Bump pygithub from 1.58.2 to 2.3.0

[dependabot]

Bumps pygithub from 1.58.2 to 2.3.0.

Release notes

Sourced from pygithub's releases.

v2.3.0

New features

• Support oauth for enterprise @​EnricoMi (#2780)
• Support creation of Dependabot Organization and Repository Secrets @​thomascrowley (#2874)

Improvements

• Create release with optional name and message when generate_release_notes is true @​heitorpolidoro (#2868)
• Add missing attributes to WorkflowJob @​xvega (#2921)
• Add created and check_suite_id filter for Repository Workflow runs @​treee111 (#2891)
• Assert requester argument type in Auth @​EnricoMi (#2912)

Bug Fixes

• Revert having allowed values for add_to_collaborators @​jodelasur (#2905)

Maintenance

• Fix imports in authentication docs @​wurstbrot (#2923)
• CI: add docformatter to precommit @​Borda (#2614)
• Add .swp fils to .gitignore @​boomanaiden154 (#2903)
• Fix instructions building docs in CONTRIBUTING.md @​wakamex (#2900)
• Explicitly name the modules built in pyproject.toml @​treee111 (#2894)

v2.2.0

Breaking Changes

The github.Comparison.Comparison instance returned by Repository.compare provides a commits property that used to return a list[github.Commit.Commit], which has now been changed to PaginatedList[github.Commit.Commit]. This breaks user code that assumes a list:

commits = repo.compare("v0.6", "v0.7").commits
no_of_commits = len(commits)  # will raise a TypeError

This will raise a TypeError: object of type 'PaginatedList' has no len(), as the returned PaginatedList does not support the len() method. Use the totalCount property instead:

commits = repo.compare("v0.6", "v0.7").commits
no_of_commits = commits.totalCount

New features

• Add support to call GraphQL API

Improvements

• Add parent_team_id, maintainers and notification_setting for creating and updating teams. by @​Cheshirez in PyGithub/PyGithub#2863
• Add support for issue reactions summary by @​smuzaffar in PyGithub/PyGithub#2866
• Support for DependabotAlert APIs by @​coopernetes in PyGithub/PyGithub#2879
• Derive GraphQL URL from base_url by @​EnricoMi in PyGithub/PyGithub#2880
• Make Repository.compare().commits return paginated list by @​EnricoMi in PyGithub/PyGithub#2882

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.3.0 (March 21, 2024)

New features ^^^^^^^^^^^^

• Support OAuth for enterprise (#2780) (e4106e00)
• Support creation of Dependabot Organization and Repository Secrets (#2874) (0784f835)

Improvements ^^^^^^^^^^^^

• Create release with optional name and message when generate_release_notes is true (#2868) (d65fc30d)
• Add missing attributes to WorkflowJob (#2921) (9e092458)
• Add created and check_suite_id filter for Repository WorkflowRuns (#2891) (c788985c)
• Assert requester argument type in Auth (#2912) (0b8435fc)

Bug Fixes ^^^^^^^^^

• Revert having allowed values for add_to_collaborators (#2905) (b542438e)

Maintenance ^^^^^^^^^^^

• Fix imports in authentication docs (#2923) (e3d36535)
• CI: add docformatter to precommit (#2614) (96ad19ae)
• Add .swp files to gitignore (#2903) (af529abe)
• Fix instructions building docs in CONTRIBUTING.md (#2900) (cd8e528d)
• Explicitly name the modules built in pyproject.toml (#2894) (4d461734)

Version 2.2.0 (January 28, 2024)

Breaking Changes ^^^^^^^^^^^^^^^^

• The github.Comparison.Comparison instance returned by Repository.compare provides a commits property that used to return a list[github.Commit.Commit], which has now been changed to PaginatedList[github.Commit.Commit]. This breaks user code that assumes a list:

.. code-block:: python

commits = repo.compare("v0.6", "v0.7").commits
no_of_commits = len(commits)

This will raise a TypeError: object of type 'PaginatedList' has no len(), as the returned PaginatedList does not support the len() method. Use the totalCount property instead:

.. code-block:: python

... (truncated)

Commits

• 7266e81 Release v2.3.0 (#2926)
• e4106e0 Support oauth for enterprise (#2780)
• d65fc30 Create release with optional name and message when generate_release_notes is ...
• 0784f83 Support creation of Dependabot Organization and Repository Secrets (#2874)
• 9e09245 Add missing attributes to WorkflowJob (#2921)
• e3d3653 Fix imports in authentication docs (#2923)
• c788985 Add created and check_suite_id filter for Repository WorkflowRuns (#2891)
• 0b8435f Assert requester argument type in Auth (#2912)
• 96ad19a CI: add docformatter to precommit (#2614)
• b542438 Revert having allowed values for add_to_collaborators (#2905)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 finding
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Powered by DryRun Security

[mtesauro]

breaking changes. See comment from #8296 & #8771

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[mtesauro]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[mtesauro]

@dependabot recreate

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[cneill]

I'm surprised this one is passing tests... PyGithub deprecated the positional argument we use to instantiate the Github class back in 1.59.0 (you can see it marked deprecated in their docs for the class here)

Here are examples of us using that positional argument:

• https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/github.py#L35
• https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/github_issue_link/views.py#L35
• https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/product/views.py#L769

[kiblik]

May I ask what is status of this PR? It is one of the blockers for #10473.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[mtesauro]

@kiblik See cneill's comments at #9948 (review)

The short answer is that changes are needed to update this Python module and there's not a PR for that or tests for Github integration. Since this GHA were green and this definitely had breaking changes, we obviously don't have good test coverage for the Github integration as well.

[dependabot]

Superseded by #10808.