Lock file maintenance glom all dependencies #502
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/482a55b24a3a8599abf806ee3a
branch
from
5b11fd8
to
f1f7ade
Compare
ddl-cedricyoung
requested review from
ddl-cedricyoung
and removed request for
ddl-kgarton
|
SonarQube Quality Gate
|
ddl-cedricyoung
approved these changes
Jun 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.7.8->1.7.97.5.1->7.5.37.1.0->7.2.01.0.3->1.0.48.2.0->8.2.22.31.0->2.32.30.4.4->0.4.104.20.0->4.21.08.3.0->8.4.1🔧 This Pull Request updates lock files to use the latest dependency versions.
Release Notes
PyCQA/bandit (bandit)
v1.7.9Compare Source
What's Changed
configfilein.banditfile by @bersbersbers in https://github.com/PyCQA/bandit/pull/1052New Contributors
Full Changelog: PyCQA/bandit@1.7.8...1.7.9
nedbat/coveragepy (coverage)
v7.5.3Compare Source
Performance improvements for combining data files, especially when measuring
line coverage. A few different quadratic behaviors were eliminated. In one
extreme case of combining 700+ data files, the time dropped from more than
three hours to seven minutes. Thanks for Kraken Tech for funding the fix.
Performance improvements for generating HTML reports, with a side benefit of
reducing memory use, closing
issue 1791_. Thanks to Daniel Diniz forhelping to diagnose the problem.
.. _issue 1791:https://github.com/nedbat/coveragepy/issues/17911
.. _changes_7-5-2:
v7.5.2Compare Source
Fix: nested matches of exclude patterns could exclude too much code, as
reported in
issue 1779_. This is now fixed.Changed: previously, coverage.py would consider a module docstring to be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never counted
as executable statements. This can change coverage.py's count of the number
of statements in a file, which can slightly change the coverage percentage
reported.
In the HTML report, the filter term and "hide covered" checkbox settings are
remembered between viewings, thanks to
Daniel Diniz <pull 1776_>_.Python 3.13.0b1 is supported.
Fix: parsing error handling is improved to ensure bizarre source files are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to
Liam DeVoe <pull 1788_>. Closesissue 1787... _pull 1776:https://github.com/nedbat/coveragepy/pull/17766
.. _issue 1779https://github.com/nedbat/coveragepy/issues/177979
.. _issue 178https://github.com/nedbat/coveragepy/issues/1787787
.. _pull 17https://github.com/nedbat/coveragepy/pull/17881788
.. _changes_7-5-1:
python/importlib_metadata (importlib-metadata)
v7.2.0Compare Source
jamesturk/jellyfish (jellyfish)
v1.0.4Compare Source
pytest-dev/pytest (pytest)
v8.2.2Compare Source
pytest 8.2.2 (2024-06-04)
Bug Fixes
.pytest_cache) creation. Regressed in pytest 8.2.0.Improved Documentation
lack of thread safety in pytest as a possible source of flakyness.
v8.2.1Compare Source
pytest 8.2.1 (2024-05-19)
Improvements
Bug Fixes
.pytest_cachedirectories becamerwx------instead of the expectedrwxr-xr-x.Trivial/Internal Changes
psf/requests (requests)
v2.32.3Compare Source
Bugfixes
HTTPAdapter. (#6716)
without the
sslmodule. (#6724)v2.32.2Compare Source
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed
_get_connectiontoa new public API,
get_connection_with_tls_context. Existing customHTTPAdapters will need to migrate their code to use this new API.
get_connectionis considered deprecated in all versions of Requests>=2.32.0.A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1Compare Source
Bugfixes
v2.32.0Compare Source
Security
verify=Falseon the first request from aSession will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of
verify.(GHSA-9wx4-h78v-vm56)
Improvements
verify=Truenow reuses a global SSLContext which should improverequest time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
(
chardetorcharset_normalizer) when repackaged or vendored.This enables
pipand other projects to minimize their vendoringsurface area. The
Response.text()andapparent_encodingAPIswill default to
utf-8if neither library is present. (#6702)Bugfixes
calculated in the request content-length. (#6589)
/(path separator) could leadurllib3 to unnecessarily reparse the request URI. (#6644)
Deprecations
Documentation
Packaging
The source files for the projects (formerly
requests) is now locatedin
src/requestsin the Requests sdist. (#6506)using
hatchling. This should not impact the average user, but extremely oldversions of packaging utilities may have issues with the new packaging format.
astral-sh/ruff (ruff)
v0.4.10Compare Source
Parser
Rule changes
flake8-copyright] UpdateCPY001to check the first 4096 bytes instead of 1024 (#11927)pycodestyle] UpdateE999to show all syntax errors instead of just the first one (#11900)Server
Security
v0.4.9Compare Source
Preview features
pylint] Implementconsider-dict-items(C0206) (#11688)refurb] Implementrepeated-global(FURB154) (#11187)Rule changes
pycodestyle] Adapt fix forE203to work identical toruff format(#10999)Formatter
Server
ruff server(#11800)ruff.printDebugInformationcommand (#11831)CLI
Bug fixes
refurb] Avoid suggesting starmap when arguments are used outside call (FURB140) (#11830)flake8-bugbear] Avoid panic inB909when checking large loop blocks (#11772)refurb] Fix misbehavior ofoperator.itemgetterwhen getter param is a tuple (FURB118) (#11774)v0.4.8Compare Source
Performance
Preview features
flake8-bugbear] Implementreturn-in-generator(B901) (#11644)flake8-pyi] ImplementPYI063(#11699)pygrep_hooks] Check blanket ignores via file-level pragmas (PGH004) (#11540)Rule changes
pyupgrade] UpdateUP035for Python 3.13 and the latest version oftyping_extensions(#11693)numpy] UpdateNPY001rule for NumPy 2.0 (#11735)Server
CLI
--output-formatflag (#11682)Bug fixes
pyupgrade] Write empty string in lieu of panic when fixingUP032(#11696)flake8-simplify] Simplify double negatives inSIM103(#11684)typestatements (#11720)v0.4.7Compare Source
Preview features
flake8-pyi] ImplementPYI064(#11325)flake8-pyi] ImplementPYI066(#11541)flake8-pyi] ImplementPYI057(#11486)pyflakes] EnableF822in__init__.pyfiles by default (#11370)Formatter
Server
ruff server(#11590)ruff server(#11615)Bug fixes
flake8-comprehension] Strip parentheses around generators inC400(#11607)repeated-isinstance-callsas unsafe on Python 3.10 and later (#11622)v0.4.6Compare Source
Breaking changes
Preview features
flake8-async] Sleep with >24 hour interval should usually sleep forever (ASYNC116) (#11498)Rule changes
numpy] Add missing functions to NumPy 2.0 migration rule (#11528)mccabe] Consider irrefutable pattern similar toif .. elseforC901(#11565)match-casestatements forC901,PLR0912, andPLR0915(#11521)UP032) (#11524)flake8-bandit]request-without-timeoutshould warn forrequests.request(#11548)flake8-self] Ignore sunder accesses inflake8-selfrules (#11546)pyupgrade] Lint forTypeAliasTypeusages (UP040) (#11530)Server
ruff serverconfiguration discovery (#11551)ruff servercorrectly treats.pyifiles as stub files (#11535)ruff serversearches for configuration in parent directories (#11537)ruff server: An empty code action filter no longer returns notebook source actions (#11526)Bug fixes
flake8-logging-format] Fix autofix title inlogging-warn(G010) (#11514)refurb] Avoid recommendingoperator.itemgetterwith dependence on lambda arguments (#11574)flake8-simplify] Avoid recommending context manager in__enter__implementations (#11575)--output-file(#11550)singledispatcharguments as runtime-required (#11523)v0.4.5Compare Source
Ruff's language server is now in Beta
v0.4.5marks the official Beta release ofruff server, an integrated language server built into Ruff.ruff serversupports the same feature set asruff-lsp, powering linting, formatting, andcode fixes in Ruff's editor integrations -- but with superior performance and
no installation required. We'd love your feedback!
You can enable
ruff serverin the VS Code extension today.To read more about this exciting milestone, check out our blog post!
Rule changes
flake8-future-annotations] Rewordfuture-rewritable-type-annotation(FA100) message (#11381)pycodestyle] Consider soft keywords forE27rules (#11446)pyflakes] Recommend adding unused import bindings to__all__(#11314)pyflakes] Update documentation and deprecateignore_init_module_imports(#11436)pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)Formatter
quote-style = preserve(#11490)Server
noqacomment code actions (#11276)CLI
--output-formatas a CLI option forruff config(#11438)Bug fixes
PLE0237for property with setter (#11377)TCH005forifstmt withelif/elseblock (#11376)__future__annotations as required for non-evaluated type annotations (#11414)flake8-pie] Preserve parentheses inunnecessary-dict-kwargs(#11372)pylint] Ignore__slots__with dynamic values (#11488)pylint] Removetrybody from branch counting (#11487)refurb] Respect operator precedence inFURB110(#11464)Documentation
--previewto the README (#11395)pycodestyle] Clarify motivation forE713andE714(#11483)pyflakes] Update docs to describe WAI behavior (F541) (#11362)pylint] Clearly indicate what is counted as a branch (#11423)jd/tenacity (tenacity)
v8.4.1: tenacity 8.4.1Compare Source
What's Changed
tenacity.asynciosubpackage in release dist by @cdce8p in https://github.com/jd/tenacity/pull/474Full Changelog: jd/tenacity@8.4.0...8.4.1
v8.4.0: tenacity 8.4.0Compare Source
What's Changed
Full Changelog: jd/tenacity@8.3.0...8.4.0
Configuration
📅 Schedule: Branch creation - "before 4am on monday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.