Skip to content

Bump exasol/python-toolbox from 7 to 8#294

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/exasol/python-toolbox-8
Closed

Bump exasol/python-toolbox from 7 to 8#294
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/exasol/python-toolbox-8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown

Bumps exasol/python-toolbox from 7 to 8.

Release notes

Sourced from exasol/python-toolbox's releases.

8.0.0 - 2026-05-13

Summary

In this major release, several modifications were made to the PTB's workflow templates:

  • For automatically resolving vulnerabilities, the dependency-update.yml workflow was added. For more details, see the Update Dependencies section.
  • The periodic run which was previously executed in the ci.yml has been moved to its own periodic-validation.yml and will run weekly. This also has been modified to run the slow-checks.yml so that more complete linting and coverage information is sent to Sonar.
  • With the addition of periodic-validation.yml, the pr-merge.yml was reduced so that it only executes gh-pages.yml.
  • The unit tests job has been moved from checks.yml to its own fast-tests.yml file.
  • Workflow extensions were added to fast-tests and merge-gate. This allows users to add custom fast-tests-extension.yml and merge-gate-extension.yml files. For more details, check out the Workflow Extensions section.
  • slow-checks.yml is only maintained by the project (not the PTB). See the Not Maintained by the PTB section.

Features

  • #829: Extended removing a job from a workflow to also remove it from the needs of another job
  • #825: Created two workflows by splitting up previous ones:
    • Moved the periodic jobs in ci.yml to its own periodic-validation.yml
    • Moved the unit tests job in checks.yml to its own fast-tests.yml
  • #730: Added workflow extensions to fast-tests and merge-gate
  • #756: Added dependency-update.yml to automate resolving vulnerabilities with a generated pull request
  • #792: Improved dependency-update.yml documentation
  • #831: Switched slow-checks.yml to be provided by the project and not maintained by the PTB and improved output of pydantic validation of .workflow-patcher.yml

Bugfix

  • #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
urllib3 CVE-2026-44431 2.6.3 2.7.0
urllib3 CVE-2026-44432 2.6.3 2.7.0
  • #836: Relocked poetry.lock

Dependency Updates

main

... (truncated)

Commits
  • e46075c Prepare release 8.0.0 (#837)
  • adef495 Feature/831 no longer overwrite slow checks (#834)
  • a9b1d1e Update dependencies to fix vulnerabilities (2026-05-12) (#836)
  • 17f6158 Fix dependency-update.yml (#835)
  • 2ed2caf Documentation/792 improve dependency update documentation (#833)
  • 240a8c5 add dependency-update workflow template (fixes #683) (#756)
  • e83d651 Feature/825 split up workflows unit tests and periodic runs (#826)
  • 3614732 Extend removing a job from a workflow to also remove it from the needs of a...
  • c5e3691 Bugfix/563 fix merge gate (#819)
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [exasol/python-toolbox](https://github.com/exasol/python-toolbox) from 7 to 8.
- [Release notes](https://github.com/exasol/python-toolbox/releases)
- [Commits](exasol/python-toolbox@v7...v8)

---
updated-dependencies:
- dependency-name: exasol/python-toolbox
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Change in dependencies github_actions Pull requests that update GitHub Actions code labels May 18, 2026
@dependabot dependabot Bot had a problem deploying to manual-approval May 18, 2026 22:24 Failure
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Author

Superseded by #306.

@dependabot dependabot Bot closed this Jun 22, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/exasol/python-toolbox-8 branch June 22, 2026 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Change in dependencies github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants