Bump cryptography from 35.0.0 to 36.0.0 #6330
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [cryptography](https://github.com/pyca/cryptography) from 35.0.0 to 36.0.0. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@35.0.0...36.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
delete-merged-branch
bot
deleted the
dependabot/pip/cryptography-36.0.0
branch
|
Still merging broken PRs. Any reason not to move to personal access token, as suggested by the documentation? |
|
A personal access token would need us to maintain a separate "robot" account having too much access to the org. But it's possible to use a GitHub App token, I guess. |
|
It's just because it doesn't trigger a workflow run, right? So, the issue is the token, rather than dependabot. |
|
@Dreamsorcerer it did trigger the workflow run but that somehow wasn't taken into account. Let me enable the new shiny feature of requiring the checks to be produced by a certain integration (previously they can be produced by any GitHub App, not just GHA). This probably won't fix it, though. I haven't had time to experiment and learn why this is happening actually. |
|
@Dreamsorcerer you wouldn't believe in what repo I've found the cause of this bug! 🤯🤯🤯🤯🤯🤯🤯🤯🤯🤯🤯🤯🤯 pyca/cryptography#6512 |
This is necessary to resolve the problem of GitHub treating the `skipped` `check` job result as an acceptable outcome and merging broken Dependabot PRs with auto-merge. For example: aio-libs#6330. Inspired by: pyca/cryptography#6512 (comment)
|
@Dreamsorcerer this is how we'll put an end to broken auto-merges: #6369. |
This is necessary to resolve the problem of GitHub treating the `skipped` `check` job result as an acceptable outcome and merging broken Dependabot PRs with auto-merge. For example: aio-libs/aiohttp#6330. Inspired by: pyca/cryptography#6512 (comment)
This is necessary to resolve the problem of GitHub treating the `skipped` `check` job result as an acceptable outcome and merging broken Dependabot PRs with auto-merge. For example: #6330. Inspired by: pyca/cryptography#6512 (comment) PR #6369
This is necessary to resolve the problem of GitHub treating the `skipped` `check` job result as an acceptable outcome and merging broken Dependabot PRs with auto-merge. For example: #6330. Inspired by: pyca/cryptography#6512 (comment) PR #6369 (cherry picked from commit 13b6b4d)
This is necessary to resolve the problem of GitHub treating the `skipped` `check` job result as an acceptable outcome and merging broken Dependabot PRs with auto-merge. For example: #6330. Inspired by: pyca/cryptography#6512 (comment) PR #6369 (cherry picked from commit 13b6b4d)
This is necessary to resolve the problem of GitHub treating the `skipped` `check` job result as an acceptable outcome and merging broken Dependabot PRs with auto-merge. For example: #6330. Inspired by: pyca/cryptography#6512 (comment) PR #6369 (cherry picked from commit 13b6b4d) Co-authored-by: Sviatoslav Sydorenko <[email protected]>
Bumps cryptography from 35.0.0 to 36.0.0.
Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
5d21990Bump for 36.0.0 release (#6643)d09e1edFinal polish on removing backends from places they aren't required (#6644)5bd0c10allow parsing of nonstandard country name and jurisdiction country name (#6641)2b22df1remind people we're going to remove verifier/signer (#6640)b14285eSimplify the code in the AEAD test (#6638)8be0f79Added a CI job for 3.11-dev (#6637)a9f101fReduce number of windows builders (#6636)60c846fMake randomorder a regular job and not a distro one (#6633)ccbcd46Remove unused attributes (#6631)cbc7861Try removing line whose purpose I don't understand (#6632)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)