Release v0.8.4 #303

jtherrmann · 2025-11-04T00:51:57Z

TODO:

changelog #302

Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.12.3 to 1.12.4. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@v1.12.3...v1.12.4) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

update s3 stubs for integrity checks introduced in boto3==1.36.0

Update CODEOWNERS to facilitate x-team collaboration

delete repo CoC in favor of organization default

Bumps [ASFHyP3/actions](https://github.com/asfhyp3/actions) from 0.15.0 to 0.17.1. - [Release notes](https://github.com/asfhyp3/actions/releases) - [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md) - [Commits](ASFHyP3/actions@v0.15.0...v0.17.1) --- updated-dependencies: - dependency-name: ASFHyP3/actions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…P3/actions-0.17.1

…3/actions-0.17.1 Bump ASFHyP3/actions from 0.15.0 to 0.17.1

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.5 to 0.9.6. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.5...0.9.6) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.9.5 to 0.9.6

Bumps [mypy](https://github.com/python/mypy) from 1.14.1 to 1.15.0. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.14.1...v1.15.0) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bump mypy from 1.14.1 to 1.15.0

…h-action-pypi-publish-1.12.4 Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.6 to 0.9.7. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.6...0.9.7) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.9.6 to 0.9.7

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.7 to 0.9.9. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.7...0.9.9) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.9.7 to 0.9.9

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.9 to 0.9.10. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.9...0.9.10) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.9.9 to 0.9.10

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.10 to 0.11.0. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.10...0.11.0) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.9.10 to 0.11.0

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.9 to 0.11.10. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.11.9...0.11.10) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.11.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [ASFHyP3/actions](https://github.com/asfhyp3/actions) from 0.18.1 to 0.19.0. - [Release notes](https://github.com/asfhyp3/actions/releases) - [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md) - [Commits](ASFHyP3/actions@v0.18.1...v0.19.0) --- updated-dependencies: - dependency-name: ASFHyP3/actions dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…3/actions-0.19.0 Bump ASFHyP3/actions from 0.18.1 to 0.19.0

Bump ruff from 0.11.9 to 0.11.10

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.10 to 0.11.11. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.11.10...0.11.11) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.11.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.11.10 to 0.11.11

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.11 to 0.11.12. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.11.11...0.11.12) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.11.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.11.11 to 0.11.12

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.12 to 0.12.0. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.11.12...0.12.0) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bump ruff from 0.11.12 to 0.12.0

dependabot groups

Bumps the pip-deps group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [mypy](https://github.com/python/mypy). Updates `ruff` from 0.12.0 to 0.12.1 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.12.0...0.12.1) Updates `mypy` from 1.15.0 to 1.16.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.15.0...v1.16.1) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-deps - dependency-name: mypy dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-deps ... Signed-off-by: dependabot[bot] <support@github.com>

Bump the pip-deps group with 2 updates

Bumps the pip-deps group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [mypy](https://github.com/python/mypy). Updates `ruff` from 0.12.1 to 0.12.3 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.12.1...0.12.3) Updates `mypy` from 1.15.0 to 1.16.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.15.0...v1.16.1) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.12.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-deps - dependency-name: mypy dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-deps ... Signed-off-by: dependabot[bot] <support@github.com>

Bump the pip-deps group with 2 updates

Bumps the github-actions-deps group with 3 updates in the / directory: [ASFHyP3/actions](https://github.com/asfhyp3/actions), [actions/checkout](https://github.com/actions/checkout) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `ASFHyP3/actions` from 0.19.0 to 0.20.0 - [Release notes](https://github.com/asfhyp3/actions/releases) - [Changelog](https://github.com/ASFHyP3/actions/blob/develop/CHANGELOG.md) - [Commits](ASFHyP3/actions@v0.19.0...v0.20.0) Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.13.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@v1.12.4...v1.13.0) --- updated-dependencies: - dependency-name: ASFHyP3/actions dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-deps - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-deps - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>

…-actions-deps-1780c308f8 Bump the github-actions-deps group across 1 directory with 3 updates

.github/workflows/changelog.yml

 jobs:
  call-changelog-check-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.15.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-changelog-check.yml@v0.20.0


To fix the problem, add a permissions block at the root level of the workflow or within the specific job that calls the reusable workflow. Since the job only invokes a reusable workflow, and to follow the principle of least privilege, start with the minimal permissions block, such as contents: read. This limits the permissions granted to the GITHUB_TOKEN for this workflow and any jobs (unless individually overridden). Edit .github/workflows/changelog.yml and insert the permissions block immediately after the workflow's name and before on: so it applies to all jobs by default. No additional imports or definitions are required for this YAML file change.

.github/workflows/labeled-pr.yml

 jobs:
  call-labeled-pr-check-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.15.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-labeled-pr-check.yml@v0.20.0


To fix the problem, an explicit permissions: block should be added, either at the root of the workflow or within the job definition. For a workflow calling a reusable workflow, in nearly all cases contents: read is sufficient unless the reusable workflow requires more.

The single best fix is to add

permissions: contents: read

directly below the name: line at the top of .github/workflows/labeled-pr.yml. This applies the minimal permissions to all jobs in this workflow.

No imports, new methods, or further changes are needed.

.github/workflows/static-analysis.yml


  call-mypy-workflow:
-    uses: ASFHyP3/actions/.github/workflows/reusable-mypy.yml@v0.15.0
+    uses: ASFHyP3/actions/.github/workflows/reusable-mypy.yml@v0.20.0


The best way to fix this problem is to add a permissions block at the root of .github/workflows/static-analysis.yml, with the least privilege needed for static analysis jobs. Since typical static analysis workflows only require read access to repository contents (and no write access to issues, pull requests, etc.), you can use contents: read as a starting point. This block should be inserted immediately under the workflow name, before the on: key. If specific jobs later need additional permissions, such as writing PR comments or updating statuses, those jobs can define their own permissions. For now, set the most restrictive permissions globally.

changelog

dependabot bot and others added 30 commits January 27, 2025 19:22

update s3 stubs for integrity checks introduced in boto3==1.36.0

3e1466a

Merge pull request #263 from ASFHyP3/s3-crc

e6c9418

update s3 stubs for integrity checks introduced in boto3==1.36.0

Update CODEOWNERS

324a1b2

Merge pull request #264 from ASFHyP3/jhkennedy-patch-1

a8e9b41

Update CODEOWNERS to facilitate x-team collaboration

delete repo CoC in favor of organization default

9f75e49

Merge pull request #265 from ASFHyP3/delete-coc

dcfa229

delete repo CoC in favor of organization default

update dependabot config

e7e7735

add requirements-static.txt

647b2a6

install requirements-static.txt from environment.yml

9cb982b

bump version for ruff and mypy actions

bd74cd9

update ruff config

8dcacf0

Merge branch 'pin-ruff-and-mypy' into dependabot/github_actions/ASFHy…

bcd2188

…P3/actions-0.17.1

Merge pull request #266 from ASFHyP3/dependabot/github_actions/ASFHyP…

94abeb7

…3/actions-0.17.1 Bump ASFHyP3/actions from 0.15.0 to 0.17.1

Merge pull request #267 from ASFHyP3/dependabot/pip/ruff-0.9.6

1845795

Bump ruff from 0.9.5 to 0.9.6

Merge pull request #268 from ASFHyP3/dependabot/pip/mypy-1.15.0

202778e

Bump mypy from 1.14.1 to 1.15.0

Merge pull request #262 from ASFHyP3/dependabot/github_actions/pypa/g…

e719691

…h-action-pypi-publish-1.12.4 Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4

Merge pull request #269 from ASFHyP3/dependabot/pip/ruff-0.9.7

59beafd

Bump ruff from 0.9.6 to 0.9.7

Merge pull request #271 from ASFHyP3/dependabot/pip/ruff-0.9.9

ab3b68b

Bump ruff from 0.9.7 to 0.9.9

update read_as_masked_array to handle nan nodata values

1847a55

update CHANGELOG

be02a8c

Merge pull request #272 from ASFHyP3/dependabot/pip/ruff-0.9.10

1a41273

Bump ruff from 0.9.9 to 0.9.10

Merge pull request #274 from ASFHyP3/dependabot/pip/ruff-0.11.0

41a3502

Bump ruff from 0.9.10 to 0.11.0

dependabot bot and others added 25 commits May 19, 2025 19:24

Merge pull request #287 from ASFHyP3/dependabot/github_actions/ASFHyP…

67845fc

…3/actions-0.19.0 Bump ASFHyP3/actions from 0.18.1 to 0.19.0

Merge pull request #286 from ASFHyP3/dependabot/pip/ruff-0.11.10

c5ef421

Bump ruff from 0.11.9 to 0.11.10

Merge pull request #289 from ASFHyP3/dependabot/pip/ruff-0.11.11

9be849c

Bump ruff from 0.11.10 to 0.11.11

Merge pull request #292 from ASFHyP3/dependabot/pip/ruff-0.11.12

7a5909a

Bump ruff from 0.11.11 to 0.11.12

Merge pull request #295 from ASFHyP3/dependabot/pip/ruff-0.12.0

874ad76

Bump ruff from 0.11.12 to 0.12.0

dependabot groups

a68efb4

Merge pull request #296 from ASFHyP3/dependabot-groups

8515d1b

dependabot groups

Update requirements-static.txt

f0080f1

Merge pull request #297 from ASFHyP3/dependabot/pip/pip-deps-c0f196afc9

8561a9f

Bump the pip-deps group with 2 updates

fix mypy warnings

47defef

add test-and-build perms

3ad4ae3

fix import order

b2f90db

Merge pull request #298 from ASFHyP3/dependabot/pip/pip-deps-3d7d6b5a95

28c8684

Bump the pip-deps group with 2 updates

add type ignore

e3ccc42

changes for Actions v0.20.0

511adb7

Merge pull request #301 from ASFHyP3/dependabot/github_actions/github…

abfc6c3

…-actions-deps-1780c308f8 Bump the github-actions-deps group across 1 directory with 3 updates

changelog

9c27969

jtherrmann added the patch Bump the patch version number of this project label Nov 4, 2025

github-advanced-security bot found potential problems Nov 4, 2025

View reviewed changes

Merge pull request #302 from ASFHyP3/changelog

d51057b

changelog

jacquelynsmale approved these changes Nov 4, 2025

View reviewed changes

jtherrmann merged commit d40c68a into main Nov 4, 2025
18 checks passed

@@ -1,4 +1,6 @@
             name: Changelog updated?
+            permissions:
+              contents: read
             on:
               pull_request:
                 types:

@@ -1,4 +1,6 @@
             name: Static analysis
+            permissions:
+              contents: read
             on: push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release v0.8.4 #303

Release v0.8.4 #303

Uh oh!

jtherrmann commented Nov 4, 2025 •

edited

Loading

Uh oh!

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Release v0.8.4 #303

Release v0.8.4 #303

Uh oh!

Conversation

jtherrmann commented Nov 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Check warning

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

jtherrmann commented Nov 4, 2025 •

edited

Loading