Workflow

Ozi

Latest version: v1.2.2

Safety actively analyzes 622904 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 59

2.11.6

version of the CLI using the &39;tools&39; input to the &39;init&39; Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.10.5 and 2.11.5, you can replace
<code>github/codeql-action/*v2</code> by
<code>github/codeql-action/*v2.22.7</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href=&34;https://github.com/github/codeql-action/commit/b7bf0a3ed3ecfa44160715d7c442788f65f0f923"><code>b7bf0a3</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/github/codeql-action/issues/2099">2099</a>
from github/update-v3.23.2-61bf02577</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/33e354b34bc9d95d28ae4f055fa1faeb59e59ae5"><code>33e354b</code></a>
Changelog: Add missing PR link</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/f4cfe8904c929c35f9612da0c754f121a3422d7e"><code>f4cfe89</code></a>
Update changelog for v3.23.2</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/61bf02577c801b30a708abc6f2164763e4e1d0cd"><code>61bf025</code></a>
Send overall job status in init-post status report (<a
href=&34;https://redirect.github.com/github/codeql-action/issues/2097">2097</a>)</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/16150320c5db0d4942ea2bd4974fc365d6324737"><code>1615032</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/github/codeql-action/issues/2096">2096</a>
from github/update-bundle/codeql-bundle-v2.16.1</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/bd67d8d6b2096e4b46db15ed108e563c4447d608"><code>bd67d8d</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/github/codeql-action/issues/2098">2098</a>
from github/henrymercer/update-internal-queries</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/a2619f68c8432b9a500ecc7aafd4816667379bed"><code>a2619f6</code></a>
Internal queries: Replace deprecated predicates</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/666e2f9edfd29789e9f46f2cce092d18622dcb74"><code>666e2f9</code></a>
Internal queries: Replace deprecated predicates</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/d43ae36a631248dea35da2f8da5e28687255da31"><code>d43ae36</code></a>
Add changelog note</li>
<li><a
href=&34;https://github.com/github/codeql-action/commit/75af1f5948eef4f82d80db69296c55a9bc5ba26e"><code>75af1f5</code></a>
Update default bundle to codeql-bundle-v2.16.1</li>
<li>Additional commits viewable in <a
href=&34;https://github.com/github/codeql-action/compare/0b21cf2492b6b02c465a3e5d7c473717ad7721ba...b7bf0a3ed3ecfa44160715d7c442788f65f0f923">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.23.1&new-version=3.23.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don&39;t
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.

[//]: (dependabot-automerge-start)
[//]: (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details> ([`81900ac`](https://github.com/OZI-Project/OZI/commit/81900aca56fc44d655b36c25a7c7af7f3adf810b))

* :pushpin: Bump github/codeql-action from 3.23.1 to 3.23.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0b21cf2492b6b02c465a3e5d7c473717ad7721ba...b7bf0a3ed3ecfa44160715d7c442788f65f0f923)

---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`968eb71`](https://github.com/OZI-Project/OZI/commit/968eb71d7e3007a6f2bd6db1d826a7ab4f819ebc))

* :pushpin: Bump OZI-Project/checkpoint from 0.1.1 to 0.1.2

Bumps [OZI-Project/checkpoint](https://github.com/ozi-project/checkpoint) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/ozi-project/checkpoint/releases)
- [Commits](https://github.com/ozi-project/checkpoint/compare/0.1.1...9b94738aab4c7c3ee989c8be1144d041bfd7a184)

---
updated-dependencies:
- dependency-name: OZI-Project/checkpoint
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`d32a58c`](https://github.com/OZI-Project/OZI/commit/d32a58ca4be12e97c7b47bc48b7ab4a90d01bc76))

:wrench:

* :wrench: Update meson.options

remove rst-lint from module-only

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`228965d`](https://github.com/OZI-Project/OZI/commit/228965debb3412e047f101ac4f702322f7cf4430))

* :wrench: Update meson.options

args-restructuredtext-lint level set to warning over debug.

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`2b85237`](https://github.com/OZI-Project/OZI/commit/2b85237506e63fc6e0804f85292ecce93dbddf5c))

* :wrench: Update meson.options

Add rst-lint to lint suites.

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`2b72b78`](https://github.com/OZI-Project/OZI/commit/2b72b78cfaf200e2c53097aa3206113ddd6bfdec))

Other

2.7.0

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`a64333b`](https://github.com/OZI-Project/OZI/commit/a64333bde7bfa13d48d19a1d82adb646572fcee6))

* :pushpin: Update publish.yml.j2 harden-runner to 2.7.0

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`afe0a3d`](https://github.com/OZI-Project/OZI/commit/afe0a3d8c256df0af1c6a3c26c294ec1f5a8b1fa))

* :pushpin: Update checkpoint.yml.j2 harden-runner action.

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`5ea1483`](https://github.com/OZI-Project/OZI/commit/5ea1483bc121869ecf38ffef24bfb0324eeca891))

* :pushpin: Bump step-security/harden-runner from 2.6.1 to 2.7.0 (155)

Bumps
[step-security/harden-runner](https://github.com/step-security/harden-runner)
from 2.6.1 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href=&34;https://github.com/step-security/harden-runner/releases">step-security/harden-runner&39;s
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<h2>What&39;s Changed</h2>
<p>Release 2.7.0 by <a
href=&34;https://github.com/varunsh-coder"><code>​varunsh-coder</code></a>
and <a href=&34;https://github.com/h0x0er"><code>​h0x0er</code></a> in <a
href=&34;https://redirect.github.com/step-security/harden-runner/pull/376">step-security/harden-runner376</a>
This release:</p>
<ol>
<li>Updates the node runtime to node20</li>
<li>Adds capability to inspect outbound HTTPS traffic on GitHub-hosted
and self-hosted VM runners</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href=&34;https://github.com/step-security/harden-runner/compare/v2...v2.7.0">https://github.com/step-security/harden-runner/compare/v2...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/63c24ba6bd7ba022e95695ff85de572c04a18142"><code>63c24ba</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/step-security/harden-runner/issues/376">376</a>
from step-security/rc-7</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/95691d3d1cfc1f403f673ccbe70465d7c4254108"><code>95691d3</code></a>
Update dist</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/6339621ce7eb126e03da0cdd1e373bf4a86aa351"><code>6339621</code></a>
Update to node20</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/4a63cdab7412f310777ba8aba65aafca4c1dd47f"><code>4a63cda</code></a>
Add tls-inspection capability (<a
href=&34;https://redirect.github.com/step-security/harden-runner/issues/368">368</a>)</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/dece11172ed6b762b5421b294513d628edad7f7d"><code>dece111</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/step-security/harden-runner/issues/372">372</a>
from step-security/readme-update</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/1952f970702453e198ed55b40944bf4ffc0ad992"><code>1952f97</code></a>
Updates</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/32f00ffb1b198fae962ae378ca876e01f367043f"><code>32f00ff</code></a>
Update README.md</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/ea8b747819ff6d82907eb4018229f1a75c174697"><code>ea8b747</code></a>
Publish test results (<a
href=&34;https://redirect.github.com/step-security/harden-runner/issues/363">363</a>)</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/c0db65e1f64025718795419be8dbbf8c4050160f"><code>c0db65e</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/step-security/harden-runner/issues/359">359</a>
from step-security/dependabot/github_actions/actions/...</li>
<li><a
href=&34;https://github.com/step-security/harden-runner/commit/4151c053ff9c3daff63c12b5175c94870ec73b53"><code>4151c05</code></a>
Merge pull request <a
href=&34;https://redirect.github.com/step-security/harden-runner/issues/361">361</a>
from step-security/dependabot/github_actions/step-sec...</li>
<li>Additional commits viewable in <a
href=&34;https://github.com/step-security/harden-runner/compare/eb238b55efaa70779f274895e782ed17c84f2895...63c24ba6bd7ba022e95695ff85de572c04a18142">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner&package-manager=github_actions&previous-version=2.6.1&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don&39;t
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.

[//]: (dependabot-automerge-start)
[//]: (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details> ([`751eec7`](https://github.com/OZI-Project/OZI/commit/751eec7ac326b904186bf875760bc8af7a98c4f0))

* :pushpin: Bump step-security/harden-runner from 2.6.1 to 2.7.0

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/eb238b55efaa70779f274895e782ed17c84f2895...63c24ba6bd7ba022e95695ff85de572c04a18142)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`80d9aa6`](https://github.com/OZI-Project/OZI/commit/80d9aa6a5a4f844aaa143deb22f927492c03d5fe))

Other

* Bump harden runner (158)

This makes our entire toolchain node20 ([`29bc7f9`](https://github.com/OZI-Project/OZI/commit/29bc7f9dea6082ee636c43056c71703f7da6a269))

* :memo: Add logo for PyPI rendered readme. (157) ([`aab9571`](https://github.com/OZI-Project/OZI/commit/aab9571238613f2e3f6b981d3e66284909a4220d))

* :memo: Add logo for PyPI rendered readme.

Signed-off-by: Eden Rose, MSc <42073607+rjdbcmusers.noreply.github.com> ([`145dd51`](https://github.com/OZI-Project/OZI/commit/145dd51d1081d070bf2496f04da6972262bb4718))

1.2.2

:arrow_up:

* :arrow_up: Bump step-security/harden-runner from 2.7.0 to 2.7.1

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/63c24ba6bd7ba022e95695ff85de572c04a18142...a4aa98b93cab29d9b1101a6143fb8bce00e2eac4)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`3184386`](https://github.com/OZI-Project/OZI/commit/3184386d8308b4604d6f6c832940045176ec1e2d))

* :arrow_up: Bump actions/dependency-review-action from 4.2.5 to 4.3.1

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.2.5 to 4.3.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/5bbc3ba658137598168acb2ab73b21c432dd411b...e58c696e52cac8e62d61cc21fda89565d71505d7)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`1f7e9f1`](https://github.com/OZI-Project/OZI/commit/1f7e9f199315405bc2a17af147c41047ace16aa3))

Other

* :memo: update docstrings for 1.2 (429)

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`d72f67c`](https://github.com/OZI-Project/OZI/commit/d72f67c298a0dee02ad6abc3006b875b3067b397))

1.2.1

:arrow_up:

1.2.0

:pushpin:

* :pushpin: set blastpipe pin to 2024.2.6.

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`7ed571c`](https://github.com/OZI-Project/OZI/commit/7ed571c12c8e8b91082cbf7044f0ce28a7d63090))

:sparkles:

* :sparkles: Reduce the overall repo size.

Move templates to the blastpipe repo.
Make blastpipe a dependency.

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`cfd1234`](https://github.com/OZI-Project/OZI/commit/cfd123435aaf83b4be871c1e42ea99c183e87999))

Other

* :rotating_light: add `` pyright: ignore`` to blastpipe filter imports.

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`580750b`](https://github.com/OZI-Project/OZI/commit/580750b20cbf62152d81e7c0c91e94084349feed))

* add 1.2 release branch pattern

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`7c78a1e`](https://github.com/OZI-Project/OZI/commit/7c78a1e4d8a76db1091851de9084af6a6f50ccd9))

1.1.6

:alembic:

* :alembic:(``ozi.render.load_environment``): Add globals dict argument.

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`eaac863`](https://github.com/OZI-Project/OZI/commit/eaac8633e08b2f345333e4a4bfdf0b350ce7966d))

:arrow_up:

* :arrow_up: Bump github/codeql-action from 3.25.2 to 3.25.3

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8f596b4ae3cb3c588a5c46780b86dd53fef16c52...d39d31e687223d841ef683f52467bd88e9b21c14)

---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`e7888b0`](https://github.com/OZI-Project/OZI/commit/e7888b059f9223008680a7d9dfd28e01a07205ba))

* :arrow_up: Bump actions/checkout from 4.1.3 to 4.1.4

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b)

---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <supportgithub.com> ([`41251c9`](https://github.com/OZI-Project/OZI/commit/41251c94d744593a3931d1d5acd70ac18f2838e5))

:bug:

* :bug: exclude double quotes from fuzzer input.

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`361a75a`](https://github.com/OZI-Project/OZI/commit/361a75a9e1b63dc6ad12b24cf85f9762a213c8a7))

Other

* :rotating_light: run ``black -S tests``

Signed-off-by: rjdbcm <ozi.projectoutlook.com> ([`fdd8fe2`](https://github.com/OZI-Project/OZI/commit/fdd8fe2fdbe6b7941972efc33aa77ee1707dae5a))

Page 1 of 59

Links

Releases

Has known vulnerabilities

Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.