Skip to content

deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory#187

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/production-dependencies-b6004030d8
Open

deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory#187
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/production-dependencies-b6004030d8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps the production-dependencies group with 1 update in the / directory: ghastoolkit.

Updates ghastoolkit from 0.18.2 to 0.18.3

Release notes

Sourced from ghastoolkit's releases.

0.18.3

What's Changed

Full Changelog: GeekMasher/ghastoolkit@0.18.2...0.18.3

Commits
  • 3d1c38d Merge pull request #362 from GeekMasher/v0_18_3
  • 09fbab6 feat(version): v0.18.3
  • 1b95fda Merge pull request #360 from GeekMasher/dependabot/uv/uv-8177a8837a
  • 901fd8e Merge pull request #361 from GeekMasher/dependabot/github_actions/production-...
  • ffcf3e2 build(deps): bump astral-sh/setup-uv
  • ba2e6fe build(deps): bump urllib3 in the uv group across 1 directory
  • 3125357 Merge pull request #359 from GeekMasher/dependabot/github_actions/production-...
  • 98d22da build(deps): bump astral-sh/setup-uv
  • eab36c0 Merge pull request #358 from GeekMasher/dependabot/github_actions/production-...
  • 0b9e46e build(deps): bump the production-dependencies group across 1 directory with 2...
  • See full diff in compare view

@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 11, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 11, 2026 01:36
@dependabot dependabot Bot requested review from adrienpessu and felickz May 11, 2026 01:36
github-license-compliance[bot]
github-license-compliance Bot found potential problems May 11, 2026
View reviewed changes
Comment thread Pipfile.lock
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

Pipfile.lock

PackageVersionLicenseIssue Type
ghastoolkit0.18.3NullUnknown License
idna3.14NullUnknown License
requests2.34.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/certifi 2026.4.22 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 5Found 1/2 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 88 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/ghastoolkit 0.18.3 UnknownUnknown
pip/idna 3.14 UnknownUnknown
pip/requests 2.34.0 UnknownUnknown

Scanned Files

  • Pipfile.lock

@dependabot
deps: bump ghastoolkit
e5e216a 
Bumps the production-dependencies group with 1 update in the / directory: [ghastoolkit](https://github.com/GeekMasher/ghastoolkit).


Updates `ghastoolkit` from 0.18.2 to 0.18.3
- [Release notes](https://github.com/GeekMasher/ghastoolkit/releases)
- [Commits](GeekMasher/ghastoolkit@0.18.2...0.18.3)

---
updated-dependencies:
- dependency-name: ghastoolkit
  dependency-version: 0.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory May 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/main/production-dependencies-b6004030d8 branch from 33e7671 to e5e216a Compare May 11, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felickz felickz Awaiting requested review from felickz felickz is a code owner automatically assigned from advanced-security/oss-maintainers

@adrienpessu adrienpessu Awaiting requested review from adrienpessu adrienpessu is a code owner automatically assigned from advanced-security/oss-maintainers

1 more reviewer

@github-license-compliance github-license-compliance[bot] github-license-compliance[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants