Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lock file maintenance glom all dependencies #502

Merged
merged 1 commit into from
Jun 20, 2024

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jun 20, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
lockFileMaintenance All locks refreshed
bandit (source, changelog) dev patch 1.7.8 -> 1.7.9 age adoption passing confidence
coverage dependencies patch 7.5.1 -> 7.5.3 age adoption passing confidence
importlib-metadata dependencies minor 7.1.0 -> 7.2.0 age adoption passing confidence
jellyfish dependencies patch 1.0.3 -> 1.0.4 age adoption passing confidence
pytest (changelog) dev patch 8.2.0 -> 8.2.2 age adoption passing confidence
requests (source, changelog) dependencies minor 2.31.0 -> 2.32.3 age adoption passing confidence
ruff (source, changelog) dev patch 0.4.4 -> 0.4.10 age adoption passing confidence
selenium dependencies minor 4.20.0 -> 4.21.0 age adoption passing confidence
tenacity dependencies minor 8.3.0 -> 8.4.1 age adoption passing confidence

🔧 This Pull Request updates lock files to use the latest dependency versions.


Release Notes

PyCQA/bandit (bandit)

v1.7.9

Compare Source

What's Changed

New Contributors

Full Changelog: PyCQA/bandit@1.7.8...1.7.9

nedbat/coveragepy (coverage)

v7.5.3

Compare Source

  • Performance improvements for combining data files, especially when measuring
    line coverage. A few different quadratic behaviors were eliminated. In one
    extreme case of combining 700+ data files, the time dropped from more than
    three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

  • Performance improvements for generating HTML reports, with a side benefit of
    reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. _issue 1791:https://github.com/nedbat/coveragepy/issues/17911

.. _changes_7-5-2:

v7.5.2

Compare Source

  • Fix: nested matches of exclude patterns could exclude too much code, as
    reported in issue 1779_. This is now fixed.

  • Changed: previously, coverage.py would consider a module docstring to be an
    executable statement if it appeared after line 1 in the file, but not
    executable if it was the first line. Now module docstrings are never counted
    as executable statements. This can change coverage.py's count of the number
    of statements in a file, which can slightly change the coverage percentage
    reported.

  • In the HTML report, the filter term and "hide covered" checkbox settings are
    remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

  • Python 3.13.0b1 is supported.

  • Fix: parsing error handling is improved to ensure bizarre source files are
    handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776:https://github.com/nedbat/coveragepy/pull/17766
.. _issue 1779https://github.com/nedbat/coveragepy/issues/177979
.. _issue 178https://github.com/nedbat/coveragepy/issues/1787787
.. _pull 17https://github.com/nedbat/coveragepy/pull/17881788

.. _changes_7-5-1:

python/importlib_metadata (importlib-metadata)

v7.2.0

Compare Source

jamesturk/jellyfish (jellyfish)

v1.0.4

Compare Source

pytest-dev/pytest (pytest)

v8.2.2

Compare Source

pytest 8.2.2 (2024-06-04)

Bug Fixes

  • #​12355: Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters.
  • #​12367: Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown.
  • #​12381: Fix possible "Directory not empty" crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0.

Improved Documentation

  • #​12290: Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme.
  • #​12356: Added a subsection to the documentation for debugging flaky tests to mention
    lack of thread safety in pytest as a possible source of flakyness.
  • #​12363: The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results.

v8.2.1

Compare Source

pytest 8.2.1 (2024-05-19)

Improvements

  • #​12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

  • #​12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
  • #​12191: Keyboard interrupts and system exits are now properly handled during the test collection.
  • #​12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
  • #​12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

  • #​12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.
psf/requests (requests)

v2.32.3

Compare Source

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
    HTTPAdapter. (#​6716)
  • Fixed issue where Requests started failing to run on Python versions compiled
    without the ssl module. (#​6724)

v2.32.2

Compare Source

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted
    by the CVE changes in 2.32.0, we've renamed _get_connection to
    a new public API, get_connection_with_tls_context. Existing custom
    HTTPAdapters will need to migrate their code to use this new API.
    get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease
    migration, but we strongly urge users to evaluate if their custom adapter
    is subject to the same issue described in CVE-2024-35195. (#​6710)

v2.32.1

Compare Source

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

Compare Source

Security

  • Fixed an issue where setting verify=False on the first request from a
    Session will cause subsequent requests to the same origin to also ignore
    cert verification, regardless of the value of verify.
    (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve
    request time variance between first and subsequent requests. It should
    also minimize certificate load time on Windows systems when using a Python
    version built with OpenSSL 3.x. (#​6667)
  • Requests now supports optional use of character detection
    (chardet or charset_normalizer) when repackaged or vendored.
    This enables pip and other projects to minimize their vendoring
    surface area. The Response.text() and apparent_encoding APIs
    will default to utf-8 if neither library is present. (#​6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly
    calculated in the request content-length. (#​6589)
  • Fixed deserialization bug in JSONDecodeError. (#​6629)
  • Fixed bug where an extra leading / (path separator) could lead
    urllib3 to unnecessarily reparse the request URI. (#​6644)

Deprecations

  • Requests has officially added support for CPython 3.12 (#​6503)
  • Requests has officially added support for PyPy 3.9 and 3.10 (#​6641)
  • Requests has officially dropped support for CPython 3.7 (#​6642)
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#​6641)

Documentation

  • Various typo fixes and doc improvements.

Packaging

  • Requests has started adopting some modern packaging practices.
    The source files for the projects (formerly requests) is now located
    in src/requests in the Requests sdist. (#​6506)
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
    using hatchling. This should not impact the average user, but extremely old
    versions of packaging utilities may have issues with the new packaging format.
astral-sh/ruff (ruff)

v0.4.10

Compare Source

Parser
  • Implement re-lexing logic for better error recovery (#​11845)
Rule changes
  • [flake8-copyright] Update CPY001 to check the first 4096 bytes instead of 1024 (#​11927)
  • [pycodestyle] Update E999 to show all syntax errors instead of just the first one (#​11900)
Server
  • Add tracing setup guide to Helix documentation (#​11883)
  • Add tracing setup guide to Neovim documentation (#​11884)
  • Defer notebook cell deletion to avoid an error message (#​11864)
Security
  • Guard against malicious ecosystem comment artifacts (#​11879)

v0.4.9

Compare Source

Preview features
  • [pylint] Implement consider-dict-items (C0206) (#​11688)
  • [refurb] Implement repeated-global (FURB154) (#​11187)
Rule changes
  • [pycodestyle] Adapt fix for E203 to work identical to ruff format (#​10999)
Formatter
  • Fix formatter instability for lines only consisting of zero-width characters (#​11748)
Server
  • Add supported commands in server capabilities (#​11850)
  • Use real file path when available in ruff server (#​11800)
  • Improve error message when a command is run on an unavailable document (#​11823)
  • Introduce the ruff.printDebugInformation command (#​11831)
  • Tracing system now respects log level and trace level, with options to log to a file (#​11747)
CLI
  • Handle non-printable characters in diff view (#​11687)
Bug fixes
  • [refurb] Avoid suggesting starmap when arguments are used outside call (FURB140) (#​11830)
  • [flake8-bugbear] Avoid panic in B909 when checking large loop blocks (#​11772)
  • [refurb] Fix misbehavior of operator.itemgetter when getter param is a tuple (FURB118) (#​11774)

v0.4.8

Compare Source

Performance
  • Linter performance has been improved by around 10% on some microbenchmarks by refactoring the lexer and parser to maintain synchronicity between them (#​11457)
Preview features
  • [flake8-bugbear] Implement return-in-generator (B901) (#​11644)
  • [flake8-pyi] Implement PYI063 (#​11699)
  • [pygrep_hooks] Check blanket ignores via file-level pragmas (PGH004) (#​11540)
Rule changes
  • [pyupgrade] Update UP035 for Python 3.13 and the latest version of typing_extensions (#​11693)
  • [numpy] Update NPY001 rule for NumPy 2.0 (#​11735)
Server
  • Formatting a document with syntax problems no longer spams a visible error popup (#​11745)
CLI
  • Add RDJson support for --output-format flag (#​11682)
Bug fixes
  • [pyupgrade] Write empty string in lieu of panic when fixing UP032 (#​11696)
  • [flake8-simplify] Simplify double negatives in SIM103 (#​11684)
  • Ensure the expression generator adds a newline before type statements (#​11720)
  • Respect per-file ignores for blanket and redirected noqa rules (#​11728)

v0.4.7

Compare Source

Preview features
  • [flake8-pyi] Implement PYI064 (#​11325)
  • [flake8-pyi] Implement PYI066 (#​11541)
  • [flake8-pyi] Implement PYI057 (#​11486)
  • [pyflakes] Enable F822 in __init__.py files by default (#​11370)
Formatter
  • Fix incorrect placement of trailing stub function comments (#​11632)
Server
  • Respect file exclusions in ruff server (#​11590)
  • Add support for documents not exist on disk (#​11588)
  • Add Vim and Kate setup guide for ruff server (#​11615)
Bug fixes
  • Avoid removing newlines between docstring headers and rST blocks (#​11609)
  • Infer indentation with imports when logical indent is absent (#​11608)
  • Use char index rather than position for indent slice (#​11645)
  • [flake8-comprehension] Strip parentheses around generators in C400 (#​11607)
  • Mark repeated-isinstance-calls as unsafe on Python 3.10 and later (#​11622)

v0.4.6

Compare Source

Breaking changes
  • Use project-relative paths when calculating GitLab fingerprints (#​11532)
Preview features
  • [flake8-async] Sleep with >24 hour interval should usually sleep forever (ASYNC116) (#​11498)
Rule changes
  • [numpy] Add missing functions to NumPy 2.0 migration rule (#​11528)
  • [mccabe] Consider irrefutable pattern similar to if .. else for C901 (#​11565)
  • Consider match-case statements for C901, PLR0912, and PLR0915 (#​11521)
  • Remove empty strings when converting to f-string (UP032) (#​11524)
  • [flake8-bandit] request-without-timeout should warn for requests.request (#​11548)
  • [flake8-self] Ignore sunder accesses in flake8-self rules (#​11546)
  • [pyupgrade] Lint for TypeAliasType usages (UP040) (#​11530)
Server
  • Respect excludes in ruff server configuration discovery (#​11551)
  • Use default settings if initialization options is empty or not provided (#​11566)
  • ruff server correctly treats .pyi files as stub files (#​11535)
  • ruff server searches for configuration in parent directories (#​11537)
  • ruff server: An empty code action filter no longer returns notebook source actions (#​11526)
Bug fixes
  • [flake8-logging-format] Fix autofix title in logging-warn (G010) (#​11514)
  • [refurb] Avoid recommending operator.itemgetter with dependence on lambda arguments (#​11574)
  • [flake8-simplify] Avoid recommending context manager in __enter__ implementations (#​11575)
  • Create intermediary directories for --output-file (#​11550)
  • Propagate reads on global variables (#​11584)
  • Treat all singledispatch arguments as runtime-required (#​11523)

v0.4.5

Compare Source

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff.
ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and
code fixes in Ruff's editor integrations -- but with superior performance and
no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes
  • [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#​11381)
  • [pycodestyle] Consider soft keywords for E27 rules (#​11446)
  • [pyflakes] Recommend adding unused import bindings to __all__ (#​11314)
  • [pyflakes] Update documentation and deprecate ignore_init_module_imports (#​11436)
  • [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#​11485)
Formatter
  • Avoid multiline quotes warning with quote-style = preserve (#​11490)
Server
  • Support Jupyter Notebook files (#​11206)
  • Support noqa comment code actions (#​11276)
  • Fix automatic configuration reloading (#​11492)
  • Fix several issues with configuration in Neovim and Helix (#​11497)
CLI
  • Add --output-format as a CLI option for ruff config (#​11438)
Bug fixes
  • Avoid PLE0237 for property with setter (#​11377)
  • Avoid TCH005 for if stmt with elif/else block (#​11376)
  • Avoid flagging __future__ annotations as required for non-evaluated type annotations (#​11414)
  • Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#​11450)
  • Sort edits prior to deduplicating in quotation fix (#​11452)
  • Treat escaped newline as valid sequence (#​11465)
  • [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#​11372)
  • [pylint] Ignore __slots__ with dynamic values (#​11488)
  • [pylint] Remove try body from branch counting (#​11487)
  • [refurb] Respect operator precedence in FURB110 (#​11464)
Documentation
  • Add --preview to the README (#​11395)
  • Add Python 3.13 to list of allowed Python versions (#​11411)
  • Simplify Neovim setup documentation (#​11489)
  • Update CONTRIBUTING.md to reflect the new parser (#​11434)
  • Update server documentation with new migration guide (#​11499)
  • [pycodestyle] Clarify motivation for E713 and E714 (#​11483)
  • [pyflakes] Update docs to describe WAI behavior (F541) (#​11362)
  • [pylint] Clearly indicate what is counted as a branch (#​11423)
jd/tenacity (tenacity)

v8.4.1: tenacity 8.4.1

Compare Source

What's Changed

Full Changelog: jd/tenacity@8.4.0...8.4.1

v8.4.0: tenacity 8.4.0

Compare Source

What's Changed

Full Changelog: jd/tenacity@8.3.0...8.4.0


Configuration

📅 Schedule: Branch creation - "before 4am on monday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner June 20, 2024 17:27
@renovate renovate bot requested review from ddl-kgarton and removed request for a team June 20, 2024 17:27
@renovate renovate bot force-pushed the renovate/482a55b24a3a8599abf806ee3a branch from 5b11fd8 to f1f7ade Compare June 20, 2024 19:13
@ddl-cedricyoung ddl-cedricyoung requested review from ddl-cedricyoung and removed request for ddl-kgarton June 20, 2024 20:11
@sonarqube-prod
Copy link

SonarQube Quality Gate

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@ddl-cedricyoung ddl-cedricyoung merged commit 171d49f into main Jun 20, 2024
7 checks passed
@ddl-cedricyoung ddl-cedricyoung deleted the renovate/482a55b24a3a8599abf806ee3a branch June 20, 2024 20:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant