Skip to content

deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory#187

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/production-dependencies-b6004030d8
Closed

deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory#187
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/production-dependencies-b6004030d8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps the production-dependencies group with 1 update in the / directory: ghastoolkit.

Updates ghastoolkit from 0.18.2 to 0.18.3

Release notes

Sourced from ghastoolkit's releases.

0.18.3

What's Changed

Full Changelog: GeekMasher/ghastoolkit@0.18.2...0.18.3

Commits
  • 3d1c38d Merge pull request #362 from GeekMasher/v0_18_3
  • 09fbab6 feat(version): v0.18.3
  • 1b95fda Merge pull request #360 from GeekMasher/dependabot/uv/uv-8177a8837a
  • 901fd8e Merge pull request #361 from GeekMasher/dependabot/github_actions/production-...
  • ffcf3e2 build(deps): bump astral-sh/setup-uv
  • ba2e6fe build(deps): bump urllib3 in the uv group across 1 directory
  • 3125357 Merge pull request #359 from GeekMasher/dependabot/github_actions/production-...
  • 98d22da build(deps): bump astral-sh/setup-uv
  • eab36c0 Merge pull request #358 from GeekMasher/dependabot/github_actions/production-...
  • 0b9e46e build(deps): bump the production-dependencies group across 1 directory with 2...
  • See full diff in compare view

@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 11, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 11, 2026 01:36
@dependabot dependabot Bot requested review from adrienpessu and felickz May 11, 2026 01:36
github-license-compliance[bot]
github-license-compliance Bot found potential problems May 11, 2026
View reviewed changes
Comment thread Pipfile.lock
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

Pipfile.lock

PackageVersionLicenseIssue Type
ghastoolkit0.18.3NullUnknown License
idna3.14NullUnknown License
requests2.34.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/certifi 2026.4.22 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 5Found 1/2 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 88 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/ghastoolkit 0.18.3 UnknownUnknown
pip/idna 3.14 UnknownUnknown
pip/requests 2.34.0 UnknownUnknown

Scanned Files

  • Pipfile.lock

@dependabot
deps: bump ghastoolkit
e5e216a 
Bumps the production-dependencies group with 1 update in the / directory: [ghastoolkit](https://github.com/GeekMasher/ghastoolkit).


Updates `ghastoolkit` from 0.18.2 to 0.18.3
- [Release notes](https://github.com/GeekMasher/ghastoolkit/releases)
- [Commits](GeekMasher/ghastoolkit@0.18.2...0.18.3)

---
updated-dependencies:
- dependency-name: ghastoolkit
  dependency-version: 0.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group deps: bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory May 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/main/production-dependencies-b6004030d8 branch from 33e7671 to e5e216a Compare May 11, 2026 19:43
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 26, 2026

Looks like ghastoolkit is updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 26, 2026
@dependabot dependabot Bot deleted the dependabot/pip/main/production-dependencies-b6004030d8 branch May 26, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felickz felickz Awaiting requested review from felickz felickz is a code owner automatically assigned from advanced-security/oss-maintainers

@adrienpessu adrienpessu Awaiting requested review from adrienpessu adrienpessu is a code owner automatically assigned from advanced-security/oss-maintainers

1 more reviewer

@github-license-compliance github-license-compliance[bot] github-license-compliance[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants