Skip to content

Bump exasol/python-toolbox from 7 to 8#839

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/exasol/python-toolbox-8
Open

Bump exasol/python-toolbox from 7 to 8#839
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/exasol/python-toolbox-8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps exasol/python-toolbox from 7 to 8.

Release notes

Sourced from exasol/python-toolbox's releases.

8.0.0 - 2026-05-13

Summary

In this major release, several modifications were made to the PTB's workflow templates:

  • For automatically resolving vulnerabilities, the dependency-update.yml workflow was added. For more details, see the Update Dependencies section.
  • The periodic run which was previously executed in the ci.yml has been moved to its own periodic-validation.yml and will run weekly. This also has been modified to run the slow-checks.yml so that more complete linting and coverage information is sent to Sonar.
  • With the addition of periodic-validation.yml, the pr-merge.yml was reduced so that it only executes gh-pages.yml.
  • The unit tests job has been moved from checks.yml to its own fast-tests.yml file.
  • Workflow extensions were added to fast-tests and merge-gate. This allows users to add custom fast-tests-extension.yml and merge-gate-extension.yml files. For more details, check out the Workflow Extensions section.
  • slow-checks.yml is only maintained by the project (not the PTB). See the Not Maintained by the PTB section.

Features

  • #829: Extended removing a job from a workflow to also remove it from the needs of another job
  • #825: Created two workflows by splitting up previous ones:
    • Moved the periodic jobs in ci.yml to its own periodic-validation.yml
    • Moved the unit tests job in checks.yml to its own fast-tests.yml
  • #730: Added workflow extensions to fast-tests and merge-gate
  • #756: Added dependency-update.yml to automate resolving vulnerabilities with a generated pull request
  • #792: Improved dependency-update.yml documentation
  • #831: Switched slow-checks.yml to be provided by the project and not maintained by the PTB and improved output of pydantic validation of .workflow-patcher.yml

Bugfix

  • #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
urllib3 CVE-2026-44431 2.6.3 2.7.0
urllib3 CVE-2026-44432 2.6.3 2.7.0
  • #836: Relocked poetry.lock

Dependency Updates

main

... (truncated)

Commits
  • e46075c Prepare release 8.0.0 (#837)
  • adef495 Feature/831 no longer overwrite slow checks (#834)
  • a9b1d1e Update dependencies to fix vulnerabilities (2026-05-12) (#836)
  • 17f6158 Fix dependency-update.yml (#835)
  • 2ed2caf Documentation/792 improve dependency update documentation (#833)
  • 240a8c5 add dependency-update workflow template (fixes #683) (#756)
  • e83d651 Feature/825 split up workflows unit tests and periodic runs (#826)
  • 3614732 Extend removing a job from a workflow to also remove it from the needs of a...
  • c5e3691 Bugfix/563 fix merge gate (#819)
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Change in dependencies github_actions Pull requests that update GitHub Actions code labels May 18, 2026
@dependabot dependabot Bot requested a deployment to manual-approval May 18, 2026 10:38 Waiting
@dependabot
Bump exasol/python-toolbox from 7 to 8
ebaafad 
Bumps [exasol/python-toolbox](https://github.com/exasol/python-toolbox) from 7 to 8.
- [Release notes](https://github.com/exasol/python-toolbox/releases)
- [Commits](v7...v8)

---
updated-dependencies:
- dependency-name: exasol/python-toolbox
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump exasol/python-toolbox from 6 to 8 Bump exasol/python-toolbox from 7 to 8 May 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/exasol/python-toolbox-8 branch from e73e74a to ebaafad Compare May 20, 2026 07:31
@dependabot dependabot Bot requested a deployment to manual-approval May 20, 2026 07:31 Waiting
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@ArBridgeman ArBridgeman reopened this May 20, 2026
@ArBridgeman ArBridgeman temporarily deployed to manual-approval May 20, 2026 07:38 — with GitHub Actions Inactive
@ArBridgeman ArBridgeman enabled auto-merge (squash) May 20, 2026 07:49
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 20, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Change in dependencies github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ArBridgeman