520a1524af2461ddcaf4a5a800596c750bfdb75afa1afd985bf1e39536"}, | ||
| {file = "pyfakefs-6.1.4.tar.gz", hash = "sha256:58d5902282085e8ff03f95316ce133858904096f7adbe622efef899b90695698"}, | ||
| {file = "pyfakefs-6.1.5-py3-none-any.whl", hash = "sha256:2c482f36bad7d1f7516d58d17818fb0dbe397a3372ec5274869386a9b7cd4883"}, |
There was a problem hiding this comment.
Same as line 24, ensure to verify these new hashes with the file hashes provided on the official source to prevent the incorporation of potentially compromised files.
Bumps pyfakefs from 6.1.4 to 6.1.5.
Release notes
Sourced from pyfakefs's releases.
Changelog
Sourced from pyfakefs's changelog.
Commits
a4feba2Release 6.1.50847d29Fix os.path.realpath symlink handling under Windows1b11cfa[pre-commit.ci] pre-commit autoupdateeceb589Minor documentation updateDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)