Release v2.0.0 (#341)

* Bump actions/create-release from 1.0.1 to 1.1.4

Bumps [actions/create-release](https://github.com/actions/create-release) from 1.0.1 to 1.1.4.
- [Release notes](https://github.com/actions/create-release/releases)
- [Commits](actions/create-release@v1.0.1...v1.1.4)

---
updated-dependencies:
- dependency-name: actions/create-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump actions/upload-release-asset from 1.0.1 to 1.0.2

Bumps [actions/upload-release-asset](https://github.com/actions/upload-release-asset) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/upload-release-asset/releases)
- [Commits](actions/upload-release-asset@v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: actions/upload-release-asset
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump actions/setup-python from 1 to 4

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v1...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump actions/checkout from 2 to 3.1.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Run Flake8 & Safety in isolated Tox environments

* Bump watchdog from 2.1.7 to 3.0.0 (#297)

Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 2.1.7 to 3.0.0.
- [Release notes](https://github.com/gorakhargosh/watchdog/releases)
- [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst)
- [Commits](gorakhargosh/watchdog@v2.1.7...v3.0.0)

---
updated-dependencies:
- dependency-name: watchdog
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump coverage from 6.3.2 to 7.2.7 (#298)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3.2 to 7.2.7.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@6.3.2...7.2.7)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump responses from 0.20.0 to 0.23.3 (#301)

Bumps [responses](https://github.com/getsentry/responses) from 0.20.0 to 0.23.3.
- [Release notes](https://github.com/getsentry/responses/releases)
- [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES)
- [Commits](getsentry/responses@0.20.0...0.23.3)

---
updated-dependencies:
- dependency-name: responses
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump tabulate from 0.8.9 to 0.9.0 (#304)

Bumps [tabulate](https://github.com/astanin/python-tabulate) from 0.8.9 to 0.9.0.
- [Changelog](https://github.com/astanin/python-tabulate/blob/master/CHANGELOG)
- [Commits](astanin/python-tabulate@v0.8.9...v0.9.0)

---
updated-dependencies:
- dependency-name: tabulate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyyaml from 6.0 to 6.0.1 (#305)

Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1.
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.1/CHANGES)
- [Commits](yaml/pyyaml@6.0...6.0.1)

---
updated-dependencies:
- dependency-name: pyyaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Deprecate support for older versions of Python

* Remove Travis CI integration

* Deprecate support for Python <3.8

* Bump jsonschema from 4.4.0 to 4.18.4 (#299)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.4.0 to 4.18.4.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.4.0...v4.18.4)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sphinx from 4.3.0 to 7.1.2 (#303)

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.3.0 to 7.1.2.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES)
- [Commits](sphinx-doc/sphinx@v4.3.0...v7.1.2)

---
updated-dependencies:
- dependency-name: sphinx
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump m2r2 from 0.3.2 to 0.3.3.post2 (#302)

Bumps [m2r2](https://github.com/crossnox/m2r2) from 0.3.2 to 0.3.3.post2.
- [Changelog](https://github.com/CrossNox/m2r2/blob/development/CHANGES.md)
- [Commits](CrossNox/m2r2@v0.3.2...v0.3.3.post2)

---
updated-dependencies:
- dependency-name: m2r2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Run Bandit using tox

* Add timeout to request to get rules from URL

* Rename validation methods

* Make ValidatorBase an abstract base class

* Bump wheel from 0.38.1 to 0.41.1 (#312)

Bumps [wheel](https://github.com/pypa/wheel) from 0.38.1 to 0.41.1.
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.38.1...0.41.1)

---
updated-dependencies:
- dependency-name: wheel
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Run unit tests using tox; Add coverage check to pipeline

* Code cleanup & maintenance

* Bump tox from 4.6.4 to 4.8.0 (#316)

Bumps [tox](https://github.com/tox-dev/tox) from 4.6.4 to 4.8.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.6.4...4.8.0)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jsonschema from 4.18.4 to 4.19.0 (#313)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.4 to 4.19.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.18.4...v4.19.0)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump twine from 3.8.0 to 4.0.2 (#310)

Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.2.
- [Release notes](https://github.com/pypa/twine/releases)
- [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst)
- [Commits](pypa/twine@3.8.0...4.0.2)

---
updated-dependencies:
- dependency-name: twine
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/checkout from 3.1.0 to 3.5.3 (#314)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3.1.0...v3.5.3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Set source directory for coverage

* Use kwargs for HTTP options when retrieving headers

* Minor changes

* Reorganise load rules from file/URI

* CLI refactoring

* Move CLI into separate folder

* Configuration options for HTTP request (#335)

* Kwargs for HTTP call when init drheader instance

* Change default HTTP method when retrieving headers to HEAD

* Request kwargs input options for CLI

* Integration tests for CLI

* Update documentation for the CLI

* Bump actions/checkout from 3.5.3 to 4.0.0 (#333)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3.5.3...v4.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump tox from 4.8.0 to 4.11.3 (#332)

Bumps [tox](https://github.com/tox-dev/tox) from 4.8.0 to 4.11.3.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.8.0...4.11.3)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jsonschema from 4.19.0 to 4.19.1 (#336)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.0 to 4.19.1.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.19.0...v4.19.1)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump wheel from 0.41.1 to 0.41.2 (#323)

Bumps [wheel](https://github.com/pypa/wheel) from 0.41.1 to 0.41.2.
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.41.1...0.41.2)

---
updated-dependencies:
- dependency-name: wheel
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Disable avoid & contain validations when enforced value validation

* Improved error handling in the CLI

* Default behaviour to follow redirects

* Include references to other README files

* Update out of date info in the README

* Add shorthand options to the CLI

* Remove headers key from rules spec

* Move rules.yml to resources folder

* Update manifest

* Bump actions/checkout from 4.0.0 to 4.1.1 (#338)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4.0.0...v4.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: emilejq <[email protected]>

* Bump wheel from 0.41.2 to 0.41.3 (#339)

Bumps [wheel](https://github.com/pypa/wheel) from 0.41.2 to 0.41.3.
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.41.2...0.41.3)

---
updated-dependencies:
- dependency-name: wheel
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jsonschema from 4.19.1 to 4.19.2 (#340)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.1 to 4.19.2.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.19.1...v4.19.2)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump major version to 2.0.0

* Separate steps to bump version in pull request action into a separate job (#342)

* Bump version: 1.7.0 → 2.0.0

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Emile <[email protected]>
Co-authored-by: GitHub Action <[email protected]>

Author: 4 people

.github/workflows/codeql-analysis.yml

@@ -35,11 +35,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4.1.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/pull_request.yml

@@ -1,61 +1,72 @@
-name: Dr Header Pull Request handler
+name: Pull Request Handler
+
 on: pull_request
+
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       max-parallel: 4
       matrix:
-          python-version: [3.7]
+          python-version: ["3.8", "3.9", "3.10", "3.11"]
     steps:
-      - name: Checkout Code
-        uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v4.1.1
 
       - name: Set up Python
-        uses: actions/setup-python@v1
+        uses: actions/setup-python@v4
         with:
            python-version: ${{ matrix.python-version }}
 
-      - name: Install PIP Dependencies
+      - name: Install dependencies
         run: |
           pip install -r requirements.txt
           pip install -r requirements_dev.txt
 
-      - name: Test with pytest
-        run: python -m pytest --junitxml ${{ matrix.python-version }}.results.xml
+      - name: Run unit tests
+        env:
+            version: ${{ matrix.python-version }}
+        run: tox run -e py$version -- --junitxml $version.results.xml
 
-      - name: Upload Test results
+      - name: Upload test results
         uses: actions/upload-artifact@master
         with:
            name: Results - ${{ matrix.python-version }}
            path: ${{ matrix.python-version }}.results.xml
 
-      - name: Flake8 styles
-        run: python -m flake8 drheader
+      - name: Run lint scan
+        run: tox run -e lint
+
+      - name: Run SAST scan
+        run: tox run -e sast
+
+      - name: Run SCA scan
+        run: tox run -e sca
 
-      - name: Bandit security scan
-        run: python -m bandit -r ./drheader
+  bump-version:
+    if: github.base_ref == 'master'
+    needs: build
 
-      - name: Safety dependency scan
-        run: python -m safety check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install dependencies
+        run: |
+          pip install bump2version==1.0.1
 
-      - name: Checkout origin branch if PR 'to-branch' is master
-        if: github.base_ref == 'master'
-        uses: actions/checkout@v2
+      - name: Checkout head branch
+        uses: actions/[email protected]
         with:
           ref: ${{ github.head_ref }}
 
-      - name: BumpVersion if PR 'to-branch' is master
-        if: github.base_ref == 'master'
+      - name: Bump version
         run: |
           grep -i 'current_version = ' setup.cfg | head -1 | tr -d 'current_version = '
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Action"
           bump2version minor
           grep -i 'current_version = ' setup.cfg | head -1 | tr -d 'current_version = '
 
-      - name: Push changes if PR 'to-branch' is master
-        if: github.base_ref == 'master'
+      - name: Push changes to origin
         uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -10,13 +10,13 @@ jobs:
     strategy:
         max-parallel: 4
         matrix:
-          python-version: [3.7]
+          python-version: ["3.8", "3.9", "3.10", "3.11"]
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.1.1
 
       - name: Set up Python
-        uses: actions/setup-python@v1
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -25,17 +25,19 @@ jobs:
           pip install -r requirements.txt
           pip install -r requirements_dev.txt
 
-      - name: Test with pytest
-        run: python -m pytest --junitxml ${{ matrix.python-version }}.results.xml
+      - name: Run unit tests
+        env:
+            version: ${{ matrix.python-version }}
+        run: tox run -e py$version -- --junitxml $version.results.xml
 
-      - name: Flake8 styles
-        run: python -m flake8 drheader
+      - name: Run lint scan
+        run: tox run -e lint
 
-      - name: Bandit security scan
-        run: python -m bandit -r ./drheader
+      - name: Run SAST scan
+        run: tox run -e sast
 
-      - name: Safety dependency scan
-        run: python -m safety check
+      - name: Run SCA scan
+        run: tox run -e sca
 
       - name: Make Wheel
         run: |
@@ -51,7 +53,7 @@ jobs:
 
       - name: Create Release
         id: create_release
-        uses: actions/create-release@v1.0.1
+        uses: actions/create-release@v1.1.4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -62,7 +64,7 @@ jobs:
 
       - name: Upload Wheel
         id: upload_wheel
-        uses: actions/[email protected].1
+        uses: actions/[email protected].2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -73,7 +75,7 @@ jobs:
 
       - name: Upload Changelog
         id: upload_changelog
-        uses: actions/[email protected].1
+        uses: actions/[email protected].2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with: