From cc4b46d7e44f08aea71364c3f37c65316a63124e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 12:01:33 +0000 Subject: [PATCH 01/27] chore(deps): Update cattrs requirement from <23.2,>=1.8 to >=1.8,<23.3 in /packages/@jsii/python-runtime (#4338) Updates the requirements on [cattrs](https://github.com/python-attrs/cattrs) to permit the latest version.
Release notes

Sourced from cattrs's releases.

v23.2.1

23.2.1 (2023-11-18)

For the v23.2.0 release notes, see here.

Changelog

Sourced from cattrs's changelog.

23.2.1 (2023-11-18)

23.2.0 (2023-11-17)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/python-runtime/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/python-runtime/setup.py b/packages/@jsii/python-runtime/setup.py index c5378575c3..55f021b2e4 100644 --- a/packages/@jsii/python-runtime/setup.py +++ b/packages/@jsii/python-runtime/setup.py @@ -31,7 +31,7 @@ }, install_requires=[ "attrs>=21.2,<24.0", - "cattrs>=1.8,<23.2", + "cattrs>=1.8,<23.3", "importlib_resources>=5.2.0", "publication>=0.0.3", # This is used by all generated code. "typeguard~=2.13.3", # This is used by all generated code. From fe2526cbd600be5489df5e319073b4bcd493a1a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 13:41:11 +0000 Subject: [PATCH 02/27] chore(deps-dev): Update mkdocs-material requirement from ~=9.4.8 to ~=9.4.10 in /gh-pages (#4339) Updates the requirements on [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version.
Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.4.10

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.4.10+insiders-4.43.1 (2023-11-19)

mkdocs-material-9.4.10 (2023-11-19)

mkdocs-material-9.4.9 (2023-11-17)

mkdocs-material-9.4.8+insiders-4.43.0 (2023-11-05)

mkdocs-material-9.4.8 (2023-11-05)

mkdocs-material-9.4.7+insiders-4.42.3 (2023-10-27)

mkdocs-material-9.4.7 (2023-10-27)

mkdocs-material-9.4.6+insiders-4.42.2 (2023-10-14)

mkdocs-material-9.4.6 (2023-10-14)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- gh-pages/requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gh-pages/requirements-dev.txt b/gh-pages/requirements-dev.txt index 3b3f489d37..3dac1eea18 100644 --- a/gh-pages/requirements-dev.txt +++ b/gh-pages/requirements-dev.txt @@ -1,4 +1,4 @@ mkdocs~=1.5.3 mkdocs-awesome-pages-plugin~=2.9.2 -mkdocs-material~=9.4.8 +mkdocs-material~=9.4.10 mkdocs-git-revision-date-plugin~=0.3.2 From ed97de861791a9b312f3a2ea06e77bfad4bd1902 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:26:17 +0000 Subject: [PATCH 03/27] chore(deps): Bump xunit.runner.visualstudio from 2.5.3 to 2.5.4 in /packages/@jsii/dotnet-runtime-test/test (#4342) Bumps [xunit.runner.visualstudio](https://github.com/xunit/visualstudio.xunit) from 2.5.3 to 2.5.4.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=xunit.runner.visualstudio&package-manager=nuget&previous-version=2.5.3&new-version=2.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/Directory.Build.targets b/packages/@jsii/Directory.Build.targets index 623fa429de..fc32ecbc23 100644 --- a/packages/@jsii/Directory.Build.targets +++ b/packages/@jsii/Directory.Build.targets @@ -13,7 +13,7 @@ - + From be20c96e7db5e6d1607fa1eb1c97122ee64effc7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:15:08 +0000 Subject: [PATCH 04/27] chore(deps): Bump Microsoft.Extensions.DependencyInjection from 7.0.0 to 8.0.0 in /packages/@jsii/dotnet-runtime-test/test (#4340) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime) from 7.0.0 to 8.0.0.
Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

.NET 8.0.0

Release

.NET 8.0 RC 2

Release

.NET 8.0 RC 1

Release

.NET 8.0 Preview 7

Release

.NET 8.0 Preview 6

Release

.NET 8.0 Preview 5

Release

.NET 8.0 Preview 4

Release

.NET 8.0 Preview 3

Release

.NET 8.0 Preview 2

Release

.NET 8.0 Preview 1

Release

.NET 7.0.14

Release

What's Changed

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Extensions.DependencyInjection&package-manager=nuget&previous-version=7.0.0&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/Directory.Build.targets b/packages/@jsii/Directory.Build.targets index fc32ecbc23..16633d60e1 100644 --- a/packages/@jsii/Directory.Build.targets +++ b/packages/@jsii/Directory.Build.targets @@ -2,7 +2,7 @@ - + From 24ae5f3eb49c419d323c236083f121d817594443 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:05:58 +0000 Subject: [PATCH 05/27] chore(deps): Bump Microsoft.Extensions.Logging from 7.0.0 to 8.0.0 in /packages/@jsii/dotnet-runtime-test/test (#4344) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [Microsoft.Extensions.Logging](https://github.com/dotnet/runtime) from 7.0.0 to 8.0.0.
Release notes

Sourced from Microsoft.Extensions.Logging's releases.

.NET 8.0.0

Release

.NET 8.0 RC 2

Release

.NET 8.0 RC 1

Release

.NET 8.0 Preview 7

Release

.NET 8.0 Preview 6

Release

.NET 8.0 Preview 5

Release

.NET 8.0 Preview 4

Release

.NET 8.0 Preview 3

Release

.NET 8.0 Preview 2

Release

.NET 8.0 Preview 1

Release

.NET 7.0.14

Release

What's Changed

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Extensions.Logging&package-manager=nuget&previous-version=7.0.0&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/Directory.Build.targets b/packages/@jsii/Directory.Build.targets index 16633d60e1..921e37ef20 100644 --- a/packages/@jsii/Directory.Build.targets +++ b/packages/@jsii/Directory.Build.targets @@ -3,7 +3,7 @@ - + From 818c7e7a1e6b66e37c35602deaa751fc1b1f559e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 17:10:04 +0000 Subject: [PATCH 06/27] chore(deps): Bump Microsoft.Extensions.Logging.Console from 7.0.0 to 8.0.0 in /packages/@jsii/dotnet-runtime-test/test (#4343) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [Microsoft.Extensions.Logging.Console](https://github.com/dotnet/runtime) from 7.0.0 to 8.0.0.
Release notes

Sourced from Microsoft.Extensions.Logging.Console's releases.

.NET 8.0.0

Release

.NET 8.0 RC 2

Release

.NET 8.0 RC 1

Release

.NET 8.0 Preview 7

Release

.NET 8.0 Preview 6

Release

.NET 8.0 Preview 5

Release

.NET 8.0 Preview 4

Release

.NET 8.0 Preview 3

Release

.NET 8.0 Preview 2

Release

.NET 8.0 Preview 1

Release

.NET 7.0.14

Release

What's Changed

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Extensions.Logging.Console&package-manager=nuget&previous-version=7.0.0&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/Directory.Build.targets b/packages/@jsii/Directory.Build.targets index 921e37ef20..1201f4c86c 100644 --- a/packages/@jsii/Directory.Build.targets +++ b/packages/@jsii/Directory.Build.targets @@ -4,7 +4,7 @@ - + From b7c0f7f473005ccad5314712dd1bdc89a64178b4 Mon Sep 17 00:00:00 2001 From: Rico Hermans Date: Thu, 23 Nov 2023 16:14:10 +0100 Subject: [PATCH 07/27] chore: update superchain README (#4346) --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- superchain/README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/superchain/README.md b/superchain/README.md index c1a718be7b..92cea7deb3 100644 --- a/superchain/README.md +++ b/superchain/README.md @@ -26,22 +26,21 @@ Maintained image tags are named using the following pattern: public.ecr.aws/jsii/superchain:-(-node)(-nightly) ``` -- `` is the major line of the jsii toolchain - - The only supported value is `1` -- `` is the base image tag (e.g: `buster-slim`, `bullseye-slim`, `bookworm-slim`) - - The only supported value is `buster-slim` +- `` is the major line of the jsii toolchain (must be `1`) +- `` is the base image tag (must be `bullseye-slim`) - `` is the major version of node contained in the image - `18` corresponds to node 18.x, this is the default - `20` corresponds to node 20.x - `-nightly` images are released from the `HEAD` of the [`aws/jsii`][jsii] repository and should typically not be used for production workloads -The previous image tags have been discontinued: +**The previous image tags have been discontinued and must NOT BE USED ANYMORE:** - `:latest` (users should migrate to `:1-bullseye-slim`) - `:nightly` (users should migrate to `:1-bullseye-slim-nightly`) - `:nodeX` (users should migrate to an image using a supported node version) - `:nodeX-nightly` (users should migrate to a nightly image using a supported node version) +- `:1-buster-slim-*` (users should migrate to `:1-bullseye-slim`) ## Building From 2ecfb778130c1a2fdd6b4932216e144a0d079d5c Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Fri, 24 Nov 2023 19:12:54 +0100 Subject: [PATCH 08/27] feat(go): add jsii.Sprintf helper (#4345) It's a fairly common practice to compose string values using `fmt.Sprintf`, however in order to use these with `jsii` they need to be stored into a variable so a pointer can be taken from them, or they need passed into the `jsii.String` function. This new helper removes this constraint and provides a simple way to perform `jsii`-friendly string interpolation. --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- packages/@jsii/go-runtime/jsii-runtime-go/helpers.go | 11 ++++++++++- .../@jsii/go-runtime/jsii-runtime-go/helpers_test.go | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/packages/@jsii/go-runtime/jsii-runtime-go/helpers.go b/packages/@jsii/go-runtime/jsii-runtime-go/helpers.go index 54f7bc2fce..088e161460 100644 --- a/packages/@jsii/go-runtime/jsii-runtime-go/helpers.go +++ b/packages/@jsii/go-runtime/jsii-runtime-go/helpers.go @@ -1,6 +1,9 @@ package jsii -import "time" +import ( + "fmt" + "time" +) type basicType interface { bool | string | float64 | time.Time @@ -51,6 +54,12 @@ func Numbers[T numberType](v ...T) *[]*float64 { // String returns a pointer to the provided string. func String(v string) *string { return Ptr(v) } +// Sprintf returns a pointer to a fomratted string (semantics are the same as fmt.Sprintf). +func Sprintf(format string, a ...interface{}) *string { + res := fmt.Sprintf(format, a...) + return &res +} + // Strings returns a pointer to a slice of pointers to all of the provided strings. func Strings(v ...string) *[]*string { return PtrSlice(v...) diff --git a/packages/@jsii/go-runtime/jsii-runtime-go/helpers_test.go b/packages/@jsii/go-runtime/jsii-runtime-go/helpers_test.go index 4287dbeda9..edb6cbf0d3 100644 --- a/packages/@jsii/go-runtime/jsii-runtime-go/helpers_test.go +++ b/packages/@jsii/go-runtime/jsii-runtime-go/helpers_test.go @@ -64,6 +64,10 @@ func TestString(t *testing.T) { assert.Equal(t, "Hello", *String("Hello")) } +func TestSprintf(t *testing.T) { + assert.Equal(t, "formatted: 42", *Sprintf("formatted: %d", 42)) +} + func TestStrings(t *testing.T) { assert.Equal(t, []*string{String("Hello"), String("World")}, *Strings("Hello", "World")) } From ae8c0ac2f3eed9c9905f55b1e80d0b7f58de9570 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Nov 2023 18:56:00 +0000 Subject: [PATCH 09/27] chore(deps-dev): Bump mypy from 1.7.0 to 1.7.1 in /packages/jsii-pacmak/test/generated-code (#4347) Bumps [mypy](https://github.com/python/mypy) from 1.7.0 to 1.7.1.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy&package-manager=pip&previous-version=1.7.0&new-version=1.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/jsii-pacmak/test/generated-code/requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/jsii-pacmak/test/generated-code/requirements-dev.txt b/packages/jsii-pacmak/test/generated-code/requirements-dev.txt index 953c8fa1f9..55c36a61a3 100644 --- a/packages/jsii-pacmak/test/generated-code/requirements-dev.txt +++ b/packages/jsii-pacmak/test/generated-code/requirements-dev.txt @@ -1,2 +1,2 @@ -mypy==1.7.0 +mypy==1.7.1 pip==23.3.1 # required to use --config-settings From 2099b6955093a2bd06325079b4ab3f3f2c8c3ca7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 12:00:13 +0000 Subject: [PATCH 10/27] chore(deps-dev): Update mkdocs-material requirement from ~=9.4.10 to ~=9.4.14 in /gh-pages (#4349) Updates the requirements on [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version.
Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.4.14

  • Added support for linking authors in blog posts
Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.4.14+insiders-4.46.0 (2023-11-26)

  • Added support for author profiles in blog plugin
  • Fixed custom index pages yielding two navigation items (4.45.0 regression)

mkdocs-material-9.4.14 (2023-11-26)

  • Added support for linking authors in blog posts

mkdocs-material-9.4.13 (2023-11-26)

  • Fixed #6365: Blog plugin pagination links to previous pages broken
  • Fixed #5758: Updated Mermaid.js to version 10.6.1 (latest)

mkdocs-material-9.4.12+insiders-4.45.0 (2023-11-24)

  • Added support for sorting blog categories by post count or custom function
  • Improved tags plugin to generate Unicode-aware slugs by default
  • Fixed non-deterministic order of multiple authors in blog plugin

mkdocs-material-9.4.12 (2023-11-24)

  • Improved blog plugin to generate Unicode-aware slugs by default
  • Fixed non-deterministic order of categories in blog plugin

mkdocs-material-9.4.11+insiders-4.44.0 (2023-11-23)

  • Added pagination settings for archive pages in blog plugin
  • Added pagination settings for category pages in blog plugin

mkdocs-material-9.4.11 (2023-11-23)

  • Fixed #6364: Search plugin crashing when enabling theme while serving
  • Fixed blog plugin crashing when disabling pagination

mkdocs-material-9.4.10+insiders-4.43.1 (2023-11-19)

  • Added third-party theme support in projects plugin, improving editing
  • Fixed #6360: Projects plugin crashes when theme is not Material for MkDocs
  • Fixed #6306: Projects plugin not reloading nested project configuration

mkdocs-material-9.4.10 (2023-11-19)

  • Fixed #6356: Version selector can't be disabled via mike's configuration
  • Fixed #6281: Navigation not rendering due to Safari bug (9.4.2 regression)
  • Fixed #6261: Navigation expansion animates on first load (9.4.2 regression)

mkdocs-material-9.4.9 (2023-11-17)

  • Fixed #6344: Long entries cutoff in table of contents

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- gh-pages/requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gh-pages/requirements-dev.txt b/gh-pages/requirements-dev.txt index 3dac1eea18..1e38c5b606 100644 --- a/gh-pages/requirements-dev.txt +++ b/gh-pages/requirements-dev.txt @@ -1,4 +1,4 @@ mkdocs~=1.5.3 mkdocs-awesome-pages-plugin~=2.9.2 -mkdocs-material~=9.4.10 +mkdocs-material~=9.4.14 mkdocs-git-revision-date-plugin~=0.3.2 From d305ab827db8ba41370bc19f361c553fbe263cff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 13:07:45 +0000 Subject: [PATCH 11/27] chore(deps): Update setuptools requirement from ~=68.2.2 to ~=69.0.2 in /packages/@jsii/python-runtime (#4353) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
Changelog

Sourced from setuptools's changelog.

v69.0.2

Bugfixes

  • Added missing estimated date for removing setuptools.dep_util (deprecated in v69.0.0). (#4131)

v69.0.1

Bugfixes

  • Fixed imports of setuptools.dep_util.newer_group. A deprecation warning is issued instead of a hard failure. (#4126)

v69.0.0

Features

  • Include type information (py.typed, *.pyi) by default (#3136) -- by :user:Danie-1, EXPERIMENTAL. (#3136)
  • Exported distutils.dep_util and setuptools.dep_util through setuptools.modified -- by :user:Avasam (#4069)
  • Merged with pypa/distutils@7a04cbda0fc714.

Bugfixes

  • Replaced hardcoded numeric values with :obj:dis.opmap, fixing problem with 3.13.0a1. (#4094)

Deprecations and Removals

  • Configuring project version and egg_info.tag_* in such a way that results in invalid version strings (according to :pep:440) is no longer permitted. (#4066)
  • Removed deprecated egg_base option from dist_info. Note that the dist_info command is considered internal to the way setuptools build backend works and not intended for public usage. (#4066)
  • The parsing of the deprecated metadata.license_file and metadata.requires fields in setup.cfg is no longer supported. Users are expected to move to metadata.license_files and

... (truncated)

Commits
  • 4f6449f Bump version: 69.0.1 → 69.0.2
  • a4298d1 Add missing estimated date for removing setuptools.dep_util (#4132)
  • 1495738 Add news fragment
  • c836172 Improve warning visibility with due date and reference url
  • d148d9e Bump version: 69.0.0 → 69.0.1
  • 28775f3 Allow imports of setuptools.dep_util.newer_group with deprecation warning (#4...
  • 7d90e9f Add newsfragment
  • e1f8783 Allow imports of setuptools.dep_util.newer_group with deprecation warning
  • 536d4a8 Bump version: 68.2.2 → 69.0.0
  • b8992ad Mark flaky test on PyPy with xfail (#4124)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/python-runtime/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/python-runtime/requirements.txt b/packages/@jsii/python-runtime/requirements.txt index 40c1cb7234..a0f6d225d9 100644 --- a/packages/@jsii/python-runtime/requirements.txt +++ b/packages/@jsii/python-runtime/requirements.txt @@ -3,7 +3,7 @@ mypy==1.7.0 pip~=23.3 pytest~=7.4 pytest-mypy~=0.10 -setuptools~=68.2.2 +setuptools~=69.0.2 types-python-dateutil~=2.8 wheel~=0.41 From ffee4ae3bdc3b5e643235a20297e25235314f97c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 13:49:11 +0000 Subject: [PATCH 12/27] chore(deps): Update wheel requirement from ~=0.41 to ~=0.42 in /packages/@jsii/python-runtime (#4351) Updates the requirements on [wheel](https://github.com/pypa/wheel) to permit the latest version.
Release notes

Sourced from wheel's releases.

0.42.0

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)
Changelog

Sourced from wheel's changelog.

Release Notes

0.42.0 (2023-11-26)

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

  • Updated vendored packaging to 23.2
  • Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

  • Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
  • Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)
  • Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

  • Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri)
  • Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

  • Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag)
  • Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)
  • Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

0.40.0 (2023-03-14)

  • Added a wheel tags command to modify tags on an existing wheel (PR by Henry Schreiner)
  • Updated vendored packaging to 23.0
  • wheel unpack now preserves the executable attribute of extracted files
  • Fixed spaces in platform names not being converted to underscores (PR by David Tucker)
  • Fixed RECORD files in generated wheels missing the regular file attribute
  • Fixed DeprecationWarning about the use of the deprecated pkg_resources API (PR by Thomas Grainger)
  • Wheel now uses flit-core as a build backend (PR by Henry Schreiner)

... (truncated)

Commits
  • 63a09bb Created a new release
  • f4b8e48 Several fixes to WHEEL metadata handling (#588)
  • 11e5732 [pre-commit.ci] pre-commit autoupdate (#586)
  • fe6bb82 [pre-commit.ci] pre-commit autoupdate (#584)
  • b90a4bc [pre-commit.ci] pre-commit autoupdate (#581)
  • 56de2eb Added a link to the GitHub repository to pyproject.toml (#563)
  • a899f1c Fixed parameter for release-notes
  • 254ba46 Created a new release
  • 6f33736 Updated actions and added GitHub release automation
  • 83b77e5 Replaced black with ruff-format
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/python-runtime/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/python-runtime/requirements.txt b/packages/@jsii/python-runtime/requirements.txt index a0f6d225d9..ea715a730b 100644 --- a/packages/@jsii/python-runtime/requirements.txt +++ b/packages/@jsii/python-runtime/requirements.txt @@ -5,6 +5,6 @@ pytest~=7.4 pytest-mypy~=0.10 setuptools~=69.0.2 types-python-dateutil~=2.8 -wheel~=0.41 +wheel~=0.42 -e . From 9bf222fd8633243b11a4b4a8f74fe08bffcea9cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:32:30 +0000 Subject: [PATCH 13/27] chore(deps): Bump Microsoft.CodeAnalysis.CSharp.Workspaces from 4.7.0 to 4.8.0 in /packages/@jsii/dotnet-runtime-test/test (#4350) Bumps [Microsoft.CodeAnalysis.CSharp.Workspaces](https://github.com/dotnet/roslyn) from 4.7.0 to 4.8.0.
Release notes

Sourced from Microsoft.CodeAnalysis.CSharp.Workspaces's releases.

.NET 6.0.1

Release

.NET 5.0.4

Release

.NET 5.0.2

Release Notes Install Instructions

Repos

Changelog

Sourced from Microsoft.CodeAnalysis.CSharp.Workspaces's changelog.

Version 4.7.0

SymbolDisplayFormat includes parameter name when invoked on IParameterSymbol

All SymbolDisplayFormats (predefined and user-created) now include parameter names by default if used on a standalone IParameterSymbol for consistency with predefined formats (see the breaking change for version 4.5.0 above).

Changed IncrementalStepRunReason when a modified input produced a new output

IncrementalGeneratorRunStep.Outputs previously contained IncrementalStepRunReason.Modified as Reason when the input to the step was modified in a way that produced a new output. Now the reason will be reported more accurately as IncrementalStepRunReason.New.

Version 4.8.0

Changed Assembly.Location behavior in non-Windows

The value of Assembly.Location previously held the location on disk where an analyzer or source generator was loaded from. This could be either the original location or the shadow copy location. In 4.8 this will be "" in certain cases when running on non Windows platforms. This is due the compiler server loading assemblies using AssemblyLoadContext.LoadFromStream instead of loading from disk.

This could already happen in other load scenarios but this change moves it into mainline build scenarios.

Deprecation warning for SyntaxNode serialization

The ability to serialize/deserialize a SyntaxNode to/from a Stream has been deprecated. The code for this still exists in Roslyn, but attempting to call the APIs to perform these functions will result in 'Obsolete' warnings being reported. A future version of Roslyn will remove this functionality entirely. This functionality could only work for a host that wrote out the nodes to a stream, and later read it back in within the same process instance. It could not be used to communicate across processes, or for persisting nodes to disk to be read in at a later time by a new host sessions. This functionality originally existed for the days when Roslyn was hosted in 32bit processes with limited address space. That is no longer a mainline supported scenario. Clients can get similar functionality by persisting the text of the node, and parsing it back out when needed.

PR: dotnet/roslyn#70365

Version 4.9.0

Obsoletion and removal of SyntaxNode serialization.

Continuation of the deprecation that happened in 4.8.0 (see information above). In 4.9.0 this functionality is now entirely removed, and will issue both an obsoletion error, and will throw at runtime if the APIs are used.

PR: dotnet/roslyn#70277

Changes in Microsoft.CodeAnalysis.Emit.EmitBaseline.CreateInitialBaseline method

A new required parameter Compilation has been added. Existing overloads without this parameter no longer work and throw NotSupportedException.

Changes in Microsoft.CodeAnalysis.Emit.SemanticEdit constructors

The value of preserveLocalVariables passed to the constructors is no longer used.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.CodeAnalysis.CSharp.Workspaces&package-manager=nuget&previous-version=4.7.0&new-version=4.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/Directory.Build.targets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/Directory.Build.targets b/packages/@jsii/Directory.Build.targets index 1201f4c86c..a750280a90 100644 --- a/packages/@jsii/Directory.Build.targets +++ b/packages/@jsii/Directory.Build.targets @@ -6,7 +6,7 @@ - + From 4d36f1b6383d51785b76f898dc35e4f1bea917ab Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Mon, 27 Nov 2023 16:13:12 +0100 Subject: [PATCH 14/27] chore: use Node 18 in yarn upgrade workflow (#4355) Workflow currently fails due to the Node version being incompatible with used packages. --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- .github/workflows/yarn-upgrade.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index 04456ae054..6fbef87768 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -21,7 +21,7 @@ jobs: uses: actions/setup-node@v4 with: cache: yarn - node-version: 16 + node-version: 18 - name: Install Tools run: |- From ab5ee50da2b56c33f6f81654baa874ceccc9eb89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 15:58:20 +0000 Subject: [PATCH 15/27] chore(deps): Bump mypy from 1.7.0 to 1.7.1 in /packages/@jsii/python-runtime (#4352) Bumps [mypy](https://github.com/python/mypy) from 1.7.0 to 1.7.1.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mypy&package-manager=pip&previous-version=1.7.0&new-version=1.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/python-runtime/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@jsii/python-runtime/requirements.txt b/packages/@jsii/python-runtime/requirements.txt index ea715a730b..63853ed2f3 100644 --- a/packages/@jsii/python-runtime/requirements.txt +++ b/packages/@jsii/python-runtime/requirements.txt @@ -1,5 +1,5 @@ black~=23.11 -mypy==1.7.0 +mypy==1.7.1 pip~=23.3 pytest~=7.4 pytest-mypy~=0.10 From 7b8d70957982aae09e94b20b13ea90340faab95e Mon Sep 17 00:00:00 2001 From: Rico Hermans Date: Mon, 27 Nov 2023 19:51:07 +0100 Subject: [PATCH 16/27] chore: update DockerHub README daily (#4356) Add a GitHub action to update the DockerHub README of the superchain image every day. Needed to to refactor the steps a little bit to get the credentials out in a way the Action needs them. (Of course, no way to test this except in production :/ ) --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- .github/workflows/docker-images.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml index 3df903d346..79eb41a9a0 100644 --- a/.github/workflows/docker-images.yml +++ b/.github/workflows/docker-images.yml @@ -95,14 +95,21 @@ jobs: aws ecr-public get-login-password --region=us-east-1 \ | docker login --username AWS --password-stdin public.ecr.aws + - name: Slice DockerHub credentials + id: credentials + run: |- + echo "username=$(cut -d: -f1 <<< '${{ secrets.DOCKER_CREDENTIALS }}')" >> "$GITHUB_OUTPUT" + echo "password=$(cut -d: -f2 <<< '${{ secrets.DOCKER_CREDENTIALS }}')" >> "$GITHUB_OUTPUT" + echo "::add-mask::$(cut -d: -f2 <<< '${{ secrets.DOCKER_CREDENTIALS }}')" + # We only authenticate to Docker on the 'aws/jsii' repo, as forks will not have the secret - name: Login to Docker Hub if: steps.should-run.outputs.result == 'true' && github.repository == 'aws/jsii' # The DOCKER_CREDENTIALS secret is expected to contain a username:token pair run: |- docker login \ - --username=$(cut -d: -f1 <<< '${{ secrets.DOCKER_CREDENTIALS }}') \ - --password=$(cut -d: -f2 <<< '${{ secrets.DOCKER_CREDENTIALS }}') + --username=${{ steps.credentials.outputs.username }} \ + --password=${{ steps.credentials.outputs.password }} # Ensure we run with bash, because that's the syntax we're using here... shell: bash @@ -216,6 +223,15 @@ jobs: . fi + - name: Update README (nightly) + if: steps.should-run.outputs.result == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' + uses: peter-evans/dockerhub-description@v3 + with: + username: ${{ steps.credentials.outputs.username }} + password: ${{ steps.credentials.outputs.password }} + repository: jsii/superchain + readme-filepath: ./superchain/README.md + - name: Publish (latest) if: steps.should-run.outputs.result == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/release' # NOTE BELOW: The `--tag` flags can be provided multiple times... we use that capability... From 79a0f793e08043ae4d9111a39133b3880c98c21a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 12:26:25 +0000 Subject: [PATCH 17/27] chore(deps): Bump golang.org/x/tools from 0.15.0 to 0.16.0 in /packages/@jsii/go-runtime-test/project (#4358) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.15.0 to 0.16.0.
Commits
  • a9ef4cf go.mod: update golang.org/x dependencies
  • d9b9452 gopls/internal/lsp/cache: move quick-fix bundling logic to the cache pkg
  • 1733061 go/analysis/passes/testinggoroutine: report by enclosing regions
  • b19be0f gopls/internal/cmd/help_test.go: document
  • daa4aa5 gopls/internal/lsp/source: stubmethods: fix out-of-bounds index
  • a586d0d go/types/internal/play: show more types.Scope detail
  • 53ad329 gopls/internal/lsp/source: move edit logic into the protocol package
  • 3c677e3 gopls/internal/lsp/cache: move SuggestedFixFromCommand into cache
  • ab6af7d gopls/internal/lsp/source: extract InDir to a new pathutil package
  • e7d61d9 gopls/internal/lsp/cache: simplify named error values
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.15.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/go-runtime-test/project/go.mod | 2 +- packages/@jsii/go-runtime-test/project/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/@jsii/go-runtime-test/project/go.mod b/packages/@jsii/go-runtime-test/project/go.mod index e6de3322f6..a3a895128c 100644 --- a/packages/@jsii/go-runtime-test/project/go.mod +++ b/packages/@jsii/go-runtime-test/project/go.mod @@ -9,7 +9,7 @@ require ( github.com/aws/jsii/jsii-calc/go/scopejsiicalclib v0.0.0-devpreview github.com/stretchr/testify v1.8.4 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 - golang.org/x/tools v0.15.0 + golang.org/x/tools v0.16.0 ) require ( diff --git a/packages/@jsii/go-runtime-test/project/go.sum b/packages/@jsii/go-runtime-test/project/go.sum index 95448607a6..62df36a7e3 100644 --- a/packages/@jsii/go-runtime-test/project/go.sum +++ b/packages/@jsii/go-runtime-test/project/go.sum @@ -36,6 +36,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= +golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= +golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From b5802449f4b9292b3396353f1fa3fa768a779cd7 Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Tue, 28 Nov 2023 18:28:24 +0100 Subject: [PATCH 18/27] feat: deprecate `jsii/superchain:buster-slim-*` images (#4359) jsii now requires Python 3.8 Debian Buster only ships with Python 3.7 and we recommend users to upgrade to Bullseye based images. Let's stop building Buster images. Also clarifies our build permutations in the README. --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- .github/workflows/docker-images.yml | 9 ++-- superchain/README.md | 75 ++++++++++++++++++++++------- 2 files changed, 62 insertions(+), 22 deletions(-) diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml index 79eb41a9a0..c471a13b88 100644 --- a/.github/workflows/docker-images.yml +++ b/.github/workflows/docker-images.yml @@ -22,12 +22,13 @@ jobs: fail-fast: false matrix: debian: - - 'buster' # 10 - 'bullseye' # 11 + - 'bookworm' # 12 node: ['18', '20'] - include: - - debian: 'bookworm' #12 - node: '20' + exclude: + # We publish bullseye only with Node >= 20 + - debian: 'bullseye' + node: '18' env: # Node version whose images will be aliased without the -nodeXX segment DEFAULT_NODE_MAJOR_VERSION: 18 diff --git a/superchain/README.md b/superchain/README.md index 92cea7deb3..2a1e7db58f 100644 --- a/superchain/README.md +++ b/superchain/README.md @@ -6,16 +6,25 @@ required in order to package [jsii] projects in all supported languages. [debian]: https://gallery.ecr.aws/debian/debian [jsii]: https://github.com/aws/jsii +## Recommended image + +We recommend the following image for most users. +See [Image tags](#image-tags) for further details. + +``` +public.ecr.aws/jsii/superchain:1-bullseye-slim +``` + ## Included Language SDKs | SDK | Version | | ------------ | ---------------------------------------- | -| `OpenJDK 20` | Amazon Corretto `>= 20.0.0` | +| `OpenJDK 20` | Amazon Corretto `>= 20.0.2` | | `.NET SDK` | `>= 6.0.14` | -| `mono` | `>= 6.8.0.105` | +| `mono` | `>= 6.12.0.200` | | `Javascript` | see [NodeJS and NPM](#nodejs-and-npm) | -| `PowerShell` | `pwsh >= 7.1.3` | -| `Python 3` | `python3 >= 3.7.4` with `pip3 >= 20.0.2` | +| `PowerShell` | `pwsh >= 7.2.16` | +| `Python 3` | see [Python'](#python) | | `Go` | `go >= 1.18` | ## Image tags @@ -27,20 +36,25 @@ public.ecr.aws/jsii/superchain:-(-node)(-nightly) ``` - `` is the major line of the jsii toolchain (must be `1`) -- `` is the base image tag (must be `bullseye-slim`) +- `` is the base image tag, currently supported base images are + - `bookworm-slim` + - `bullseye-slim` - `` is the major version of node contained in the image - `18` corresponds to node 18.x, this is the default - `20` corresponds to node 20.x - `-nightly` images are released from the `HEAD` of the [`aws/jsii`][jsii] repository and should typically not be used for production workloads +**The following base image lines have been deprecated and are not updated anymore. Users are adviced to upgrade to :** + +- `:1-buster-slim-*` + **The previous image tags have been discontinued and must NOT BE USED ANYMORE:** - `:latest` (users should migrate to `:1-bullseye-slim`) - `:nightly` (users should migrate to `:1-bullseye-slim-nightly`) - `:nodeX` (users should migrate to an image using a supported node version) - `:nodeX-nightly` (users should migrate to a nightly image using a supported node version) -- `:1-buster-slim-*` (users should migrate to `:1-bullseye-slim`) ## Building @@ -59,10 +73,20 @@ jsii$ docker build . -f superchain/Dockerfile -t jsii/superchain:local --target= ## NodeJS and NPM -We build multiple versions of this image, for different versions of Node. They are available as: +We build multiple versions of this image, for different versions of Node. +You can use a specific Node version like this: + +``` +public.ecr.aws/jsii/superchain:1-bullseye-slim-node20 +``` -* `public.ecr.aws/jsii/superchain:1-bullseye-slim-node18(-nightly)` -* `public.ecr.aws/jsii/superchain:1-bullseye-slim-node20(-nightly)` +We will stop publishing images for Node versions that are EOL. + +| Debian | Node versions | +| ----------------------------| -----------------| +| `bookworm-slim` | `20` | +| `bullseye-slim` | `20`, `18` | +| `buster-slim` (deprecated) | `18`, `16`, `14` | If you are building this image from source, you can control the Node version with the `NODE_MAJOR_VERSION` build argument: @@ -71,22 +95,37 @@ If you are building this image from source, you can control the Node version wit jsii$ docker build [...] --build-arg NODE_MAJOR_VERSION=16 ``` +## Python + +The image includes the most recent Python version available for the respecitve Debian distribution. +A complete list can be viewed on the [Debian website](https://wiki.debian.org/Python#Supported_Python_Versions). + +| Debian | Python version | +| ----------------------------| ---------------| +| `bookworm-slim` | `3.11` | +| `bullseye-slim` | `3.9` | +| `buster-slim` (deprecated) | `3.7` | + + ## Included Tools & Utilities +The following tools & utilities are available for your convinience. +Versions are generally the latest available for the respective Debian distribution. + | Tool / Utility | Version | | --------------- | -------------------------- | | `aws` | `>= 2.11.17` | | `bundler` | `>= 1.17.3` and `>= 2.1.4` | -| `docker` | `>= 18.09.9-ce` | -| `git` | `>= 2.23.1` | -| `make` | `>= 3.82` | -| `maven` | `>= 3.6.3` | -| `openssl` | `>= 1.0.2k-fips` | -| `rsync` | `>= 3.1.2` | -| `yarn` | `>= 1.21.1` | +| `docker` | `>= 24.0.7-ce` | +| `git` | `>= 2.30.2` | +| `make` | `>= 4.3` | +| `maven` | `>= 6.4.15` | +| `openssl` | `>= 1.1.1w` | +| `rsync` | `>= 3.2.3` | +| `yarn` | `>= 1.22.19` | | `zip` & `unzip` | `>= 6.0-19` | -| `gh` | `>= 1.9.2` | -| `sam` | `>= 1.37.0` | +| `gh` | `>= 1.13.1` | +| `sam` | `>= 1.102.0` | ## License From a619d763ddf6c56c10f378ccdc6ed2a96197eb92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 11:59:42 +0000 Subject: [PATCH 19/27] chore(deps): Bump actions/setup-java from 3 to 4 (#4360) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
Release notes

Sourced from actions/setup-java's releases.

v4.0.0

What's Changed

In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-java will run on Node.js 20 instead of Node.js 16.

Breaking changes

Non-breaking changes

New Contributors

Full Changelog: https://github.com/actions/setup-java/compare/v3...v4.0.0

v3.13.0

What's changed

In the scope of this release, support for Dragonwell JDK was added by @​Accelerator1996 in actions/setup-java#532

steps:
 - name: Checkout
   uses: actions/checkout@v3
 - name: Setup-java
   uses: actions/setup-java@v3
   with:
     distribution: 'dragonwell'
     java-version: '17'

Several inaccuracies were also fixed:

New Contributors

Full Changelog: https://github.com/actions/setup-java/compare/v3...v3.13.0

v3.12.0

... (truncated)

Commits
  • 387ac29 Upgrade Node to v20 (#558)
  • 9eda6b5 feat: implement cache-dependency-path option to control caching dependency (#...
  • 78078da Update @​actions/cache dependency and documentation (#549)
  • 5caaba6 add support for microsoft openjdk 21.0.0 (#546)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-java&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0efe8e7a11..84650040da 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -38,7 +38,7 @@ jobs: with: go-version: '1.18' - name: Set up Java 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: '8' @@ -121,7 +121,7 @@ jobs: with: go-version: '1.18' - name: Set up Java 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: '8' @@ -310,7 +310,7 @@ jobs: with: go-version: ${{ matrix.go }} - name: Set up Java ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: ${{ matrix.java }} @@ -440,7 +440,7 @@ jobs: with: go-version: '1.20' - name: Set up Java 20 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'corretto' java-version: '20' From 1940a1ddb73b8e743a661e06b97672b7182c15ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 17:41:44 +0000 Subject: [PATCH 20/27] chore(deps-dev): Update wheel requirement from ~=0.41 to ~=0.42 in /packages/jsii-pacmak/lib/targets/python (#4354) Updates the requirements on [wheel](https://github.com/pypa/wheel) to permit the latest version.
Release notes

Sourced from wheel's releases.

0.42.0

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)
Changelog

Sourced from wheel's changelog.

Release Notes

0.42.0 (2023-11-26)

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

  • Updated vendored packaging to 23.2
  • Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

  • Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
  • Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)
  • Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

  • Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri)
  • Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

  • Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag)
  • Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)
  • Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

0.40.0 (2023-03-14)

  • Added a wheel tags command to modify tags on an existing wheel (PR by Henry Schreiner)
  • Updated vendored packaging to 23.0
  • wheel unpack now preserves the executable attribute of extracted files
  • Fixed spaces in platform names not being converted to underscores (PR by David Tucker)
  • Fixed RECORD files in generated wheels missing the regular file attribute
  • Fixed DeprecationWarning about the use of the deprecated pkg_resources API (PR by Thomas Grainger)
  • Wheel now uses flit-core as a build backend (PR by Henry Schreiner)

... (truncated)

Commits
  • 63a09bb Created a new release
  • f4b8e48 Several fixes to WHEEL metadata handling (#588)
  • 11e5732 [pre-commit.ci] pre-commit autoupdate (#586)
  • fe6bb82 [pre-commit.ci] pre-commit autoupdate (#584)
  • b90a4bc [pre-commit.ci] pre-commit autoupdate (#581)
  • 56de2eb Added a link to the GitHub repository to pyproject.toml (#563)
  • a899f1c Fixed parameter for release-notes
  • 254ba46 Created a new release
  • 6f33736 Updated actions and added GitHub release automation
  • 83b77e5 Replaced black with ruff-format
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .../jsii-pacmak/lib/targets/python/requirements-dev.txt | 2 +- .../generated-code/__snapshots__/examples.test.js.snap | 4 ++-- .../__snapshots__/prerelease-identifiers.test.js.snap | 8 ++++---- .../__snapshots__/target-python.test.js.snap | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/packages/jsii-pacmak/lib/targets/python/requirements-dev.txt b/packages/jsii-pacmak/lib/targets/python/requirements-dev.txt index 2d9112e712..db72a00e0d 100644 --- a/packages/jsii-pacmak/lib/targets/python/requirements-dev.txt +++ b/packages/jsii-pacmak/lib/targets/python/requirements-dev.txt @@ -4,6 +4,6 @@ # package (wheel, sdist), but not declared as build-system dependencies. setuptools~=67.3.2 # build-system -wheel~=0.41 # build-system +wheel~=0.42 # build-system twine~=4.0.2 diff --git a/packages/jsii-pacmak/test/generated-code/__snapshots__/examples.test.js.snap b/packages/jsii-pacmak/test/generated-code/__snapshots__/examples.test.js.snap index cbc750ca01..140caa467f 100644 --- a/packages/jsii-pacmak/test/generated-code/__snapshots__/examples.test.js.snap +++ b/packages/jsii-pacmak/test/generated-code/__snapshots__/examples.test.js.snap @@ -1220,7 +1220,7 @@ testpkg.FooBar=example.test.demo.FooBar exports[`diamond-struct-parameter.ts: /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -2641,7 +2641,7 @@ testpkg.Namespace2.Foo.Final=example.test.demo.Namespace2$Foo.Final exports[`nested-types.ts: /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] diff --git a/packages/jsii-pacmak/test/generated-code/__snapshots__/prerelease-identifiers.test.js.snap b/packages/jsii-pacmak/test/generated-code/__snapshots__/prerelease-identifiers.test.js.snap index 473d5cfe94..9a87703a37 100644 --- a/packages/jsii-pacmak/test/generated-code/__snapshots__/prerelease-identifiers.test.js.snap +++ b/packages/jsii-pacmak/test/generated-code/__snapshots__/prerelease-identifiers.test.js.snap @@ -412,7 +412,7 @@ foo exports[`foo@1.2.3 depends on bar@^2.0.0-rc.42: /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -926,7 +926,7 @@ foo exports[`foo@1.2.3 depends on bar@^4.5.6-pre.1337: /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -1420,7 +1420,7 @@ foo exports[`foo@2.0.0-rc.42: /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -1911,7 +1911,7 @@ foo exports[`foo@4.5.6-pre.1337: /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] diff --git a/packages/jsii-pacmak/test/generated-code/__snapshots__/target-python.test.js.snap b/packages/jsii-pacmak/test/generated-code/__snapshots__/target-python.test.js.snap index b0d3531ebb..dac58bf1dd 100644 --- a/packages/jsii-pacmak/test/generated-code/__snapshots__/target-python.test.js.snap +++ b/packages/jsii-pacmak/test/generated-code/__snapshots__/target-python.test.js.snap @@ -243,7 +243,7 @@ scope.jsii-calc-base exports[`Generated code for "@scope/jsii-calc-base": /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -797,7 +797,7 @@ scope.jsii-calc-base-of-base exports[`Generated code for "@scope/jsii-calc-base-of-base": /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -1324,7 +1324,7 @@ scope.jsii-calc-lib exports[`Generated code for "@scope/jsii-calc-lib": /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] @@ -2984,7 +2984,7 @@ foo = "bar" exports[`Generated code for "jsii-calc": /python/pyproject.toml 1`] = ` [build-system] -requires = ["setuptools~=67.3.2", "wheel~=0.41"] +requires = ["setuptools~=67.3.2", "wheel~=0.42"] build-backend = "setuptools.build_meta" [tool.pyright] From 886e465e60a5b6208a862a20af087cbd924416a9 Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Fri, 1 Dec 2023 11:10:35 +0100 Subject: [PATCH 21/27] fix(check-node): unstable node 21 is incorrectly listed as supported (#4362) Any downstream packages that use `NodeRelease.supported` to compute a list of active Node versions currently believe they should test again Node 21, which we don't actually want. --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- packages/@jsii/check-node/src/constants.ts | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/packages/@jsii/check-node/src/constants.ts b/packages/@jsii/check-node/src/constants.ts index def0d5f8eb..2ead106ac9 100644 --- a/packages/@jsii/check-node/src/constants.ts +++ b/packages/@jsii/check-node/src/constants.ts @@ -25,16 +25,16 @@ export class NodeRelease { ), // Past end-of-life releases - new NodeRelease(13, { endOfLife: new Date('2020-06-01') }), - new NodeRelease(14, { - endOfLife: new Date('2023-04-30'), - supportedRange: '^14.17.0', - }), - new NodeRelease(15, { endOfLife: new Date('2021-06-01') }), new NodeRelease(12, { endOfLife: new Date('2022-04-30'), supportedRange: '^12.7.0', }), + new NodeRelease(13, { endOfLife: new Date('2020-06-01'), untested: true }), + new NodeRelease(14, { + endOfLife: new Date('2023-04-30'), + supportedRange: '^14.17.0', + }), + new NodeRelease(15, { endOfLife: new Date('2021-06-01'), untested: true }), new NodeRelease(16, { endOfLife: new Date('2023-09-11'), supportedRange: '^16.3.0', @@ -42,13 +42,14 @@ export class NodeRelease { new NodeRelease(17, { endOfLife: new Date('2022-06-01'), supportedRange: '^17.3.0', + untested: true, }), - new NodeRelease(19, { endOfLife: new Date('2023-06-01') }), + new NodeRelease(19, { endOfLife: new Date('2023-06-01'), untested: true }), // Currently active releases (as of last edit to this file...) new NodeRelease(18, { endOfLife: new Date('2025-04-30') }), new NodeRelease(20, { endOfLife: new Date('2026-04-30') }), - new NodeRelease(21, { endOfLife: new Date('2024-06-01') }), + new NodeRelease(21, { endOfLife: new Date('2024-06-01'), untested: true }), // Future (planned releases) ]; From 22a547c27648e86342fc4a6e05f51334aea3a282 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 11:31:52 +0000 Subject: [PATCH 22/27] chore(deps): Bump golang.org/x/tools from 0.15.0 to 0.16.0 in /packages/@jsii/go-runtime/jsii-runtime-go (#4357) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.15.0 to 0.16.0.
Commits
  • a9ef4cf go.mod: update golang.org/x dependencies
  • d9b9452 gopls/internal/lsp/cache: move quick-fix bundling logic to the cache pkg
  • 1733061 go/analysis/passes/testinggoroutine: report by enclosing regions
  • b19be0f gopls/internal/cmd/help_test.go: document
  • daa4aa5 gopls/internal/lsp/source: stubmethods: fix out-of-bounds index
  • a586d0d go/types/internal/play: show more types.Scope detail
  • 53ad329 gopls/internal/lsp/source: move edit logic into the protocol package
  • 3c677e3 gopls/internal/lsp/cache: move SuggestedFixFromCommand into cache
  • ab6af7d gopls/internal/lsp/source: extract InDir to a new pathutil package
  • e7d61d9 gopls/internal/lsp/cache: simplify named error values
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.15.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- packages/@jsii/go-runtime-test/project/go.sum | 2 -- packages/@jsii/go-runtime/jsii-runtime-go/go.mod | 2 +- packages/@jsii/go-runtime/jsii-runtime-go/go.sum | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/packages/@jsii/go-runtime-test/project/go.sum b/packages/@jsii/go-runtime-test/project/go.sum index 62df36a7e3..0e54aacb05 100644 --- a/packages/@jsii/go-runtime-test/project/go.sum +++ b/packages/@jsii/go-runtime-test/project/go.sum @@ -34,8 +34,6 @@ golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= -golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/packages/@jsii/go-runtime/jsii-runtime-go/go.mod b/packages/@jsii/go-runtime/jsii-runtime-go/go.mod index 8311a01cbc..e44221d5dc 100644 --- a/packages/@jsii/go-runtime/jsii-runtime-go/go.mod +++ b/packages/@jsii/go-runtime/jsii-runtime-go/go.mod @@ -8,7 +8,7 @@ require ( github.com/mattn/go-isatty v0.0.20 github.com/stretchr/testify v1.8.4 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 - golang.org/x/tools v0.15.0 + golang.org/x/tools v0.16.0 ) require ( diff --git a/packages/@jsii/go-runtime/jsii-runtime-go/go.sum b/packages/@jsii/go-runtime/jsii-runtime-go/go.sum index 95448607a6..0e54aacb05 100644 --- a/packages/@jsii/go-runtime/jsii-runtime-go/go.sum +++ b/packages/@jsii/go-runtime/jsii-runtime-go/go.sum @@ -34,8 +34,8 @@ golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= -golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= +golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= +golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 1428f68e997688c42ac99cda94a3851eb7fb6f90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 12:35:54 +0000 Subject: [PATCH 23/27] chore(deps): Bump actions/setup-dotnet from 3 to 4 (#4363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 3 to 4.
Release notes

Sourced from actions/setup-dotnet's releases.

v4.0.0

What's Changed

In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-dotnet will run on Node.js 20 instead of Node.js 16.

Breaking changes

Update Node.js runtime to version 20 by @​harithavattikuti in #484

Non-breaking changes

New Contributors

Full Changelog: https://github.com/actions/setup-dotnet/compare/v3...v4.0.0

v3.2.0

What's Changed

In scope of this minor release, the ability to cache the NuGet global-packages folder was added in actions/setup-dotnet#303 by @​nogic1008

For caching, the action uses the @​toolkit/cache library under the hood, which in turn allows getting rid of configuring the @​actions/cache action separately.

Such input parameters as cache and cache-dependency-path were added. The cache input is optional, and caching is turned off by default, cache-dependency-path is used to specify the path to a dependency file - packages.lock.json.

Example of use-case:

- uses: actions/setup-dotnet@v3
  with:
    dotnet-version: 6.x
    cache: true
    cache-dependency-path: subdir/packages.lock.json

More details can be found in the action's documentation.

Full Changelog: https://github.com/actions/setup-dotnet/compare/v3...v3.2.0

v3.1.0

What's Changed

This minor release includes the following new features:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-dotnet&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 84650040da..67a54fcf46 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v4 # Set up all of our standard runtimes - name: Set up .NET 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v4 with: dotnet-version: '6.0.x' - name: Set up Go 1.18 @@ -113,7 +113,7 @@ jobs: uses: actions/checkout@v4 # Set up all of our standard runtimes - name: Set up .NET 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v4 with: dotnet-version: '6.0.x' - name: Set up Go 1.18 @@ -302,7 +302,7 @@ jobs: rm built-tree.tgz # Set up all of our standard runtimes (this is matrix-based) - name: Set up .NET ${{ matrix.dotnet }} - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ matrix.dotnet }} - name: Set up Go ${{ matrix.go }} @@ -432,7 +432,7 @@ jobs: path: ${{ runner.temp }}/release-package # Set up all of our standard runtimes - name: Set up .NET 7 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v4 with: dotnet-version: '7.0.x' - name: Set up Go 1.20 From feb80f7971cf7655e6adaa8cfd0ab91ca495cafb Mon Sep 17 00:00:00 2001 From: paulhcsun <47882901+paulhcsun@users.noreply.github.com> Date: Tue, 5 Dec 2023 14:02:05 -0800 Subject: [PATCH 24/27] chore: add author paulhcs to contribution/core (#4364) Add author paulhcs to contribution/core. --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- .mergify/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mergify/config.yml b/.mergify/config.yml index 1fb8434fc7..e06510673b 100644 --- a/.mergify/config.yml +++ b/.mergify/config.yml @@ -11,7 +11,7 @@ pull_request_rules: label: add: [contribution/core] conditions: - - author~=^(RomainMuller|rix0rrr|MrArnoldPalmer|iliapolo|madeline-k|comcalvi|kaizencc|corymhall|otaviomacedo|TheRealAmazonKendra|vinayak-kukreja|mrgrain|colifran|mikewrighton)$ + - author~=^(RomainMuller|rix0rrr|MrArnoldPalmer|iliapolo|madeline-k|comcalvi|kaizencc|corymhall|otaviomacedo|TheRealAmazonKendra|vinayak-kukreja|mrgrain|colifran|mikewrighton|paulhcsun)$ - -label~="contribution/core" - name: Tell them we're good now actions: From 236ee1890fbdbfe57808580d62160428163456fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 11:56:45 +0000 Subject: [PATCH 25/27] chore(deps): Bump actions/setup-python from 4 to 5 (#4365) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: https://github.com/actions/setup-python/compare/v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
  with:
    python-version: 'graalpy-22.3'
- run: python my_script.py

Besides, the release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-python/compare/v4...v4.8.0

v4.7.1

What's Changed

Full Changelog: https://github.com/actions/setup-python/compare/v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).

      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/gh-pages.yml | 2 +- .github/workflows/main.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index c6fce8593b..68402c7d35 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -20,7 +20,7 @@ jobs: - name: Check out uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: cache: 'pip' cache-dependency-path: 'gh-pages/requirements-dev.txt' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 67a54fcf46..ee7c4102a1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -48,7 +48,7 @@ jobs: cache: yarn node-version: '18' - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.8' cache: pip @@ -131,7 +131,7 @@ jobs: cache: yarn node-version: '18' - name: Set up Python 3.8 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.8' cache: pip @@ -320,7 +320,7 @@ jobs: cache: yarn node-version: ${{ matrix.node }} - name: Set up Python ${{ matrix.python }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} cache: pip @@ -449,7 +449,7 @@ jobs: with: node-version: '20' - name: Set up Python 3.11 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install python3-venv From 091d6ea210bdb4a5f2fbe517175a89321e5964b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 12:39:35 +0000 Subject: [PATCH 26/27] chore(deps): Bump actions/setup-go from 4 to 5 (#4366) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v5.0.0

v4.1.0

What's Changed

In scope of this release, slow installation on Windows was fixed by @​dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383)

This release also includes the following changes:

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v4.1.0

v4.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v4.0.1

Commits
  • 0c52d54 Update dependencies for node20 (#445)
  • bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
  • 3d65fa5 feat: bump to use actions/checkout@v4
  • 8a505c9 feat: bump to use node20 runtime
  • 883490d Merge pull request #417 from artemgavrilov/main
  • d45ebba Rephrase sentence
  • 317c661 Replace wildcards term with globs.
  • f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
  • 8018234 Improve documentation regarding dependencies cachin
  • d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ee7c4102a1..32cafb7fa9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,7 +34,7 @@ jobs: with: dotnet-version: '6.0.x' - name: Set up Go 1.18 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: '1.18' - name: Set up Java 8 @@ -117,7 +117,7 @@ jobs: with: dotnet-version: '6.0.x' - name: Set up Go 1.18 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: '1.18' - name: Set up Java 8 @@ -306,7 +306,7 @@ jobs: with: dotnet-version: ${{ matrix.dotnet }} - name: Set up Go ${{ matrix.go }} - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go }} - name: Set up Java ${{ matrix.java }} @@ -436,7 +436,7 @@ jobs: with: dotnet-version: '7.0.x' - name: Set up Go 1.20 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: '1.20' - name: Set up Java 20 From e4d2caa27227a05f3b9ad4866211bac329744d14 Mon Sep 17 00:00:00 2001 From: AWS CDK Team Date: Fri, 8 Dec 2023 16:15:55 +0000 Subject: [PATCH 27/27] chore(release): 1.93.0 --- CHANGELOG.md | 13 +++++++++++++ lerna.json | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c428182b2..533bfa5ff9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,19 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [1.93.0](https://github.com/aws/jsii/compare/v1.92.0...v1.93.0) (2023-12-08) + + +### Features + +* deprecate `jsii/superchain:buster-slim-*` images ([#4359](https://github.com/aws/jsii/issues/4359)) ([b580244](https://github.com/aws/jsii/commit/b5802449f4b9292b3396353f1fa3fa768a779cd7)) +* **go:** add jsii.Sprintf helper ([#4345](https://github.com/aws/jsii/issues/4345)) ([2ecfb77](https://github.com/aws/jsii/commit/2ecfb778130c1a2fdd6b4932216e144a0d079d5c)) + + +### Bug Fixes + +* **check-node:** unstable node 21 is incorrectly listed as supported ([#4362](https://github.com/aws/jsii/issues/4362)) ([886e465](https://github.com/aws/jsii/commit/886e465e60a5b6208a862a20af087cbd924416a9)) + ## [1.92.0](https://github.com/aws/jsii/compare/v1.91.0...v1.92.0) (2023-11-16) diff --git a/lerna.json b/lerna.json index 69c784d5bf..649bd2352f 100644 --- a/lerna.json +++ b/lerna.json @@ -12,6 +12,6 @@ "rejectCycles": true } }, - "version": "1.92.0", + "version": "1.93.0", "$schema": "node_modules/lerna/schemas/lerna-schema.json" }