Specify package version in GitHub release

[daniel-mizsak]

• Linting passes
• Tests are added and passing
• Documentation is updated

[coderabbitai]

Warning

Rate limit exceeded

@daniel-mizsak has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 12 minutes and 47 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 12 minutes and 47 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cd78e55a-821e-46bd-b0cb-b6685e45db29

📥 Commits

Reviewing files that changed from the base of the PR and between 3e424f8 and 60ebaae.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/cd.yml
• .github/workflows/ci.yml
• pyproject.toml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/dynamic-package-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (3e424f8) to head (60ebaae).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #117   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines            7         7           
=========================================
  Hits             7         7           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	3		0	0	0.01s
✅ COPYPASTE	jscpd	yes		no	no	1.19s
✅ MARKDOWN	markdownlint	17		0	0	0.61s
✅ MARKDOWN	markdown-table-formatter	18		0	0	0.31s
✅ REPOSITORY	checkov	yes		no	no	17.96s
✅ REPOSITORY	gitleaks	yes		no	no	0.19s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	40.21s
⚠️ REPOSITORY	kics	yes		1	no	1.63s
✅ REPOSITORY	secretlint	yes		no	no	0.91s
✅ REPOSITORY	syft	yes		no	no	2.68s
✅ REPOSITORY	trivy	yes		no	no	9.81s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.23s
✅ REPOSITORY	trufflehog	yes		no	no	3.85s
✅ YAML	prettier	10		0	0	1.19s
✅ YAML	v8r	10		0	0	7.09s
✅ YAML	yamllint	10		0	0	0.69s

Detailed Issues

⚠️ REPOSITORY / kics - 1 error

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.19





Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 1
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Risk Score: 4.1
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9

	[1]: .github/workflows/cd.yml:52

		051:       - name: Publish build artifacts to PyPI
		052:         uses: pypa/gh-action-pypi-publish@v1.13.0
		053: 



Results Summary:
CRITICAL: 0
HIGH: 0
MEDIUM: 0
LOW: 1
INFO: 0
TOTAL: 1

A new version 'v2.1.20' of KICS is available, please consider updating

See detailed reports in MegaLinter artifacts

Show us your support by starring ⭐ the repository