⬆️(project) upgrade python dependencies #36
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.7.10
->==1.8.2
==43.0.3
->==44.0.0
==8.28.0
->==8.31.0
==24.2.1
->==25.0.0
==3.3.1
->==3.3.3
==8.2.0
->==8.3.4
==5.0.0
->==6.0.0
==4.0.2
->==4.0.3
==0.32.0
->==0.34.0
>=13,<14
->>=14,<15
==0.44.0
->==0.45.1
==6.7.0
->==6.8.2
Release Notes
PyCQA/bandit (bandit)
v1.8.2
Compare Source
What's Changed
Full Changelog: PyCQA/bandit@1.8.1...1.8.2
v1.8.1
Compare Source
What's Changed
New Contributors
Full Changelog: PyCQA/bandit@1.8.0...1.8.1
v1.8.0
Compare Source
What's Changed
Full Changelog: PyCQA/bandit@1.7.10...1.8.0
pyca/cryptography (cryptography)
v44.0.0
Compare Source
ipython/ipython (ipython)
v8.31.0
Compare Source
v8.30.0
Compare Source
v8.29.0
Compare Source
pyca/pyopenssl (pyOpenSSL)
v25.0.0
Compare Source
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
Context.set_alpn_select_callback
,Context.set_session_cache_mode
,Context.set_options
,Context.set_mode
,X509.subject_name_hash
, andX509Store.load_locations
.warnings.deprecated
.mypy
will emit deprecation notices for them when used with--enable-error-code deprecated
.v24.3.0
Compare Source
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OpenSSL.crypto.CRL
,OpenSSL.crypto.Revoked
,OpenSSL.crypto.dump_crl
, andOpenSSL.crypto.load_crl
.cryptography.x509
's CRL functionality should be used instead.OpenSSL.crypto.sign
andOpenSSL.crypto.verify
.cryptography.hazmat.primitives.asymmetric
's signature APIs should be used instead.Deprecations:
^^^^^^^^^^^^^
OpenSSL.rand
- callers should useos.urandom()
instead.add_extensions
andget_extensions
onOpenSSL.crypto.X509Req
andOpenSSL.crypto.X509
. These should have been deprecated at the same timeX509Extension
was. Users should use pyca/cryptography's X.509 APIs instead.OpenSSL.crypto.get_elliptic_curves
andOpenSSL.crypto.get_elliptic_curve
, as well as passing the reult of them toOpenSSL.SSL.Context.set_tmp_ecdh
, users should instead pass curves fromcryptography
.X509
objects toOpenSSL.SSL.Context.use_certificate
,OpenSSL.SSL.Connection.use_certificate
,OpenSSL.SSL.Context.add_extra_chain_cert
, andOpenSSL.SSL.Context.add_client_ca
, users should instead passcryptography.x509.Certificate
instances. This is in preparation for deprecating pyOpenSSL'sX509
entirely.PKey
objects toOpenSSL.SSL.Context.use_privatekey
andOpenSSL.SSL.Connection.use_privatekey
, users should instead passcryptography
priate key instances. This is in preparation for deprecating pyOpenSSL'sPKey
entirely.Changes:
^^^^^^^^
cryptography
maximum version has been increased to 44.0.x.OpenSSL.SSL.Connection.get_certificate
,OpenSSL.SSL.Connection.get_peer_certificate
,OpenSSL.SSL.Connection.get_peer_cert_chain
, andOpenSSL.SSL.Connection.get_verified_chain
now take anas_cryptography
keyword-argument. WhenTrue
is passed thencryptography.x509.Certificate
are returned, instead ofOpenSSL.crypto.X509
. In the future, passingFalse
(the default) will be deprecated.pylint-dev/pylint (pylint)
v3.3.3
Compare Source
What's new in Pylint 3.3.3?
Release date: 2024-12-23
False Positives Fixed
Fix false positives for
undefined-variable
for classes using Python 3.12generic type syntax.
Closes #9335
Fix a false positive for
use-implicit-booleaness-not-len
. No lint should be emitted forgenerators (
len
is not defined for generators).Refs #10100
Other Bug Fixes
Fix
Unable to import 'collections.abc' (import-error)
on Python 3.13.1.Closes #10112
v3.3.2
Compare Source
False Positives Fixed
Fix a false positive for
potential-index-error
when an indexed iterablecontains a starred element that evaluates to more than one item.
Closes #10076
Other Bug Fixes
Fixes the issue with --source-root option not working when the source files are in a subdirectory of the source root (e.g. when using a /src layout).
Closes #10026
pytest-dev/pytest (pytest)
v8.3.4
Compare Source
pytest 8.3.4 (2024-12-01)
Bug fixes
#12592: Fixed
KeyError
{.interpreted-text role="class"} crash when using--import-mode=importlib
in a directory layout where a directory contains a child directory with the same name.#12818: Assertion rewriting now preserves the source ranges of the original instructions, making it play well with tools that deal with the
AST
, like executing.#12849: ANSI escape codes for colored output now handled correctly in
pytest.fail
{.interpreted-text role="func"} with [pytrace=False]{.title-ref}.#9353:
pytest.approx
{.interpreted-text role="func"} now uses strict equality when given booleans.Improved documentation
#10558: Fix ambiguous docstring of
pytest.Config.getoption
{.interpreted-text role="func"}.#10829: Improve documentation on the current handling of the
--basetemp
option and its lack of retention functionality (temporary directory location and retention
{.interpreted-text role="ref"}).#12866: Improved cross-references concerning the
recwarn
{.interpreted-text role="fixture"} fixture.#12966: Clarify
filterwarnings
{.interpreted-text role="ref"} docs on filter precedence/order when using multiple@pytest.mark.filterwarnings <pytest.mark.filterwarnings ref>
{.interpreted-text role="ref"} marks.Contributor-facing changes
v8.3.3
Compare Source
pytest 8.3.3 (2024-09-09)
Bug fixes
#12446: Avoid calling
@property
(and other instance descriptors) during fixture discovery -- byasottile
{.interpreted-text role="user"}#12659: Fixed the issue of not displaying assertion failure differences when using the parameter
--import-mode=importlib
in pytest>=8.1.#12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.
#12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by
Avasam
{.interpreted-text role="user"}#12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.
#6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in
assert condition, msg
).#9422: Fix bug where disabling the terminal plugin via
-p no:terminal
would cause crashes related to missing theverbose
option.-- by
GTowers1
{.interpreted-text role="user"}Improved documentation
Miscellaneous internal changes
v8.3.2
Compare Source
pytest 8.3.2 (2024-07-24)
Bug fixes
#12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.
-- by
RonnyPfannschmidt
{.interpreted-text role="user"}v8.3.1
Compare Source
pytest 8.3.1 (2024-07-20)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
v8.3.0
Compare Source
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are
int
{.interpreted-text role="class"}, (unescaped)str
{.interpreted-text role="class"},bool
{.interpreted-text role="class"} &None
{.interpreted-text role="data"}.See
marker examples <marker_keyword_expression_example>
{.interpreted-text role="ref"} for more information.-- by
lovetheguitar
{.interpreted-text role="user"}#12567: Added
--no-fold-skipped
command line option.If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
-- by
pbrezina
{.interpreted-text role="user"}Improvements in existing functionality
#12469: The console output now uses the "third-party plugins" terminology,
replacing the previously established but confusing and outdated
reference to
setuptools <setuptools:index>
{.interpreted-text role="std:doc"}-- by
webknjaz
{.interpreted-text role="user"}.#12544, #12545: Python virtual environment detection was improved by
checking for a
pyvenv.cfg
{.interpreted-text role="file"} file, ensuring reliable detection onvarious platforms -- by
zachsnickers
{.interpreted-text role="user"}.#2871: Do not truncate arguments to functions in output when running with [-vvv]{.title-ref}.
#389: The readability of assertion introspection of bound methods has been enhanced
-- by
farbodahm
{.interpreted-text role="user"},webknjaz
{.interpreted-text role="user"},obestwalter
{.interpreted-text role="user"},flub
{.interpreted-text role="user"}and
glyphack
{.interpreted-text role="user"}.Earlier, it was like:
And now it's like:
#7662: Added timezone information to the testsuite timestamp in the JUnit XML report.
Bug fixes
#11706: Fixed reporting of teardown errors in higher-scoped fixtures when using [--maxfail]{.title-ref} or [--stepwise]{.title-ref}.
Originally added in pytest 8.0.0, but reverted in 8.0.2 due to a regression in pytest-xdist.
This regression was fixed in pytest-xdist 3.6.1.
#11797:
pytest.approx
{.interpreted-text role="func"} now correctly handlesSequence <collections.abc.Sequence>
{.interpreted-text role="class"}-like objects.#12204, #12264: Fixed a regression in pytest 8.0 where tracebacks get longer and longer when multiple
tests fail due to a shared higher-scope fixture which raised -- by
bluetech
{.interpreted-text role="user"}.Also fixed a similar regression in pytest 5.4 for collectors which raise during setup.
The fix necessitated internal changes which may affect some plugins:
FixtureDef.cached_result[2]
is now a tuple(exc, tb)
instead of
exc
.SetupState.stack
failures are now a tuple(exc, tb)
instead of
exc
.#12275: Fixed collection error upon encountering an
abstract <abc>
{.interpreted-text role="mod"} class, including abstract [unittest.TestCase]{.title-ref} subclasses.#12328: Fixed a regression in pytest 8.0.0 where package-scoped parameterized items were not correctly reordered to minimize setups/teardowns in some cases.
#12424: Fixed crash with [assert testcase is not None]{.title-ref} assertion failure when re-running unittest tests using plugins like pytest-rerunfailures. Regressed in 8.2.2.
#12472: Fixed a crash when returning category
"error"
or"failed"
with a custom test status frompytest_report_teststatus
{.interpreted-text role="hook"} hook --pbrezina
{.interpreted-text role="user"}.#12505: Improved handling of invalid regex patterns in
pytest.raises(match=r'...') <pytest.raises>
{.interpreted-text role="func"} by providing a clear error message.#12580: Fixed a crash when using the cache class on Windows and the cache directory was created concurrently.
#6962: Parametrization parameters are now compared using [==]{.title-ref} instead of [is]{.title-ref} ([is]{.title-ref} is still used as a fallback if the parameter does not support [==]{.title-ref}).
This fixes use of parameters such as lists, which have a different [id]{.title-ref} but compare equal, causing fixtures to be re-computed instead of being cached.
#7166: Fixed progress percentages (the
[ 87%]
at the edge of the screen) sometimes not aligning correctly when running with pytest-xdist-n
.Improved documentation
#12153: Documented using
PYTEST_VERSION
{.interpreted-text role="envvar"} to detect if code is running from within a pytest run.#12469: The external plugin mentions in the documentation now avoid mentioning
setuptools entry-points <setuptools:index>
{.interpreted-text role="std:doc"} as the concept ismuch more generic nowadays. Instead, the terminology of "external",
"installed", or "third-party" plugins (or packages) replaces that.
-- by
webknjaz
{.interpreted-text role="user"}#12577: [CI]{.title-ref} and [BUILD_NUMBER]{.title-ref} environment variables role is discribed in
the reference doc. They now also appear when doing [pytest -h]{.title-ref}
-- by
MarcBresson
{.interpreted-text role="user"}.Contributor-facing changes
#12467: Migrated all internal type-annotations to the python3.10+ style by using the [annotations]{.title-ref} future import.
-- by
RonnyPfannschmidt
{.interpreted-text role="user"}#11771, #12557: The PyPy runtime version has been updated to 3.9 from 3.8 that introduced
a flaky bug at the garbage collector which was not expected to fix there
as the 3.8 is EoL.
-- by
x612skm
{.interpreted-text role="user"}#12493: The change log draft preview integration has been refactored to use a
third party extension
sphinxcontib-towncrier
. The previous in-reposcript was putting the change log preview file at
doc/en/_changelog_towncrier_draft.rst
{.interpreted-text role="file"}. Said file is no longerignored in Git and might show up among untracked files in the
development environments of the contributors. To address that, the
contributors can run the following command that will clean it up:
$ git clean -x -i -- doc/en/_changelog_towncrier_draft.rst
-- by
webknjaz
{.interpreted-text role="user"}#12498: All the undocumented
tox
environments now have descriptions.They can be listed in one's development environment by invoking
tox -av
in a terminal.-- by
webknjaz
{.interpreted-text role="user"}#12501: The changelog configuration has been updated to introduce more accurate
audience-tailored categories. Previously, there was a
trivial
change log fragment type with an unclear and broad meaning. It was
removed and we now have
contrib
,misc
andpackaging
inplace of it.
The new change note types target the readers who are downstream
packagers and project contributors. Additionally, the miscellaneous
section is kept for unspecified updates that do not fit anywhere else.
-- by
webknjaz
{.interpreted-text role="user"}#12502: The UX of the GitHub automation making pull requests to update the
plugin list has been updated. Previously, the maintainers had to close
the automatically created pull requests and re-open them to trigger the
CI runs. From now on, they only need to click the [Ready for review]{.title-ref}
button instead.
-- by
webknjaz
{.interpreted-text role="user"}#12522: The
:pull:
RST role has been replaced with a shorter:pr:
due to starting to use the implementation fromthe third-party
sphinx-issues
{.interpreted-text role="pypi"} Sphinx extension-- by
webknjaz
{.interpreted-text role="user"}.#12531: The coverage reporting configuration has been updated to exclude
pytest's own tests marked as expected to fail from the coverage
report. This has an effect of reducing the influence of flaky
tests on the resulting number.
-- by
webknjaz
{.interpreted-text role="user"}#12533: The
extlinks
Sphinx extension is no longer enabled. The:bpo:
role it used to declare has been removed with that. BPO itself has
migrated to GitHub some years ago and it is possible to link the
respective issues by using their GitHub issue numbers and the
:issue:
role that thesphinx-issues
extension implements.-- by
webknjaz
{.interpreted-text role="user"}#12562: Possible typos in using the
:user:
RST role is now being lintedthrough the pre-commit tool integration -- by
webknjaz
{.interpreted-text role="user"}.v8.2.2
Compare Source
pytest 8.2.2 (2024-06-04)
Bug Fixes
.pytest_cache
) creation. Regressed in pytest 8.2.0.Improved Documentation
lack of thread safety in pytest as a possible source of flakyness.
v8.2.1
Compare Source
pytest 8.2.1 (2024-05-19)
Improvements
Bug Fixes
.pytest_cache
directories becamerwx------
instead of the expectedrwxr-xr-x
.Trivial/Internal Changes
pytest-dev/pytest-cov (pytest-cov)
v6.0.0
Compare Source
Now it will perform the check just like
coverage report
would.--cov-precision
cli option that can override the value set in your coverage configuration.kislyuk/signxml (signxml)
v4.0.3
Compare Source
===============================
Fix issue with support for deprecated PyOpenSSL certificates
Fully remove the ca_path parameter; add docs for signature location
pinning
encode/uvicorn (uvicorn)
v0.34.0
Compare Source
Added
content-length
to 500 response inwsproto
implementation (#2542)Removed
v0.33.0
Compare Source
Removed
WatchGod
support for--reload
(#2536)v0.32.1
Compare Source
Fixed
httptools >= 0.6.3
#2488python-websockets/websockets (websockets)
v14.1
Compare Source
See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.
v14.0
Compare Source
See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.
pypa/wheel (wheel)
v0.45.1
Compare Source
v0.45.0
Compare Source
Refactored the
convert
command to not need setuptools to be installedDon't configure setuptools logging unless running
bdist_wheel
Added a redirection from
wheel.bdist_wheel.bdist_wheel
tosetuptools.command.bdist_wheel.bdist_wheel
to improve compatibility withsetuptools
' latest fixes.Projects are still advised to migrate away from the deprecated module and import the
setuptools
' implementation explicitly. (PR by @abravalheri)evansd/whitenoise (whitenoise)
v6.8.2
Compare Source
v6.8.1
Compare Source
v6.8.0
Compare Source
Configuration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.