Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oss-fuzz 69058: TokenError #1787

Closed
nedbat opened this issue May 18, 2024 · 4 comments · Fixed by #1788
Closed

oss-fuzz 69058: TokenError #1787

nedbat opened this issue May 18, 2024 · 4 comments · Fixed by #1788
Labels
bug Something isn't working

Comments

@nedbat
Copy link
Owner

nedbat commented May 18, 2024

This link seems to be private, so copying details here... https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69058

Project: coveragepy
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_parse
Job Type: libfuzzer_asan_coveragepy
Platform Id: linux

Crash Type: Uncaught exception
Crash Address: 
Crash State:
  _removeHandlerRef
  _tokenize
  generate_tokens

This is the claimed stack trace:

 	 === Uncaught Python exception: ===
	TokenError: ('EOF in multi-line string', (2, 0))
	Traceback (most recent call last):
	  File "fuzz_parse.py", line 33, in TestOneInput
	  File "coverage/parser.py", line 265, in parse_source
	  File "coverage/parser.py", line 143, in _raw_parse
	  File "coverage/phystokens.py", line 179, in generate_tokens
	  File "tokenize.py", line 461, in _tokenize
	TokenError: ('EOF in multi-line string', (2, 0))

The provided test case is an 8-byte file:

% hexdump -C /dwn/clusterfuzz-testcase-minimized-fuzz_parse-5820066691088384
00000000  ff 8d a7 dc 0a 27 27 a7                           |.....''.|
00000008

I've tried to reproduce this problem, and cannot:

from coverage.parser import PythonParser
parser = PythonParser(text="\xFF\x8D\xA7\xDC\n''\xA7")
parser.parse_source()

produces:

Traceback (most recent call last):
  File "/Users/ned/coverage/trunk/coverage/parser.py", line 265, in parse_source
    self._ast_root = ast_parse(self.text)
                     ^^^^^^^^^^^^^^^^^^^^
  File "/Users/ned/coverage/trunk/coverage/misc.py", line 381, in ast_parse
    return ast.parse(text)
           ^^^^^^^^^^^^^^^
  File "/usr/local/pyenv/pyenv/versions/3.11.9/lib/python3.11/ast.py", line 50, in parse
    return compile(source, filename, mode, flags,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<unknown>", line 1
    ÿ�§Ü
     ^
SyntaxError: invalid non-printable character U+008D

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/ned/coverage/trunk/fuzz.py", line 3, in <module>
    parser.parse_source()
  File "/Users/ned/coverage/trunk/coverage/parser.py", line 268, in parse_source
    raise NotPython(
coverage.exceptions.NotPython: Couldn't parse '<code>' as Python source: 'invalid non-printable character U+008D' at line 1

Somehow they have a TokenError, but coverage.py does not. I don't understand how they are getting their error.

@nedbat nedbat added bug Something isn't working needs triage labels May 18, 2024
@devdanzin
Copy link
Contributor

It's possible to raise an EOF TokenError by decoding the bytes to cp273, but it is caught and results in a NotPython exception. Also, it's about a multi-line statement, while the original error is about a multi-line string. It only works with Python 3.11 or below, 3.12 won't raise a TokenError. Seems to be a coincidence.

from coverage.parser import PythonParser
text = b"\xFF\x8D\xA7\xDC\n''\xA7".decode("cp273")
PythonParser(text).parse_source()
  File "/mnt/c/Users/ddini/PycharmProjects/coveragepy/coverage/parser.py", line 271, in parse_source
    self._raw_parse()
  File "/mnt/c/Users/ddini/PycharmProjects/coveragepy/coverage/parser.py", line 154, in _raw_parse
    tokgen = generate_tokens(self.text)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/mnt/c/Users/ddini/PycharmProjects/coveragepy/coverage/phystokens.py", line 179, in generate_tokens
    return list(tokenize.generate_tokens(readline))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/tokenize.py", line 525, in _tokenize
    raise TokenError("EOF in multi-line statement", (lnum, 0))
tokenize.TokenError: ('EOF in multi-line statement', (2, 0))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/mnt/c/Users/ddini/PycharmProjects/coveragepy/tok.py", line 22, in <module>
    PythonParser(text).parse_source()
  File "/mnt/c/Users/ddini/PycharmProjects/coveragepy/coverage/parser.py", line 277, in parse_source
    raise NotPython(
coverage.exceptions.NotPython: Couldn't parse '<code>' as Python source: 'EOF in multi-line statement' at line 2

Here's the code I used to try to find matching errors:

from encodings.aliases import aliases
from coverage.parser import PythonParser, NotPython

btext = b"\xFF\x8D\xA7\xDC\n''\xA7"

encs = sorted(set(aliases.values()))
for enc in encs:
    try:
        text = btext.decode(enc)
    except:
        continue
    parser = PythonParser(text)
    try:
        parser.parse_source()
    except NotPython as n:
        print(enc, n)

@nedbat
Copy link
Owner Author

nedbat commented May 20, 2024

@devdanzin said on Mastodon:

Maybe the minimized test case is a seed for the fuzzer, instead of direct input?

