Lock file maintenance glom all dependencies #502
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.7.8
->1.7.9
7.5.1
->7.5.3
7.1.0
->7.2.0
1.0.3
->1.0.4
8.2.0
->8.2.2
2.31.0
->2.32.3
0.4.4
->0.4.10
4.20.0
->4.21.0
8.3.0
->8.4.1
🔧 This Pull Request updates lock files to use the latest dependency versions.
Release Notes
PyCQA/bandit (bandit)
v1.7.9
Compare Source
What's Changed
configfile
in.bandit
file by @bersbersbers in https://github.com/PyCQA/bandit/pull/1052New Contributors
Full Changelog: PyCQA/bandit@1.7.8...1.7.9
nedbat/coveragepy (coverage)
v7.5.3
Compare Source
Performance improvements for combining data files, especially when measuring
line coverage. A few different quadratic behaviors were eliminated. In one
extreme case of combining 700+ data files, the time dropped from more than
three hours to seven minutes. Thanks for Kraken Tech for funding the fix.
Performance improvements for generating HTML reports, with a side benefit of
reducing memory use, closing
issue 1791
_. Thanks to Daniel Diniz forhelping to diagnose the problem.
.. _issue 1791:https://github.com/nedbat/coveragepy/issues/17911
.. _changes_7-5-2:
v7.5.2
Compare Source
Fix: nested matches of exclude patterns could exclude too much code, as
reported in
issue 1779
_. This is now fixed.Changed: previously, coverage.py would consider a module docstring to be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never counted
as executable statements. This can change coverage.py's count of the number
of statements in a file, which can slightly change the coverage percentage
reported.
In the HTML report, the filter term and "hide covered" checkbox settings are
remembered between viewings, thanks to
Daniel Diniz <pull 1776_>
_.Python 3.13.0b1 is supported.
Fix: parsing error handling is improved to ensure bizarre source files are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to
Liam DeVoe <pull 1788_>
. Closesissue 1787
... _pull 1776:https://github.com/nedbat/coveragepy/pull/17766
.. _issue 1779https://github.com/nedbat/coveragepy/issues/177979
.. _issue 178https://github.com/nedbat/coveragepy/issues/1787787
.. _pull 17https://github.com/nedbat/coveragepy/pull/17881788
.. _changes_7-5-1:
python/importlib_metadata (importlib-metadata)
v7.2.0
Compare Source
jamesturk/jellyfish (jellyfish)
v1.0.4
Compare Source
pytest-dev/pytest (pytest)
v8.2.2
Compare Source
pytest 8.2.2 (2024-06-04)
Bug Fixes
.pytest_cache
) creation. Regressed in pytest 8.2.0.Improved Documentation
lack of thread safety in pytest as a possible source of flakyness.
v8.2.1
Compare Source
pytest 8.2.1 (2024-05-19)
Improvements
Bug Fixes
.pytest_cache
directories becamerwx------
instead of the expectedrwxr-xr-x
.Trivial/Internal Changes
psf/requests (requests)
v2.32.3
Compare Source
Bugfixes
HTTPAdapter. (#6716)
without the
ssl
module. (#6724)v2.32.2
Compare Source
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed
_get_connection
toa new public API,
get_connection_with_tls_context
. Existing customHTTPAdapters will need to migrate their code to use this new API.
get_connection
is considered deprecated in all versions of Requests>=2.32.0.A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
Compare Source
Bugfixes
v2.32.0
Compare Source
Security
verify=False
on the first request from aSession will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of
verify
.(GHSA-9wx4-h78v-vm56)
Improvements
verify=True
now reuses a global SSLContext which should improverequest time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
(
chardet
orcharset_normalizer
) when repackaged or vendored.This enables
pip
and other projects to minimize their vendoringsurface area. The
Response.text()
andapparent_encoding
APIswill default to
utf-8
if neither library is present. (#6702)Bugfixes
calculated in the request content-length. (#6589)
/
(path separator) could leadurllib3 to unnecessarily reparse the request URI. (#6644)
Deprecations
Documentation
Packaging
The source files for the projects (formerly
requests
) is now locatedin
src/requests
in the Requests sdist. (#6506)using
hatchling
. This should not impact the average user, but extremely oldversions of packaging utilities may have issues with the new packaging format.
astral-sh/ruff (ruff)
v0.4.10
Compare Source
Parser
Rule changes
flake8-copyright
] UpdateCPY001
to check the first 4096 bytes instead of 1024 (#11927)pycodestyle
] UpdateE999
to show all syntax errors instead of just the first one (#11900)Server
Security
v0.4.9
Compare Source
Preview features
pylint
] Implementconsider-dict-items
(C0206
) (#11688)refurb
] Implementrepeated-global
(FURB154
) (#11187)Rule changes
pycodestyle
] Adapt fix forE203
to work identical toruff format
(#10999)Formatter
Server
ruff server
(#11800)ruff.printDebugInformation
command (#11831)CLI
Bug fixes
refurb
] Avoid suggesting starmap when arguments are used outside call (FURB140
) (#11830)flake8-bugbear
] Avoid panic inB909
when checking large loop blocks (#11772)refurb
] Fix misbehavior ofoperator.itemgetter
when getter param is a tuple (FURB118
) (#11774)v0.4.8
Compare Source
Performance
Preview features
flake8-bugbear
] Implementreturn-in-generator
(B901
) (#11644)flake8-pyi
] ImplementPYI063
(#11699)pygrep_hooks
] Check blanket ignores via file-level pragmas (PGH004
) (#11540)Rule changes
pyupgrade
] UpdateUP035
for Python 3.13 and the latest version oftyping_extensions
(#11693)numpy
] UpdateNPY001
rule for NumPy 2.0 (#11735)Server
CLI
--output-format
flag (#11682)Bug fixes
pyupgrade
] Write empty string in lieu of panic when fixingUP032
(#11696)flake8-simplify
] Simplify double negatives inSIM103
(#11684)type
statements (#11720)v0.4.7
Compare Source
Preview features
flake8-pyi
] ImplementPYI064
(#11325)flake8-pyi
] ImplementPYI066
(#11541)flake8-pyi
] ImplementPYI057
(#11486)pyflakes
] EnableF822
in__init__.py
files by default (#11370)Formatter
Server
ruff server
(#11590)ruff server
(#11615)Bug fixes
flake8-comprehension
] Strip parentheses around generators inC400
(#11607)repeated-isinstance-calls
as unsafe on Python 3.10 and later (#11622)v0.4.6
Compare Source
Breaking changes
Preview features
flake8-async
] Sleep with >24 hour interval should usually sleep forever (ASYNC116
) (#11498)Rule changes
numpy
] Add missing functions to NumPy 2.0 migration rule (#11528)mccabe
] Consider irrefutable pattern similar toif .. else
forC901
(#11565)match
-case
statements forC901
,PLR0912
, andPLR0915
(#11521)UP032
) (#11524)flake8-bandit
]request-without-timeout
should warn forrequests.request
(#11548)flake8-self
] Ignore sunder accesses inflake8-self
rules (#11546)pyupgrade
] Lint forTypeAliasType
usages (UP040
) (#11530)Server
ruff server
configuration discovery (#11551)ruff server
correctly treats.pyi
files as stub files (#11535)ruff server
searches for configuration in parent directories (#11537)ruff server
: An empty code action filter no longer returns notebook source actions (#11526)Bug fixes
flake8-logging-format
] Fix autofix title inlogging-warn
(G010
) (#11514)refurb
] Avoid recommendingoperator.itemgetter
with dependence on lambda arguments (#11574)flake8-simplify
] Avoid recommending context manager in__enter__
implementations (#11575)--output-file
(#11550)singledispatch
arguments as runtime-required (#11523)v0.4.5
Compare Source
Ruff's language server is now in Beta
v0.4.5
marks the official Beta release ofruff server
, an integrated language server built into Ruff.ruff server
supports the same feature set asruff-lsp
, powering linting, formatting, andcode fixes in Ruff's editor integrations -- but with superior performance and
no installation required. We'd love your feedback!
You can enable
ruff server
in the VS Code extension today.To read more about this exciting milestone, check out our blog post!
Rule changes
flake8-future-annotations
] Rewordfuture-rewritable-type-annotation
(FA100
) message (#11381)pycodestyle
] Consider soft keywords forE27
rules (#11446)pyflakes
] Recommend adding unused import bindings to__all__
(#11314)pyflakes
] Update documentation and deprecateignore_init_module_imports
(#11436)pyupgrade
] Mark quotes as unnecessary for non-evaluated annotations (#11485)Formatter
quote-style = preserve
(#11490)Server
noqa
comment code actions (#11276)CLI
--output-format
as a CLI option forruff config
(#11438)Bug fixes
PLE0237
for property with setter (#11377)TCH005
forif
stmt withelif
/else
block (#11376)__future__
annotations as required for non-evaluated type annotations (#11414)flake8-pie
] Preserve parentheses inunnecessary-dict-kwargs
(#11372)pylint
] Ignore__slots__
with dynamic values (#11488)pylint
] Removetry
body from branch counting (#11487)refurb
] Respect operator precedence inFURB110
(#11464)Documentation
--preview
to the README (#11395)pycodestyle
] Clarify motivation forE713
andE714
(#11483)pyflakes
] Update docs to describe WAI behavior (F541) (#11362)pylint
] Clearly indicate what is counted as a branch (#11423)jd/tenacity (tenacity)
v8.4.1
: tenacity 8.4.1Compare Source
What's Changed
tenacity.asyncio
subpackage in release dist by @cdce8p in https://github.com/jd/tenacity/pull/474Full Changelog: jd/tenacity@8.4.0...8.4.1
v8.4.0
: tenacity 8.4.0Compare Source
What's Changed
Full Changelog: jd/tenacity@8.3.0...8.4.0
Configuration
📅 Schedule: Branch creation - "before 4am on monday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.