From 70d7ddec4e7ccc551d6796e7a904228428be3e63 Mon Sep 17 00:00:00 2001 From: veit Date: Tue, 2 Jun 2026 11:56:18 +0200 Subject: [PATCH 1/4] :arrow_up: Update GH Actions and pre-commit checks --- .github/workflows/pre-commit.yml | 2 +- .github/workflows/zizmor.yml | 2 +- .pre-commit-config.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c59b286c..9f1ce08e 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -32,7 +32,7 @@ jobs: with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/pre-commit key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 7eaacc55..f393ed9f 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -26,6 +26,6 @@ jobs: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: persona: pedantic diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6df62abd..f50e6fb1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,7 +24,7 @@ repos: - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/tox-dev/pyproject-fmt - rev: a007bb7dd9043d022292401abc3061cb1906b4bc # v2.21.2 + rev: 3a8ef795727fa946dfcb21c5d07b1442c2362c09 # v2.23.0 hooks: - id: pyproject-fmt - repo: https://github.com/abravalheri/validate-pyproject @@ -32,7 +32,7 @@ repos: hooks: - id: validate-pyproject - repo: https://github.com/astral-sh/ruff-pre-commit - rev: 5e2fb545eba1ea9dc051f6f962d52fe8f76a9794 # v0.15.13 + rev: 0671d8ab202c4ac093b78433ae5baf74f3fc7246 # v0.15.15 hooks: - id: ruff-check args: [--fix, --exit-non-zero-on-fix] From de330939fcacc0d46510e14d1858fac7b544ab78 Mon Sep 17 00:00:00 2001 From: veit Date: Tue, 9 Jun 2026 15:36:40 +0200 Subject: [PATCH 2/4] :memo: Switch from uv-secure to uv audit' --- .../productive/git/advanced/hooks/scripts.rst | 3 + docs/productive/security.rst | 73 ++++++++++++++++--- 2 files changed, 64 insertions(+), 12 deletions(-) diff --git a/docs/productive/git/advanced/hooks/scripts.rst b/docs/productive/git/advanced/hooks/scripts.rst index c5b59c33..4e08b204 100644 --- a/docs/productive/git/advanced/hooks/scripts.rst +++ b/docs/productive/git/advanced/hooks/scripts.rst @@ -81,6 +81,9 @@ Linter und Formatierer `prettier `_ stellt `prettier `__ bereit +`ruff-pre-commit `_ + pre-commit-Hook für :doc:`../../../qa/ruff` + `black `_ für die Formatierung von Python-Code diff --git a/docs/productive/security.rst b/docs/productive/security.rst index 6651b590..e340c91b 100644 --- a/docs/productive/security.rst +++ b/docs/productive/security.rst @@ -30,27 +30,76 @@ Sicherheitslücken in seiner eigenen Codebasis oder in seinen Abhängigkeiten aufweist. Eine offene Sicherheitslücke kann leicht ausgenutzt werden und sollte so schnell wie möglich geschlossen werden. -Für eine solche Überprüfung könnt ihr :abbr:`z.B. (zum Beispiel)` `uv-secure -`_ verwenden. Alternativ könnt ihr auch -`osv `_ oder `pip-audit -`_ verwenden, das auf die `Open Source -Vulnerability Database `_ zurückgreift. +Für eine solche Überprüfung könnt ihr :abbr:`z.B. (zum Beispiel)` ``uv audit`` +verwenden. Alternativ könnt ihr auch `osv `_ oder +`pip-audit `_ verwenden. + +``uv audit`` ist ein neuer Befehl von uv≥0.11.19, der die Abhängigkeiten in +eurem Projekt auf bekannte Schwachstellen in der `OSV +`_-Datenbank und „nachteilige“ Projektstatus :abbr:`z. B. (zum +Beispiel)` *deprecated* überprüft: + +.. code-block:: console + + $ uv audit + warning: `uv audit` is experimental and may change without warning. Pass `--preview-features audit-command` to disable this warning. + Resolved 115 packages in 16ms + Found 12 known vulnerabilities and no adverse project statuses in 114 packages + + Vulnerabilities: + + idna 3.12 has 1 known vulnerability: + - GHSA-65pc-fj4g-8rjx: Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix + Fixed in: 3.15 + Advisory information: https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx + … + +``uv add``, ``uv sync`` :abbr:`usw. (und so weiter)` können nun bei jedem +Synchronisierungsvorgang nach zuvor identifizierter Malware suchen. Diese +Funktion ist standardmäßig nicht aktiviert, sie kann jedoch mit +``UV_MALWARE_CHECK=1`` in der Shell einfach ermöglicht werden. + +.. seealso:: + * `uv audit `_ + * `uv audit settings `_ Wenn eine Schwachstelle in einer Abhängigkeit gefunden wird, solltet ihr auf eine nicht-anfällige Version aktualisieren; wenn kein Update verfügbar ist, solltet ihr überlegen, die Abhängigkeit zu entfernen. Wenn ihr glaubt, dass die Sicherheitslücke euer Projekt nicht betrifft, kann für -``osv`` eine :file:`osv-scanner.toml`-Datei erstellt werden, :abbr:`u.a. (unter -anderem)` mit der zu ignorierenden ID und einer Begründung, :abbr:`z.B. (zum -Beispiel)`: +``uv audit`` in der :file:`pyproject.toml`-Datei Ausnahmen definiert werden, +:abbr:`z.B. (zum Beispiel)`: .. code-block:: toml + :caption: pyproject.toml + + [tool.uv.audit] + ignore = ["PYSEC-2022-43017", "GHSA-5239-wwwm-4pmq"] + +oder besser: + +.. code-block:: toml + :caption: pyproject.toml + + [tool.uv.audit] + ignore-until-fixed = ["PYSEC-2022-43017"] + +.. seealso:: + * `ignore `_ + * `ignore-until-fixed + `_ + +Ihr könnt die Schwachstellenanalyse mit ``uv-audit`` auch in eure +:doc:`pre-commit `-Checks übernehmen: + +.. code-block:: yaml - [[IgnoredVulns]] - id = "GO-2022-1059" - # ignoreUntil = 2022-11-09 # Optional exception expiry date - reason = "No external http servers are written in Go lang." + - repo: https://github.com/astral-sh/uv-pre-commit + rev: 73c2d77a42a113aee9e4b748c24937f09557b82d # 0.11.24 + hooks: + - id: uv-audit + files: ^(uv\.lock|pyproject\.toml)$ Wartung ------- From 779bbdaef2ae312ed02f6d171f282e4cfdcd6a37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:26:01 +0000 Subject: [PATCH 3/4] :arrow_up: Bump the github-actions group across 1 directory with 2 updates Bumps the github-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `actions/checkout` from 6.0.2 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `zizmorcore/zizmor-action` from 0.5.6 to 0.5.7 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/5f14fd08f7cf1cb1609c1e344975f152c7ee938d...192e21d79ab29983730a13d1382995c2307fbcaa) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/docs.yml | 2 +- .github/workflows/pre-commit.yml | 2 +- .github/workflows/zizmor.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index d21407d9..003e2735 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: name: Build docs and check links runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: pandoc/actions/setup@86321b6dd4675f5014c611e05088e10d4939e09e # v1.1.1 diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 9f1ce08e..686c9f9c 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -28,7 +28,7 @@ jobs: github.event.pull_request.head.repo.full_name != github.repository runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index f393ed9f..4412a881 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -21,11 +21,11 @@ jobs: security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7 with: persona: pedantic From 4c8b660b88302ffc09ee0c355479fddbc9790b40 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:26:14 +0000 Subject: [PATCH 4/4] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- docs/clean-prep/scikit-learn-reprocessing.ipynb | 10 +++++----- docs/data-processing/apis/fastapi/example.rst | 2 -- docs/data-processing/intake/data-engineers.ipynb | 1 - docs/data-processing/intake/gui.ipynb | 13 ++----------- docs/data-processing/postgresql/sqlalchemy.rst | 2 -- .../serialisation-formats/toml/index.rst | 1 - .../serialisation-formats/toml/pyproject.toml | 10 +++++----- docs/performance/index.rst | 3 --- docs/workspace/pandas/date-time.ipynb | 2 +- docs/workspace/pandas/group-operations.ipynb | 4 ++-- docs/workspace/pandas/python-data-structures.ipynb | 1 - fastapi/main.py | 3 +-- pyproject.toml | 2 +- 13 files changed, 17 insertions(+), 37 deletions(-) diff --git a/docs/clean-prep/scikit-learn-reprocessing.ipynb b/docs/clean-prep/scikit-learn-reprocessing.ipynb index f1f1aa34..9abb3269 100644 --- a/docs/clean-prep/scikit-learn-reprocessing.ipynb +++ b/docs/clean-prep/scikit-learn-reprocessing.ipynb @@ -47,8 +47,6 @@ "metadata": {}, "outputs": [], "source": [ - "from datetime import datetime\n", - "\n", "import numpy as np\n", "import pandas as pd\n", "\n", @@ -62,7 +60,9 @@ "metadata": {}, "outputs": [], "source": [ - "hvac = pd.read_csv(\"https://raw.githubusercontent.com/kjam/data-cleaning-101/master/data/HVAC_with_nulls.csv\")" + "hvac = pd.read_csv(\n", + " \"https://raw.githubusercontent.com/kjam/data-cleaning-101/master/data/HVAC_with_nulls.csv\"\n", + ")" ] }, { @@ -336,7 +336,7 @@ "metadata": {}, "outputs": [], "source": [ - "hvac[\"TargetTemp\"], hvac[\"SystemAge\"] = transformed[:,0], transformed[:,1]" + "hvac[\"TargetTemp\"], hvac[\"SystemAge\"] = transformed[:, 0], transformed[:, 1]" ] }, { @@ -583,7 +583,7 @@ } ], "source": [ - "hvac[\"MinMaxScaledTemp\"] = temp_minmax[:,0]\n", + "hvac[\"MinMaxScaledTemp\"] = temp_minmax[:, 0]\n", "hvac[\"MinMaxScaledTemp\"].head()" ] }, diff --git a/docs/data-processing/apis/fastapi/example.rst b/docs/data-processing/apis/fastapi/example.rst index e097d687..0f94c9cd 100644 --- a/docs/data-processing/apis/fastapi/example.rst +++ b/docs/data-processing/apis/fastapi/example.rst @@ -16,7 +16,6 @@ Erstellt die Datei :file:`main.py` mit diesem Inhalt: from fastapi import FastAPI - app = FastAPI() @@ -81,7 +80,6 @@ zu erhalten: from fastapi import FastAPI - app = FastAPI() diff --git a/docs/data-processing/intake/data-engineers.ipynb b/docs/data-processing/intake/data-engineers.ipynb index 3e6e8d75..00aa26ec 100644 --- a/docs/data-processing/intake/data-engineers.ipynb +++ b/docs/data-processing/intake/data-engineers.ipynb @@ -1128,7 +1128,6 @@ } ], "source": [ - "import hvplot.pandas\n", "import intake\n", "\n", "\n", diff --git a/docs/data-processing/intake/gui.ipynb b/docs/data-processing/intake/gui.ipynb index 6b851f13..14335b1a 100644 --- a/docs/data-processing/intake/gui.ipynb +++ b/docs/data-processing/intake/gui.ipynb @@ -5110,11 +5110,7 @@ "intake.output_notebook()\n", "\n", "us_crime.plot.bivariate(\n", - " \"Burglary rate\",\n", - " \"Property crime rate\",\n", - " legend=False,\n", - " width=500,\n", - " height=400\n", + " \"Burglary rate\", \"Property crime rate\", legend=False, width=500, height=400\n", ") * us_crime.plot.scatter(\n", " \"Burglary rate\",\n", " \"Property crime rate\",\n", @@ -5122,12 +5118,7 @@ " size=15,\n", " legend=False,\n", ") + us_crime.plot.table(\n", - " [\n", - " \"Burglary rate\",\n", - " \"Property crime rate\"\n", - " ],\n", - " width=350,\n", - " height=350\n", + " [\"Burglary rate\", \"Property crime rate\"], width=350, height=350\n", ")" ] }, diff --git a/docs/data-processing/postgresql/sqlalchemy.rst b/docs/data-processing/postgresql/sqlalchemy.rst index 3d00b9ea..cd04f65f 100644 --- a/docs/data-processing/postgresql/sqlalchemy.rst +++ b/docs/data-processing/postgresql/sqlalchemy.rst @@ -44,7 +44,6 @@ Datenbankverbindung from sqlalchemy import create_engine - engine = create_engine("postgresql:///example", echo=True) Datenmodell @@ -56,7 +55,6 @@ Datenmodell from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import relationship - Base = declarative_base() diff --git a/docs/data-processing/serialisation-formats/toml/index.rst b/docs/data-processing/serialisation-formats/toml/index.rst index ef548fde..ebb6a607 100644 --- a/docs/data-processing/serialisation-formats/toml/index.rst +++ b/docs/data-processing/serialisation-formats/toml/index.rst @@ -66,7 +66,6 @@ Beispiel import toml - config = toml.load("pyproject.toml") .. seealso:: diff --git a/docs/data-processing/serialisation-formats/toml/pyproject.toml b/docs/data-processing/serialisation-formats/toml/pyproject.toml index 0ea3af0e..e583d8be 100644 --- a/docs/data-processing/serialisation-formats/toml/pyproject.toml +++ b/docs/data-processing/serialisation-formats/toml/pyproject.toml @@ -6,12 +6,12 @@ line-length = 79 [tool.isort] atomic = true -force_grid_wrap = 0 +multi_line_output = 3 +use_parentheses = true include_trailing_comma = true +force_grid_wrap = 0 lines_after_imports = 2 lines_between_types = 1 -multi_line_output = 3 -not_skip = "__init__.py" -use_parentheses = true -known_first_party = [ "MY_FIRST_MODULE", "MY_SECOND_MODULE" ] known_third_party = [ "mpi4py", "numpy", "requests" ] +known_first_party = [ "MY_FIRST_MODULE", "MY_SECOND_MODULE" ] +not_skip = "__init__.py" diff --git a/docs/performance/index.rst b/docs/performance/index.rst index 4a179198..13ac6776 100644 --- a/docs/performance/index.rst +++ b/docs/performance/index.rst @@ -58,7 +58,6 @@ Beispieldaten können wir uns erstellen mit: from sklearn.datasets import make_blobs - points, labels_true = make_blobs( n_samples=1000, centers=3, random_state=0, cluster_std=0.60 ) @@ -136,7 +135,6 @@ k-Means-Algorithmus gibt es sogar gleich zwei Implementierungen: from sklearn.cluster import KMeans - KMeans(10).fit_predict(points) * `dask_ml.cluster.KMeans @@ -146,7 +144,6 @@ k-Means-Algorithmus gibt es sogar gleich zwei Implementierungen: from dask_ml.cluster import KMeans - KMeans(10).fit(points).predict(points) Gegen diese bestehenden Lösungen könnte bestenfalls sprechen, dass sie einen diff --git a/docs/workspace/pandas/date-time.ipynb b/docs/workspace/pandas/date-time.ipynb index b25638dd..39c2073d 100644 --- a/docs/workspace/pandas/date-time.ipynb +++ b/docs/workspace/pandas/date-time.ipynb @@ -228,7 +228,7 @@ } ], "source": [ - "(pd.to_datetime(uts, unit='s').tz_localize(\"UTC\"))" + "(pd.to_datetime(uts, unit=\"s\").tz_localize(\"UTC\"))" ] }, { diff --git a/docs/workspace/pandas/group-operations.ipynb b/docs/workspace/pandas/group-operations.ipynb index 5d723aff..5ddebe51 100644 --- a/docs/workspace/pandas/group-operations.ipynb +++ b/docs/workspace/pandas/group-operations.ipynb @@ -38,8 +38,8 @@ "metadata": {}, "outputs": [], "source": [ - "import pandas as pd\n", - "import numpy as np" + "import numpy as np\n", + "import pandas as pd" ] }, { diff --git a/docs/workspace/pandas/python-data-structures.ipynb b/docs/workspace/pandas/python-data-structures.ipynb index fc26cbdc..b65abae4 100644 --- a/docs/workspace/pandas/python-data-structures.ipynb +++ b/docs/workspace/pandas/python-data-structures.ipynb @@ -17,7 +17,6 @@ "metadata": {}, "outputs": [], "source": [ - "import numpy as np\n", "import pandas as pd" ] }, diff --git a/fastapi/main.py b/fastapi/main.py index 1a75788e..c8856bb3 100644 --- a/fastapi/main.py +++ b/fastapi/main.py @@ -4,9 +4,8 @@ """FastAPI application for items.""" -from pydantic import BaseModel - from fastapi import FastAPI +from pydantic import BaseModel app = FastAPI() diff --git a/pyproject.toml b/pyproject.toml index 10606d0e..4c00c3ea 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -153,8 +153,8 @@ lint.isort.lines-after-imports = 2 lint.isort.lines-between-types = 1 [tool.codespell] +ignore-words-list = "comit" skip = """\ *.csv, *.html, *.pdf, *.rst, *.ipynb, ./docs/_build/*, */books.json, */books.txt, ./styles/*, \ ./Python4DataScience.egg-info/*\ """ -ignore-words-list = "comit"