chore(deps-dev): bump frequenz-repo-config from 0.14.0 to 0.17.0 in the repo-config group by dependabot[bot] · Pull Request #269 · frequenz-floss/frequenz-client-electricity-trading-python

dependabot · 2026-05-01T22:37:07Z

Bumps the repo-config group with 1 update: frequenz-repo-config.

Updates frequenz-repo-config from 0.14.0 to 0.17.0

Release notes

Sourced from frequenz-repo-config's releases.

v0.17.0

Frequenz Repository Configuration Release Notes

Summary

This release improves workflows security, adds a black migration workflow, and fixes failed migrations from version v0.16.0.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.
curl -sSLf https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/<tag>/cookiecutter/migrate.py | python3 -I
But you might still need to adapt your code:

New Features

Cookiecutter template

Add a black-migration.yaml workflow that automatically reformats code when Dependabot upgrades black.

Bug Fixes

Cookiecutter template

Fix migration of CI workflow matrices that used arch/os dimensions with values different from the default template. The v0.16.0 migration relied on exact string matching, so projects with customized matrix items (for example arch: [amd64], os: [ubuntu-24.04]) could be left only partially migrated. The new migration step rebuilds the platform entries from the existing arch/os values and only rewrites runs-on when it still points to the old matrix keys.

Improve workflows security: tighten permissions, avoid potential shell injection, run Python in isolated mode, pin all dependencies using the SHA hash.

What's Changed

Fix the cookiecutter migration script template by @llucax in frequenz-floss/frequenz-repo-config-python#540

build(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @dependabot[bot] in frequenz-floss/frequenz-repo-config-python#542

build(deps): bump the patch group with 5 updates by @dependabot[bot] in frequenz-floss/frequenz-repo-config-python#543

build(deps-dev): bump the minor group with 2 updates by @dependabot[bot] in frequenz-floss/frequenz-repo-config-python#544

Reset release notes and migration script by @llucax in frequenz-floss/frequenz-repo-config-python#539

Improve workflows security by @llucax in frequenz-floss/frequenz-repo-config-python#546

build(deps-dev): bump mkdocs-material from 9.7.5 to 9.7.6 in the patch group by @dependabot[bot] in frequenz-floss/frequenz-repo-config-python#550

build(deps-dev): bump setuptools-scm from 9.2.2 to 10.0.3 by @dependabot[bot] in frequenz-floss/frequenz-repo-config-python#552

build(deps-dev): update sybil requirement from <10,>=6.1.1 to >=6.1.1,<11 by @dependabot[bot] in frequenz-floss/frequenz-repo-config-python#553

Add black auto-migration workflow by @llucax in frequenz-floss/frequenz-repo-config-python#556

Handle private repos in workflow migration by @llucax in frequenz-floss/frequenz-repo-config-python#548

migrate: Fix missed CI platform matrix migrations by @llucax in frequenz-floss/frequenz-repo-config-python#549

Remove chardet pinning by @llucax in frequenz-floss/frequenz-repo-config-python#554

Prepare for v0.17.0 release by @llucax in frequenz-floss/frequenz-repo-config-python#557

... (truncated)

Commits

5814b77 Prepare for v0.17.0 release (#557)
3d3a0de template: Bump version to the upcoming v0.17.0
b8165c5 Prepare release notes for the v0.17.0 release
9bc1d61 Fix wrong trailing quote in migration script
f125700 Normalize tag comment
488c80c Remove chardet pinning (#554)
2ad88e7 migrate: Fix missed CI platform matrix migrations (#549)
eec17e3 Handle private repos in workflow migration (#548)
ce994a3 Add black auto-migration workflow (#556)
5800adf Add release notes
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the repo-config group with 1 update: [frequenz-repo-config](https://github.com/frequenz-floss/frequenz-repo-config-python). Updates `frequenz-repo-config` from 0.14.0 to 0.17.0 - [Release notes](https://github.com/frequenz-floss/frequenz-repo-config-python/releases) - [Changelog](https://github.com/frequenz-floss/frequenz-repo-config-python/blob/v0.x.x/RELEASE_NOTES.md) - [Commits](frequenz-floss/frequenz-repo-config-python@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: frequenz-repo-config dependency-version: 0.17.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: repo-config ... Signed-off-by: dependabot[bot] <support@github.com>

=== v0.15.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.15.0/cookiecutter/migrate.py ======================================================================== Migrating workflows to use ubuntu-slim runner for lightweight jobs... Updated .github/workflows/ci.yaml: migrated job nox-all to ubuntu-slim Updated .github/workflows/ci.yaml: migrated job test-installation-all to ubuntu-slim Updated .github/workflows/ci.yaml: migrated job create-github-release to ubuntu-slim Updated .github/workflows/ci.yaml: migrated job publish-to-pypi to ubuntu-slim Updated .github/workflows/release-notes-check.yml: migrated job check-release-notes to ubuntu-slim Updated .github/workflows/dco-merge-queue.yml: migrated job DCO to ubuntu-slim Updated .github/workflows/labeler.yml: migrated job Label to ubuntu-slim ======================================================================== Migrating pyproject license metadata to SPDX format... Updated pyproject.toml: migrated license metadata ======================================================================== Adding flake8-datetimez plugin to dev-flake8 dependencies... Updated pyproject.toml: added flake8-datetimez plugin ======================================================================== Fixing dependabot repo-config and mkdocstrings patterns... Skipped .github/dependabot.yml: repo-config patterns already updated Skipped .github/dependabot.yml: mkdocstrings patterns already updated Skipped .github/dependabot.yml (already up to date) ======================================================================== Migrating auto-dependabot workflow to use GitHub App token... Replacing .github/workflows/auto-dependabot.yaml with updated workflow (overwriting any local changes) ======================================================================== Migrating the CI workflows to use a platform matrix... - .github/workflows/ci.yaml Migrated arch+os matrix to platform ======================================================================== Installing repo-config migration workflow... Replacing .github/workflows/repo-config-migration.yaml with updated workflow (overwriting any local changes) Updated .github/workflows/auto-dependabot.yaml: added repo-config group exclusion ======================================================================== Updating 'Protect version branches' GitHub ruleset... Ruleset 'Protect version branches' is already up to date ======================================================================== ✅ Migration script finished successfully ✅ === v0.16.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py ======================================================================== Fixing repo-config migration merge queue trigger... Updated .github/workflows/repo-config-migration.yaml: added merge_group trigger ======================================================================== Fixing mkdocstrings-python v2 paths for api repos... Skipping mkdocs.yml (not an api project) ======================================================================== Migrating protolint and publish-to-pypi runners to ubuntu-24.04... Skipping protolint runner migration (not an api project) Updated .github/workflows/ci.yaml: migrated runner for job publish-to-pypi ======================================================================== Updating 'Protect version branches' GitHub ruleset... Ruleset 'Protect version branches' is already up to date ======================================================================== ✅ Migration script finished successfully ✅ === v0.17.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.17.0/cookiecutter/migrate.py ======================================================================== Updating generated CI workflows... Updated .github/workflows/ci-pr.yaml: updated CI pull-request workflow Updated .github/workflows/ci.yaml: updated main CI workflow ======================================================================== Fixing missed CI platform matrix migrations... Skipped .github/workflows/ci.yaml: platform matrix migration already fixed ======================================================================== Updating generated Dependabot workflows... Updated .github/workflows/auto-dependabot.yaml: updated Dependabot auto-merge workflow Updated .github/workflows/repo-config-migration.yaml: updated repo-config migration workflow ======================================================================== Creating black migration workflow... Created .github/workflows/black-migration.yaml: black formatting migration workflow ======================================================================== Updating auxiliary GitHub workflows... Updated .github/workflows/dco-merge-queue.yml: updated DCO merge queue workflow Updated .github/workflows/labeler.yml: updated labeler workflow Updated .github/workflows/release-notes-check.yml: updated release notes check workflow ======================================================================== ✅ Migration script finished successfully ✅ The migration completed successfully.

github-actions · 2026-05-01T22:37:30Z

Repo Config Migration

Update: 0.14.0 → 0.17.0

✅ Migration completed successfully.

Migration output

=== v0.15.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.15.0/cookiecutter/migrate.py

========================================================================
Migrating workflows to use ubuntu-slim runner for lightweight jobs...
  Updated .github/workflows/ci.yaml: migrated job nox-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job test-installation-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job create-github-release to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job publish-to-pypi to ubuntu-slim
  Updated .github/workflows/release-notes-check.yml: migrated job check-release-notes to ubuntu-slim
  Updated .github/workflows/dco-merge-queue.yml: migrated job DCO to ubuntu-slim
  Updated .github/workflows/labeler.yml: migrated job Label to ubuntu-slim
========================================================================
Migrating pyproject license metadata to SPDX format...
  Updated pyproject.toml: migrated license metadata
========================================================================
Adding flake8-datetimez plugin to dev-flake8 dependencies...
  Updated pyproject.toml: added flake8-datetimez plugin
========================================================================
Fixing dependabot repo-config and mkdocstrings patterns...
  Skipped .github/dependabot.yml: repo-config patterns already updated
  Skipped .github/dependabot.yml: mkdocstrings patterns already updated
  Skipped .github/dependabot.yml (already up to date)
========================================================================
Migrating auto-dependabot workflow to use GitHub App token...
  Replacing .github/workflows/auto-dependabot.yaml with updated workflow (overwriting any local changes)
========================================================================
Migrating the CI workflows to use a platform matrix...
  - .github/workflows/ci.yaml
    Migrated arch+os matrix to platform
========================================================================
Installing repo-config migration workflow...
  Replacing .github/workflows/repo-config-migration.yaml with updated workflow (overwriting any local changes)
  Updated .github/workflows/auto-dependabot.yaml: added repo-config group exclusion
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅

=== v0.16.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py

========================================================================
Fixing repo-config migration merge queue trigger...
  Updated .github/workflows/repo-config-migration.yaml: added merge_group trigger
========================================================================
Fixing mkdocstrings-python v2 paths for api repos...
  Skipping mkdocs.yml (not an api project)
========================================================================
Migrating protolint and publish-to-pypi runners to ubuntu-24.04...
  Skipping protolint runner migration (not an api project)
  Updated .github/workflows/ci.yaml: migrated runner for job publish-to-pypi
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅

=== v0.17.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.17.0/cookiecutter/migrate.py

========================================================================
Updating generated CI workflows...
  Updated .github/workflows/ci-pr.yaml: updated CI pull-request workflow
  Updated .github/workflows/ci.yaml: updated main CI workflow
========================================================================
Fixing missed CI platform matrix migrations...
  Skipped .github/workflows/ci.yaml: platform matrix migration already fixed
========================================================================
Updating generated Dependabot workflows...
  Updated .github/workflows/auto-dependabot.yaml: updated Dependabot auto-merge workflow
  Updated .github/workflows/repo-config-migration.yaml: updated repo-config migration workflow
========================================================================
Creating black migration workflow...
  Created .github/workflows/black-migration.yaml: black formatting migration workflow
========================================================================
Updating auxiliary GitHub workflows...
  Updated .github/workflows/dco-merge-queue.yml: updated DCO merge queue workflow
  Updated .github/workflows/labeler.yml: updated labeler workflow
  Updated .github/workflows/release-notes-check.yml: updated release notes check workflow
========================================================================

       ✅ Migration script finished successfully ✅

Next step

Migration changes were committed and auto-merge-on-changes is disabled. Please review, approve, and merge this PR manually.

📋 Full migration logs

We now require using timezone-aware datetime objects, so we can't use a plain `.now()` which is timezone-naive. Instead we build the object from a ISO string, which is also closer to a real use case, where we receive an external timestamp. Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>

llucax · 2026-05-06T08:44:08Z

Added a commit to fix the flake8 failures because of the new timezone checks. Needs approval from someone else. @frequenz-floss/api-electricity-trading-team

dependabot Bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels May 1, 2026

dependabot Bot requested a review from a team as a code owner May 1, 2026 22:37

github-actions Bot added the tool:auto-merged Auto-approved Dependabot PRs label May 1, 2026

github-actions Bot previously approved these changes May 1, 2026

View reviewed changes

github-actions Bot added the tool:repo-config:migration:executed Migration script has been run label May 1, 2026

dependabot Bot dismissed github-actions[bot]’s stale review via 81940ad May 1, 2026 22:37

github-actions Bot enabled auto-merge May 1, 2026 22:37

github-actions Bot added the part:tests Affects the unit, integration and performance (benchmarks) tests label May 6, 2026

daniel-zullo-frequenz approved these changes May 6, 2026

View reviewed changes

github-actions Bot added this pull request to the merge queue May 6, 2026

github-merge-queue Bot removed this pull request from the merge queue due to no response for status checks May 6, 2026

daniel-zullo-frequenz added this pull request to the merge queue May 6, 2026

github-merge-queue Bot removed this pull request from the merge queue due to a conflict with the base branch May 6, 2026

daniel-zullo-frequenz added this pull request to the merge queue May 6, 2026

Merged via the queue into v0.x.x with commit 32b7a0c May 6, 2026
9 checks passed

daniel-zullo-frequenz deleted the dependabot/pip/repo-config-2fa2ea805a branch May 6, 2026 13:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump frequenz-repo-config from 0.14.0 to 0.17.0 in the repo-config group#269

chore(deps-dev): bump frequenz-repo-config from 0.14.0 to 0.17.0 in the repo-config group#269
daniel-zullo-frequenz merged 3 commits into
v0.x.xfrom
dependabot/pip/repo-config-2fa2ea805a

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

github-actions Bot commented May 1, 2026

Uh oh!

llucax commented May 6, 2026

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026

v0.17.0

Frequenz Repository Configuration Release Notes

Summary

Upgrading

Cookiecutter template

New Features

Cookiecutter template

Bug Fixes

Cookiecutter template

What's Changed

Uh oh!

github-actions Bot commented May 1, 2026

Repo Config Migration

Next step

Uh oh!

llucax commented May 6, 2026

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants