Skip to content

build(deps): Bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory#83

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-b6004030d8
Open

build(deps): Bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory#83
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-dependencies-b6004030d8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 1 update in the / directory: ghastoolkit.

Updates ghastoolkit from 0.18.2 to 0.18.3

Release notes

Sourced from ghastoolkit's releases.

0.18.3

What's Changed

Full Changelog: GeekMasher/ghastoolkit@0.18.2...0.18.3

Commits
  • 3d1c38d Merge pull request #362 from GeekMasher/v0_18_3
  • 09fbab6 feat(version): v0.18.3
  • 1b95fda Merge pull request #360 from GeekMasher/dependabot/uv/uv-8177a8837a
  • 901fd8e Merge pull request #361 from GeekMasher/dependabot/github_actions/production-...
  • ffcf3e2 build(deps): bump astral-sh/setup-uv
  • ba2e6fe build(deps): bump urllib3 in the uv group across 1 directory
  • 3125357 Merge pull request #359 from GeekMasher/dependabot/github_actions/production-...
  • 98d22da build(deps): bump astral-sh/setup-uv
  • eab36c0 Merge pull request #358 from GeekMasher/dependabot/github_actions/production-...
  • 0b9e46e build(deps): bump the production-dependencies group across 1 directory with 2...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 2, 2026
@github-actions

github-actions Bot commented Feb 2, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA d9158e3.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

Pipfile.lock

PackageVersionLicenseIssue Type
ghastoolkit0.18.3NullUnknown License
idna3.18NullUnknown License
certifi2026.6.17NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/certifi 2026.6.17 🟢 6
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 911 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/ghastoolkit 0.18.3 UnknownUnknown
pip/idna 3.18 UnknownUnknown
pip/requests 2.34.2 UnknownUnknown

Scanned Files

  • Pipfile.lock

@dependabot dependabot Bot changed the title build(deps): Bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group build(deps): Bump ghastoolkit from 0.18.2 to 0.18.3 in the production-dependencies group across 1 directory Jun 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/production-dependencies-b6004030d8 branch from a20b2be to e3eea44 Compare June 1, 2026 16:17
Bumps the production-dependencies group with 1 update in the / directory: [ghastoolkit](https://github.com/GeekMasher/ghastoolkit).


Updates `ghastoolkit` from 0.18.2 to 0.18.3
- [Release notes](https://github.com/GeekMasher/ghastoolkit/releases)
- [Commits](GeekMasher/ghastoolkit@0.18.2...0.18.3)

---
updated-dependencies:
- dependency-name: ghastoolkit
  dependency-version: 0.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/production-dependencies-b6004030d8 branch from e3eea44 to d9158e3 Compare July 2, 2026 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants