Bump pygithub from 1.58.2 to 2.6.1

[dependabot]

Bumps pygithub from 1.58.2 to 2.6.1.

Release notes

Sourced from pygithub's releases.

v2.6.1

Bug Fixes

• Fix broken pickle support for Auth classes by @​EnricoMi in PyGithub/PyGithub#3211
• Remove schema from Deployment, remove message attribute by @​EnricoMi in PyGithub/PyGithub#3223
• Fix incorrect deprecated import by @​EnricoMi in PyGithub/PyGithub#3225
• Add CodeSecurityConfigRepository returned by get_repos_for_code_security_config by @​EnricoMi in PyGithub/PyGithub#3219
• Make GitTag.verification return GitCommitVerification by @​EnricoMi in PyGithub/PyGithub#3226

Maintenance

• Mention removal of AppAuth.private_key in changelog by @​EnricoMi in PyGithub/PyGithub#3212

Full Changelog: PyGithub/PyGithub@v2.6.0...v2.6.1

v2.6.0

Breaking Changes

• Rework Views and Clones by @​EnricoMi in PyGithub/PyGithub#3168: View and clones traffic information returned by Repository.get_views_traffic and Repository.get_clones_traffic now return proper PyGithub objects, instead of a dict, with all information that used to be provided by the dict:

Code like

repo.get_views_traffic().["views"].timestamp
repo.get_clones_traffic().["clones"].timestamp

should be replaced with

repo.get_views_traffic().views.timestamp
repo.get_clones_traffic().clones.timestamp

• Fix typos by @​kianmeng in PyGithub/PyGithub#3086: Property OrganizationCustomProperty.respository_id renamed to OrganizationCustomProperty.repository_id.

New Features

• Add capability for global laziness by @​EnricoMi in PyGithub/PyGithub#2746
• Add Support for GitHub Copilot Seat Management in Organizations by @​pashafateev in PyGithub/PyGithub#3082
• Get branches where commit is head by @​EnricoMi in PyGithub/PyGithub#3083
• Support downloading a Release Asset by @​neel-m in PyGithub/PyGithub#3060
• Add Repository.merge_upstream method by @​Felixoid in PyGithub/PyGithub#3175
• Support updating pull request draft status by @​didot in PyGithub/PyGithub#3104
• Add transfer ownership method to Repository by @​tanannie22 in PyGithub/PyGithub#3091
• Add enable and disable a Workflow by @​nickrmcclorey in PyGithub/PyGithub#3088
• Add support for managing Code Security Configrations by @​billnapier in PyGithub/PyGithub#3095
• Allow for private_key / sign function in AppAuth by @​EnricoMi in PyGithub/PyGithub#3065

Improvements

• Update RateLimit object with all the new categories GitHub added. by @​billnapier in PyGithub/PyGithub#3096

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.6.1 (February 21, 2025)

Bug Fixes ^^^^^^^^^

• Fix broken pickle support for Auth classes ([#3211](https://github.com/pygithub/pygithub/issues/3211) <https://github.com/PyGithub/PyGithub/pull/3211>) (f975552a <https://github.com/PyGithub/PyGithub/commit/f975552a>)
• Remove schema from Deployment, remove message attribute ([#3223](https://github.com/pygithub/pygithub/issues/3223) <https://github.com/PyGithub/PyGithub/pull/3223>) (d12e7d4c <https://github.com/PyGithub/PyGithub/commit/d12e7d4c>)
• Fix incorrect deprecated import ([#3225](https://github.com/pygithub/pygithub/issues/3225) <https://github.com/PyGithub/PyGithub/pull/3225>) (93297440 <https://github.com/PyGithub/PyGithub/commit/93297440>)
• Add CodeSecurityConfigRepository returned by get_repos_for_code_security_config ([#3219](https://github.com/pygithub/pygithub/issues/3219) <https://github.com/PyGithub/PyGithub/pull/3219>) (f997a2f6 <https://github.com/PyGithub/PyGithub/commit/f997a2f6>)
• Make GitTag.verification return GitCommitVerification ([#3226](https://github.com/pygithub/pygithub/issues/3226) <https://github.com/PyGithub/PyGithub/pull/3226>) (048a1a38 <https://github.com/PyGithub/PyGithub/commit/048a1a38>)

Maintenance ^^^^^^^^^^^

• Mention removal of AppAuth.private_key in changelog ([#3212](https://github.com/pygithub/pygithub/issues/3212) <https://github.com/PyGithub/PyGithub/pull/3212>) (f5dc1c76 <https://github.com/PyGithub/PyGithub/commit/f5dc1c76>)

Version 2.6.0 (February 15, 2025)

Breaking Changes ^^^^^^^^^^^^^^^^

• Rework Views and Clones ([#3168](https://github.com/pygithub/pygithub/issues/3168) <https://github.com/PyGithub/PyGithub/pull/3168>) (f7d52249 <https://github.com/PyGithub/PyGithub/commit/f7d52249>):

  View and clones traffic information returned by Repository.get_views_traffic and Repository.get_clones_traffic now return proper PyGithub objects, instead of a dict, with all information that used to be provided by the dict:

Code like

.. code-block:: python

repo.get_views_traffic().["views"].timestamp repo.get_clones_traffic().["clones"].timestamp

should be replaced with

.. code-block:: python

repo.get_views_traffic().views.timestamp repo.get_clones_traffic().clones.timestamp

• Add GitCommitVerification class ([#3028](https://github.com/pygithub/pygithub/issues/3028) <https://github.com/PyGithub/PyGithub/pull/3028>) (822e6d71 <https://github.com/PyGithub/PyGithub/commit/822e6d71>):

  Changes the return value of GitTag.verification and GitCommit.verification from dict to GitCommitVerification.

  Code like

  .. code-block:: python

  tag.verification["reason"] commit.verification["reason"]

... (truncated)

Commits

• da30d6e Releasing v2.6.1 (#3230)
• f997a2f Add CodeSecurityConfigRepository returned by `get_repos_for_code_security_c...
• 048a1a3 Make GitTag.verification return GitCommitVerification (#3226)
• 9329744 Fix incorrect deprecated import (#3225)
• d12e7d4 Remove schema from Deployment, remove message attribute (#3223)
• f975552 Fix broken pickle support for Auth classes (#3211)
• f5dc1c7 Mention removal of AppAuth.private_key in changelog (#3212)
• e3e07d7 Fix PyPi upload (#3200)
• 620c839 Fix PyPi upload (#3199)
• bf98e17 Release 2.6.0 (#3198)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

DryRun Security Summary

PyGithub library was upgraded from version 1.58.2 to 2.6.1 in requirements.txt, with potential security improvements and a recommendation for thorough testing and compatibility review.

Expand for full summary

1. Updated PyGithub library from version 1.58.2 to 2.6.1 in requirements.txt, potentially including security improvements and vulnerability remediations.

Security Findings:

• Potential security improvements in the library version upgrade
• Recommended to review PyGithub changelog for security-related fixes
• Need for thorough testing to ensure compatibility and prevent unexpected behavior

View PR in the DryRun Dashboard.

[mtesauro]

Breaking changes in this one - see #9948 (review)

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[kiblik]

@dependabot rebase

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[dryrunsecurity]

No security concerns detected in this pull request.

---

All finding details can be found in the DryRun Security Dashboard.

[kiblik]

JFYI: I requested rebase because:

• django-polymorphic 4.x was finally released Support for Django 4.x jazzband/django-polymorphic#598 (comment)
• so dependabot/renovate will offer the newer version soon -> Bump django-polymorphic from 3.1.0 to 4.1.0 #12488
• as soon as it is upgraded, pygithub will be the last blocker for the upgrade to Python 3.12. See
  • Bump pygithub from 1.58.2 to 2.3.0 #9948
  • feat(docker): Use Python 3.12 in docker images #10473

[valentijnscholten]

@dependabot rebase

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[valentijnscholten]

@dependabot rebase

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[dryrunsecurity]

No security concerns detected in this pull request.

---

All finding details can be found in the DryRun Security Dashboard.

[valentijnscholten]

Ideally we don't leave this open for too long as it blocks python upgrades (and maybe in the future other upgrades such as Django which will be EOL at some point). The fix is almost trivial so I quickly added it.

[mtesauro]

Ideally we don't leave this open for too long as it blocks python upgrades (and maybe in the future other upgrades such as Django which will be EOL at some point). The fix is almost trivial so I quickly added it.

@valentijnscholten It would appear that we've moved past the blockers in #9948 in this PR, correct? I'm not sure what kind of test coverage we have for pygithub so wanted to double-check before I re-review this one.

[valentijnscholten]

Yeah this PR solves the last "blocker". IIRC @Maffooch had an instance he could do a quick test with to see if the GitHub auth is still working.

[mtesauro]

@valentijnscholten Cool. I'll wait till I hear from him or he approves this meaning his test worked as expected. 👍

[Maffooch]

Finally got a moment to circle back to this one. Thanks for the reminders folks 😄