Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the optional group with 2 updates #219

Merged
merged 1 commit into from
Mar 18, 2024
Merged

Bump the optional group with 2 updates #219

merged 1 commit into from
Mar 18, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2024

Bumps the optional group with 2 updates: black and mkdocs-material.

Updates black from 24.2.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)
Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)
Commits

Updates mkdocs-material from 9.5.13 to 9.5.14

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.14

  • Added support for hiding versions from selector when using mike
  • Added init system to improve signal handling in Docker image
  • Fixed edge cases in exclusion logic of info plugin
  • Fixed inability to reset pipeline in search plugin
  • Fixed syntax error in Finnish translations
  • Fixed #6917: UTF-8 encoding problems in blog plugin on Windows
  • Fixed #6889: Transparent iframes get background color

Thanks to @​kamilkrzyskow, @​yubiuser and @​todeveni for their contributions

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.14 (2024-03-18)

  • Added support for hiding versions from selector when using mike
  • Added init system to improve signal handling in Docker image
  • Fixed edge cases in exclusion logic of info plugin
  • Fixed inability to reset pipeline in search plugin
  • Fixed syntax error in Finnish translations
  • Fixed #6917: UTF-8 encoding problems in blog plugin on Windows
  • Fixed #6889: Transparent iframes get background color

mkdocs-material-9.5.13+insiders-4.53.1 (2024-03-06)

  • Fixed #6877: Projects plugin computes incorrect path to assets
  • Fixed #6869: Blog plugin should emit warning on invalid related link

mkdocs-material-9.5.13 (2024-03-06)

  • Updated Slovak translations
  • Improved info plugin interop with projects plugin
  • Improved info plugin inclusion/exclusion logic
  • Fixed info plugin not gathering files recursively
  • Fixed #6750: Ensure info plugin packs up all necessary files

mkdocs-material-9.5.12 (2024-02-29)

  • Fixed #6846: Some meta tags removed on instant navigation (9.4.2 regression)
  • Fixed #6823: KaTex not rendering on instant navigation (9.5.5 regression)
  • Fixed #6821: Privacy plugin doesn't handle URLs with encoded characters

mkdocs-material-9.5.11+insiders-4.53.0 (2024-02-24)

  • Added support for automatic instant previews
  • Added support for pinned blog posts

mkdocs-material-9.5.11 (2024-02-19)

  • Updated Finnish translation

mkdocs-material-9.5.10+insiders-4.52.3 (2024-02-21)

  • Fixed resolution of URLs in instant previews
  • Fixed instant previews not mounting for same-page links

mkdocs-material-9.5.10 (2024-02-19)

  • Updated Bahasa Malaysia translations
  • Fixed #6783: Hide continue reading link for blog posts without separators
  • Fixed #6779: Incorrect positioning of integrated table of contents

mkdocs-material-9.5.9 (2024-02-10)

... (truncated)

Commits
  • cc78979 Updated Insiders changelog
  • c51eb2f Prepare 9.5.14 release
  • 3311a61 Updated dependencies
  • 022f14c Fixed UTF-8 with BOM encoding support
  • 2f1b2e9 Added support for hiding versions from selector
  • babc995 Formatting
  • 7e27f4d Merge branch 'master' of github.com:squidfunk/mkdocs-material
  • dc97a56 Updated dependencies
  • 2d39824 Fixed info plugin's exclusion logic (#6874)
  • f325238 Fixed inability to reset search pipeline
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the optional group with 2 updates
505fbc0 
Bumps the optional group with 2 updates: [black](https://github.com/psf/black) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material).


Updates `black` from 24.2.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.2.0...24.3.0)

Updates `mkdocs-material` from 9.5.13 to 9.5.14
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.13...9.5.14)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: optional
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: optional
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 18, 2024 07:38
@dependabot dependabot bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels Mar 18, 2024
@dependabot dependabot bot requested a review from a team as a code owner March 18, 2024 07:38
@tiyash-basu-frequenz tiyash-basu-frequenz added this pull request to the merge queue Mar 18, 2024
Merged via the queue into v0.x.x with commit 09c1b08 Mar 18, 2024
21 checks passed
@tiyash-basu-frequenz tiyash-basu-frequenz deleted the dependabot/pip/optional-2f51de413d branch March 18, 2024 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiyash-basu-frequenz tiyash-basu-frequenz tiyash-basu-frequenz approved these changes

@llucax llucax Awaiting requested review from llucax llucax is a code owner automatically assigned from frequenz-floss/python-sdk-team

Assignees
No one assigned
Labels
part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tiyash-basu-frequenz