dilim/homeassistant-rental-control
1
0
Fork 0
mirror of https://github.com/tykeal/homeassistant-rental-control.git synced 2026-06-24 08:47:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
homeassistant-rental-control/.grype.yaml
Andrew Grimberg 5204a27ff4 Chore(validate): Run slot reconciliation gates 
All validation gates executed and passed:

T117 - Targeted Feature Tests (651 tests):
  pytest tests/unit/test_slot_reconciliation.py
         tests/unit/test_event_overrides.py
         tests/unit/test_util.py
         tests/integration/test_refresh_cycle.py
         tests/integration/test_slot_concurrency.py
  Result: PASSED ✓

T118 - Full Test Suite (1292 tests):
  pytest tests/
  Result: PASSED ✓

T119 - Ruff Linting:
  ruff check custom_components/ tests/
  Result: PASSED ✓

T120 - Type Checking & Documentation:
  pre-commit run mypy interrogate --all-files
  Result: PASSED ✓

T121 - Full Pre-commit Suite:
  pre-commit run --all-files (20 hooks)
  Result: PASSED ✓

T122 - Automated Scenario Coverage:
  Overflow: TestOverflow
  Active Protection: TestNearerNotProgrammedWhenFull
                     TestFartherEvictsNearer
  Manual Drift: TestManualDriftCorrection
  Clear Failure: TestClearFailureSlotNotReused
  Restart: TestRestartWithPersistedMappingAndUidChurn
           TestPhantomNameOnlySlot
  UID Churn: TestRestartWithPersistedMappingAndUidChurn

  All 6 quickstart scenarios covered ✓

Co-authored-by: Claude <claude@anthropic.com>
Signed-off-by: Andrew Grimberg <tykeal@bardicgrove.org>
2026-06-20 04:07:04 -07:00

187 lines
4.8 KiB
YAML
Raw Permalink Blame History

# SPDX-FileCopyrightText: 2021 Andrew Grimberg <tykeal@bardicgrove.org>
# SPDX-License-Identifier: Apache-2.0
---
ignore:
# PyJWT transitive dependency via homeassistant —
# accepts unknown crit header extensions
# (CVE-2026-32597). We cannot pin PyJWT directly
# because it comes from homeassistant.
- vulnerability: GHSA-752w-5fwx-jx9f
package:
name: PyJWT
type: python
# cryptography transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 46.0.6.
- vulnerability: GHSA-m959-cc7f-wv43
package:
name: cryptography
version: "46.0.5"
type: python
# cryptography transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 46.0.7.
- vulnerability: GHSA-p423-j2cm-9vmq
package:
name: cryptography
version: "46.0.5"
type: python
# pillow transitive dependency via homeassistant —
# we cannot pin it directly. Fixed in 12.2.0.
- vulnerability: GHSA-whj4-6x5x-4v2j
package:
name: pillow
version: "12.1.1"
type: python
# uv transitive dependency via homeassistant —
# we cannot pin it directly. Fixed in 0.11.15.
- vulnerability: GHSA-4gg8-gxpx-9rph
package:
name: uv
version: "0.11.8"
type: python
# zeroconf transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 0.149.5.
- vulnerability: GHSA-9pgc-3ccv-5297
package:
name: zeroconf
version: "0.148.0"
type: python
# zeroconf transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 0.149.6.
- vulnerability: GHSA-phvx-9mgw-67r5
package:
name: zeroconf
version: "0.148.0"
type: python
# zeroconf transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 0.149.7.
- vulnerability: GHSA-rfg2-pjw2-56x2
package:
name: zeroconf
version: "0.148.0"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.0.
- vulnerability: GHSA-jg22-mg44-37j8
package:
name: aiohttp
version: "3.13.5"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.0.
- vulnerability: GHSA-hg6j-4rv6-33pg
package:
name: aiohttp
version: "3.13.5"
type: python
# PyJWT transitive dependency via homeassistant —
# we cannot pin it directly. Fixed in 2.13.0.
- vulnerability: GHSA-w7vc-732c-9m39
package:
name: PyJWT
version: "2.12.1"
type: python
# PyJWT transitive dependency via homeassistant —
# we cannot pin it directly. Fixed in 2.13.0.
- vulnerability: GHSA-xgmm-8j9v-c9wx
package:
name: PyJWT
version: "2.12.1"
type: python
# PyJWT transitive dependency via homeassistant —
# we cannot pin it directly. Fixed in 2.13.0.
- vulnerability: GHSA-993g-76c3-p5m4
package:
name: PyJWT
version: "2.12.1"
type: python
# PyJWT transitive dependency via homeassistant —
# we cannot pin it directly. Fixed in 2.13.0.
- vulnerability: GHSA-jq35-7prp-9v3f
package:
name: PyJWT
version: "2.12.1"
type: python
# cryptography transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 48.0.1.
- vulnerability: GHSA-537c-gmf6-5ccf
package:
name: cryptography
version: "48.0.0"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.1.
- vulnerability: GHSA-4fvr-rgm6-gqmc
package:
name: aiohttp
version: "3.13.5"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.1.
- vulnerability: GHSA-63hw-fmq6-xxg2
package:
name: aiohttp
version: "3.13.5"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.1.
- vulnerability: GHSA-g3cq-j2xw-wf74
package:
name: aiohttp
version: "3.13.5"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.1.
- vulnerability: GHSA-hpj7-wq8m-9hgp
package:
name: aiohttp
version: "3.13.5"
type: python
# aiohttp transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 3.14.1.
- vulnerability: GHSA-xcgm-r5h9-7989
package:
name: aiohttp
version: "3.13.5"
type: python
# zeroconf transitive dependency via
# homeassistant — we cannot pin it directly.
# Fixed in 0.149.12.
- vulnerability: GHSA-9663-mqmp-p9mm
package:
name: zeroconf
version: "0.148.0"
type: python
Reference in New Issue View Git Blame Copy Permalink