-
-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support configfile
in .bandit
file
#1052
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bersbersbers
requested review from
ericwb,
lukehinds and
sigmavirus24
as code owners
September 13, 2023 06:27
bersbersbers
changed the title
Support
Support Sep 13, 2023
(--)config
in .bandit
fileconfigfile
in .bandit
file
This was referenced Sep 13, 2023
@lukehinds since you seem to be active in this repository, do you have any guidance on having this PR reviewed? Thanks in advance! |
ericwb
approved these changes
Jun 12, 2024
ddl-cedricyoung
referenced
this pull request
in dominodatalab/cucu
Jun 20, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | | | [bandit](https://bandit.readthedocs.io/) ([source](https://github.com/PyCQA/bandit), [changelog](https://github.com/PyCQA/bandit/releases)) | dev | patch | `1.7.8` -> `1.7.9` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [coverage](https://github.com/nedbat/coveragepy) | dependencies | patch | `7.5.1` -> `7.5.3` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [importlib-metadata](https://github.com/python/importlib_metadata) | dependencies | minor | `7.1.0` -> `7.2.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [jellyfish](https://github.com/jamesturk/jellyfish) | dependencies | patch | `1.0.3` -> `1.0.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [pytest](https://github.com/pytest-dev/pytest) ([changelog](https://docs.pytest.org/en/stable/changelog.html)) | dev | patch | `8.2.0` -> `8.2.2` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [requests](https://requests.readthedocs.io) ([source](https://github.com/psf/requests), [changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | dependencies | minor | `2.31.0` -> `2.32.3` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [ruff](https://docs.astral.sh/ruff) ([source](https://github.com/astral-sh/ruff), [changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)) | dev | patch | `0.4.4` -> `0.4.10` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [selenium](https://www.selenium.dev) | dependencies | minor | `4.20.0` -> `4.21.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [tenacity](https://github.com/jd/tenacity) | dependencies | minor | `8.3.0` -> `8.4.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>PyCQA/bandit (bandit)</summary> ### [`v1.7.9`](https://github.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://github.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://github.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@​ericwb](https://github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://github.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@​ericwb](https://github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://github.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://github.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://github.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://github.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://github.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://github.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://github.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://github.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://github.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://github.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@​ericwb](https://github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://github.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://github.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@​ericwb](https://github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://github.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@​ericwb](https://github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://github.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://github.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://github.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@​pre-commit-ci](https://github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://github.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@​ericwb](https://github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://github.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@​dependabot](https://github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://github.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@​bersbersbers](https://github.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://github.com/PyCQA/bandit/pull/1052) #### New Contributors - [@​pre-commit-ci](https://github.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://github.com/PyCQA/bandit/pull/1119) - [@​bersbersbers](https://github.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://github.com/PyCQA/bandit/pull/1052) **Full Changelog**: PyCQA/bandit@1.7.8...1.7.9 </details> <details> <summary>nedbat/coveragepy (coverage)</summary> ### [`v7.5.3`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28) [Compare Source](https://github.com/nedbat/coveragepy/compare/7.5.2...7.5.3) - Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix. - Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for helping to diagnose the problem. .. \_issue 1791:[https://github.com/nedbat/coveragepy/issues/1791](https://github.com/nedbat/coveragepy/issues/1791)1 .. \_changes\_7-5-2: ### [`v7.5.2`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24) [Compare Source](https://github.com/nedbat/coveragepy/compare/7.5.1...7.5.2) - Fix: nested matches of exclude patterns could exclude too much code, as reported in `issue 1779`\_. This is now fixed. - Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported. - In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_. - Python 3.13.0b1 is supported. - Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam DeVoe <pull 1788_>`*. Closes `issue 1787`*. .. \_pull 1776:[https://github.com/nedbat/coveragepy/pull/1776](https://github.com/nedbat/coveragepy/pull/1776)6 .. \_issue 1779[https://github.com/nedbat/coveragepy/issues/1779](https://github.com/nedbat/coveragepy/issues/1779)79 .. \_issue 178[https://github.com/nedbat/coveragepy/issues/1787](https://github.com/nedbat/coveragepy/issues/1787)787 .. \_pull 17[https://github.com/nedbat/coveragepy/pull/1788](https://github.com/nedbat/coveragepy/pull/1788)1788 .. \_changes\_7-5-1: </details> <details> <summary>python/importlib_metadata (importlib-metadata)</summary> ### [`v7.2.0`](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.0) [Compare Source](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.0) </details> <details> <summary>jamesturk/jellyfish (jellyfish)</summary> ### [`v1.0.4`](https://github.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4) [Compare Source](https://github.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4) </details> <details> <summary>pytest-dev/pytest (pytest)</summary> ### [`v8.2.2`](https://github.com/pytest-dev/pytest/releases/tag/8.2.2) [Compare Source](https://github.com/pytest-dev/pytest/compare/8.2.1...8.2.2) # pytest 8.2.2 (2024-06-04) ## Bug Fixes - [#​12355](https://github.com/pytest-dev/pytest/issues/12355): Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters. - [#​12367](https://github.com/pytest-dev/pytest/issues/12367): Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown. - [#​12381](https://github.com/pytest-dev/pytest/issues/12381): Fix possible "Directory not empty" crashes arising from concurent cache dir (`.pytest_cache`) creation. Regressed in pytest 8.2.0. ## Improved Documentation - [#​12290](https://github.com/pytest-dev/pytest/issues/12290): Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme. - [#​12356](https://github.com/pytest-dev/pytest/issues/12356): Added a subsection to the documentation for debugging flaky tests to mention lack of thread safety in pytest as a possible source of flakyness. - [#​12363](https://github.com/pytest-dev/pytest/issues/12363): The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results. ### [`v8.2.1`](https://github.com/pytest-dev/pytest/releases/tag/8.2.1) [Compare Source](https://github.com/pytest-dev/pytest/compare/8.2.0...8.2.1) # pytest 8.2.1 (2024-05-19) ## Improvements - [#​12334](https://github.com/pytest-dev/pytest/issues/12334): Support for Python 3.13 (beta1 at the time of writing). ## Bug Fixes - [#​12120](https://github.com/pytest-dev/pytest/issues/12120): Fix \[PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line. - [#​12191](https://github.com/pytest-dev/pytest/issues/12191): Keyboard interrupts and system exits are now properly handled during the test collection. - [#​12300](https://github.com/pytest-dev/pytest/issues/12300): Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only. - [#​12308](https://github.com/pytest-dev/pytest/issues/12308): Fix a regression in pytest 8.2.0 where the permissions of automatically-created `.pytest_cache` directories became `rwx------` instead of the expected `rwxr-xr-x`. ## Trivial/Internal Changes - [#​12333](https://github.com/pytest-dev/pytest/issues/12333): pytest releases are now attested using the recent [Artifact Attestation](https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/) support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts. </details> <details> <summary>psf/requests (requests)</summary> ### [`v2.32.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2323-2024-05-29) [Compare Source](https://github.com/psf/requests/compare/v2.32.2...v2.32.3) **Bugfixes** - Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. ([#​6716](https://github.com/psf/requests/issues/6716)) - Fixed issue where Requests started failing to run on Python versions compiled without the `ssl` module. ([#​6724](https://github.com/psf/requests/issues/6724)) ### [`v2.32.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2322-2024-05-21) [Compare Source](https://github.com/psf/requests/compare/v2.32.1...v2.32.2) **Deprecations** - To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed `_get_connection` to a new public API, `get_connection_with_tls_context`. Existing custom HTTPAdapters will need to migrate their code to use this new API. `get_connection` is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. ([#​6710](https://github.com/psf/requests/issues/6710)) ### [`v2.32.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2321-2024-05-20) [Compare Source](https://github.com/psf/requests/compare/v2.32.0...v2.32.1) **Bugfixes** - Add missing test certs to the sdist distributed on PyPI. ### [`v2.32.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2320-2024-05-20) [Compare Source](https://github.com/psf/requests/compare/v2.31.0...v2.32.0) **Security** - Fixed an issue where setting `verify=False` on the first request from a Session will cause subsequent requests to the *same origin* to also ignore cert verification, regardless of the value of `verify`. (GHSA-9wx4-h78v-vm56) **Improvements** - `verify=True` now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. ([#​6667](https://github.com/psf/requests/issues/6667)) - Requests now supports optional use of character detection (`chardet` or `charset_normalizer`) when repackaged or vendored. This enables `pip` and other projects to minimize their vendoring surface area. The `Response.text()` and `apparent_encoding` APIs will default to `utf-8` if neither library is present. ([#​6702](https://github.com/psf/requests/issues/6702)) **Bugfixes** - Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. ([#​6589](https://github.com/psf/requests/issues/6589)) - Fixed deserialization bug in JSONDecodeError. ([#​6629](https://github.com/psf/requests/issues/6629)) - Fixed bug where an extra leading `/` (path separator) could lead urllib3 to unnecessarily reparse the request URI. ([#​6644](https://github.com/psf/requests/issues/6644)) **Deprecations** - Requests has officially added support for CPython 3.12 ([#​6503](https://github.com/psf/requests/issues/6503)) - Requests has officially added support for PyPy 3.9 and 3.10 ([#​6641](https://github.com/psf/requests/issues/6641)) - Requests has officially dropped support for CPython 3.7 ([#​6642](https://github.com/psf/requests/issues/6642)) - Requests has officially dropped support for PyPy 3.7 and 3.8 ([#​6641](https://github.com/psf/requests/issues/6641)) **Documentation** - Various typo fixes and doc improvements. **Packaging** - Requests has started adopting some modern packaging practices. The source files for the projects (formerly `requests`) is now located in `src/requests` in the Requests sdist. ([#​6506](https://github.com/psf/requests/issues/6506)) - Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using `hatchling`. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format. </details> <details> <summary>astral-sh/ruff (ruff)</summary> ### [`v0.4.10`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#0410) [Compare Source](https://github.com/astral-sh/ruff/compare/v0.4.9...v0.4.10) ##### Parser - Implement re-lexing logic for better error recovery ([#​11845](https://github.com/astral-sh/ruff/pull/11845)) ##### Rule changes - \[`flake8-copyright`] Update `CPY001` to check the first 4096 bytes instead of 1024 ([#​11927](https://github.com/astral-sh/ruff/pull/11927)) - \[`pycodestyle`] Update `E999` to show all syntax errors instead of just the first one ([#​11900](https://github.com/astral-sh/ruff/pull/11900)) ##### Server - Add tracing setup guide to Helix documentation ([#​11883](https://github.com/astral-sh/ruff/pull/11883)) - Add tracing setup guide to Neovim documentation ([#​11884](https://github.com/astral-sh/ruff/pull/11884)) - Defer notebook cell deletion to avoid an error message ([#​11864](https://github.com/astral-sh/ruff/pull/11864)) ##### Security - Guard against malicious ecosystem comment artifacts ([#​11879](https://github.com/astral-sh/ruff/pull/11879)) ### [`v0.4.9`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#049) [Compare Source](https://github.com/astral-sh/ruff/compare/v0.4.8...v0.4.9) ##### Preview features - \[`pylint`] Implement `consider-dict-items` (`C0206`) ([#​11688](https://github.com/astral-sh/ruff/pull/11688)) - \[`refurb`] Implement `repeated-global` (`FURB154`) ([#​11187](https://github.com/astral-sh/ruff/pull/11187)) ##### Rule changes - \[`pycodestyle`] Adapt fix for `E203` to work identical to `ruff format` ([#​10999](https://github.com/astral-sh/ruff/pull/10999)) ##### Formatter - Fix formatter instability for lines only consisting of zero-width characters ([#​11748](https://github.com/astral-sh/ruff/pull/11748)) ##### Server - Add supported commands in server capabilities ([#​11850](https://github.com/astral-sh/ruff/pull/11850)) - Use real file path when available in `ruff server` ([#​11800](https://github.com/astral-sh/ruff/pull/11800)) - Improve error message when a command is run on an unavailable document ([#​11823](https://github.com/astral-sh/ruff/pull/11823)) - Introduce the `ruff.printDebugInformation` command ([#​11831](https://github.com/astral-sh/ruff/pull/11831)) - Tracing system now respects log level and trace level, with options to log to a file ([#​11747](https://github.com/astral-sh/ruff/pull/11747)) ##### CLI - Handle non-printable characters in diff view ([#​11687](https://github.com/astral-sh/ruff/pull/11687)) ##### Bug fixes - \[`refurb`] Avoid suggesting starmap when arguments are used outside call (`FURB140`) ([#​11830](https://github.com/astral-sh/ruff/pull/11830)) - \[`flake8-bugbear`] Avoid panic in `B909` when checking large loop blocks ([#​11772](https://github.com/astral-sh/ruff/pull/11772)) - \[`refurb`] Fix misbehavior of `operator.itemgetter` when getter param is a tuple (`FURB118`) ([#​11774](https://github.com/astral-sh/ruff/pull/11774)) ### [`v0.4.8`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#048) [Compare Source](https://github.com/astral-sh/ruff/compare/v0.4.7...v0.4.8) ##### Performance - Linter performance has been improved by around 10% on some microbenchmarks by refactoring the lexer and parser to maintain synchronicity between them ([#​11457](https://github.com/astral-sh/ruff/pull/11457)) ##### Preview features - \[`flake8-bugbear`] Implement `return-in-generator` (`B901`) ([#​11644](https://github.com/astral-sh/ruff/pull/11644)) - \[`flake8-pyi`] Implement `PYI063` ([#​11699](https://github.com/astral-sh/ruff/pull/11699)) - \[`pygrep_hooks`] Check blanket ignores via file-level pragmas (`PGH004`) ([#​11540](https://github.com/astral-sh/ruff/pull/11540)) ##### Rule changes - \[`pyupgrade`] Update `UP035` for Python 3.13 and the latest version of `typing_extensions` ([#​11693](https://github.com/astral-sh/ruff/pull/11693)) - \[`numpy`] Update `NPY001` rule for NumPy 2.0 ([#​11735](https://github.com/astral-sh/ruff/pull/11735)) ##### Server - Formatting a document with syntax problems no longer spams a visible error popup ([#​11745](https://github.com/astral-sh/ruff/pull/11745)) ##### CLI - Add RDJson support for `--output-format` flag ([#​11682](https://github.com/astral-sh/ruff/pull/11682)) ##### Bug fixes - \[`pyupgrade`] Write empty string in lieu of panic when fixing `UP032` ([#​11696](https://github.com/astral-sh/ruff/pull/11696)) - \[`flake8-simplify`] Simplify double negatives in `SIM103` ([#​11684](https://github.com/astral-sh/ruff/pull/11684)) - Ensure the expression generator adds a newline before `type` statements ([#​11720](https://github.com/astral-sh/ruff/pull/11720)) - Respect per-file ignores for blanket and redirected noqa rules ([#​11728](https://github.com/astral-sh/ruff/pull/11728)) ### [`v0.4.7`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#047) [Compare Source](https://github.com/astral-sh/ruff/compare/v0.4.6...v0.4.7) ##### Preview features - \[`flake8-pyi`] Implement `PYI064` ([#​11325](https://github.com/astral-sh/ruff/pull/11325)) - \[`flake8-pyi`] Implement `PYI066` ([#​11541](https://github.com/astral-sh/ruff/pull/11541)) - \[`flake8-pyi`] Implement `PYI057` ([#​11486](https://github.com/astral-sh/ruff/pull/11486)) - \[`pyflakes`] Enable `F822` in `__init__.py` files by default ([#​11370](https://github.com/astral-sh/ruff/pull/11370)) ##### Formatter - Fix incorrect placement of trailing stub function comments ([#​11632](https://github.com/astral-sh/ruff/pull/11632)) ##### Server - Respect file exclusions in `ruff server` ([#​11590](https://github.com/astral-sh/ruff/pull/11590)) - Add support for documents not exist on disk ([#​11588](https://github.com/astral-sh/ruff/pull/11588)) - Add Vim and Kate setup guide for `ruff server` ([#​11615](https://github.com/astral-sh/ruff/pull/11615)) ##### Bug fixes - Avoid removing newlines between docstring headers and rST blocks ([#​11609](https://github.com/astral-sh/ruff/pull/11609)) - Infer indentation with imports when logical indent is absent ([#​11608](https://github.com/astral-sh/ruff/pull/11608)) - Use char index rather than position for indent slice ([#​11645](https://github.com/astral-sh/ruff/pull/11645)) - \[`flake8-comprehension`] Strip parentheses around generators in `C400` ([#​11607](https://github.com/astral-sh/ruff/pull/11607)) - Mark `repeated-isinstance-calls` as unsafe on Python 3.10 and later ([#​11622](https://github.com/astral-sh/ruff/pull/11622)) ### [`v0.4.6`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#046) [Compare Source](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.6) ##### Breaking changes - Use project-relative paths when calculating GitLab fingerprints ([#​11532](https://github.com/astral-sh/ruff/pull/11532)) ##### Preview features - \[`flake8-async`] Sleep with >24 hour interval should usually sleep forever (`ASYNC116`) ([#​11498](https://github.com/astral-sh/ruff/pull/11498)) ##### Rule changes - \[`numpy`] Add missing functions to NumPy 2.0 migration rule ([#​11528](https://github.com/astral-sh/ruff/pull/11528)) - \[`mccabe`] Consider irrefutable pattern similar to `if .. else` for `C901` ([#​11565](https://github.com/astral-sh/ruff/pull/11565)) - Consider `match`-`case` statements for `C901`, `PLR0912`, and `PLR0915` ([#​11521](https://github.com/astral-sh/ruff/pull/11521)) - Remove empty strings when converting to f-string (`UP032`) ([#​11524](https://github.com/astral-sh/ruff/pull/11524)) - \[`flake8-bandit`] `request-without-timeout` should warn for `requests.request` ([#​11548](https://github.com/astral-sh/ruff/pull/11548)) - \[`flake8-self`] Ignore sunder accesses in `flake8-self` rules ([#​11546](https://github.com/astral-sh/ruff/pull/11546)) - \[`pyupgrade`] Lint for `TypeAliasType` usages (`UP040`) ([#​11530](https://github.com/astral-sh/ruff/pull/11530)) ##### Server - Respect excludes in `ruff server` configuration discovery ([#​11551](https://github.com/astral-sh/ruff/pull/11551)) - Use default settings if initialization options is empty or not provided ([#​11566](https://github.com/astral-sh/ruff/pull/11566)) - `ruff server` correctly treats `.pyi` files as stub files ([#​11535](https://github.com/astral-sh/ruff/pull/11535)) - `ruff server` searches for configuration in parent directories ([#​11537](https://github.com/astral-sh/ruff/pull/11537)) - `ruff server`: An empty code action filter no longer returns notebook source actions ([#​11526](https://github.com/astral-sh/ruff/pull/11526)) ##### Bug fixes - \[`flake8-logging-format`] Fix autofix title in `logging-warn` (`G010`) ([#​11514](https://github.com/astral-sh/ruff/pull/11514)) - \[`refurb`] Avoid recommending `operator.itemgetter` with dependence on lambda arguments ([#​11574](https://github.com/astral-sh/ruff/pull/11574)) - \[`flake8-simplify`] Avoid recommending context manager in `__enter__` implementations ([#​11575](https://github.com/astral-sh/ruff/pull/11575)) - Create intermediary directories for `--output-file` ([#​11550](https://github.com/astral-sh/ruff/pull/11550)) - Propagate reads on global variables ([#​11584](https://github.com/astral-sh/ruff/pull/11584)) - Treat all `singledispatch` arguments as runtime-required ([#​11523](https://github.com/astral-sh/ruff/pull/11523)) ### [`v0.4.5`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#045) [Compare Source](https://github.com/astral-sh/ruff/compare/v0.4.4...v0.4.5) ##### Ruff's language server is now in Beta `v0.4.5` marks the official Beta release of `ruff server`, an integrated language server built into Ruff. `ruff server` supports the same feature set as `ruff-lsp`, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback! You can enable `ruff server` in the [VS Code extension](https://github.com/astral-sh/ruff-vscode?tab=readme-ov-file#enabling-the-rust-based-language-server) today. To read more about this exciting milestone, check out our [blog post](https://astral.sh/blog/ruff-v0.4.5)! ##### Rule changes - \[`flake8-future-annotations`] Reword `future-rewritable-type-annotation` (`FA100`) message ([#​11381](https://github.com/astral-sh/ruff/pull/11381)) - \[`pycodestyle`] Consider soft keywords for `E27` rules ([#​11446](https://github.com/astral-sh/ruff/pull/11446)) - \[`pyflakes`] Recommend adding unused import bindings to `__all__` ([#​11314](https://github.com/astral-sh/ruff/pull/11314)) - \[`pyflakes`] Update documentation and deprecate `ignore_init_module_imports` ([#​11436](https://github.com/astral-sh/ruff/pull/11436)) - \[`pyupgrade`] Mark quotes as unnecessary for non-evaluated annotations ([#​11485](https://github.com/astral-sh/ruff/pull/11485)) ##### Formatter - Avoid multiline quotes warning with `quote-style = preserve` ([#​11490](https://github.com/astral-sh/ruff/pull/11490)) ##### Server - Support Jupyter Notebook files ([#​11206](https://github.com/astral-sh/ruff/pull/11206)) - Support `noqa` comment code actions ([#​11276](https://github.com/astral-sh/ruff/pull/11276)) - Fix automatic configuration reloading ([#​11492](https://github.com/astral-sh/ruff/pull/11492)) - Fix several issues with configuration in Neovim and Helix ([#​11497](https://github.com/astral-sh/ruff/pull/11497)) ##### CLI - Add `--output-format` as a CLI option for `ruff config` ([#​11438](https://github.com/astral-sh/ruff/pull/11438)) ##### Bug fixes - Avoid `PLE0237` for property with setter ([#​11377](https://github.com/astral-sh/ruff/pull/11377)) - Avoid `TCH005` for `if` stmt with `elif`/`else` block ([#​11376](https://github.com/astral-sh/ruff/pull/11376)) - Avoid flagging `__future__` annotations as required for non-evaluated type annotations ([#​11414](https://github.com/astral-sh/ruff/pull/11414)) - Check for ruff executable in 'bin' directory as installed by 'pip install --target'. ([#​11450](https://github.com/astral-sh/ruff/pull/11450)) - Sort edits prior to deduplicating in quotation fix ([#​11452](https://github.com/astral-sh/ruff/pull/11452)) - Treat escaped newline as valid sequence ([#​11465](https://github.com/astral-sh/ruff/pull/11465)) - \[`flake8-pie`] Preserve parentheses in `unnecessary-dict-kwargs` ([#​11372](https://github.com/astral-sh/ruff/pull/11372)) - \[`pylint`] Ignore `__slots__` with dynamic values ([#​11488](https://github.com/astral-sh/ruff/pull/11488)) - \[`pylint`] Remove `try` body from branch counting ([#​11487](https://github.com/astral-sh/ruff/pull/11487)) - \[`refurb`] Respect operator precedence in `FURB110` ([#​11464](https://github.com/astral-sh/ruff/pull/11464)) ##### Documentation - Add `--preview` to the README ([#​11395](https://github.com/astral-sh/ruff/pull/11395)) - Add Python 3.13 to list of allowed Python versions ([#​11411](https://github.com/astral-sh/ruff/pull/11411)) - Simplify Neovim setup documentation ([#​11489](https://github.com/astral-sh/ruff/pull/11489)) - Update CONTRIBUTING.md to reflect the new parser ([#​11434](https://github.com/astral-sh/ruff/pull/11434)) - Update server documentation with new migration guide ([#​11499](https://github.com/astral-sh/ruff/pull/11499)) - \[`pycodestyle`] Clarify motivation for `E713` and `E714` ([#​11483](https://github.com/astral-sh/ruff/pull/11483)) - \[`pyflakes`] Update docs to describe WAI behavior (F541) ([#​11362](https://github.com/astral-sh/ruff/pull/11362)) - \[`pylint`] Clearly indicate what is counted as a branch ([#​11423](https://github.com/astral-sh/ruff/pull/11423)) </details> <details> <summary>jd/tenacity (tenacity)</summary> ### [`v8.4.1`](https://github.com/jd/tenacity/releases/tag/8.4.1): tenacity 8.4.1 [Compare Source](https://github.com/jd/tenacity/compare/8.4.0...8.4.1) #### What's Changed - Include `tenacity.asyncio` subpackage in release dist by [@​cdce8p](https://github.com/cdce8p) in [https://github.com/jd/tenacity/pull/474](https://github.com/jd/tenacity/pull/474) **Full Changelog**: jd/tenacity@8.4.0...8.4.1 ### [`v8.4.0`](https://github.com/jd/tenacity/releases/tag/8.4.0): tenacity 8.4.0 [Compare Source](https://github.com/jd/tenacity/compare/8.3.0...8.4.0) #### What's Changed - Add async strategies by [@​hasier](https://github.com/hasier) in [https://github.com/jd/tenacity/pull/451](https://github.com/jd/tenacity/pull/451) - Support Trio out-of-the-box by [@​jakkdl](https://github.com/jakkdl) in [https://github.com/jd/tenacity/pull/463](https://github.com/jd/tenacity/pull/463) **Full Changelog**: jd/tenacity@8.3.0...8.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/cerebrotech/cucu). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a try at alleviating the pains of #318, see in particular #318 (comment).