Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support configfile in .bandit file #1052

Merged
merged 3 commits into from
Jun 12, 2024
Merged

Support configfile in .bandit file #1052

merged 3 commits into from
Jun 12, 2024

Conversation

bersbersbers
Copy link
Contributor

@bersbersbers bersbersbers commented Sep 13, 2023

This is a try at alleviating the pains of #318, see in particular #318 (comment).

@bersbersbers
Copy link
Contributor Author

@lukehinds since you seem to be active in this repository, do you have any guidance on having this PR reviewed? Thanks in advance!

@ericwb ericwb merged commit 691f465 into PyCQA:main Jun 12, 2024
16 checks passed
@bersbersbers bersbersbers deleted the issue-318 branch June 12, 2024 22:47
ddl-cedricyoung referenced this pull request in dominodatalab/cucu Jun 20, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
|  |  | lockFileMaintenance | All locks refreshed |  |  |  |  |
| [bandit](https://bandit.readthedocs.io/)
([source](https://github.com/PyCQA/bandit),
[changelog](https://github.com/PyCQA/bandit/releases)) | dev | patch |
`1.7.8` -> `1.7.9` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [coverage](https://github.com/nedbat/coveragepy) | dependencies |
patch | `7.5.1` -> `7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [importlib-metadata](https://github.com/python/importlib_metadata) |
dependencies | minor | `7.1.0` -> `7.2.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [jellyfish](https://github.com/jamesturk/jellyfish) | dependencies |
patch | `1.0.3` -> `1.0.4` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pytest](https://github.com/pytest-dev/pytest)
([changelog](https://docs.pytest.org/en/stable/changelog.html)) | dev |
patch | `8.2.0` -> `8.2.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [requests](https://requests.readthedocs.io)
([source](https://github.com/psf/requests),
[changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) |
dependencies | minor | `2.31.0` -> `2.32.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [ruff](https://docs.astral.sh/ruff)
([source](https://github.com/astral-sh/ruff),
[changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md))
| dev | patch | `0.4.4` -> `0.4.10` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [selenium](https://www.selenium.dev) | dependencies | minor | `4.20.0`
-> `4.21.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [tenacity](https://github.com/jd/tenacity) | dependencies | minor |
`8.3.0` -> `8.4.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

🔧 This Pull Request updates lock files to use the latest dependency
versions.

---

### Release Notes

<details>
<summary>PyCQA/bandit (bandit)</summary>

### [`v1.7.9`](https://github.com/PyCQA/bandit/releases/tag/1.7.9)

[Compare
Source](https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9)

#### What's Changed

- Bump docker/build-push-action from 5.1.0 to 5.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1117](https://github.com/PyCQA/bandit/pull/1117)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1119](https://github.com/PyCQA/bandit/pull/1119)
- New logo for Bandit based on raccoon by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1121](https://github.com/PyCQA/bandit/pull/1121)
- Start testing on Python 3.13 by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1122](https://github.com/PyCQA/bandit/pull/1122)
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1123](https://github.com/PyCQA/bandit/pull/1123)
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1124](https://github.com/PyCQA/bandit/pull/1124)
- Bump docker/login-action from 3.0.0 to 3.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1125](https://github.com/PyCQA/bandit/pull/1125)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1126](https://github.com/PyCQA/bandit/pull/1126)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1127](https://github.com/PyCQA/bandit/pull/1127)
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1130](https://github.com/PyCQA/bandit/pull/1130)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1131](https://github.com/PyCQA/bandit/pull/1131)
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1132](https://github.com/PyCQA/bandit/pull/1132)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1133](https://github.com/PyCQA/bandit/pull/1133)
- Updates banner logo so it renders well in dark mode by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1134](https://github.com/PyCQA/bandit/pull/1134)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1135](https://github.com/PyCQA/bandit/pull/1135)
- Add a sponsor section to README by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1137](https://github.com/PyCQA/bandit/pull/1137)
- Ensure sarif extra is included as part of doc build by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1139](https://github.com/PyCQA/bandit/pull/1139)
- Bump docker/login-action from 3.1.0 to 3.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1142](https://github.com/PyCQA/bandit/pull/1142)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1143](https://github.com/PyCQA/bandit/pull/1143)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1145](https://github.com/PyCQA/bandit/pull/1145)
- Guard against empty call argument list by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1146](https://github.com/PyCQA/bandit/pull/1146)
- Bump docker/build-push-action from 5.3.0 to 5.4.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1144](https://github.com/PyCQA/bandit/pull/1144)
- Support `configfile` in `.bandit` file by
[@&#8203;bersbersbers](https://github.com/bersbersbers) in
[https://github.com/PyCQA/bandit/pull/1052](https://github.com/PyCQA/bandit/pull/1052)

#### New Contributors

- [@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1119](https://github.com/PyCQA/bandit/pull/1119)
- [@&#8203;bersbersbers](https://github.com/bersbersbers) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1052](https://github.com/PyCQA/bandit/pull/1052)

**Full Changelog**:
PyCQA/bandit@1.7.8...1.7.9

</details>

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://github.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

###
[`v7.5.2`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://github.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://github.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://github.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://github.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

<details>
<summary>python/importlib_metadata (importlib-metadata)</summary>

###
[`v7.2.0`](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.0)

[Compare
Source](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.0)

</details>

<details>
<summary>jamesturk/jellyfish (jellyfish)</summary>

###
[`v1.0.4`](https://github.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4)

[Compare
Source](https://github.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4)

</details>

<details>
<summary>pytest-dev/pytest (pytest)</summary>

###
[`v8.2.2`](https://github.com/pytest-dev/pytest/releases/tag/8.2.2)

[Compare
Source](https://github.com/pytest-dev/pytest/compare/8.2.1...8.2.2)

# pytest 8.2.2 (2024-06-04)

## Bug Fixes

- [#&#8203;12355](https://github.com/pytest-dev/pytest/issues/12355):
Fix possible catastrophic performance slowdown on a certain
parametrization pattern involving many higher-scoped parameters.
- [#&#8203;12367](https://github.com/pytest-dev/pytest/issues/12367):
Fix a regression in pytest 8.2.0 where unittest class instances (a fresh
one is created for each test) were not released promptly on test
teardown but only on session teardown.
- [#&#8203;12381](https://github.com/pytest-dev/pytest/issues/12381):
Fix possible "Directory not empty" crashes arising from concurent cache
dir (`.pytest_cache`) creation. Regressed in pytest 8.2.0.

## Improved Documentation

- [#&#8203;12290](https://github.com/pytest-dev/pytest/issues/12290):
Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode
theme.
- [#&#8203;12356](https://github.com/pytest-dev/pytest/issues/12356):
Added a subsection to the documentation for debugging flaky tests to
mention
    lack of thread safety in pytest as a possible source of flakyness.
- [#&#8203;12363](https://github.com/pytest-dev/pytest/issues/12363):
The documentation webpages now links to a canonical version to reduce
outdated documentation in search engine results.

###
[`v8.2.1`](https://github.com/pytest-dev/pytest/releases/tag/8.2.1)

[Compare
Source](https://github.com/pytest-dev/pytest/compare/8.2.0...8.2.1)

# pytest 8.2.1 (2024-05-19)

## Improvements

- [#&#8203;12334](https://github.com/pytest-dev/pytest/issues/12334):
Support for Python 3.13 (beta1 at the time of writing).

## Bug Fixes

- [#&#8203;12120](https://github.com/pytest-dev/pytest/issues/12120):
Fix \[PermissionError]{.title-ref} crashes arising from directories
which are not selected on the command-line.
- [#&#8203;12191](https://github.com/pytest-dev/pytest/issues/12191):
Keyboard interrupts and system exits are now properly handled during the
test collection.
- [#&#8203;12300](https://github.com/pytest-dev/pytest/issues/12300):
Fixed handling of 'Function not implemented' error under squashfuse_ll,
which is a different way to say that the mountpoint is read-only.
- [#&#8203;12308](https://github.com/pytest-dev/pytest/issues/12308):
Fix a regression in pytest 8.2.0 where the permissions of
automatically-created `.pytest_cache` directories became `rwx------`
instead of the expected `rwxr-xr-x`.

## Trivial/Internal Changes

- [#&#8203;12333](https://github.com/pytest-dev/pytest/issues/12333):
pytest releases are now attested using the recent [Artifact
Attestation](https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/)
support from GitHub, allowing users to verify the provenance of pytest's
sdist and wheel artifacts.

</details>

<details>
<summary>psf/requests (requests)</summary>

###
[`v2.32.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2323-2024-05-29)

[Compare
Source](https://github.com/psf/requests/compare/v2.32.2...v2.32.3)

**Bugfixes**

- Fixed bug breaking the ability to specify custom SSLContexts in
sub-classes of
HTTPAdapter.
([#&#8203;6716](https://github.com/psf/requests/issues/6716))
- Fixed issue where Requests started failing to run on Python versions
compiled
without the `ssl` module.
([#&#8203;6724](https://github.com/psf/requests/issues/6724))

###
[`v2.32.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2322-2024-05-21)

[Compare
Source](https://github.com/psf/requests/compare/v2.32.1...v2.32.2)

**Deprecations**

-   To provide a more stable migration for custom HTTPAdapters impacted
    by the CVE changes in 2.32.0, we've renamed `_get_connection` to
    a new public API, `get_connection_with_tls_context`. Existing custom
    HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of
Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195.
([#&#8203;6710](https://github.com/psf/requests/issues/6710))

###
[`v2.32.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2321-2024-05-20)

[Compare
Source](https://github.com/psf/requests/compare/v2.32.0...v2.32.1)

**Bugfixes**

-   Add missing test certs to the sdist distributed on PyPI.

###
[`v2.32.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2320-2024-05-20)

[Compare
Source](https://github.com/psf/requests/compare/v2.31.0...v2.32.0)

**Security**

- Fixed an issue where setting `verify=False` on the first request from
a
Session will cause subsequent requests to the *same origin* to also
ignore
    cert verification, regardless of the value of `verify`.

(GHSA-9wx4-h78v-vm56)

**Improvements**

-   `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x.
([#&#8203;6667](https://github.com/psf/requests/issues/6667))
-   Requests now supports optional use of character detection
    (`chardet` or `charset_normalizer`) when repackaged or vendored.
    This enables `pip` and other projects to minimize their vendoring
    surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present.
([#&#8203;6702](https://github.com/psf/requests/issues/6702))

**Bugfixes**

-   Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length.
([#&#8203;6589](https://github.com/psf/requests/issues/6589))
- Fixed deserialization bug in JSONDecodeError.
([#&#8203;6629](https://github.com/psf/requests/issues/6629))
-   Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI.
([#&#8203;6644](https://github.com/psf/requests/issues/6644))

**Deprecations**

- Requests has officially added support for CPython 3.12
([#&#8203;6503](https://github.com/psf/requests/issues/6503))
- Requests has officially added support for PyPy 3.9 and 3.10
([#&#8203;6641](https://github.com/psf/requests/issues/6641))
- Requests has officially dropped support for CPython 3.7
([#&#8203;6642](https://github.com/psf/requests/issues/6642))
- Requests has officially dropped support for PyPy 3.7 and 3.8
([#&#8203;6641](https://github.com/psf/requests/issues/6641))

**Documentation**

-   Various typo fixes and doc improvements.

**Packaging**

-   Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist.
([#&#8203;6506](https://github.com/psf/requests/issues/6506))
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build
system
using `hatchling`. This should not impact the average user, but
extremely old
versions of packaging utilities may have issues with the new packaging
format.

</details>

<details>
<summary>astral-sh/ruff (ruff)</summary>

###
[`v0.4.10`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#0410)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.9...v0.4.10)

##### Parser

- Implement re-lexing logic for better error recovery
([#&#8203;11845](https://github.com/astral-sh/ruff/pull/11845))

##### Rule changes

- \[`flake8-copyright`] Update `CPY001` to check the first 4096 bytes
instead of 1024
([#&#8203;11927](https://github.com/astral-sh/ruff/pull/11927))
- \[`pycodestyle`] Update `E999` to show all syntax errors instead of
just the first one
([#&#8203;11900](https://github.com/astral-sh/ruff/pull/11900))

##### Server

- Add tracing setup guide to Helix documentation
([#&#8203;11883](https://github.com/astral-sh/ruff/pull/11883))
- Add tracing setup guide to Neovim documentation
([#&#8203;11884](https://github.com/astral-sh/ruff/pull/11884))
- Defer notebook cell deletion to avoid an error message
([#&#8203;11864](https://github.com/astral-sh/ruff/pull/11864))

##### Security

- Guard against malicious ecosystem comment artifacts
([#&#8203;11879](https://github.com/astral-sh/ruff/pull/11879))

###
[`v0.4.9`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#049)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.8...v0.4.9)

##### Preview features

- \[`pylint`] Implement `consider-dict-items` (`C0206`)
([#&#8203;11688](https://github.com/astral-sh/ruff/pull/11688))
- \[`refurb`] Implement `repeated-global` (`FURB154`)
([#&#8203;11187](https://github.com/astral-sh/ruff/pull/11187))

##### Rule changes

- \[`pycodestyle`] Adapt fix for `E203` to work identical to `ruff
format`
([#&#8203;10999](https://github.com/astral-sh/ruff/pull/10999))

##### Formatter

- Fix formatter instability for lines only consisting of zero-width
characters
([#&#8203;11748](https://github.com/astral-sh/ruff/pull/11748))

##### Server

- Add supported commands in server capabilities
([#&#8203;11850](https://github.com/astral-sh/ruff/pull/11850))
- Use real file path when available in `ruff server`
([#&#8203;11800](https://github.com/astral-sh/ruff/pull/11800))
- Improve error message when a command is run on an unavailable document
([#&#8203;11823](https://github.com/astral-sh/ruff/pull/11823))
- Introduce the `ruff.printDebugInformation` command
([#&#8203;11831](https://github.com/astral-sh/ruff/pull/11831))
- Tracing system now respects log level and trace level, with options to
log to a file
([#&#8203;11747](https://github.com/astral-sh/ruff/pull/11747))

##### CLI

- Handle non-printable characters in diff view
([#&#8203;11687](https://github.com/astral-sh/ruff/pull/11687))

##### Bug fixes

- \[`refurb`] Avoid suggesting starmap when arguments are used outside
call (`FURB140`)
([#&#8203;11830](https://github.com/astral-sh/ruff/pull/11830))
- \[`flake8-bugbear`] Avoid panic in `B909` when checking large loop
blocks ([#&#8203;11772](https://github.com/astral-sh/ruff/pull/11772))
- \[`refurb`] Fix misbehavior of `operator.itemgetter` when getter param
is a tuple (`FURB118`)
([#&#8203;11774](https://github.com/astral-sh/ruff/pull/11774))

###
[`v0.4.8`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#048)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.7...v0.4.8)

##### Performance

- Linter performance has been improved by around 10% on some
microbenchmarks by refactoring the lexer and parser to maintain
synchronicity between them
([#&#8203;11457](https://github.com/astral-sh/ruff/pull/11457))

##### Preview features

- \[`flake8-bugbear`] Implement `return-in-generator` (`B901`)
([#&#8203;11644](https://github.com/astral-sh/ruff/pull/11644))
- \[`flake8-pyi`] Implement `PYI063`
([#&#8203;11699](https://github.com/astral-sh/ruff/pull/11699))
- \[`pygrep_hooks`] Check blanket ignores via file-level pragmas
(`PGH004`)
([#&#8203;11540](https://github.com/astral-sh/ruff/pull/11540))

##### Rule changes

- \[`pyupgrade`] Update `UP035` for Python 3.13 and the latest version
of `typing_extensions`
([#&#8203;11693](https://github.com/astral-sh/ruff/pull/11693))
- \[`numpy`] Update `NPY001` rule for NumPy 2.0
([#&#8203;11735](https://github.com/astral-sh/ruff/pull/11735))

##### Server

- Formatting a document with syntax problems no longer spams a visible
error popup
([#&#8203;11745](https://github.com/astral-sh/ruff/pull/11745))

##### CLI

- Add RDJson support for `--output-format` flag
([#&#8203;11682](https://github.com/astral-sh/ruff/pull/11682))

##### Bug fixes

- \[`pyupgrade`] Write empty string in lieu of panic when fixing `UP032`
([#&#8203;11696](https://github.com/astral-sh/ruff/pull/11696))
- \[`flake8-simplify`] Simplify double negatives in `SIM103`
([#&#8203;11684](https://github.com/astral-sh/ruff/pull/11684))
- Ensure the expression generator adds a newline before `type`
statements
([#&#8203;11720](https://github.com/astral-sh/ruff/pull/11720))
- Respect per-file ignores for blanket and redirected noqa rules
([#&#8203;11728](https://github.com/astral-sh/ruff/pull/11728))

###
[`v0.4.7`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#047)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.6...v0.4.7)

##### Preview features

- \[`flake8-pyi`] Implement `PYI064`
([#&#8203;11325](https://github.com/astral-sh/ruff/pull/11325))
- \[`flake8-pyi`] Implement `PYI066`
([#&#8203;11541](https://github.com/astral-sh/ruff/pull/11541))
- \[`flake8-pyi`] Implement `PYI057`
([#&#8203;11486](https://github.com/astral-sh/ruff/pull/11486))
- \[`pyflakes`] Enable `F822` in `__init__.py` files by default
([#&#8203;11370](https://github.com/astral-sh/ruff/pull/11370))

##### Formatter

- Fix incorrect placement of trailing stub function comments
([#&#8203;11632](https://github.com/astral-sh/ruff/pull/11632))

##### Server

- Respect file exclusions in `ruff server`
([#&#8203;11590](https://github.com/astral-sh/ruff/pull/11590))
- Add support for documents not exist on disk
([#&#8203;11588](https://github.com/astral-sh/ruff/pull/11588))
- Add Vim and Kate setup guide for `ruff server`
([#&#8203;11615](https://github.com/astral-sh/ruff/pull/11615))

##### Bug fixes

- Avoid removing newlines between docstring headers and rST blocks
([#&#8203;11609](https://github.com/astral-sh/ruff/pull/11609))
- Infer indentation with imports when logical indent is absent
([#&#8203;11608](https://github.com/astral-sh/ruff/pull/11608))
- Use char index rather than position for indent slice
([#&#8203;11645](https://github.com/astral-sh/ruff/pull/11645))
- \[`flake8-comprehension`] Strip parentheses around generators in
`C400` ([#&#8203;11607](https://github.com/astral-sh/ruff/pull/11607))
- Mark `repeated-isinstance-calls` as unsafe on Python 3.10 and later
([#&#8203;11622](https://github.com/astral-sh/ruff/pull/11622))

###
[`v0.4.6`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#046)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.6)

##### Breaking changes

- Use project-relative paths when calculating GitLab fingerprints
([#&#8203;11532](https://github.com/astral-sh/ruff/pull/11532))

##### Preview features

- \[`flake8-async`] Sleep with >24 hour interval should usually sleep
forever (`ASYNC116`)
([#&#8203;11498](https://github.com/astral-sh/ruff/pull/11498))

##### Rule changes

- \[`numpy`] Add missing functions to NumPy 2.0 migration rule
([#&#8203;11528](https://github.com/astral-sh/ruff/pull/11528))
- \[`mccabe`] Consider irrefutable pattern similar to `if .. else` for
`C901` ([#&#8203;11565](https://github.com/astral-sh/ruff/pull/11565))
- Consider `match`-`case` statements for `C901`, `PLR0912`, and
`PLR0915`
([#&#8203;11521](https://github.com/astral-sh/ruff/pull/11521))
- Remove empty strings when converting to f-string (`UP032`)
([#&#8203;11524](https://github.com/astral-sh/ruff/pull/11524))
- \[`flake8-bandit`] `request-without-timeout` should warn for
`requests.request`
([#&#8203;11548](https://github.com/astral-sh/ruff/pull/11548))
- \[`flake8-self`] Ignore sunder accesses in `flake8-self` rules
([#&#8203;11546](https://github.com/astral-sh/ruff/pull/11546))
- \[`pyupgrade`] Lint for `TypeAliasType` usages (`UP040`)
([#&#8203;11530](https://github.com/astral-sh/ruff/pull/11530))

##### Server

- Respect excludes in `ruff server` configuration discovery
([#&#8203;11551](https://github.com/astral-sh/ruff/pull/11551))
- Use default settings if initialization options is empty or not
provided
([#&#8203;11566](https://github.com/astral-sh/ruff/pull/11566))
- `ruff server` correctly treats `.pyi` files as stub files
([#&#8203;11535](https://github.com/astral-sh/ruff/pull/11535))
- `ruff server` searches for configuration in parent directories
([#&#8203;11537](https://github.com/astral-sh/ruff/pull/11537))
- `ruff server`: An empty code action filter no longer returns notebook
source actions
([#&#8203;11526](https://github.com/astral-sh/ruff/pull/11526))

##### Bug fixes

- \[`flake8-logging-format`] Fix autofix title in `logging-warn`
(`G010`)
([#&#8203;11514](https://github.com/astral-sh/ruff/pull/11514))
- \[`refurb`] Avoid recommending `operator.itemgetter` with dependence
on lambda arguments
([#&#8203;11574](https://github.com/astral-sh/ruff/pull/11574))
- \[`flake8-simplify`] Avoid recommending context manager in `__enter__`
implementations
([#&#8203;11575](https://github.com/astral-sh/ruff/pull/11575))
- Create intermediary directories for `--output-file`
([#&#8203;11550](https://github.com/astral-sh/ruff/pull/11550))
- Propagate reads on global variables
([#&#8203;11584](https://github.com/astral-sh/ruff/pull/11584))
- Treat all `singledispatch` arguments as runtime-required
([#&#8203;11523](https://github.com/astral-sh/ruff/pull/11523))

###
[`v0.4.5`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#045)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.4...v0.4.5)

##### Ruff's language server is now in Beta

`v0.4.5` marks the official Beta release of `ruff server`, an integrated
language server built into Ruff.
`ruff server` supports the same feature set as `ruff-lsp`, powering
linting, formatting, and
code fixes in Ruff's editor integrations -- but with superior
performance and
no installation required. We'd love your feedback!

You can enable `ruff server` in the [VS Code
extension](https://github.com/astral-sh/ruff-vscode?tab=readme-ov-file#enabling-the-rust-based-language-server)
today.

To read more about this exciting milestone, check out our [blog
post](https://astral.sh/blog/ruff-v0.4.5)!

##### Rule changes

- \[`flake8-future-annotations`] Reword
`future-rewritable-type-annotation` (`FA100`) message
([#&#8203;11381](https://github.com/astral-sh/ruff/pull/11381))
- \[`pycodestyle`] Consider soft keywords for `E27` rules
([#&#8203;11446](https://github.com/astral-sh/ruff/pull/11446))
- \[`pyflakes`] Recommend adding unused import bindings to `__all__`
([#&#8203;11314](https://github.com/astral-sh/ruff/pull/11314))
- \[`pyflakes`] Update documentation and deprecate
`ignore_init_module_imports`
([#&#8203;11436](https://github.com/astral-sh/ruff/pull/11436))
- \[`pyupgrade`] Mark quotes as unnecessary for non-evaluated
annotations
([#&#8203;11485](https://github.com/astral-sh/ruff/pull/11485))

##### Formatter

- Avoid multiline quotes warning with `quote-style = preserve`
([#&#8203;11490](https://github.com/astral-sh/ruff/pull/11490))

##### Server

- Support Jupyter Notebook files
([#&#8203;11206](https://github.com/astral-sh/ruff/pull/11206))
- Support `noqa` comment code actions
([#&#8203;11276](https://github.com/astral-sh/ruff/pull/11276))
- Fix automatic configuration reloading
([#&#8203;11492](https://github.com/astral-sh/ruff/pull/11492))
- Fix several issues with configuration in Neovim and Helix
([#&#8203;11497](https://github.com/astral-sh/ruff/pull/11497))

##### CLI

- Add `--output-format` as a CLI option for `ruff config`
([#&#8203;11438](https://github.com/astral-sh/ruff/pull/11438))

##### Bug fixes

- Avoid `PLE0237` for property with setter
([#&#8203;11377](https://github.com/astral-sh/ruff/pull/11377))
- Avoid `TCH005` for `if` stmt with `elif`/`else` block
([#&#8203;11376](https://github.com/astral-sh/ruff/pull/11376))
- Avoid flagging `__future__` annotations as required for non-evaluated
type annotations
([#&#8203;11414](https://github.com/astral-sh/ruff/pull/11414))
- Check for ruff executable in 'bin' directory as installed by 'pip
install --target'.
([#&#8203;11450](https://github.com/astral-sh/ruff/pull/11450))
- Sort edits prior to deduplicating in quotation fix
([#&#8203;11452](https://github.com/astral-sh/ruff/pull/11452))
- Treat escaped newline as valid sequence
([#&#8203;11465](https://github.com/astral-sh/ruff/pull/11465))
- \[`flake8-pie`] Preserve parentheses in `unnecessary-dict-kwargs`
([#&#8203;11372](https://github.com/astral-sh/ruff/pull/11372))
- \[`pylint`] Ignore `__slots__` with dynamic values
([#&#8203;11488](https://github.com/astral-sh/ruff/pull/11488))
- \[`pylint`] Remove `try` body from branch counting
([#&#8203;11487](https://github.com/astral-sh/ruff/pull/11487))
- \[`refurb`] Respect operator precedence in `FURB110`
([#&#8203;11464](https://github.com/astral-sh/ruff/pull/11464))

##### Documentation

- Add `--preview` to the README
([#&#8203;11395](https://github.com/astral-sh/ruff/pull/11395))
- Add Python 3.13 to list of allowed Python versions
([#&#8203;11411](https://github.com/astral-sh/ruff/pull/11411))
- Simplify Neovim setup documentation
([#&#8203;11489](https://github.com/astral-sh/ruff/pull/11489))
- Update CONTRIBUTING.md to reflect the new parser
([#&#8203;11434](https://github.com/astral-sh/ruff/pull/11434))
- Update server documentation with new migration guide
([#&#8203;11499](https://github.com/astral-sh/ruff/pull/11499))
- \[`pycodestyle`] Clarify motivation for `E713` and `E714`
([#&#8203;11483](https://github.com/astral-sh/ruff/pull/11483))
- \[`pyflakes`] Update docs to describe WAI behavior (F541)
([#&#8203;11362](https://github.com/astral-sh/ruff/pull/11362))
- \[`pylint`] Clearly indicate what is counted as a branch
([#&#8203;11423](https://github.com/astral-sh/ruff/pull/11423))

</details>

<details>
<summary>jd/tenacity (tenacity)</summary>

### [`v8.4.1`](https://github.com/jd/tenacity/releases/tag/8.4.1):
tenacity 8.4.1

[Compare Source](https://github.com/jd/tenacity/compare/8.4.0...8.4.1)

#### What's Changed

- Include `tenacity.asyncio` subpackage in release dist by
[@&#8203;cdce8p](https://github.com/cdce8p) in
[https://github.com/jd/tenacity/pull/474](https://github.com/jd/tenacity/pull/474)

**Full Changelog**: jd/tenacity@8.4.0...8.4.1

### [`v8.4.0`](https://github.com/jd/tenacity/releases/tag/8.4.0):
tenacity 8.4.0

[Compare Source](https://github.com/jd/tenacity/compare/8.3.0...8.4.0)

#### What's Changed

- Add async strategies by [@&#8203;hasier](https://github.com/hasier)
in
[https://github.com/jd/tenacity/pull/451](https://github.com/jd/tenacity/pull/451)
- Support Trio out-of-the-box by
[@&#8203;jakkdl](https://github.com/jakkdl) in
[https://github.com/jd/tenacity/pull/463](https://github.com/jd/tenacity/pull/463)

**Full Changelog**: jd/tenacity@8.3.0...8.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerebrotech/cucu).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants