Skip to content

Bump snok/install-poetry from 1.4.1 to 1.4.2#469

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/snok/install-poetry-1.4.2
Open

Bump snok/install-poetry from 1.4.1 to 1.4.2#469
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/snok/install-poetry-1.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited
Loading

Bumps snok/install-poetry from 1.4.1 to 1.4.2.

Release notes

Sourced from snok/install-poetry's releases.

v1.4.2

Improvements

  • Pinned the Poetry install script to a specific commit (snok/install-poetry#176) to guard against potential supply-chain attacks
  • Consolidated the install script for Unix and Windows

Misc

  • Minor shell script cleanup
  • Modernized docs examples
  • Updated Python and Poetry versions
  • Upgraded CI workflow versions
  • Upgraded linters and formatters

New Contributors

Full Changelog: snok/install-poetry@v1.4.1...v1.4.2

Commits
  • a783c32 chore: Replace pre-commit hooks with maintained versions
  • 0229b62 chore: Update remaining old Poetry versions
  • 46385be docs: Update poetry config example to use a modern config option
  • 3a0296d docs: Update poetry example version
  • 34c546f fix: Pin installer script to specific commit for supply-chain security
  • 58a2d90 chore(ci): Update poetry test matrix
  • 8a77fb2 chore(ci): Update installation arguments test to a modern version of Poetry
  • 1705249 chore(ci): Update python test matrices
  • ae3709a docs: Update examples
  • 8bccbd0 refactor: Remove redundant config message
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 3, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 3, 2026
cycode-security[bot]
cycode-security Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread .github/workflows/tests.yml
- name: Setup Poetry
if: steps.cached-poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2
Copy link
Copy Markdown
Contributor

@cycode-security cycode-security Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Cycode Remediation Guideline

Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_everywhere <reason> Applies to this resource for this violation for all requests in your repository
#cycode_ignore_insecure_pipeline_violation_here <reason> Applies to this resource for this violation in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security[bot]
cycode-security Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread .github/workflows/release.yml
- name: Setup Poetry
if: steps.cached-poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2
Copy link
Copy Markdown
Contributor

@cycode-security cycode-security Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Cycode Remediation Guideline

Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_everywhere <reason> Applies to this resource for this violation for all requests in your repository
#cycode_ignore_insecure_pipeline_violation_here <reason> Applies to this resource for this violation in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security[bot]
cycode-security Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread .github/workflows/ruff.yml
- name: Setup Poetry
if: steps.cached-poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2
Copy link
Copy Markdown
Contributor

@cycode-security cycode-security Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Cycode Remediation Guideline

Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_everywhere <reason> Applies to this resource for this violation for all requests in your repository
#cycode_ignore_insecure_pipeline_violation_here <reason> Applies to this resource for this violation in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security[bot]
cycode-security Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread .github/workflows/docker-image.yml
- name: Setup Poetry
if: steps.cached_poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2
Copy link
Copy Markdown
Contributor

@cycode-security cycode-security Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Cycode Remediation Guideline

Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_everywhere <reason> Applies to this resource for this violation for all requests in your repository
#cycode_ignore_insecure_pipeline_violation_here <reason> Applies to this resource for this violation in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security[bot]
cycode-security Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread .github/workflows/tests_full.yml
- name: Setup Poetry
if: steps.cached-poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2
Copy link
Copy Markdown
Contributor

@cycode-security cycode-security Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Cycode Remediation Guideline

Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_everywhere <reason> Applies to this resource for this violation for all requests in your repository
#cycode_ignore_insecure_pipeline_violation_here <reason> Applies to this resource for this violation in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

cycode-security[bot]
cycode-security Bot reviewed Jun 3, 2026
View reviewed changes
Comment thread .github/workflows/pre_release.yml
- name: Setup Poetry
if: steps.cached-poetry.outputs.cache-hit != 'true'
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
uses: snok/install-poetry@a783c322200f0519c7926aa6faa857c4e23e9263 # v1.4.2
Copy link
Copy Markdown
Contributor

@cycode-security cycode-security Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Cycode Remediation Guideline

Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.

Tell us how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_everywhere <reason> Applies to this resource for this violation for all requests in your repository
#cycode_ignore_insecure_pipeline_violation_here <reason> Applies to this resource for this violation in this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

@dependabot dependabot Bot force-pushed the dependabot/github_actions/snok/install-poetry-1.4.2 branch 2 times, most recently from 5a035e9 to bc8efca Compare June 3, 2026 04:49
@dependabot
Bump snok/install-poetry from 1.4.1 to 1.4.2
d53dc1b 
Bumps [snok/install-poetry](https://github.com/snok/install-poetry) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/snok/install-poetry/releases)
- [Commits](snok/install-poetry@76e04a9...a783c32)

---
updated-dependencies:
- dependency-name: snok/install-poetry
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/snok/install-poetry-1.4.2 branch from bc8efca to d53dc1b Compare June 3, 2026 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cycode-security cycode-security[bot] cycode-security[bot] left review comments

@avishaiamiel avishaiamiel Awaiting requested review from avishaiamiel avishaiamiel is a code owner

@omerr-cycode omerr-cycode Awaiting requested review from omerr-cycode omerr-cycode is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants