Neophile

Latest version: v2.0.1

Safety actively analyzes 683322 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

2.0.1

Bug fixes

- Pin Pydantic to version 1.x for now. neophile will require changes to work properly with Pydantic 2.x, which will be done after Safir adds support for it.

<a id='changelog-2.0.0'></a>

2.0.0

Backwards-incompatible changes

- The `NEOPHILE_COMMIT_NAME` environment variable is no longer supported. Instead, `NEOPHILE_USERNAME` configures the GitHub username of the running instantiation of neophile, used as both the name for Git commits and to construct the email address unless `NEOPHILE_COMMIT_EMAIL` is given. `NEOPHILE_USERNAME` defaults to `neophile-square[bot]`, the instantiation of neophile for the lsst-sqre organization.

New features

- Setting `NEOPHILE_COMMIT_EMAIL` is now optional. If not set, the UID of the GitHub user from `NEOPHILE_USERNAME` is retrieved from the GitHub API and used to form a standard GitHub no-replay email address.

Bug fixes

- Use the GitHub App installation token when pushing Git changes in preparation for creating a PR rather than using the default GitHub Actions token. If the branch was pushed with the GitHub Actions token, further GitHub Actions refuse to run on that branch to avoid creating a loop, but we need GitHub Actions to run so that the dependency update PR can be automerged.

<a id='changelog-1.0.0'></a>

1.0.0

Backwards-incompatible changes

- neophile is now intended to be run either via GitHub Actions or on a local checkout, and never as a Kubernetes service. The `neophile process` command, the configuration specific to that command (work area, lists of repositories), and support for running inside a virtualenv have been removed.
- When creating PRs, neophile now must be configured as a GitHub App with a suitable application ID and private key in environment variables.
- neophile no longer provides Docker images and instead is now a conventional Python package installable from PyPI.
- Support for Helm and Kustomize dependency checking and updating has been removed, along with the configuration options for Helm chart caching and version patterns in Helm charts. Mend Renovate and Dependabot support Helm and Kustomize dependency checking with more features, and we haven't used this support in several years.
- Add a new `neophile update` command that updates known dependencies in the provided tree and (if the `--pr` flag is given) creates a GitHub pull request. This replaces the `--update` and `--pr` flags to `neophile analyze`.
- When creating PRs, neophile no longer embeds the GitHub username and token in the remote URL. It instead uses the existing `origin` remote and assumes Git operations are already authenticated.
- Name and email address are now used only for Git commits, so the names of the environment variables to set them have changed accordingly to `NEOPHILE_COMMIT_NAME` and `NEOPHILE_COMMIT_EMAIL`.

New features

- Add a new `neophile check` command that checks to see if all dependencies are up-to-date and exits with a non-zero status and messages to standard error if they are not. This is intended for use as a GitHub Actions check.
- The types of dependencies to analyze may now be specified as command-line arguments to `neophile analyze` (and the new `neophile check` and `neophile update` commands). The default continues to be to analyze all known dependencies.

Bug fixes

- `neophile analyze` now prints nothing if no pending updates were found, and omits dependency types with no pending updates from its output.

Other changes

- neophile now uses the [Ruff](https://beta.ruff.rs/docs/) linter instead of flake8 and isort.
- The neophile change log is now maintained using [scriv](https://scriv.readthedocs.io/en/latest/).
- neophile no longer creates a separate remote for pusing PRs and instead uses the `origin` remote directly.

0.4.0

Backwards-incompatible changes

- Drop support for Python 3.10.
- `packaging.version` has dropped support for arbitrary legacy version numbers, so neophile also no longer supports them.

0.3.3

Backwards-incompatible changes

- Drop support for Python 3.9.

Bug fixes

- Fix type of ``pullRequestId`` when enabling auto-merge.

0.3.2

Bug fixes

- Fix enabling of auto-merge after creating a new PR.

Page 1 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.