"A minimized testcase, which is a fuzzer input that can be used to reproduce the bug."

pigweed.dev/pw_fuzzer/guides/reproducing_oss_fuzz_bugs.html

@nedbat
Copy link
Owner Author

nedbat commented May 20, 2024

This is fixed in commit 364282e

@nedbat
Copy link
Owner Author

nedbat commented May 26, 2024

This is now released as part of coverage 7.5.2.

renovate bot referenced this issue in allenporter/flux-local May 26, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [coverage](https://togithub.com/nedbat/coveragepy) | `==7.5.1` ->
`==7.5.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.2`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://togithub.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://togithub.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://togithub.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://togithub.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://togithub.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/flux-local).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot referenced this issue in allenporter/pyrainbird May 27, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [coverage](https://togithub.com/nedbat/coveragepy) | `==7.5.1` ->
`==7.5.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.2`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://togithub.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://togithub.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://togithub.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://togithub.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://togithub.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/pyrainbird).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
github-merge-queue bot referenced this issue in canonical/charmcraft Jun 10, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [coverage](https://togithub.com/nedbat/coveragepy) | `==7.5.1` ->
`==7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [cryptography](https://togithub.com/pyca/cryptography)
([changelog](https://cryptography.io/en/latest/changelog/)) | `==42.0.7`
-> `==42.0.8` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/cryptography/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/cryptography/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/cryptography/42.0.7/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/cryptography/42.0.7/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [freezegun](https://togithub.com/spulec/freezegun)
([changelog](https://togithub.com/spulec/freezegun/blob/master/CHANGELOG))
| `==1.5.0` -> `==1.5.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/freezegun/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/freezegun/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/freezegun/1.5.0/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/freezegun/1.5.0/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [platformdirs](https://togithub.com/platformdirs/platformdirs) |
`==4.2.1` -> `==4.2.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/platformdirs/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/platformdirs/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/platformdirs/4.2.1/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/platformdirs/4.2.1/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://togithub.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://togithub.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

###
[`v7.5.2`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://togithub.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://togithub.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://togithub.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://togithub.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://togithub.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

<details>
<summary>pyca/cryptography (cryptography)</summary>

###
[`v42.0.8`](https://togithub.com/pyca/cryptography/compare/42.0.7...42.0.8)

[Compare
Source](https://togithub.com/pyca/cryptography/compare/42.0.7...42.0.8)

</details>

<details>
<summary>spulec/freezegun (freezegun)</summary>

###
[`v1.5.1`](https://togithub.com/spulec/freezegun/blob/HEAD/CHANGELOG#151)

[Compare
Source](https://togithub.com/spulec/freezegun/compare/1.5.0...1.5.1)

-   Fix the typing of the `tick()` method, and improve it's behaviour.

</details>

<details>
<summary>platformdirs/platformdirs (platformdirs)</summary>

###
[`v4.2.2`](https://togithub.com/platformdirs/platformdirs/releases/tag/4.2.2)

[Compare
Source](https://togithub.com/platformdirs/platformdirs/compare/4.2.1...4.2.2)

<!-- Release notes generated using configuration in .github/release.yml
at main -->

#### What's Changed

- Fix android detection when python4android is present by
[@&#8203;tmolitor-stud-tu](https://togithub.com/tmolitor-stud-tu) in
[https://github.com/platformdirs/platformdirs/pull/277](https://togithub.com/platformdirs/platformdirs/pull/277)

#### New Contributors

- [@&#8203;tmolitor-stud-tu](https://togithub.com/tmolitor-stud-tu) made
their first contribution in
[https://github.com/platformdirs/platformdirs/pull/277](https://togithub.com/platformdirs/platformdirs/pull/277)

**Full Changelog**:
tox-dev/platformdirs@4.2.1...4.2.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" in timezone Etc/UTC,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/canonical/charmcraft).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ddl-cedricyoung referenced this issue in dominodatalab/cucu Jun 20, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
|  |  | lockFileMaintenance | All locks refreshed |  |  |  |  |
| [bandit](https://bandit.readthedocs.io/)
([source](https://togithub.com/PyCQA/bandit),
[changelog](https://togithub.com/PyCQA/bandit/releases)) | dev | patch |
`1.7.8` -> `1.7.9` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [coverage](https://togithub.com/nedbat/coveragepy) | dependencies |
patch | `7.5.1` -> `7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [importlib-metadata](https://togithub.com/python/importlib_metadata) |
dependencies | minor | `7.1.0` -> `7.2.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [jellyfish](https://togithub.com/jamesturk/jellyfish) | dependencies |
patch | `1.0.3` -> `1.0.4` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pytest](https://togithub.com/pytest-dev/pytest)
([changelog](https://docs.pytest.org/en/stable/changelog.html)) | dev |
patch | `8.2.0` -> `8.2.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [requests](https://requests.readthedocs.io)
([source](https://togithub.com/psf/requests),
[changelog](https://togithub.com/psf/requests/blob/master/HISTORY.md)) |
dependencies | minor | `2.31.0` -> `2.32.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [ruff](https://docs.astral.sh/ruff)
([source](https://togithub.com/astral-sh/ruff),
[changelog](https://togithub.com/astral-sh/ruff/blob/main/CHANGELOG.md))
| dev | patch | `0.4.4` -> `0.4.10` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [selenium](https://www.selenium.dev) | dependencies | minor | `4.20.0`
-> `4.21.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [tenacity](https://togithub.com/jd/tenacity) | dependencies | minor |
`8.3.0` -> `8.4.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

🔧 This Pull Request updates lock files to use the latest dependency
versions.

---

### Release Notes

<details>
<summary>PyCQA/bandit (bandit)</summary>

### [`v1.7.9`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.9)

[Compare
Source](https://togithub.com/PyCQA/bandit/compare/1.7.8...1.7.9)

#### What's Changed

- Bump docker/build-push-action from 5.1.0 to 5.2.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1117](https://togithub.com/PyCQA/bandit/pull/1117)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1119](https://togithub.com/PyCQA/bandit/pull/1119)
- New logo for Bandit based on raccoon by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1121](https://togithub.com/PyCQA/bandit/pull/1121)
- Start testing on Python 3.13 by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1122](https://togithub.com/PyCQA/bandit/pull/1122)
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1123](https://togithub.com/PyCQA/bandit/pull/1123)
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1124](https://togithub.com/PyCQA/bandit/pull/1124)
- Bump docker/login-action from 3.0.0 to 3.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1125](https://togithub.com/PyCQA/bandit/pull/1125)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1126](https://togithub.com/PyCQA/bandit/pull/1126)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1127](https://togithub.com/PyCQA/bandit/pull/1127)
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1130](https://togithub.com/PyCQA/bandit/pull/1130)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1131](https://togithub.com/PyCQA/bandit/pull/1131)
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1132](https://togithub.com/PyCQA/bandit/pull/1132)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1133](https://togithub.com/PyCQA/bandit/pull/1133)
- Updates banner logo so it renders well in dark mode by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1134](https://togithub.com/PyCQA/bandit/pull/1134)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1135](https://togithub.com/PyCQA/bandit/pull/1135)
- Add a sponsor section to README by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1137](https://togithub.com/PyCQA/bandit/pull/1137)
- Ensure sarif extra is included as part of doc build by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1139](https://togithub.com/PyCQA/bandit/pull/1139)
- Bump docker/login-action from 3.1.0 to 3.2.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1142](https://togithub.com/PyCQA/bandit/pull/1142)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1143](https://togithub.com/PyCQA/bandit/pull/1143)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1145](https://togithub.com/PyCQA/bandit/pull/1145)
- Guard against empty call argument list by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1146](https://togithub.com/PyCQA/bandit/pull/1146)
- Bump docker/build-push-action from 5.3.0 to 5.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1144](https://togithub.com/PyCQA/bandit/pull/1144)
- Support `configfile` in `.bandit` file by
[@&#8203;bersbersbers](https://togithub.com/bersbersbers) in
[https://github.com/PyCQA/bandit/pull/1052](https://togithub.com/PyCQA/bandit/pull/1052)

#### New Contributors

- [@&#8203;pre-commit-ci](https://togithub.com/pre-commit-ci) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1119](https://togithub.com/PyCQA/bandit/pull/1119)
- [@&#8203;bersbersbers](https://togithub.com/bersbersbers) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1052](https://togithub.com/PyCQA/bandit/pull/1052)

**Full Changelog**:
PyCQA/bandit@1.7.8...1.7.9

</details>

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://togithub.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://togithub.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

###
[`v7.5.2`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://togithub.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://togithub.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://togithub.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://togithub.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://togithub.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

<details>
<summary>python/importlib_metadata (importlib-metadata)</summary>

###
[`v7.2.0`](https://togithub.com/python/importlib_metadata/compare/v7.1.0...v7.2.0)

[Compare
Source](https://togithub.com/python/importlib_metadata/compare/v7.1.0...v7.2.0)

</details>

<details>
<summary>jamesturk/jellyfish (jellyfish)</summary>

###
[`v1.0.4`](https://togithub.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4)

[Compare
Source](https://togithub.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4)

</details>

<details>
<summary>pytest-dev/pytest (pytest)</summary>

###
[`v8.2.2`](https://togithub.com/pytest-dev/pytest/releases/tag/8.2.2)

[Compare
Source](https://togithub.com/pytest-dev/pytest/compare/8.2.1...8.2.2)

# pytest 8.2.2 (2024-06-04)

## Bug Fixes

- [#&#8203;12355](https://togithub.com/pytest-dev/pytest/issues/12355):
Fix possible catastrophic performance slowdown on a certain
parametrization pattern involving many higher-scoped parameters.
- [#&#8203;12367](https://togithub.com/pytest-dev/pytest/issues/12367):
Fix a regression in pytest 8.2.0 where unittest class instances (a fresh
one is created for each test) were not released promptly on test
teardown but only on session teardown.
- [#&#8203;12381](https://togithub.com/pytest-dev/pytest/issues/12381):
Fix possible "Directory not empty" crashes arising from concurent cache
dir (`.pytest_cache`) creation. Regressed in pytest 8.2.0.

## Improved Documentation

- [#&#8203;12290](https://togithub.com/pytest-dev/pytest/issues/12290):
Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode
theme.
- [#&#8203;12356](https://togithub.com/pytest-dev/pytest/issues/12356):
Added a subsection to the documentation for debugging flaky tests to
mention
    lack of thread safety in pytest as a possible source of flakyness.
- [#&#8203;12363](https://togithub.com/pytest-dev/pytest/issues/12363):
The documentation webpages now links to a canonical version to reduce
outdated documentation in search engine results.

###
[`v8.2.1`](https://togithub.com/pytest-dev/pytest/releases/tag/8.2.1)

[Compare
Source](https://togithub.com/pytest-dev/pytest/compare/8.2.0...8.2.1)

# pytest 8.2.1 (2024-05-19)

## Improvements

- [#&#8203;12334](https://togithub.com/pytest-dev/pytest/issues/12334):
Support for Python 3.13 (beta1 at the time of writing).

## Bug Fixes

- [#&#8203;12120](https://togithub.com/pytest-dev/pytest/issues/12120):
Fix \[PermissionError]{.title-ref} crashes arising from directories
which are not selected on the command-line.
- [#&#8203;12191](https://togithub.com/pytest-dev/pytest/issues/12191):
Keyboard interrupts and system exits are now properly handled during the
test collection.
- [#&#8203;12300](https://togithub.com/pytest-dev/pytest/issues/12300):
Fixed handling of 'Function not implemented' error under squashfuse_ll,
which is a different way to say that the mountpoint is read-only.
- [#&#8203;12308](https://togithub.com/pytest-dev/pytest/issues/12308):
Fix a regression in pytest 8.2.0 where the permissions of
automatically-created `.pytest_cache` directories became `rwx------`
instead of the expected `rwxr-xr-x`.

## Trivial/Internal Changes

- [#&#8203;12333](https://togithub.com/pytest-dev/pytest/issues/12333):
pytest releases are now attested using the recent [Artifact
Attestation](https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/)
support from GitHub, allowing users to verify the provenance of pytest's
sdist and wheel artifacts.

</details>

<details>
<summary>psf/requests (requests)</summary>

###
[`v2.32.3`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2323-2024-05-29)

[Compare
Source](https://togithub.com/psf/requests/compare/v2.32.2...v2.32.3)

**Bugfixes**

- Fixed bug breaking the ability to specify custom SSLContexts in
sub-classes of
HTTPAdapter.
([#&#8203;6716](https://togithub.com/psf/requests/issues/6716))
- Fixed issue where Requests started failing to run on Python versions
compiled
without the `ssl` module.
([#&#8203;6724](https://togithub.com/psf/requests/issues/6724))

###
[`v2.32.2`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2322-2024-05-21)

[Compare
Source](https://togithub.com/psf/requests/compare/v2.32.1...v2.32.2)

**Deprecations**

-   To provide a more stable migration for custom HTTPAdapters impacted
    by the CVE changes in 2.32.0, we've renamed `_get_connection` to
    a new public API, `get_connection_with_tls_context`. Existing custom
    HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of
Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195.
([#&#8203;6710](https://togithub.com/psf/requests/issues/6710))

###
[`v2.32.1`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2321-2024-05-20)

[Compare
Source](https://togithub.com/psf/requests/compare/v2.32.0...v2.32.1)

**Bugfixes**

-   Add missing test certs to the sdist distributed on PyPI.

###
[`v2.32.0`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2320-2024-05-20)

[Compare
Source](https://togithub.com/psf/requests/compare/v2.31.0...v2.32.0)

**Security**

- Fixed an issue where setting `verify=False` on the first request from
a
Session will cause subsequent requests to the *same origin* to also
ignore
    cert verification, regardless of the value of `verify`.

(GHSA-9wx4-h78v-vm56)

**Improvements**

-   `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x.
([#&#8203;6667](https://togithub.com/psf/requests/issues/6667))
-   Requests now supports optional use of character detection
    (`chardet` or `charset_normalizer`) when repackaged or vendored.
    This enables `pip` and other projects to minimize their vendoring
    surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present.
([#&#8203;6702](https://togithub.com/psf/requests/issues/6702))

**Bugfixes**

-   Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length.
([#&#8203;6589](https://togithub.com/psf/requests/issues/6589))
- Fixed deserialization bug in JSONDecodeError.
([#&#8203;6629](https://togithub.com/psf/requests/issues/6629))
-   Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI.
([#&#8203;6644](https://togithub.com/psf/requests/issues/6644))

**Deprecations**

- Requests has officially added support for CPython 3.12
([#&#8203;6503](https://togithub.com/psf/requests/issues/6503))
- Requests has officially added support for PyPy 3.9 and 3.10
([#&#8203;6641](https://togithub.com/psf/requests/issues/6641))
- Requests has officially dropped support for CPython 3.7
([#&#8203;6642](https://togithub.com/psf/requests/issues/6642))
- Requests has officially dropped support for PyPy 3.7 and 3.8
([#&#8203;6641](https://togithub.com/psf/requests/issues/6641))

**Documentation**

-   Various typo fixes and doc improvements.

**Packaging**

-   Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist.
([#&#8203;6506](https://togithub.com/psf/requests/issues/6506))
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build
system
using `hatchling`. This should not impact the average user, but
extremely old
versions of packaging utilities may have issues with the new packaging
format.

</details>

<details>
<summary>astral-sh/ruff (ruff)</summary>

###
[`v0.4.10`](https://togithub.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#0410)

[Compare
Source](https://togithub.com/astral-sh/ruff/compare/v0.4.9...v0.4.10)

##### Parser

- Implement re-lexing logic for better error recovery
([#&#8203;11845](https://togithub.com/astral-sh/ruff/pull/11845))

##### Rule changes

- \[`flake8-copyright`] Update `CPY001` to check the first 4096 bytes
instead of 1024
([#&#8203;11927](https://togithub.com/astral-sh/ruff/pull/11927))
- \[`pycodestyle`] Update `E999` to show all syntax errors instead of
just the first one
([#&#8203;11900](https://togithub.com/astral-sh/ruff/pull/11900))

##### Server

- Add tracing setup guide to Helix documentation
([#&#8203;11883](https://togithub.com/astral-sh/ruff/pull/11883))
- Add tracing setup guide to Neovim documentation
([#&#8203;11884](https://togithub.com/astral-sh/ruff/pull/11884))
- Defer notebook cell deletion to avoid an error message
([#&#8203;11864](https://togithub.com/astral-sh/ruff/pull/11864))

##### Security

- Guard against malicious ecosystem comment artifacts
([#&#8203;11879](https://togithub.com/astral-sh/ruff/pull/11879))

###
[`v0.4.9`](https://togithub.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#049)

[Compare
Source](https://togithub.com/astral-sh/ruff/compare/v0.4.8...v0.4.9)

##### Preview features

- \[`pylint`] Implement `consider-dict-items` (`C0206`)
([#&#8203;11688](https://togithub.com/astral-sh/ruff/pull/11688))
- \[`refurb`] Implement `repeated-global` (`FURB154`)
([#&#8203;11187](https://togithub.com/astral-sh/ruff/pull/11187))

##### Rule changes

- \[`pycodestyle`] Adapt fix for `E203` to work identical to `ruff
format`
([#&#8203;10999](https://togithub.com/astral-sh/ruff/pull/10999))

##### Formatter

- Fix formatter instability for lines only consisting of zero-width
characters
([#&#8203;11748](https://togithub.com/astral-sh/ruff/pull/11748))

##### Server

- Add supported commands in server capabilities
([#&#8203;11850](https://togithub.com/astral-sh/ruff/pull/11850))
- Use real file path when available in `ruff server`
([#&#8203;11800](https://togithub.com/astral-sh/ruff/pull/11800))
- Improve error message when a command is run on an unavailable document
([#&#8203;11823](https://togithub.com/astral-sh/ruff/pull/11823))
- Introduce the `ruff.printDebugInformation` command
([#&#8203;11831](https://togithub.com/astral-sh/ruff/pull/11831))
- Tracing system now respects log level and trace level, with options to
log to a file
([#&#8203;11747](https://togithub.com/astral-sh/ruff/pull/11747))

##### CLI

- Handle non-printable characters in diff view
([#&#8203;11687](https://togithub.com/astral-sh/ruff/pull/11687))

##### Bug fixes

- \[`refurb`] Avoid suggesting starmap when arguments are used outside
call (`FURB140`)
([#&#8203;11830](https://togithub.com/astral-sh/ruff/pull/11830))
- \[`flake8-bugbear`] Avoid panic in `B909` when checking large loop
blocks ([#&#8203;11772](https://togithub.com/astral-sh/ruff/pull/11772))
- \[`refurb`] Fix misbehavior of `operator.itemgetter` when getter param
is a tuple (`FURB118`)
([#&#8203;11774](https://togithub.com/astral-sh/ruff/pull/11774))

###
[`v0.4.8`](https://togithub.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#048)

[Compare
Source](https://togithub.com/astral-sh/ruff/compare/v0.4.7...v0.4.8)

##### Performance

- Linter performance has been improved by around 10% on some
microbenchmarks by refactoring the lexer and parser to maintain
synchronicity between them
([#&#8203;11457](https://togithub.com/astral-sh/ruff/pull/11457))

##### Preview features

- \[`flake8-bugbear`] Implement `return-in-generator` (`B901`)
([#&#8203;11644](https://togithub.com/astral-sh/ruff/pull/11644))
- \[`flake8-pyi`] Implement `PYI063`
([#&#8203;11699](https://togithub.com/astral-sh/ruff/pull/11699))
- \[`pygrep_hooks`] Check blanket ignores via file-level pragmas
(`PGH004`)
([#&#8203;11540](https://togithub.com/astral-sh/ruff/pull/11540))

##### Rule changes

- \[`pyupgrade`] Update `UP035` for Python 3.13 and the latest version
of `typing_extensions`
([#&#8203;11693](https://togithub.com/astral-sh/ruff/pull/11693))
- \[`numpy`] Update `NPY001` rule for NumPy 2.0
([#&#8203;11735](https://togithub.com/astral-sh/ruff/pull/11735))

##### Server

- Formatting a document with syntax problems no longer spams a visible
error popup
([#&#8203;11745](https://togithub.com/astral-sh/ruff/pull/11745))

##### CLI

- Add RDJson support for `--output-format` flag
([#&#8203;11682](https://togithub.com/astral-sh/ruff/pull/11682))

##### Bug fixes

- \[`pyupgrade`] Write empty string in lieu of panic when fixing `UP032`
([#&#8203;11696](https://togithub.com/astral-sh/ruff/pull/11696))
- \[`flake8-simplify`] Simplify double negatives in `SIM103`
([#&#8203;11684](https://togithub.com/astral-sh/ruff/pull/11684))
- Ensure the expression generator adds a newline before `type`
statements
([#&#8203;11720](https://togithub.com/astral-sh/ruff/pull/11720))
- Respect per-file ignores for blanket and redirected noqa rules
([#&#8203;11728](https://togithub.com/astral-sh/ruff/pull/11728))

###
[`v0.4.7`](https://togithub.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#047)

[Compare
Source](https://togithub.com/astral-sh/ruff/compare/v0.4.6...v0.4.7)

##### Preview features

- \[`flake8-pyi`] Implement `PYI064`
([#&#8203;11325](https://togithub.com/astral-sh/ruff/pull/11325))
- \[`flake8-pyi`] Implement `PYI066`
([#&#8203;11541](https://togithub.com/astral-sh/ruff/pull/11541))
- \[`flake8-pyi`] Implement `PYI057`
([#&#8203;11486](https://togithub.com/astral-sh/ruff/pull/11486))
- \[`pyflakes`] Enable `F822` in `__init__.py` files by default
([#&#8203;11370](https://togithub.com/astral-sh/ruff/pull/11370))

##### Formatter

- Fix incorrect placement of trailing stub function comments
([#&#8203;11632](https://togithub.com/astral-sh/ruff/pull/11632))

##### Server

- Respect file exclusions in `ruff server`
([#&#8203;11590](https://togithub.com/astral-sh/ruff/pull/11590))
- Add support for documents not exist on disk
([#&#8203;11588](https://togithub.com/astral-sh/ruff/pull/11588))
- Add Vim and Kate setup guide for `ruff server`
([#&#8203;11615](https://togithub.com/astral-sh/ruff/pull/11615))

##### Bug fixes

- Avoid removing newlines between docstring headers and rST blocks
([#&#8203;11609](https://togithub.com/astral-sh/ruff/pull/11609))
- Infer indentation with imports when logical indent is absent
([#&#8203;11608](https://togithub.com/astral-sh/ruff/pull/11608))
- Use char index rather than position for indent slice
([#&#8203;11645](https://togithub.com/astral-sh/ruff/pull/11645))
- \[`flake8-comprehension`] Strip parentheses around generators in
`C400` ([#&#8203;11607](https://togithub.com/astral-sh/ruff/pull/11607))
- Mark `repeated-isinstance-calls` as unsafe on Python 3.10 and later
([#&#8203;11622](https://togithub.com/astral-sh/ruff/pull/11622))

###
[`v0.4.6`](https://togithub.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#046)

[Compare
Source](https://togithub.com/astral-sh/ruff/compare/v0.4.5...v0.4.6)

##### Breaking changes

- Use project-relative paths when calculating GitLab fingerprints
([#&#8203;11532](https://togithub.com/astral-sh/ruff/pull/11532))

##### Preview features

- \[`flake8-async`] Sleep with >24 hour interval should usually sleep
forever (`ASYNC116`)
([#&#8203;11498](https://togithub.com/astral-sh/ruff/pull/11498))

##### Rule changes

- \[`numpy`] Add missing functions to NumPy 2.0 migration rule
([#&#8203;11528](https://togithub.com/astral-sh/ruff/pull/11528))
- \[`mccabe`] Consider irrefutable pattern similar to `if .. else` for
`C901` ([#&#8203;11565](https://togithub.com/astral-sh/ruff/pull/11565))
- Consider `match`-`case` statements for `C901`, `PLR0912`, and
`PLR0915`
([#&#8203;11521](https://togithub.com/astral-sh/ruff/pull/11521))
- Remove empty strings when converting to f-string (`UP032`)
([#&#8203;11524](https://togithub.com/astral-sh/ruff/pull/11524))
- \[`flake8-bandit`] `request-without-timeout` should warn for
`requests.request`
([#&#8203;11548](https://togithub.com/astral-sh/ruff/pull/11548))
- \[`flake8-self`] Ignore sunder accesses in `flake8-self` rules
([#&#8203;11546](https://togithub.com/astral-sh/ruff/pull/11546))
- \[`pyupgrade`] Lint for `TypeAliasType` usages (`UP040`)
([#&#8203;11530](https://togithub.com/astral-sh/ruff/pull/11530))

##### Server

- Respect excludes in `ruff server` configuration discovery
([#&#8203;11551](https://togithub.com/astral-sh/ruff/pull/11551))
- Use default settings if initialization options is empty or not
provided
([#&#8203;11566](https://togithub.com/astral-sh/ruff/pull/11566))
- `ruff server` correctly treats `.pyi` files as stub files
([#&#8203;11535](https://togithub.com/astral-sh/ruff/pull/11535))
- `ruff server` searches for configuration in parent directories
([#&#8203;11537](https://togithub.com/astral-sh/ruff/pull/11537))
- `ruff server`: An empty code action filter no longer returns notebook
source actions
([#&#8203;11526](https://togithub.com/astral-sh/ruff/pull/11526))

##### Bug fixes

- \[`flake8-logging-format`] Fix autofix title in `logging-warn`
(`G010`)
([#&#8203;11514](https://togithub.com/astral-sh/ruff/pull/11514))
- \[`refurb`] Avoid recommending `operator.itemgetter` with dependence
on lambda arguments
([#&#8203;11574](https://togithub.com/astral-sh/ruff/pull/11574))
- \[`flake8-simplify`] Avoid recommending context manager in `__enter__`
implementations
([#&#8203;11575](https://togithub.com/astral-sh/ruff/pull/11575))
- Create intermediary directories for `--output-file`
([#&#8203;11550](https://togithub.com/astral-sh/ruff/pull/11550))
- Propagate reads on global variables
([#&#8203;11584](https://togithub.com/astral-sh/ruff/pull/11584))
- Treat all `singledispatch` arguments as runtime-required
([#&#8203;11523](https://togithub.com/astral-sh/ruff/pull/11523))

###
[`v0.4.5`](https://togithub.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#045)

[Compare
Source](https://togithub.com/astral-sh/ruff/compare/v0.4.4...v0.4.5)

##### Ruff's language server is now in Beta

`v0.4.5` marks the official Beta release of `ruff server`, an integrated
language server built into Ruff.
`ruff server` supports the same feature set as `ruff-lsp`, powering
linting, formatting, and
code fixes in Ruff's editor integrations -- but with superior
performance and
no installation required. We'd love your feedback!

You can enable `ruff server` in the [VS Code
extension](https://togithub.com/astral-sh/ruff-vscode?tab=readme-ov-file#enabling-the-rust-based-language-server)
today.

To read more about this exciting milestone, check out our [blog
post](https://astral.sh/blog/ruff-v0.4.5)!

##### Rule changes

- \[`flake8-future-annotations`] Reword
`future-rewritable-type-annotation` (`FA100`) message
([#&#8203;11381](https://togithub.com/astral-sh/ruff/pull/11381))
- \[`pycodestyle`] Consider soft keywords for `E27` rules
([#&#8203;11446](https://togithub.com/astral-sh/ruff/pull/11446))
- \[`pyflakes`] Recommend adding unused import bindings to `__all__`
([#&#8203;11314](https://togithub.com/astral-sh/ruff/pull/11314))
- \[`pyflakes`] Update documentation and deprecate
`ignore_init_module_imports`
([#&#8203;11436](https://togithub.com/astral-sh/ruff/pull/11436))
- \[`pyupgrade`] Mark quotes as unnecessary for non-evaluated
annotations
([#&#8203;11485](https://togithub.com/astral-sh/ruff/pull/11485))

##### Formatter

- Avoid multiline quotes warning with `quote-style = preserve`
([#&#8203;11490](https://togithub.com/astral-sh/ruff/pull/11490))

##### Server

- Support Jupyter Notebook files
([#&#8203;11206](https://togithub.com/astral-sh/ruff/pull/11206))
- Support `noqa` comment code actions
([#&#8203;11276](https://togithub.com/astral-sh/ruff/pull/11276))
- Fix automatic configuration reloading
([#&#8203;11492](https://togithub.com/astral-sh/ruff/pull/11492))
- Fix several issues with configuration in Neovim and Helix
([#&#8203;11497](https://togithub.com/astral-sh/ruff/pull/11497))

##### CLI

- Add `--output-format` as a CLI option for `ruff config`
([#&#8203;11438](https://togithub.com/astral-sh/ruff/pull/11438))

##### Bug fixes

- Avoid `PLE0237` for property with setter
([#&#8203;11377](https://togithub.com/astral-sh/ruff/pull/11377))
- Avoid `TCH005` for `if` stmt with `elif`/`else` block
([#&#8203;11376](https://togithub.com/astral-sh/ruff/pull/11376))
- Avoid flagging `__future__` annotations as required for non-evaluated
type annotations
([#&#8203;11414](https://togithub.com/astral-sh/ruff/pull/11414))
- Check for ruff executable in 'bin' directory as installed by 'pip
install --target'.
([#&#8203;11450](https://togithub.com/astral-sh/ruff/pull/11450))
- Sort edits prior to deduplicating in quotation fix
([#&#8203;11452](https://togithub.com/astral-sh/ruff/pull/11452))
- Treat escaped newline as valid sequence
([#&#8203;11465](https://togithub.com/astral-sh/ruff/pull/11465))
- \[`flake8-pie`] Preserve parentheses in `unnecessary-dict-kwargs`
([#&#8203;11372](https://togithub.com/astral-sh/ruff/pull/11372))
- \[`pylint`] Ignore `__slots__` with dynamic values
([#&#8203;11488](https://togithub.com/astral-sh/ruff/pull/11488))
- \[`pylint`] Remove `try` body from branch counting
([#&#8203;11487](https://togithub.com/astral-sh/ruff/pull/11487))
- \[`refurb`] Respect operator precedence in `FURB110`
([#&#8203;11464](https://togithub.com/astral-sh/ruff/pull/11464))

##### Documentation

- Add `--preview` to the README
([#&#8203;11395](https://togithub.com/astral-sh/ruff/pull/11395))
- Add Python 3.13 to list of allowed Python versions
([#&#8203;11411](https://togithub.com/astral-sh/ruff/pull/11411))
- Simplify Neovim setup documentation
([#&#8203;11489](https://togithub.com/astral-sh/ruff/pull/11489))
- Update CONTRIBUTING.md to reflect the new parser
([#&#8203;11434](https://togithub.com/astral-sh/ruff/pull/11434))
- Update server documentation with new migration guide
([#&#8203;11499](https://togithub.com/astral-sh/ruff/pull/11499))
- \[`pycodestyle`] Clarify motivation for `E713` and `E714`
([#&#8203;11483](https://togithub.com/astral-sh/ruff/pull/11483))
- \[`pyflakes`] Update docs to describe WAI behavior (F541)
([#&#8203;11362](https://togithub.com/astral-sh/ruff/pull/11362))
- \[`pylint`] Clearly indicate what is counted as a branch
([#&#8203;11423](https://togithub.com/astral-sh/ruff/pull/11423))

</details>

<details>
<summary>jd/tenacity (tenacity)</summary>

### [`v8.4.1`](https://togithub.com/jd/tenacity/releases/tag/8.4.1):
tenacity 8.4.1

[Compare Source](https://togithub.com/jd/tenacity/compare/8.4.0...8.4.1)

#### What's Changed

- Include `tenacity.asyncio` subpackage in release dist by
[@&#8203;cdce8p](https://togithub.com/cdce8p) in
[https://github.com/jd/tenacity/pull/474](https://togithub.com/jd/tenacity/pull/474)

**Full Changelog**: jd/tenacity@8.4.0...8.4.1

### [`v8.4.0`](https://togithub.com/jd/tenacity/releases/tag/8.4.0):
tenacity 8.4.0

[Compare Source](https://togithub.com/jd/tenacity/compare/8.3.0...8.4.0)

#### What's Changed

- Add async strategies by [@&#8203;hasier](https://togithub.com/hasier)
in
[https://github.com/jd/tenacity/pull/451](https://togithub.com/jd/tenacity/pull/451)
- Support Trio out-of-the-box by
[@&#8203;jakkdl](https://togithub.com/jakkdl) in
[https://github.com/jd/tenacity/pull/463](https://togithub.com/jd/tenacity/pull/463)

**Full Changelog**: jd/tenacity@8.3.0...8.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerebrotech/cucu).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants