diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 2ce2c5003..a729ab327 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -72,6 +72,7 @@ jobs: permissions: id-token: write contents: write + attestations: write security-events: write steps: - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1a567b73f..e467ac9f5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -64,14 +64,11 @@ repos: stages: [manual] - repo: https://github.com/sirosen/check-jsonschema - rev: 0.27.0 + rev: 0.29.0 hooks: - - id: check-jsonschema - name: "Check GitHub Workflows" - files: ^\.github/workflows/ - types: [yaml] - args: ["--schemafile", "https://json.schemastore.org/github-workflow"] - stages: [manual] + - id: check-github-workflows + - id: check-github-actions + - id: check-dependabot - repo: https://github.com/ariebovenberg/slotscheck rev: v0.17.0 diff --git a/pymongo/pyopenssl_context.py b/pymongo/pyopenssl_context.py index b08588daf..97e6de906 100644 --- a/pymongo/pyopenssl_context.py +++ b/pymongo/pyopenssl_context.py @@ -291,7 +291,7 @@ class SSLContext: # Password callback MUST be set first or it will be ignored. if password: - def _pwcb(_max_length: int, _prompt_twice: bool, _user_data: bytes) -> bytes: + def _pwcb(_max_length: int, _prompt_twice: bool, _user_data: Optional[bytes]) -> bytes: # XXX:We could check the password length against what OpenSSL # tells us is the max, but we can't raise an exception, so... # warn? @@ -331,6 +331,7 @@ class SSLContext: def _load_wincerts(self, store: str) -> None: """Attempt to load CA certs from Windows trust store.""" cert_store = self._ctx.get_cert_store() + assert cert_store is not None oid = _stdlibssl.Purpose.SERVER_AUTH.oid for cert, encoding, trust in _stdlibssl.enum_certificates(store): # type: ignore