Skip to content

Build(deps-dev): Bump coverage from 7.6.4 to 7.13.5#20

Open
dependabot[bot] wants to merge 350 commits into
mainfrom
dependabot/pip/coverage-7.13.5
Open

Build(deps-dev): Bump coverage from 7.6.4 to 7.13.5#20
dependabot[bot] wants to merge 350 commits into
mainfrom
dependabot/pip/coverage-7.13.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 23, 2026

Copy link
Copy Markdown
Contributor

Bumps coverage from 7.6.4 to 7.13.5.

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

  • Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

  • Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

  • Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

  • Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

  • Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

  • We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

  • Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

... (truncated)

Commits
  • c88da14 docs: sample HTML for 7.13.5
  • e2ac3e1 build: sample HTML shouldn't include the status.json file
  • 910f8f3 docs: prep for 7.13.5
  • 3a4819c style: make workflows more uniform
  • 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
  • e7c878d chore: make upgrade
  • ab4db40 build: use --generate-hashes when pinning
  • a438753 chore: make upgrade
  • 7b33457 refactor: some leftover pyupgrade 3.10 bits
  • 2ff968d refactor: this type wasn't used anywhere
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

QuietFireAI and others added 30 commits March 8, 2026 17:47
…sion

- huggingface_space/app.py: footer trimmed to version/GitHub/Apache 2.0
- frontend/index.html: footer-version updated v10.0.0Bminus -> v11.0.1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
from version import __version__ as APP_VERSION
(matches main.py pattern — version.py exports __version__ not APP_VERSION)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Tests: 720 -> 746 (verified live on DO)
- API endpoints: 177 -> 161 (FastAPI OpenAPI introspection)
- Lines scanned: 37,921 -> 61,278 (live Bandit)
- HF URL: QuietfireAI -> QuietFireAI (case fix)
- Contributing: test count updated
- Claude Code note: full refresh with March 8 verified numbers,
  HF Space confirmed live, OSS files confirmed present

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Manners wire-up (core/openclaw.py):
- Step 4 blocklist block: record CAPABILITY_VIOLATION, update manners_score
- Step 7 trust level block: record OUT_OF_ROLE_ACTION, update manners_score
- Both wrapped in try/except — Manners failure never breaks governance pipeline
- manners_score_at_decision now reflects actual score in blocklist returns

Per-agent key (api/openclaw_routes.py):
- TelsonBase generates secrets.token_hex(32) at registration — agents no longer
  supply their own key (api_key field deprecated, ignored if provided)
- agent_key returned in ClawInstanceResponse once at registration only
- Action endpoint accepts X-Agent-Key header; verifies key → instance_id match
- Admin key (X-API-Key) still accepted — backward compat and tooling
Returns full Manners breakdown: overall score, compliance status,
per-principle scores, violation history (last 20), violations in
last 24h, grace period flag. Shows WHY a score is moving — blocked
actions now record violations (previous commit), this surfaces them.
Pipeline modal (triggered from Transparency card):
- All 8 governance steps in plain language
- Manners scoring explained: what moves scores, violation thresholds
- Three API endpoints listed (manners, actions, trust-report)
- Footer note: dashboard UI on the roadmap

FAQ: new 'What's on the roadmap?' entry
- Current state: governance engine complete
- Next sprint: agent dashboard, demotion explanation cards,
  registration flow, audit log viewer
- No mystery about what's built vs what's coming
Full agent lifecycle in 10 steps: register (shows agent_key returned
once), blocked action, Manners score check, gated action, two
promotions, capability unlock, trust report. Covers X-Agent-Key
usage and the per-agent zero-trust pattern. Written for someone who
just finished installation and wants to see the system actually work.
- Move 7 docs from root to docs/ (AMBASSADORS, GLOSSARY, MANNERS, PROJECT_STRUCTURE, TESTING, TERMS_OF_USE, USER_GUIDE)
- Add PROOF_INDEX.md at root — 788 evidence documents, entry point visible on landing
- Remove TEST_RESULTS_6.0.0CC.md and VALIDATION_REPORT_v7.4.0CC.md (archived, versioned out)
- Fix CHANGELOG and proof_sheets/INDEX.md test count: 720 -> 746
- Update .gitignore: v11.0.1 header, exclude raw MP4 recordings from screenshots
- Update cross-references in README, CONTRIBUTING, MANNERS_COMPLIANCE, DOC_INDEX
- .github/dependabot.yml: weekly pip + GitHub Actions updates
- .github/workflows/codeql.yml: Python SAST on push/PR/weekly schedule
- requirements-dev.txt: dev/lint/test tooling (isort, bandit, pip-audit, coverage)
- ci.yml: install requirements-dev.txt in code-quality stage, enforce isort (remove || true)
- QUICKSTART.md: 5-minute path from clone to first governance decision
- Makefile: make test/test-unit/test-security/run/build/lint/clean
- RBAC endpoint count updated to 150 (grep-verified: main.py, api/*.py, tenant_rate_limiting.py)
- README, proof_sheets/INDEX.md, TB-PROOF-014 all updated to match
- DOC_INDEX.md: added QUICKSTART, Makefile, PROOF_INDEX entries; fixed proof count 773->788
QuietFireAI and others added 26 commits March 19, 2026 20:34
- Fix stale test counts (5,416 → 5,777, 92 files → 94 files)
- Fix stale version (v11.0.1 → v11.0.2, March 8 → March 19)
- Fix clone URL (your-org/telsonbase → QuietFireAI/ClawCoat)
- Fix directory in clone examples (telsonbase → ClawCoat)
- Fix Traefik image version (v2.10 → v3)
- Fix service count (12 → 11, MailHog is dev-profile only)
- Fix security battery count (93 → 96)
- Fix password requirements (remove unenfourced complexity claim)
- Fix API endpoint count (140+ → 162+)
- Fix Ollama pull command (docker exec container → docker compose exec service)
- Add name: telsonbase to docker-compose.yml to lock project name regardless of clone directory
…files

- All 6 docs: version v11.0.1 → v11.0.2, footer dates updated
- USER_GUIDE: secrets generation → generate_secrets.sh, MFA endpoint corrected,
  Grafana port 3000 → 3001, container count 10 → 11, Manners reference fixed,
  test count 720 → 5777, project dir telsonbase → ClawCoat
- DEVELOPER_GUIDE: test count 5400+ → 5700+
- YOUR_FIRST_AGENT: health response format corrected (no version/services fields)
- OPENCLAW_INTEGRATION_GUIDE: hardcoded http://telsonbase:8000 → localhost
- DASHBOARD_agent_registration: instance_id format claw_abc123 → real hex format
- FAQ: routers/ → api/ for openclaw_routes, toolroom → main.py, 177 → 164 endpoints,
  37921 → 93893 LoC, 720 → 5777 tests, Anthropic ref removed from Manners description
…_routes (145)

- test_agents_compliance_check_agent_depth.py: 103 tests covering all 14 methods
  including license status branches, disclosure checks, fair housing scan, CE tracking,
  violation override, compliance report, and check_all across all code paths
- test_compliance_routes_depth.py: 145 tests covering all 28 compliance API endpoints
  (legal-holds, breach, retention, sanctions, training, contingency, BAA, HITRUST, PHI)
  — auth enforcement, 200/422/500 paths, parameter validation

Coverage targets: api/compliance_routes.py (29%→~60%+) and
agents/compliance_check_agent.py (23%→~80%+)
…, foreman methods, identiclaw paths

- test_core_persistence_depth.py: +13 ApprovalStore tests + 11 FederationStore tests (store/get/update/list/filter/by-instance)
- test_toolroom_foreman_depth.py: +70 tests covering handle_checkout_request (8 branches), handle_return, execute_add_approved_source, list_approved_sources, propose_tool_install, handle_new_tool_request, get_toolroom_status, _execution_result_to_response, sync_function_tools, _load/_save_approved_sources
- test_identiclaw_depth.py (new): +72 tests covering _base58_decode, parse_did_key error paths, IdenticlawManager init/startup, get_agent Redis fallback, list_agents, update_agent_trust_level, refresh_credentials, nonce helpers, reinstate with record update, resolve_did cache/refresh, validate_credential edge cases (issuer dict, scope string, jti, type string)
…15), auth-required (14), validation (5), success paths + integration flow (66)
…nches, trust_order, tool validation, error paths
…n mcp_gateway.py — core.config exports get_settings(), not a settings singleton
… also move import after validation so invalid_trust_level returns correct error
Update all documentation, proof sheets, and CLAUDE.md:
- Version: v11.0.1/v11.0.2 → v11.0.3 across ~120 files
- Test count: 5,416/5,777/854 → 6,254 everywhere
- Skipped count: 3 → 54
- CI run: #309/#351/#360 → #367
- Coverage: 76.13%/77% → ≥80% (gate: 80%)
- Date: March 19 → March 20, 2026
- CLAUDE.md: rebranded TelsonBase → ClawCoat, Sprint 1 complete status
- proof_sheets/INDEX.md: 854 → 6,254 tests passing
- TB-PROOF-001/052: exact claim, verdict, expected result all updated
Express ClawCoat's Agent Autonomy SLA in the JSON DSL proposed by
Jouneaux & Cabot (arXiv:2511.02885, https://github.com/gwendal-jouneaux/AgentSLA).

New file: docs/System Documents/agent-autonomy-sla-spec.json
- Valid AgentSLA DSL document using their exact schema structure
- Uses OversightLevel metric type (their vocabulary) for all 5 tiers
- QUARANTINE=1.0, PROBATION=0.75, RESIDENT=0.50, CITIZEN=0.25, AGENT=0.10
- MCP protocol compliance, intercept coverage, audit chain completeness as SLOs
- DerivedQoSMetric for rolling Manners Engine window (promotion evaluation)
- QualifyingCondition for auto-demotion and promotion gate terms

Updated: AGENT_AUTONOMY_SLA.md
- New section 8: "Relationship to Jouneaux & Cabot (2025)"
- Draws explicit parallel (spec problem vs. enforcement problem)
- References agent-autonomy-sla-spec.json as the machine-readable form
- Attribution for OversightLevel metric type and DSL
- Cihon et al. (arXiv:2502.15212) citation added (source of OversightLevel)
- Section 9 (Reference Implementation) updated with spec link
- Section 10 (Citation) with both papers
README.md + huggingface_space/README.md:
- Fix "Jouneaux et al." -> "Jouneaux and Cabot" (only 2 authors)
- Add OversightLevel sentence and link to machine-readable spec

agent-autonomy-sla-spec.json: add _license_note on schema attribution

Website (frontend — local only, gitignored): new #research section added
- Anthropic disposition dial quote connected to ClawCoat 5 tiers
- Jouneaux & Cabot open challenge quote connected to OversightLevel adoption
- Link to machine-readable spec JSON on GitHub
Shows numerical values (QUARANTINE=1.0 → AGENT=0.10) inline in prose
so readers don't need to follow the JSON spec link to see them.
Includes inverse relationship note: OversightLevel ↓ as Manners floor ↑.
- Em dashes throughout (hyphens replaced)
- README stats: 6,254 tests, 162 API endpoints
- HF README: 6,254 tests, v11.0.3 footer
- Cihon et al. citation: full title and all five authors
Bumps [coverage](https://github.com/coveragepy/coveragepy) from 7.6.4 to 7.13.5.
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.4...7.13.5)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
@dependabot dependabot Bot requested a review from QuietFireAI as a code owner March 23, 2026 16:33
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant