Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-gitlabcis for
openSUSE:Factory checked in at 2025-08-06 14:34:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-gitlabcis (Old)
and /work/SRC/openSUSE:Factory/.python-gitlabcis.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-gitlabcis"
Wed Aug 6 14:34:05 2025 rev:2 rq:1297816 version:1.15.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-gitlabcis/python-gitlabcis.changes
2025-04-30 19:03:58.765318281 +0200
+++
/work/SRC/openSUSE:Factory/.python-gitlabcis.new.1085/python-gitlabcis.changes
2025-08-06 14:35:36.517865775 +0200
@@ -1,0 +2,19 @@
+Sun Aug 3 11:41:12 UTC 2025 - Johannes Kastl
<[email protected]>
+
+- update to 1.15.4:
+ * Fix
+ - fix: Update dependency python-gitlab to v6.2.0 (b74b2d4)
+
+-------------------------------------------------------------------
+Wed Jul 16 09:45:20 UTC 2025 - Johannes Kastl
<[email protected]>
+
+- update to 1.15.3:
+ * Fix
+ - fix: Bundled renovate dependency bumps & docs typo fixes
+ (f04fd86)
+
+- update to 1.15.2:
+ * Fix
+ - fix: Add verify arg to gql client (#128) (c50cec0)
+
+-------------------------------------------------------------------
Old:
----
gitlabcis-1.15.1.tar.gz
New:
----
gitlabcis-1.15.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-gitlabcis.spec ++++++
--- /var/tmp/diff_new_pack.XG5HHG/_old 2025-08-06 14:35:37.481906378 +0200
+++ /var/tmp/diff_new_pack.XG5HHG/_new 2025-08-06 14:35:37.485906546 +0200
@@ -17,7 +17,7 @@
Name: python-gitlabcis
-Version: 1.15.1
+Version: 1.15.4
Release: 0
Summary: An automated tool that assesses the GitLab CIS benchmarks
against a project
License: MIT
@@ -26,20 +26,20 @@
BuildRequires: python-rpm-macros
# SECTION build requirements
BuildRequires: %{python_module pip}
-BuildRequires: %{python_module setuptools >= 61.2}
-BuildRequires: %{python_module setuptools_scm >= 8.1.0}
+BuildRequires: %{python_module setuptools >= 78.0}
+BuildRequires: %{python_module setuptools_scm >= 8.2.0}
BuildRequires: %{python_module wheel >= 0.42}
BuildRequires: %{python_module twine >= 6.1.0}
# /SECTION
# SECTION runtime requirements
#
https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/blob/main/pyproject.toml?ref_type=heads#L61
BuildRequires: %{python_module PyYAML >= 6.0.2}
-BuildRequires: %{python_module python-gitlab >= 5.6.0}
+BuildRequires: %{python_module python-gitlab >= 6.2.0}
BuildRequires: %{python_module tabulate >= 0.9.0}
BuildRequires: %{python_module tqdm >= 4.67.1}
BuildRequires: %{python_module defusedxml >= 0.7.1}
BuildRequires: %{python_module python-dateutil >= 2.9.0.post0}
-BuildRequires: %{python_module gql >= 3.5.2}
+BuildRequires: %{python_module gql >= 3.5.3}
# /SECTION
# SECTION test requirements
# BuildRequires: python_module pytest >= 8.3.4}
@@ -49,12 +49,12 @@
BuildRequires: fdupes
#
https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/blob/main/pyproject.toml?ref_type=heads#L61
Requires: python-PyYAML >= 6.0.2
-Requires: python-python-gitlab >= 5.6.0
+Requires: python-python-gitlab >= 6.2.0
Requires: python-tabulate >= 0.9.0
Requires: python-tqdm >= 4.67.1
Requires: python-defusedxml >= 0.7.1
Requires: python-python-dateutil >= 2.9.0.post0
-Requires: python-gql >= 3.5.2
+Requires: python-gql >= 3.5.3
BuildArch: noarch
%python_subpackages
++++++ gitlabcis-1.15.1.tar.gz -> gitlabcis-1.15.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/.gitlab/.gitlab-ci.yml
new/gitlabcis-1.15.4/.gitlab/.gitlab-ci.yml
--- old/gitlabcis-1.15.1/.gitlab/.gitlab-ci.yml 2025-04-15 23:41:41.000000000
+0200
+++ new/gitlabcis-1.15.4/.gitlab/.gitlab-ci.yml 2025-07-31 12:54:37.000000000
+0200
@@ -9,19 +9,11 @@
on_job_failure: all
# -----------------------------------------------------------------------------
-# Global variables:
-# -----------------------------------------------------------------------------
-
-variables:
- # dependency scanning
- DS_STATIC_REACHABILITY_ENABLED: true
- DS_ENFORCE_NEW_ANALYZER: true
-
-# -----------------------------------------------------------------------------
# Stages:
# -----------------------------------------------------------------------------
stages:
+ - deps
- lint
- test
- build
@@ -34,28 +26,19 @@
# create job required by the DS analyzer to create pipdeptree.json
#
https://docs.gitlab.com/user/application_security/dependency_scanning/dependency_scanning_sbom/#pip
+
dependency-setup:
- stage: .pre
+ stage: deps
script:
- make install
- make deps
artifacts:
when: on_success
- paths:
- - pipdeptree.json
+ paths: ["**/pipdeptree.json"]
access: developer
rules:
- when: always
-dependency-scanning-with-reachability:
- needs:
- - job: gitlab-static-reachability
- optional: true
- artifacts: true
- - job: create
- optional: true
- artifacts: true
-
# -----------------------------------------------------------------------------
# Security Scanning:
# -----------------------------------------------------------------------------
@@ -63,7 +46,7 @@
include:
# Sec templates:
- template: Security/SAST.gitlab-ci.yml
- - template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml
+ - component: $CI_SERVER_FQDN/components/dependency-scanning/main@0
- template: Security/Secret-Detection.gitlab-ci.yml
sast:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/.pre-commit-config.yaml
new/gitlabcis-1.15.4/.pre-commit-config.yaml
--- old/gitlabcis-1.15.1/.pre-commit-config.yaml 2025-04-15
23:41:41.000000000 +0200
+++ new/gitlabcis-1.15.4/.pre-commit-config.yaml 2025-07-31
12:54:37.000000000 +0200
@@ -8,34 +8,34 @@
args: ['--config', '.commitlintrc', '--verbose']
- repo: https://github.com/igorshubovych/markdownlint-cli
- rev: v0.41.0
+ rev: v0.45.0
hooks:
- id: markdownlint
args: ["**/*.md", "-c", ".markdownlint.yaml"]
- repo: https://github.com/gitleaks/gitleaks
- rev: v8.24.2
+ rev: v8.28.0
hooks:
- id: gitleaks
args: ['--no-banner']
- repo: https://github.com/pycqa/isort
- rev: 5.13.2
+ rev: 6.0.1
hooks:
- id: isort
- repo: https://github.com/psf/black
- rev: 24.10.0
+ rev: 25.1.0
hooks:
- id: black
args: ['-S', '--line-length=79', '--diff']
- repo: https://github.com/pycqa/flake8
- rev: 7.2.0
+ rev: 7.3.0
hooks:
- id: flake8
- repo: https://github.com/renovatebot/pre-commit-hooks
- rev: 39.19.1
+ rev: 41.43.0
hooks:
- id: renovate-config-validator
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/CHANGELOG.md
new/gitlabcis-1.15.4/CHANGELOG.md
--- old/gitlabcis-1.15.1/CHANGELOG.md 2025-04-15 23:42:06.000000000 +0200
+++ new/gitlabcis-1.15.4/CHANGELOG.md 2025-07-31 12:54:55.000000000 +0200
@@ -1,5 +1,23 @@
# CHANGELOG
+## v1.15.4 (2025-07-31)
+
+### Fix
+
+* fix: Update dependency python-gitlab to v6.2.0
([`b74b2d4`](https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/commit/b74b2d4d076c60b3d48aed693711052233a6947d))
+
+## v1.15.3 (2025-07-16)
+
+### Fix
+
+* fix: Bundled renovate dependency bumps & docs typo fixes
([`f04fd86`](https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/commit/f04fd8612042e2f218750c642943a90e8482aef2))
+
+## v1.15.2 (2025-04-24)
+
+### Fix
+
+* fix: Add verify arg to gql client (#128)
([`c50cec0`](https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/commit/c50cec058bbefd59902e9dad6051723aee3a3e6d))
+
## v1.15.1 (2025-04-15)
### Fix
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/PKG-INFO
new/gitlabcis-1.15.4/PKG-INFO
--- old/gitlabcis-1.15.1/PKG-INFO 2025-04-15 23:42:19.737852000 +0200
+++ new/gitlabcis-1.15.4/PKG-INFO 2025-07-31 12:55:04.904447000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: gitlabcis
-Version: 1.15.1
+Version: 1.15.4
Summary: An automated tool that assesses the GitLab CIS benchmarks against a
project.
Author-email: Nate Rosandich <[email protected]>, Neil McDonald
<[email protected]>, Mitra JozeNazemian
<[email protected]>
License: MIT License
@@ -55,28 +55,28 @@
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: PyYAML==6.0.2
-Requires-Dist: python-gitlab==5.6.0
+Requires-Dist: python-gitlab==6.2.0
Requires-Dist: tabulate==0.9.0
Requires-Dist: tqdm==4.67.1
Requires-Dist: defusedxml==0.7.1
Requires-Dist: python-dateutil==2.9.0.post0
-Requires-Dist: gql==3.5.2
+Requires-Dist: gql==3.5.3
Provides-Extra: build
-Requires-Dist: setuptools~=76.0; extra == "build"
+Requires-Dist: setuptools~=80.0; extra == "build"
Requires-Dist: wheel==0.45.1; extra == "build"
Requires-Dist: build==1.2.2.post1; extra == "build"
-Requires-Dist: setuptools-scm~=8.2.0; extra == "build"
+Requires-Dist: setuptools-scm~=8.3.1; extra == "build"
Requires-Dist: twine==6.1.0; extra == "build"
Provides-Extra: test
-Requires-Dist: pipdeptree==2.26.0; extra == "test"
+Requires-Dist: pipdeptree==2.28.0; extra == "test"
Requires-Dist: pre-commit~=4.2.0; extra == "test"
-Requires-Dist: pytest==8.3.5; extra == "test"
-Requires-Dist: flake8~=7.1.1; extra == "test"
-Requires-Dist: bandit==1.8.3; extra == "test"
-Requires-Dist: yamllint==1.37.0; extra == "test"
-Requires-Dist: pytest-cov==6.0.0; extra == "test"
-Requires-Dist: coverage==7.6.12; extra == "test"
-Requires-Dist: tox~=4.24.1; extra == "test"
+Requires-Dist: pytest==8.4.1; extra == "test"
+Requires-Dist: flake8~=7.3.0; extra == "test"
+Requires-Dist: bandit==1.8.6; extra == "test"
+Requires-Dist: yamllint==1.37.1; extra == "test"
+Requires-Dist: pytest-cov==6.2.1; extra == "test"
+Requires-Dist: coverage==7.10.1; extra == "test"
+Requires-Dist: tox~=4.28.1; extra == "test"
Dynamic: license-file
# CIS GitLab Benchmark Scanner - gitlabcis
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/docs/limitations.md
new/gitlabcis-1.15.4/docs/limitations.md
--- old/gitlabcis-1.15.1/docs/limitations.md 2025-04-15 23:41:41.000000000
+0200
+++ new/gitlabcis-1.15.4/docs/limitations.md 2025-07-31 12:54:37.000000000
+0200
@@ -18,7 +18,7 @@
|--------|------|------------|
| 1.1.4 | code_approval_dismissals | For `Group` input types, we require a
change upstream on the `python-gitlab` dependency (ref: [MR approval settings
Group Level
#3165](https://github.com/python-gitlab/python-gitlab/issues/3165)). |
| 1.1.5 | code_dismissal_restrictions | Trusted users cannot be automatically
checked. The control will `PASS` for projects that have protected branches, and
`FAIL` if none are set. For `Group` input types, we require a change upstream
on the `python-gitlab` dependency (ref: [Protected Branches Group Level
#3164](https://github.com/python-gitlab/python-gitlab/issues/3164)).|
-| 1.1.7 | code_changes_require_code_owners | The recommendation is only set
for the `default` branch. This function does not iterate over all protected
branches. Additionally if a user removes the protected status of their default
branch, then creates a new protected branch. Only the protected branch is
checked, skipping the default. For `Group` input types, we require a change
upstream on the `python-gitlab` dependency (ref: [Protected Branches Group
Level #3164](https://github.com/python-gitlab/python-gitlab/issues/3164)). |
+| 1.1.7 | code_changes_require_code_owners | The recommendation is only set
for the `default` branch. This function does not iterate over all protected
branches. Additionally, if a user removes the protected status of their default
branch, then creates a new protected branch. Only the protected branch is
checked, skipping the default. For `Group` input types, we require a change
upstream on the `python-gitlab` dependency (ref: [Protected Branches Group
Level #3164](https://github.com/python-gitlab/python-gitlab/issues/3164)). |
| 1.1.11 | comments_resolved_before_merging | For `Group` input types, the
following [feature
request](https://gitlab.com/gitlab-org/gitlab/-/issues/534608) needs to be
created, then an upstream change created in `python-gitlab` in order for us to
assess this.|
| 1.1.12 | commits_must_be_signed_before_merging | This control will return a
`SKIP` if the [push rules](https://docs.gitlab.com/api/group_push_rules/)
feature is not enabled. |
| 1.1.14 | branch_protections_for_admins | Requires admin permissions to get
a `PASS`/`FAIL` - additionally, gitlab.com `FAIL`'s this, because we allow
group owners to manage default branch protections (by design). |
@@ -41,12 +41,12 @@
| 1.3.13 | track_code_anomalies | `SKIP` by default as it's not feasible to
ascertain |
| 1.4.1 | admin_approval_for_app_installs | This control will _not_ review
scopes on authorized applications, as this requires manual verification |
| 1.4.2 | stale_app_reviews | This control will look at the previous `20`
pipeline jobs, and check for `dependency_scanning` in the name. This occurs
when Dependency Scanning is enabled for a project, if found it will `PASS` else
returns a `FAIL` |
-| 1.4.3 | least_privilge_app_permissions | <ul><li>For `Instance` types, a
`SKIP` will be presented.</li><li>For `Project` types, If a project has
`integrations` then this check will `SKIP` to require manual verification,
otherwise if none were found return a `PASS`</li></ul>|
+| 1.4.3 | least_privilege_app_permissions | <ul><li>For `Instance` types, a
`SKIP` will be presented.</li><li>For `Project` types, If a project has
`integrations` then this check will `SKIP` to require manual verification,
otherwise if none were found return a `PASS`</li></ul>|
| 1.5.1 | enable_secret_detection | `SKIP` by default for `Instance` types. |
| 1.5.2 | secure_pipeline_instructions | `SKIP` by default as we cannot
automate this |
| 1.5.3 | secure_iac_instructions | `PASS` if SAST is enabled but does not
specifically look for IaC SAST. |
-| 1.5.7 | dast_web_scanning | `PASS` if DAST is enabled but we cannot
differentiate between API & WEB scanning. |
-| 1.5.8 | dast_api_scanning | `PASS` if DAST is enabled but we cannot
differentiate between API & WEB scanning. |
+| 1.5.7 | dast_web_scanning | `PASS` if DAST is enabled, but we cannot
differentiate between API & WEB scanning. |
+| 1.5.8 | dast_api_scanning | `PASS` if DAST is enabled, but we cannot
differentiate between API & WEB scanning. |
| 2.1.1 | single_responsibility_pipeline | `FAIL` if there are multiple jobs
under the "build" stages, also assumes that the build "phase" is under a stage
with "build" in its name.|
| 2.1.2 | immutable_pipeline_infrastructure | `SKIP` by default as we cannot
automate this |
| 2.1.3 | build_logging | `SKIP` by default as we cannot automate this |
@@ -88,14 +88,14 @@
| 4.2.6 | minimum_package_registry_admins | `PASS` if the number of members
with reporter role or higher is below 40% or fewer than three. |
| 4.3.3 | audit_package_registry_config | `SKIP` by default as we cannot
automate this |
| 4.4.1 | artifact_origin_info | `SKIP` by default as we cannot automate this |
-| 5.1.1 | separate_deployment_config | `PASS` if ci config yml file is
avaiable and not in the root directory of this project |
-| 5.1.2 | audit_deployment_config | `PASS` if ci config yml file is avaiable
and chnages need atleast one approval and licence allow audit |
+| 5.1.1 | separate_deployment_config | `PASS` if ci config yml file is
available and not in the root directory of this project |
+| 5.1.2 | audit_deployment_config | `PASS` if ci config yml file is available
and changes need at least one approval and licence allow audit |
| 5.1.3 | secret_scan_deployment_config | `PASS` if secret_detection is
enabled|
| 5.1.4 | limit_deployment_config_access | `SKIP` by default as we cannot
automate this |
| 5.1.5 | scan_iac| `PASS` if SAST_IAC is enabled|
| 5.1.6 | verify_deployment_config | `SKIP` by default as we cannot automate
this |
| 5.1.7 | pin_deployment_config_manifests | `SKIP` by default as we cannot
automate this |
-| 5.2.1 | automate_deployment | `FAIL` if ci config file is not avaiable
otherwise `SKIP` for manual review |
+| 5.2.1 | automate_deployment | `FAIL` if ci config file is not available
otherwise `SKIP` for manual review |
| 5.2.2 | reproducible_deployment | `SKIP` by default as we cannot automate
this |
| 5.2.3 | limit_prod_access | `SKIP` by default as we cannot automate this |
| 5.2.4 | disable_default_passwords | `SKIP` by default as we cannot automate
this |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis/__init__.py
new/gitlabcis-1.15.4/gitlabcis/__init__.py
--- old/gitlabcis-1.15.1/gitlabcis/__init__.py 2025-04-15 23:42:06.000000000
+0200
+++ new/gitlabcis-1.15.4/gitlabcis/__init__.py 2025-07-31 12:54:55.000000000
+0200
@@ -9,4 +9,4 @@
# -------------------------------------------------------------------------
__author__ = '[email protected]'
-__version__ = '1.15.1' # noqa: E999
+__version__ = '1.15.4' # noqa: E999
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.1/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
new/gitlabcis-1.15.4/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
---
old/gitlabcis-1.15.1/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
2025-04-15 23:41:41.000000000 +0200
+++
new/gitlabcis-1.15.4/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
2025-07-31 12:54:37.000000000 +0200
@@ -15,8 +15,8 @@
try:
commits = glEntity.commits.list(all=True)
for commit in commits:
- comit_id = commit.id
- commit_info = glEntity.commits.get(comit_id)
+ commit_id = commit.id
+ commit_info = glEntity.commits.get(commit_id)
if commit_info.status is None:
return {False: 'Commits are not signed'}
if commit_info.status != 'verified':
@@ -51,8 +51,8 @@
try:
commits = glEntity.commits.list(all=True)
for commit in commits:
- comit_id = commit.id
- commit_info = glEntity.commits.get(comit_id)
+ commit_id = commit.id
+ commit_info = glEntity.commits.get(commit_id)
if commit_info.status is None:
return {False: 'Commits are not signed'}
if commit_info.status != 'verified':
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.1/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
new/gitlabcis-1.15.4/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
---
old/gitlabcis-1.15.1/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
2025-04-15 23:41:41.000000000 +0200
+++
new/gitlabcis-1.15.4/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
2025-07-31 12:54:37.000000000 +0200
@@ -23,7 +23,7 @@
if ciFile in [None, False]:
return {ciFile: reason}
- # check its existance:
+ # check its existence:
if ciFile.file_path is None:
return {False: 'separate ci config file not set for project'}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.1/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
new/gitlabcis-1.15.4/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
--- old/gitlabcis-1.15.1/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
2025-04-15 23:41:41.000000000 +0200
+++ new/gitlabcis-1.15.4/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
2025-07-31 12:54:37.000000000 +0200
@@ -122,7 +122,8 @@
transport=RequestsHTTPTransport(
url=kwargs.get('graphQLEndpoint'),
headers=kwargs.get('graphQLHeaders'),
- use_json=True
+ use_json=True,
+ verify=kwargs.get('sslVerify')
),
fetch_schema_from_transport=True
)
@@ -199,7 +200,8 @@
transport=RequestsHTTPTransport(
url=kwargs.get('graphQLEndpoint'),
headers=kwargs.get('graphQLHeaders'),
- use_json=True
+ use_json=True,
+ verify=kwargs.get('sslVerify')
),
fetch_schema_from_transport=True
)
@@ -277,7 +279,8 @@
transport=RequestsHTTPTransport(
url=kwargs.get('graphQLEndpoint'),
headers=kwargs.get('graphQLHeaders'),
- use_json=True
+ use_json=True,
+ verify=kwargs.get('sslVerify')
),
fetch_schema_from_transport=True
)
@@ -355,7 +358,8 @@
transport=RequestsHTTPTransport(
url=kwargs.get('graphQLEndpoint'),
headers=kwargs.get('graphQLHeaders'),
- use_json=True
+ use_json=True,
+ verify=kwargs.get('sslVerify')
),
fetch_schema_from_transport=True
)
@@ -434,7 +438,8 @@
transport=RequestsHTTPTransport(
url=kwargs.get('graphQLEndpoint'),
headers=kwargs.get('graphQLHeaders'),
- use_json=True
+ use_json=True,
+ verify=kwargs.get('sslVerify')
),
fetch_schema_from_transport=True
)
@@ -511,7 +516,8 @@
transport=RequestsHTTPTransport(
url=kwargs.get('graphQLEndpoint'),
headers=kwargs.get('graphQLHeaders'),
- use_json=True
+ use_json=True,
+ verify=kwargs.get('sslVerify')
),
fetch_schema_from_transport=True
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.1/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
new/gitlabcis-1.15.4/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
---
old/gitlabcis-1.15.1/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
2025-04-15 23:41:41.000000000 +0200
+++
new/gitlabcis-1.15.4/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
2025-07-31 12:54:37.000000000 +0200
@@ -86,7 +86,7 @@
"""
# attempting to paginate over 1,000 users in a project which
- # recived their membership due to nested-group permissions...
+ # received their membership due to nested-group permissions...
# results in a large wait-time for this function to run.
# roughly it take 1.5 minutes for it to complete all of /gitlab-com.
@@ -102,7 +102,7 @@
"""
# attempting to paginate over 1,000 users in a project which
- # recived their membership due to nested-group permissions...
+ # received their membership due to nested-group permissions...
# results in a large wait-time for this function to run.
# roughly it take 1.5 minutes for it to complete all of /gitlab-com.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis/cli/argsInput.py
new/gitlabcis-1.15.4/gitlabcis/cli/argsInput.py
--- old/gitlabcis-1.15.1/gitlabcis/cli/argsInput.py 2025-04-15
23:41:41.000000000 +0200
+++ new/gitlabcis-1.15.4/gitlabcis/cli/argsInput.py 2025-07-31
12:54:37.000000000 +0200
@@ -62,7 +62,7 @@
metavar='RECOMMENDATION_IDS',
nargs='*',
type=str,
- help='The IDs of the recommedation checks to use (e.g. 1.1.1)'
+ help='The IDs of the recommendation checks to use (e.g. 1.1.1)'
)
parser.add_argument(
@@ -72,7 +72,7 @@
metavar='RECOMMENDATION_IDS_TO_SKIP',
nargs='*',
type=str,
- help='The IDs of the recommedation checks to SKIP (e.g. 1.1.1)'
+ help='The IDs of the recommendation checks to SKIP (e.g. 1.1.1)'
)
parser.add_argument(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis/cli/auth.py
new/gitlabcis-1.15.4/gitlabcis/cli/auth.py
--- old/gitlabcis-1.15.1/gitlabcis/cli/auth.py 2025-04-15 23:41:41.000000000
+0200
+++ new/gitlabcis-1.15.4/gitlabcis/cli/auth.py 2025-07-31 12:54:37.000000000
+0200
@@ -83,7 +83,7 @@
self.authenticate()
self.determineEntity()
- # determine what groups if any exist in hierachy:
+ # determine what groups if any exist in hierarchy:
self.cascade()
# ---------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis/cli/main.py
new/gitlabcis-1.15.4/gitlabcis/cli/main.py
--- old/gitlabcis-1.15.1/gitlabcis/cli/main.py 2025-04-15 23:41:41.000000000
+0200
+++ new/gitlabcis-1.15.4/gitlabcis/cli/main.py 2025-07-31 12:54:37.000000000
+0200
@@ -50,7 +50,7 @@
OUTPUT_FORMATS, MAX_WORKERS)
# -------------------------------------------------------------------------
- # Token heirachy:
+ # Token heirarchy:
# -------------------------------------------------------------------------
# If a user provided a token via an arg, that should take highest priority,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis/tests/input/ssl_test.py
new/gitlabcis-1.15.4/gitlabcis/tests/input/ssl_test.py
--- old/gitlabcis-1.15.1/gitlabcis/tests/input/ssl_test.py 2025-04-15
23:41:41.000000000 +0200
+++ new/gitlabcis-1.15.4/gitlabcis/tests/input/ssl_test.py 2025-07-31
12:54:37.000000000 +0200
@@ -1,6 +1,7 @@
# -----------------------------------------------------------------------------
import builtins
+import unittest
from unittest.mock import patch
import pytest
@@ -28,3 +29,57 @@
'https://gitlab.com/destination/project', token='fake-token',
ssl_verify=False)
assert gitlab_cis.ssl_verify is False
+
+# -----------------------------------------------------------------------------
+
+
+class TestGitLabGraphQLClient(unittest.TestCase):
+
+ @patch('gql.transport.requests.RequestsHTTPTransport')
+ def test_ssl_verify_parameter(self, mock_transport):
+
+ # Test with SSL verification enabled
+ kwargs = {
+ 'graphQLEndpoint': 'https://gitlab.example.com/api/graphql',
+ 'graphQLHeaders': {'Authorization': 'Bearer token123'},
+ 'sslVerify': True
+ }
+
+ # For this example, I'll recreate the client code from your snippet
+ from gql import Client
+ client = Client(
+ transport=mock_transport(
+ url=kwargs.get('graphQLEndpoint'),
+ headers=kwargs.get('graphQLHeaders'),
+ use_json=True,
+ verify=kwargs.get('sslVerify')
+ ),
+ fetch_schema_from_transport=True
+ )
+
+ # Verify the transport was created with verify=True
+ mock_transport.assert_called_once()
+ call_kwargs = mock_transport.call_args[1]
+ self.assertTrue(call_kwargs['verify'])
+
+ # Reset the mock for the next test
+ mock_transport.reset_mock()
+
+ # Test with SSL verification disabled
+ kwargs['sslVerify'] = False
+
+ # Create client again with new kwargs
+ client = Client( # noqa: F841
+ transport=mock_transport(
+ url=kwargs.get('graphQLEndpoint'),
+ headers=kwargs.get('graphQLHeaders'),
+ use_json=True,
+ verify=kwargs.get('sslVerify')
+ ),
+ fetch_schema_from_transport=True
+ )
+
+ # Verify the transport was created with verify=False
+ mock_transport.assert_called_once()
+ call_kwargs = mock_transport.call_args[1]
+ self.assertFalse(call_kwargs['verify'])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.1/gitlabcis/tests/unit/yaml/bad_file_test.py
new/gitlabcis-1.15.4/gitlabcis/tests/unit/yaml/bad_file_test.py
--- old/gitlabcis-1.15.1/gitlabcis/tests/unit/yaml/bad_file_test.py
2025-04-15 23:41:41.000000000 +0200
+++ new/gitlabcis-1.15.4/gitlabcis/tests/unit/yaml/bad_file_test.py
2025-07-31 12:54:37.000000000 +0200
@@ -10,6 +10,6 @@
with pytest.raises(SystemExit) as execCtx:
from gitlabcis.utils import readYaml # noqa: F401
- readYaml('non-existant.yml')
+ readYaml('non-existent.yml')
assert execCtx.value.code == 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis.egg-info/PKG-INFO
new/gitlabcis-1.15.4/gitlabcis.egg-info/PKG-INFO
--- old/gitlabcis-1.15.1/gitlabcis.egg-info/PKG-INFO 2025-04-15
23:42:19.000000000 +0200
+++ new/gitlabcis-1.15.4/gitlabcis.egg-info/PKG-INFO 2025-07-31
12:55:04.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: gitlabcis
-Version: 1.15.1
+Version: 1.15.4
Summary: An automated tool that assesses the GitLab CIS benchmarks against a
project.
Author-email: Nate Rosandich <[email protected]>, Neil McDonald
<[email protected]>, Mitra JozeNazemian
<[email protected]>
License: MIT License
@@ -55,28 +55,28 @@
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: PyYAML==6.0.2
-Requires-Dist: python-gitlab==5.6.0
+Requires-Dist: python-gitlab==6.2.0
Requires-Dist: tabulate==0.9.0
Requires-Dist: tqdm==4.67.1
Requires-Dist: defusedxml==0.7.1
Requires-Dist: python-dateutil==2.9.0.post0
-Requires-Dist: gql==3.5.2
+Requires-Dist: gql==3.5.3
Provides-Extra: build
-Requires-Dist: setuptools~=76.0; extra == "build"
+Requires-Dist: setuptools~=80.0; extra == "build"
Requires-Dist: wheel==0.45.1; extra == "build"
Requires-Dist: build==1.2.2.post1; extra == "build"
-Requires-Dist: setuptools-scm~=8.2.0; extra == "build"
+Requires-Dist: setuptools-scm~=8.3.1; extra == "build"
Requires-Dist: twine==6.1.0; extra == "build"
Provides-Extra: test
-Requires-Dist: pipdeptree==2.26.0; extra == "test"
+Requires-Dist: pipdeptree==2.28.0; extra == "test"
Requires-Dist: pre-commit~=4.2.0; extra == "test"
-Requires-Dist: pytest==8.3.5; extra == "test"
-Requires-Dist: flake8~=7.1.1; extra == "test"
-Requires-Dist: bandit==1.8.3; extra == "test"
-Requires-Dist: yamllint==1.37.0; extra == "test"
-Requires-Dist: pytest-cov==6.0.0; extra == "test"
-Requires-Dist: coverage==7.6.12; extra == "test"
-Requires-Dist: tox~=4.24.1; extra == "test"
+Requires-Dist: pytest==8.4.1; extra == "test"
+Requires-Dist: flake8~=7.3.0; extra == "test"
+Requires-Dist: bandit==1.8.6; extra == "test"
+Requires-Dist: yamllint==1.37.1; extra == "test"
+Requires-Dist: pytest-cov==6.2.1; extra == "test"
+Requires-Dist: coverage==7.10.1; extra == "test"
+Requires-Dist: tox~=4.28.1; extra == "test"
Dynamic: license-file
# CIS GitLab Benchmark Scanner - gitlabcis
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/gitlabcis.egg-info/requires.txt
new/gitlabcis-1.15.4/gitlabcis.egg-info/requires.txt
--- old/gitlabcis-1.15.1/gitlabcis.egg-info/requires.txt 2025-04-15
23:42:19.000000000 +0200
+++ new/gitlabcis-1.15.4/gitlabcis.egg-info/requires.txt 2025-07-31
12:55:04.000000000 +0200
@@ -1,25 +1,25 @@
PyYAML==6.0.2
-python-gitlab==5.6.0
+python-gitlab==6.2.0
tabulate==0.9.0
tqdm==4.67.1
defusedxml==0.7.1
python-dateutil==2.9.0.post0
-gql==3.5.2
+gql==3.5.3
[build]
-setuptools~=76.0
+setuptools~=80.0
wheel==0.45.1
build==1.2.2.post1
-setuptools-scm~=8.2.0
+setuptools-scm~=8.3.1
twine==6.1.0
[test]
-pipdeptree==2.26.0
+pipdeptree==2.28.0
pre-commit~=4.2.0
-pytest==8.3.5
-flake8~=7.1.1
-bandit==1.8.3
-yamllint==1.37.0
-pytest-cov==6.0.0
-coverage==7.6.12
-tox~=4.24.1
+pytest==8.4.1
+flake8~=7.3.0
+bandit==1.8.6
+yamllint==1.37.1
+pytest-cov==6.2.1
+coverage==7.10.1
+tox~=4.28.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.1/pyproject.toml
new/gitlabcis-1.15.4/pyproject.toml
--- old/gitlabcis-1.15.1/pyproject.toml 2025-04-15 23:42:06.000000000 +0200
+++ new/gitlabcis-1.15.4/pyproject.toml 2025-07-31 12:54:55.000000000 +0200
@@ -3,7 +3,7 @@
# -----------------------------------------------------------------------------
[build-system]
-requires = ["setuptools>=61.2", "wheel>=0.42", "setuptools-scm>=8.1.0"]
+requires = ["setuptools>=80.0", "wheel>=0.42", "setuptools-scm>=8.3.1"]
build-backend = "setuptools.build_meta"
# -----------------------------------------------------------------------------
@@ -12,7 +12,7 @@
[project]
name = "gitlabcis"
-version = "1.15.1"
+version = "1.15.4"
requires-python = ">=3.9"
description = "An automated tool that assesses the GitLab CIS benchmarks
against a project."
authors = [
@@ -60,32 +60,32 @@
]
dependencies = [
"PyYAML == 6.0.2",
- "python-gitlab == 5.6.0",
+ "python-gitlab ==6.2.0",
"tabulate == 0.9.0",
"tqdm == 4.67.1",
"defusedxml == 0.7.1",
"python-dateutil == 2.9.0.post0",
- "gql == 3.5.2"
+ "gql == 3.5.3"
]
[project.optional-dependencies]
build = [
- "setuptools ~= 76.0",
+ "setuptools ~= 80.0",
"wheel == 0.45.1",
"build == 1.2.2.post1",
- "setuptools-scm ~= 8.2.0",
+ "setuptools-scm ~= 8.3.1",
"twine == 6.1.0",
]
test = [
- "pipdeptree ==2.26.0",
+ "pipdeptree ==2.28.0",
"pre-commit ~=4.2.0",
- "pytest == 8.3.5",
- "flake8 ~= 7.1.1",
- "bandit == 1.8.3",
- "yamllint ==1.37.0",
- "pytest-cov == 6.0.0",
- "coverage == 7.6.12",
- "tox ~= 4.24.1"
+ "pytest == 8.4.1",
+ "flake8 ~=7.3.0",
+ "bandit ==1.8.6",
+ "yamllint == 1.37.1",
+ "pytest-cov == 6.2.1",
+ "coverage ==7.10.1",
+ "tox ~=4.28.1"
]
[project.scripts]
