Skip to content

Update pre-commit repos #132792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 22, 2025
Merged

Update pre-commit repos #132792

merged 3 commits into from
Apr 22, 2025
+14 −8

Conversation

sobolevn
Copy link
Member

I've updated this in many projects today. Now in CPython as well.

Docs: https://woodruffw.github.io/zizmor/audits/#unpinned-uses-configuration

@hugovk
Copy link
Member

hugovk commented Apr 22, 2025
edited
Loading

Are there any other hooks we can also update at the same time?

@StanFromIreland
Copy link
Contributor

StanFromIreland commented Apr 22, 2025
edited
Loading

@hugovk

@AlexWaygood
Copy link
Member

We should consider pinning all our actions to specific hashes for CPython IMO. We've done this for our flagship repos at Astral following https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066 -- the attack there edited existing tags so that they pointed to different commits, meaning that pinning an action to a tag was not sufficient to defend against the attack.

I'm okay with changing the configured zizmor policy for now, though; we can consider pinning to specific hashes as a followup!

@sobolevn
Copy link
Member Author

I'm okay with changing the configured zizmor policy for now, though; we can consider pinning to specific hashes as a followup!

Agreed! 👍

@sobolevn sobolevn changed the title Update zizmor to v1.6.0 Update pre-commit repos Apr 22, 2025
AA-Turner
AA-Turner approved these changes Apr 22, 2025
View reviewed changes
Tools/jit/_stencils.py
Comment on lines +249 to +251
) as hole if (
_signed(addend) == -4
):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Intentional change?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It fails with the updated lint: https://github.com/python/cpython/actions/runs/14595721490/job/40941024229

@sobolevn sobolevn added the needs backport to 3.13 bugs and security fixes label Apr 22, 2025
@sobolevn sobolevn merged commit 87b1ea0 into python:main Apr 22, 2025
68 checks passed
@miss-islington-app
Copy link

Thanks @sobolevn for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

@miss-islington-app
Copy link

Sorry, @sobolevn, I could not cleanly backport this to 3.13 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 87b1ea016b1454b1e83b9113fa9435849b7743aa 3.13

sobolevn added a commit to sobolevn/cpython that referenced this pull request Apr 22, 2025
@sobolevn
[3.13] Update pre-commit repos (pythonGH-132792)
af4f372 
(cherry picked from commit 87b1ea0)

Co-authored-by: sobolevn <mail@sobolevn.me>
@bedevere-app
Copy link

bedevere-app bot commented Apr 22, 2025

GH-132804 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Apr 22, 2025
sobolevn added a commit that referenced this pull request Apr 22, 2025
@sobolevn
[3.13] Update pre-commit repos (GH-132792) (#132804)
3a130c1 
(cherry picked from commit 87b1ea0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StanFromIreland StanFromIreland StanFromIreland left review comments

@hugovk hugovk hugovk approved these changes

@AA-Turner AA-Turner AA-Turner approved these changes

@AlexWaygood AlexWaygood AlexWaygood approved these changes

@ezio-melotti ezio-melotti Awaiting requested review from ezio-melotti ezio-melotti is a code owner

@brandtbucher brandtbucher Awaiting requested review from brandtbucher brandtbucher is a code owner

@savannahostrowski savannahostrowski Awaiting requested review from savannahostrowski savannahostrowski is a code owner

Assignees

@sobolevn sobolevn

Labels
skip issue skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sobolevn @hugovk @StanFromIreland @AlexWaygood @AA-Turner