Bump coverage from 7.8.2 to 7.9.0 by dependabot[bot] · Pull Request #191 · senzing-garage/sz-python-tools

dependabot · 2025-06-12T22:12:04Z

Bumps coverage from 7.8.2 to 7.9.0.

Changelog

Version 7.9.0 — 2025-06-11

Added a [run] core configuration setting to specify the measurement core, which was previously only available through the COVERAGE_CORE environment variable. Finishes issue 1746_.

Fixed incorrect rendering of f-strings with doubled braces, closing issue 1980_.

If the C tracer core can't be imported, a warning ("no-ctracer") is issued with the reason.

The C tracer core extension module now conforms to PEP 489, closing issue 1977. Thanks, Adam Turner <pull 1978_>_.

Fixed a "ValueError: min() arg is an empty sequence" error caused by strange empty modules, found by oss-fuzz_.

.. _issue 1746: nedbat/coveragepy#1746 .. _issue 1977: nedbat/coveragepy#1977 .. _pull 1978: nedbat/coveragepy#1978 .. _issue 1980: nedbat/coveragepy#1980 .. _PEP 489: https://peps.python.org/pep-0489 .. _oss-fuzz: https://google.github.io/oss-fuzz/

.. _changes_7-8-2:

Commits

452d86f docs: sample HTML for 7.9.0
a670927 docs: prep for 7.9.0
3b0cb87 build: windows 3.14 is fixed
bc8602d fix: issue a warning if the C tracer can't be imported
d81a5f8 fix: prevent ValueError for bizarre empty modules
9f94c87 fix: properly render double braces in f-strings. #1980
1958c3f refactor: no need for a version check since we run mypy on late python now
8891312 docs: updated cog checksums
3ae5add chore: make upgrade (cog 3.5.0)
52407da refactor: mypy==1.16.0 had some complaints
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.8.2 to 7.9.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.8.2...7.9.0) --- updated-dependencies: - dependency-name: coverage dependency-version: 7.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-06-12T22:13:29Z

🛡️ Bandit Scan Results Summary

We found 2 High, 2 Medium, and 1 Low severity issues.

Detailed Findings

Severity	Issue	File	Line	Confidence	More Info	Test ID
🟡 LOW	Consider possible security implications associated with the subprocess module.	sz_tools/_tool_helpers.py	14	HIGH	More Info	B404
⚪ MEDIUM	Possible SQL injection vector through string-based query construction.	sz_tools/_sz_database.py	354	LOW	More Info	B608
⚪ MEDIUM	Probable insecure usage of temp file/directory.	sz_tools/_tool_helpers.py	764	MEDIUM	More Info	B108
🔴 HIGH	Starting a process with a shell, possible injection detected, security issue.	sz_tools/_tool_helpers.py	688	HIGH	More Info	B605
🔴 HIGH	subprocess call with shell=True identified, security issue.	sz_tools/_tool_helpers.py	671	HIGH	More Info	B602

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

Join our community on the Discord server.
Share tips, get advice, and collaborate on security best practices.

dependabot Bot added dependencies Pull requests that update a dependency file python python programming languagae labels Jun 12, 2025

dependabot Bot requested a review from a team as a code owner June 12, 2025 22:12

dependabot Bot added python python programming languagae dependencies Pull requests that update a dependency file labels Jun 12, 2025

docktermj merged commit e5bcfd5 into main Jun 12, 2025
22 of 78 checks passed

docktermj deleted the dependabot/pip/coverage-7.9.0 branch June 12, 2025 22:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump coverage from 7.8.2 to 7.9.0#191

Bump coverage from 7.8.2 to 7.9.0#191
docktermj merged 1 commit into
mainfrom
dependabot/pip/coverage-7.9.0

dependabot Bot commented on behalf of github Jun 12, 2025

Uh oh!

github-actions Bot commented Jun 12, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Jun 12, 2025

Version 7.9.0 — 2025-06-11

Uh oh!

github-actions Bot commented Jun 12, 2025

🛡️ Bandit Scan Results Summary

Detailed Findings

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants