Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leak when generating reports #1791

Closed
0x78f1935 opened this issue May 25, 2024 · 18 comments
Closed

Memory leak when generating reports #1791

0x78f1935 opened this issue May 25, 2024 · 18 comments
Labels
bug Something isn't working fixed performance Something is too slow

Comments

@0x78f1935
Copy link

Describe the bug
Please see this issue

To Reproduce
Generate any reports, json / html, doesn't matter.

Expected behavior
Reports will be generated, without eating away all my memory.

Additional context
This issue has been going on for a couple of months now and contains way more information and things that have been tried to solve this issue.

So far we have worked out that the issue occures spefically with coverage report.

Any further tips?

@nedbat
Copy link
Owner

nedbat commented May 25, 2024

Any further tips?

As I asked on that issue, I need clear complete instructions for how to reproduce the issue. No one has mentioned what version of coverage.py they are using. I don't know how to make the problem appear so that I can debug it. If you know of a way for me to do that, please provide the instructions.

@0x78f1935
Copy link
Author

@nedbat , Before closing the issue I posted your request.

For the instructions, I've enclosed all I knew in here, here and here. All information can be found in the previous issue.

@nedbat
Copy link
Owner

nedbat commented May 25, 2024

I'm sorry, that still doesn't give me a way to reproduce the issue. I'm available under contract if you need me to sign an NDA to see your private repo.

@devdanzin
Copy link
Contributor

Sounds like #1785 to me: affects Python 3.12, eats up a lot of memory.

@0x78f1935, does your code happen to have very long lines in it?

@0x78f1935
Copy link
Author

I'm sorry, that still doesn't give me a way to reproduce the issue. I'm available under contract if you need me to sign an NDA to see your private repo.

I'm sorry, I cannot do that.

Altho @sebastian-muthwill, mentioned he was able to reproduce the issue I had encountered.

Sounds like #1785 to me: affects Python 3.12, eats up a lot of memory.

@0x78f1935, does your code happen to have very long lines in it?

No, my unit-tests do not utilize a large mock data set. That being said, I also utilize Flake8 across my codebase.

@sebastian-muthwill
Copy link

@nedbat I take the discussion up here.
I tried yesterday to reproduce the issue with a clean Django project with the example from the Django docs and everything went well.

My project is much bigger and is failing.

I try to reproduce the issue and come back.

@0x78f1935
Copy link
Author

0x78f1935 commented May 27, 2024

My project is much bigger and is failing.

I can confirm that this happens to me with big project(s) too.

First, I thought maybe my project was the issue, but now that @sebastian-muthwill was able to reproduce the issue, I'm more confident we are onto something. I would love to be of help; unfortunately, I'm unable to share my codebase. Just like Sebastian's codebase, mine is big.

I took some time to take my codebase apart and basically started removing all components I didn't want to share so I could make a repository that reproduces the issue. After removing the frontend and Docker environments, I was left with my tests and my backend.

I trimmed my tests to a total of one test and was still able to reproduce the memory leak. The moment I started touching endpoints in my backend (which I don't want to share), things started to work, which is why I'm a bit uncertain. The strange part is that it doesn't really matter which component I turn on or off in any order. When they are turned on, there is a memory leak; when they are turned off, everything is okay (though there is no data to report), which might explain why that approach appears successful. This makes it difficult to pinpoint a specific component.

I thought to myself, that isn't very helpful. Surely, I can find an existing project of someone and transform that into a reproducible environment, but so far no luck with reproduction. I tried various things; I even tried my own project.toml file. No luck.

I hate to say it, but the best workaround I have right now, if you really need your coverage, downgrade to Python 3.11 or skip generating reports all together.

@devdanzin
Copy link
Contributor

There is a memory issue that only affects Python 3.12, due to a bug in that Python version: python/cpython#119118. I believe this is the issue affecting you.

There's a test you can run to check whether this is the issue we think it is. In coveragepy/coverage/phystokens.py, change the line:

 return list(tokenize.generate_tokens(readline))

To:

 return tokenize.generate_tokens(readline)

It should lessen the memory impact, if it's the same issue.

@sebastian-muthwill
Copy link

@devdanzin Thanks for pointing that out.

@nedbat I just tested it and can confirm that the issue is gone when settings the return as @devdanzin described.

#return list(tokenize.generate_tokens(readline))   # <-- memory leakage happening
    return tokenize.generate_tokens(readline)         # <-- no issue

Since it is not reproduceable with a fresh installation, I could imagine it has maybe something to do with the amount of tests run?

@devdanzin
Copy link
Contributor

So far, we had only seen this issue manifest on files with very long (many thousand characters) lines, where memory ballooned very fast and resulted in a MemoryError. For those, removing the call to list() avoided the memory issue, but still resulted in very slow (many minutes versus a couple of seconds) execution, are you seeing a significant slow down between 3.11 and 3.12?

Since it comes from a Python 3.12 bug, it seemed OK to keep the list() call, as it was still unusable without it and a fix is being worked on.

However, given that your case indicates the list() call is detrimental even for non-pathological files, I believe removing it is the right thing to do. @nedbat?

@sebastian-muthwill
Copy link

Without having it measured, I would say it was not longer than in 3.11. However I have only 53 tests so the impact is maybe not that big.

@devdanzin
Copy link
Contributor

Thinking about it, the use of @functools.lru_cache(maxsize=100) is probably what causes the leak: the lists use a lot more memory on 3.12 compared to 3.11 (because each Token keeps a new copy of the text of the line it's in), but should be garbage collected after being used. The cache would keep them around, inflating memory usage proportionally to the number/length of files in the report.

Which brings the question: is the removal of the list() call correct given presence of the cache? Wouldn't we be caching an exhausted iterator in that case?

@devdanzin
Copy link
Contributor

Confirmed that just removing the list() call causes many test failures. Removing both that call and the cache makes tests pass again.

Given that tokenizing seems much faster on 3.12 compared to 3.9 (and uses a lot more memory), maybe we could define coverage.phystokens.generate_tokens to be cached and call list() on versions below 3.12, with no cache and no list() call for 3.12 and above?

@0x78f1935
Copy link
Author

0x78f1935 commented May 27, 2024

There's a test you can run to check whether this is the issue we think it is. In coveragepy/coverage/phystokens.py, change the line:

 return list(tokenize.generate_tokens(readline))

To:

 return tokenize.generate_tokens(readline)

It should lessen the memory impact, if it's the same issue.

I've tested out your theory.

@functools.lru_cache(maxsize=100)
def generate_tokens(text: str) -> TokenInfos:
    """A cached version of `tokenize.generate_tokens`.

    When reporting, coverage.py tokenizes files twice, once to find the
    structure of the file, and once to syntax-color it.  Tokenizing is
    expensive, and easily cached.

    Unfortunately, the HTML report code tokenizes all the files the first time
    before then tokenizing them a second time, so we cache many.  Ideally we'd
    rearrange the code to tokenize each file twice before moving onto the next.
    """
    readline = io.StringIO(text).readline
    # return list(tokenize.generate_tokens(readline))
    return tokenize.generate_tokens(readline)

The behaviour of the end changed drastically.

  • My memory is stable around 20-25%, around 270MB in memory.
  • My tests look to be stuck at 100%, but like you mentioned, It just takes bit longer now.
  • My tests finish and I have my html report (after an awfully long time, I had to wait for more then 10 minutes).

I think your issue might be related, yes!

My current run command looks like pytest --exitfirst -vs --junitxml htmlcov/pytest.xml --cov --cov-report html and consists of 42 tests.

Since it is not reproduceable with a fresh installation, I could imagine it has maybe something to do with the amount of tests run?

I don't think that is the case, while I was stripping down to a reproducable version I was able to walk against this issue with just one test.

are you seeing a significant slow down between 3.11 and 3.12?

I would say 3.11 is significant faster in comparison. Which is weird, cause wasn't 3.12 suppose to be 40% faster?
With 3.11 you can get yourself coffee, with 3.12 you can get yourself coffee and get yourself a french baguette in French, and return safely home. It takes very long.

Thinking about it, the use of @functools.lru_cache(maxsize=100) is probably what causes the leak:

Lets test it:

# @functools.lru_cache(maxsize=100)
def generate_tokens(text: str) -> TokenInfos:
    """A cached version of `tokenize.generate_tokens`.

    When reporting, coverage.py tokenizes files twice, once to find the
    structure of the file, and once to syntax-color it.  Tokenizing is
    expensive, and easily cached.

    Unfortunately, the HTML report code tokenizes all the files the first time
    before then tokenizing them a second time, so we cache many.  Ideally we'd
    rearrange the code to tokenize each file twice before moving onto the next.
    """
    readline = io.StringIO(text).readline
    return list(tokenize.generate_tokens(readline))
    # return tokenize.generate_tokens(readline)

This causes the same issue to arrise. Memoryleak.

I'll try without list foor good meassure.

# @functools.lru_cache(maxsize=100)
def generate_tokens(text: str) -> TokenInfos:
    """A cached version of `tokenize.generate_tokens`.

    When reporting, coverage.py tokenizes files twice, once to find the
    structure of the file, and once to syntax-color it.  Tokenizing is
    expensive, and easily cached.

    Unfortunately, the HTML report code tokenizes all the files the first time
    before then tokenizing them a second time, so we cache many.  Ideally we'd
    rearrange the code to tokenize each file twice before moving onto the next.
    """
    readline = io.StringIO(text).readline
    # return list(tokenize.generate_tokens(readline))
    return tokenize.generate_tokens(readline)

This seems to work, but it doesn't increase the speed. Just like the first attempt, it's stuck on 100%, memory is idle, takes a couple of minutes before html files start appearing. But it takes ages for it to complete.

@devdanzin You beat me too it :P , Thank you for your research!

@0x78f1935
Copy link
Author

I think I've found my (big) class which might cause the memory leak. It's a serializer..:
image
The test seems to be stuck at 100%, but at the moment it was rounding up. I saw the cities file be generated as html file. The size of that file exceeds 8MB. Guess how many statements that class houses? 24914

Is this something I should solve my side, (which I obviously should), but is this something coverage is going to account for?

Before cities class:
image

After reducing the class:

image
image

5 Whole minutes to generate 1 (big) file. That is a long time.

Meanwhile generating typescript classess based on those serializers works within seconds.

@nedbat
Copy link
Owner

nedbat commented May 28, 2024

Very odd that tokenize makes new copies of the line for every token. That seems unnecessary. I wrote a CPython issue about it: python/cpython#119654

@nedbat
Copy link
Owner

nedbat commented May 28, 2024

I did some quick experiments with both many-line files and very-long-line files, and found that on both 3.11 and 3.12 it was faster to not cache and to not use list(), so I've removed them in commit b666f3a.

@nedbat nedbat closed this as completed May 28, 2024
@nedbat nedbat added performance Something is too slow fixed and removed needs triage labels May 28, 2024
@nedbat
Copy link
Owner

nedbat commented May 28, 2024

This is now released as part of coverage 7.5.3.

renovate bot referenced this issue in allenporter/flux-local May 28, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [coverage](https://github.com/nedbat/coveragepy) | `==7.5.2` ->
`==7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.2/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.2/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://github.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/flux-local).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
allenporter referenced this issue in allenporter/pyrainbird Jun 2, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [coverage](https://github.com/nedbat/coveragepy) | `==7.5.2` ->
`==7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.2/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.2/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://github.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/pyrainbird).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
github-merge-queue bot referenced this issue in canonical/charmcraft Jun 10, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [coverage](https://github.com/nedbat/coveragepy) | `==7.5.1` ->
`==7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [cryptography](https://github.com/pyca/cryptography)
([changelog](https://cryptography.io/en/latest/changelog/)) | `==42.0.7`
-> `==42.0.8` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/cryptography/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/cryptography/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/cryptography/42.0.7/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/cryptography/42.0.7/42.0.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [freezegun](https://github.com/spulec/freezegun)
([changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG))
| `==1.5.0` -> `==1.5.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/freezegun/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/freezegun/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/freezegun/1.5.0/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/freezegun/1.5.0/1.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [platformdirs](https://github.com/platformdirs/platformdirs) |
`==4.2.1` -> `==4.2.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/platformdirs/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/platformdirs/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/platformdirs/4.2.1/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/platformdirs/4.2.1/4.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://github.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

###
[`v7.5.2`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://github.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://github.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://github.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://github.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

<details>
<summary>pyca/cryptography (cryptography)</summary>

###
[`v42.0.8`](https://github.com/pyca/cryptography/compare/42.0.7...42.0.8)

[Compare
Source](https://github.com/pyca/cryptography/compare/42.0.7...42.0.8)

</details>

<details>
<summary>spulec/freezegun (freezegun)</summary>

###
[`v1.5.1`](https://github.com/spulec/freezegun/blob/HEAD/CHANGELOG#151)

[Compare
Source](https://github.com/spulec/freezegun/compare/1.5.0...1.5.1)

-   Fix the typing of the `tick()` method, and improve it's behaviour.

</details>

<details>
<summary>platformdirs/platformdirs (platformdirs)</summary>

###
[`v4.2.2`](https://github.com/platformdirs/platformdirs/releases/tag/4.2.2)

[Compare
Source](https://github.com/platformdirs/platformdirs/compare/4.2.1...4.2.2)

<!-- Release notes generated using configuration in .github/release.yml
at main -->

#### What's Changed

- Fix android detection when python4android is present by
[@&#8203;tmolitor-stud-tu](https://github.com/tmolitor-stud-tu) in
[https://github.com/platformdirs/platformdirs/pull/277](https://github.com/platformdirs/platformdirs/pull/277)

#### New Contributors

- [@&#8203;tmolitor-stud-tu](https://github.com/tmolitor-stud-tu) made
their first contribution in
[https://github.com/platformdirs/platformdirs/pull/277](https://github.com/platformdirs/platformdirs/pull/277)

**Full Changelog**:
tox-dev/platformdirs@4.2.1...4.2.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" in timezone Etc/UTC,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/canonical/charmcraft).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ddl-cedricyoung referenced this issue in dominodatalab/cucu Jun 20, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
|  |  | lockFileMaintenance | All locks refreshed |  |  |  |  |
| [bandit](https://bandit.readthedocs.io/)
([source](https://github.com/PyCQA/bandit),
[changelog](https://github.com/PyCQA/bandit/releases)) | dev | patch |
`1.7.8` -> `1.7.9` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/bandit/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/bandit/1.7.8/1.7.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [coverage](https://github.com/nedbat/coveragepy) | dependencies |
patch | `7.5.1` -> `7.5.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/coverage/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/coverage/7.5.1/7.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [importlib-metadata](https://github.com/python/importlib_metadata) |
dependencies | minor | `7.1.0` -> `7.2.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/importlib-metadata/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/importlib-metadata/7.1.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [jellyfish](https://github.com/jamesturk/jellyfish) | dependencies |
patch | `1.0.3` -> `1.0.4` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/jellyfish/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/jellyfish/1.0.3/1.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pytest](https://github.com/pytest-dev/pytest)
([changelog](https://docs.pytest.org/en/stable/changelog.html)) | dev |
patch | `8.2.0` -> `8.2.2` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pytest/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest/8.2.0/8.2.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [requests](https://requests.readthedocs.io)
([source](https://github.com/psf/requests),
[changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) |
dependencies | minor | `2.31.0` -> `2.32.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.31.0/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [ruff](https://docs.astral.sh/ruff)
([source](https://github.com/astral-sh/ruff),
[changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md))
| dev | patch | `0.4.4` -> `0.4.10` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/ruff/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/ruff/0.4.4/0.4.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [selenium](https://www.selenium.dev) | dependencies | minor | `4.20.0`
-> `4.21.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/selenium/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/selenium/4.20.0/4.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [tenacity](https://github.com/jd/tenacity) | dependencies | minor |
`8.3.0` -> `8.4.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/tenacity/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/tenacity/8.3.0/8.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

🔧 This Pull Request updates lock files to use the latest dependency
versions.

---

### Release Notes

<details>
<summary>PyCQA/bandit (bandit)</summary>

### [`v1.7.9`](https://github.com/PyCQA/bandit/releases/tag/1.7.9)

[Compare
Source](https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9)

#### What's Changed

- Bump docker/build-push-action from 5.1.0 to 5.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1117](https://github.com/PyCQA/bandit/pull/1117)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1119](https://github.com/PyCQA/bandit/pull/1119)
- New logo for Bandit based on raccoon by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1121](https://github.com/PyCQA/bandit/pull/1121)
- Start testing on Python 3.13 by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1122](https://github.com/PyCQA/bandit/pull/1122)
- Bump docker/build-push-action from 5.2.0 to 5.3.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1123](https://github.com/PyCQA/bandit/pull/1123)
- Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1124](https://github.com/PyCQA/bandit/pull/1124)
- Bump docker/login-action from 3.0.0 to 3.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1125](https://github.com/PyCQA/bandit/pull/1125)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1126](https://github.com/PyCQA/bandit/pull/1126)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1127](https://github.com/PyCQA/bandit/pull/1127)
- Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1130](https://github.com/PyCQA/bandit/pull/1130)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1131](https://github.com/PyCQA/bandit/pull/1131)
- Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1132](https://github.com/PyCQA/bandit/pull/1132)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1133](https://github.com/PyCQA/bandit/pull/1133)
- Updates banner logo so it renders well in dark mode by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1134](https://github.com/PyCQA/bandit/pull/1134)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1135](https://github.com/PyCQA/bandit/pull/1135)
- Add a sponsor section to README by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1137](https://github.com/PyCQA/bandit/pull/1137)
- Ensure sarif extra is included as part of doc build by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1139](https://github.com/PyCQA/bandit/pull/1139)
- Bump docker/login-action from 3.1.0 to 3.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1142](https://github.com/PyCQA/bandit/pull/1142)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1143](https://github.com/PyCQA/bandit/pull/1143)
- \[pre-commit.ci] pre-commit autoupdate by
[@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) in
[https://github.com/PyCQA/bandit/pull/1145](https://github.com/PyCQA/bandit/pull/1145)
- Guard against empty call argument list by
[@&#8203;ericwb](https://github.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1146](https://github.com/PyCQA/bandit/pull/1146)
- Bump docker/build-push-action from 5.3.0 to 5.4.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1144](https://github.com/PyCQA/bandit/pull/1144)
- Support `configfile` in `.bandit` file by
[@&#8203;bersbersbers](https://github.com/bersbersbers) in
[https://github.com/PyCQA/bandit/pull/1052](https://github.com/PyCQA/bandit/pull/1052)

#### New Contributors

- [@&#8203;pre-commit-ci](https://github.com/pre-commit-ci) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1119](https://github.com/PyCQA/bandit/pull/1119)
- [@&#8203;bersbersbers](https://github.com/bersbersbers) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1052](https://github.com/PyCQA/bandit/pull/1052)

**Full Changelog**:
PyCQA/bandit@1.7.8...1.7.9

</details>

<details>
<summary>nedbat/coveragepy (coverage)</summary>

###
[`v7.5.3`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-753--2024-05-28)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.2...7.5.3)

- Performance improvements for combining data files, especially when
measuring
line coverage. A few different quadratic behaviors were eliminated. In
one
extreme case of combining 700+ data files, the time dropped from more
than
three hours to seven minutes. Thanks for Kraken Tech for funding the
fix.

- Performance improvements for generating HTML reports, with a side
benefit of
reducing memory use, closing `issue 1791`\_. Thanks to Daniel Diniz for
    helping to diagnose the problem.

.. \_issue
1791:[https://github.com/nedbat/coveragepy/issues/1791](https://github.com/nedbat/coveragepy/issues/1791)1

.. \_changes\_7-5-2:

###
[`v7.5.2`](https://github.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-752--2024-05-24)

[Compare
Source](https://github.com/nedbat/coveragepy/compare/7.5.1...7.5.2)

- Fix: nested matches of exclude patterns could exclude too much code,
as
    reported in `issue 1779`\_.  This is now fixed.

- Changed: previously, coverage.py would consider a module docstring to
be an
executable statement if it appeared after line 1 in the file, but not
executable if it was the first line. Now module docstrings are never
counted
as executable statements. This can change coverage.py's count of the
number
of statements in a file, which can slightly change the coverage
percentage
    reported.

- In the HTML report, the filter term and "hide covered" checkbox
settings are
remembered between viewings, thanks to `Daniel Diniz <pull 1776_>`\_.

-   Python 3.13.0b1 is supported.

- Fix: parsing error handling is improved to ensure bizarre source files
are
handled gracefully, and to unblock oss-fuzz fuzzing, thanks to `Liam
DeVoe <pull 1788_>`*. Closes `issue 1787`*.

.. \_pull
1776:[https://github.com/nedbat/coveragepy/pull/1776](https://github.com/nedbat/coveragepy/pull/1776)6
.. \_issue
1779[https://github.com/nedbat/coveragepy/issues/1779](https://github.com/nedbat/coveragepy/issues/1779)79
.. \_issue
178[https://github.com/nedbat/coveragepy/issues/1787](https://github.com/nedbat/coveragepy/issues/1787)787
.. \_pull
17[https://github.com/nedbat/coveragepy/pull/1788](https://github.com/nedbat/coveragepy/pull/1788)1788

.. \_changes\_7-5-1:

</details>

<details>
<summary>python/importlib_metadata (importlib-metadata)</summary>

###
[`v7.2.0`](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.0)

[Compare
Source](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.0)

</details>

<details>
<summary>jamesturk/jellyfish (jellyfish)</summary>

###
[`v1.0.4`](https://github.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4)

[Compare
Source](https://github.com/jamesturk/jellyfish/compare/v1.0.3...v1.0.4)

</details>

<details>
<summary>pytest-dev/pytest (pytest)</summary>

###
[`v8.2.2`](https://github.com/pytest-dev/pytest/releases/tag/8.2.2)

[Compare
Source](https://github.com/pytest-dev/pytest/compare/8.2.1...8.2.2)

# pytest 8.2.2 (2024-06-04)

## Bug Fixes

- [#&#8203;12355](https://github.com/pytest-dev/pytest/issues/12355):
Fix possible catastrophic performance slowdown on a certain
parametrization pattern involving many higher-scoped parameters.
- [#&#8203;12367](https://github.com/pytest-dev/pytest/issues/12367):
Fix a regression in pytest 8.2.0 where unittest class instances (a fresh
one is created for each test) were not released promptly on test
teardown but only on session teardown.
- [#&#8203;12381](https://github.com/pytest-dev/pytest/issues/12381):
Fix possible "Directory not empty" crashes arising from concurent cache
dir (`.pytest_cache`) creation. Regressed in pytest 8.2.0.

## Improved Documentation

- [#&#8203;12290](https://github.com/pytest-dev/pytest/issues/12290):
Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode
theme.
- [#&#8203;12356](https://github.com/pytest-dev/pytest/issues/12356):
Added a subsection to the documentation for debugging flaky tests to
mention
    lack of thread safety in pytest as a possible source of flakyness.
- [#&#8203;12363](https://github.com/pytest-dev/pytest/issues/12363):
The documentation webpages now links to a canonical version to reduce
outdated documentation in search engine results.

###
[`v8.2.1`](https://github.com/pytest-dev/pytest/releases/tag/8.2.1)

[Compare
Source](https://github.com/pytest-dev/pytest/compare/8.2.0...8.2.1)

# pytest 8.2.1 (2024-05-19)

## Improvements

- [#&#8203;12334](https://github.com/pytest-dev/pytest/issues/12334):
Support for Python 3.13 (beta1 at the time of writing).

## Bug Fixes

- [#&#8203;12120](https://github.com/pytest-dev/pytest/issues/12120):
Fix \[PermissionError]{.title-ref} crashes arising from directories
which are not selected on the command-line.
- [#&#8203;12191](https://github.com/pytest-dev/pytest/issues/12191):
Keyboard interrupts and system exits are now properly handled during the
test collection.
- [#&#8203;12300](https://github.com/pytest-dev/pytest/issues/12300):
Fixed handling of 'Function not implemented' error under squashfuse_ll,
which is a different way to say that the mountpoint is read-only.
- [#&#8203;12308](https://github.com/pytest-dev/pytest/issues/12308):
Fix a regression in pytest 8.2.0 where the permissions of
automatically-created `.pytest_cache` directories became `rwx------`
instead of the expected `rwxr-xr-x`.

## Trivial/Internal Changes

- [#&#8203;12333](https://github.com/pytest-dev/pytest/issues/12333):
pytest releases are now attested using the recent [Artifact
Attestation](https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/)
support from GitHub, allowing users to verify the provenance of pytest's
sdist and wheel artifacts.

</details>

<details>
<summary>psf/requests (requests)</summary>

###
[`v2.32.3`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2323-2024-05-29)

[Compare
Source](https://github.com/psf/requests/compare/v2.32.2...v2.32.3)

**Bugfixes**

- Fixed bug breaking the ability to specify custom SSLContexts in
sub-classes of
HTTPAdapter.
([#&#8203;6716](https://github.com/psf/requests/issues/6716))
- Fixed issue where Requests started failing to run on Python versions
compiled
without the `ssl` module.
([#&#8203;6724](https://github.com/psf/requests/issues/6724))

###
[`v2.32.2`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2322-2024-05-21)

[Compare
Source](https://github.com/psf/requests/compare/v2.32.1...v2.32.2)

**Deprecations**

-   To provide a more stable migration for custom HTTPAdapters impacted
    by the CVE changes in 2.32.0, we've renamed `_get_connection` to
    a new public API, `get_connection_with_tls_context`. Existing custom
    HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of
Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195.
([#&#8203;6710](https://github.com/psf/requests/issues/6710))

###
[`v2.32.1`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2321-2024-05-20)

[Compare
Source](https://github.com/psf/requests/compare/v2.32.0...v2.32.1)

**Bugfixes**

-   Add missing test certs to the sdist distributed on PyPI.

###
[`v2.32.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2320-2024-05-20)

[Compare
Source](https://github.com/psf/requests/compare/v2.31.0...v2.32.0)

**Security**

- Fixed an issue where setting `verify=False` on the first request from
a
Session will cause subsequent requests to the *same origin* to also
ignore
    cert verification, regardless of the value of `verify`.

(GHSA-9wx4-h78v-vm56)

**Improvements**

-   `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x.
([#&#8203;6667](https://github.com/psf/requests/issues/6667))
-   Requests now supports optional use of character detection
    (`chardet` or `charset_normalizer`) when repackaged or vendored.
    This enables `pip` and other projects to minimize their vendoring
    surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present.
([#&#8203;6702](https://github.com/psf/requests/issues/6702))

**Bugfixes**

-   Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length.
([#&#8203;6589](https://github.com/psf/requests/issues/6589))
- Fixed deserialization bug in JSONDecodeError.
([#&#8203;6629](https://github.com/psf/requests/issues/6629))
-   Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI.
([#&#8203;6644](https://github.com/psf/requests/issues/6644))

**Deprecations**

- Requests has officially added support for CPython 3.12
([#&#8203;6503](https://github.com/psf/requests/issues/6503))
- Requests has officially added support for PyPy 3.9 and 3.10
([#&#8203;6641](https://github.com/psf/requests/issues/6641))
- Requests has officially dropped support for CPython 3.7
([#&#8203;6642](https://github.com/psf/requests/issues/6642))
- Requests has officially dropped support for PyPy 3.7 and 3.8
([#&#8203;6641](https://github.com/psf/requests/issues/6641))

**Documentation**

-   Various typo fixes and doc improvements.

**Packaging**

-   Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist.
([#&#8203;6506](https://github.com/psf/requests/issues/6506))
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build
system
using `hatchling`. This should not impact the average user, but
extremely old
versions of packaging utilities may have issues with the new packaging
format.

</details>

<details>
<summary>astral-sh/ruff (ruff)</summary>

###
[`v0.4.10`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#0410)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.9...v0.4.10)

##### Parser

- Implement re-lexing logic for better error recovery
([#&#8203;11845](https://github.com/astral-sh/ruff/pull/11845))

##### Rule changes

- \[`flake8-copyright`] Update `CPY001` to check the first 4096 bytes
instead of 1024
([#&#8203;11927](https://github.com/astral-sh/ruff/pull/11927))
- \[`pycodestyle`] Update `E999` to show all syntax errors instead of
just the first one
([#&#8203;11900](https://github.com/astral-sh/ruff/pull/11900))

##### Server

- Add tracing setup guide to Helix documentation
([#&#8203;11883](https://github.com/astral-sh/ruff/pull/11883))
- Add tracing setup guide to Neovim documentation
([#&#8203;11884](https://github.com/astral-sh/ruff/pull/11884))
- Defer notebook cell deletion to avoid an error message
([#&#8203;11864](https://github.com/astral-sh/ruff/pull/11864))

##### Security

- Guard against malicious ecosystem comment artifacts
([#&#8203;11879](https://github.com/astral-sh/ruff/pull/11879))

###
[`v0.4.9`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#049)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.8...v0.4.9)

##### Preview features

- \[`pylint`] Implement `consider-dict-items` (`C0206`)
([#&#8203;11688](https://github.com/astral-sh/ruff/pull/11688))
- \[`refurb`] Implement `repeated-global` (`FURB154`)
([#&#8203;11187](https://github.com/astral-sh/ruff/pull/11187))

##### Rule changes

- \[`pycodestyle`] Adapt fix for `E203` to work identical to `ruff
format`
([#&#8203;10999](https://github.com/astral-sh/ruff/pull/10999))

##### Formatter

- Fix formatter instability for lines only consisting of zero-width
characters
([#&#8203;11748](https://github.com/astral-sh/ruff/pull/11748))

##### Server

- Add supported commands in server capabilities
([#&#8203;11850](https://github.com/astral-sh/ruff/pull/11850))
- Use real file path when available in `ruff server`
([#&#8203;11800](https://github.com/astral-sh/ruff/pull/11800))
- Improve error message when a command is run on an unavailable document
([#&#8203;11823](https://github.com/astral-sh/ruff/pull/11823))
- Introduce the `ruff.printDebugInformation` command
([#&#8203;11831](https://github.com/astral-sh/ruff/pull/11831))
- Tracing system now respects log level and trace level, with options to
log to a file
([#&#8203;11747](https://github.com/astral-sh/ruff/pull/11747))

##### CLI

- Handle non-printable characters in diff view
([#&#8203;11687](https://github.com/astral-sh/ruff/pull/11687))

##### Bug fixes

- \[`refurb`] Avoid suggesting starmap when arguments are used outside
call (`FURB140`)
([#&#8203;11830](https://github.com/astral-sh/ruff/pull/11830))
- \[`flake8-bugbear`] Avoid panic in `B909` when checking large loop
blocks ([#&#8203;11772](https://github.com/astral-sh/ruff/pull/11772))
- \[`refurb`] Fix misbehavior of `operator.itemgetter` when getter param
is a tuple (`FURB118`)
([#&#8203;11774](https://github.com/astral-sh/ruff/pull/11774))

###
[`v0.4.8`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#048)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.7...v0.4.8)

##### Performance

- Linter performance has been improved by around 10% on some
microbenchmarks by refactoring the lexer and parser to maintain
synchronicity between them
([#&#8203;11457](https://github.com/astral-sh/ruff/pull/11457))

##### Preview features

- \[`flake8-bugbear`] Implement `return-in-generator` (`B901`)
([#&#8203;11644](https://github.com/astral-sh/ruff/pull/11644))
- \[`flake8-pyi`] Implement `PYI063`
([#&#8203;11699](https://github.com/astral-sh/ruff/pull/11699))
- \[`pygrep_hooks`] Check blanket ignores via file-level pragmas
(`PGH004`)
([#&#8203;11540](https://github.com/astral-sh/ruff/pull/11540))

##### Rule changes

- \[`pyupgrade`] Update `UP035` for Python 3.13 and the latest version
of `typing_extensions`
([#&#8203;11693](https://github.com/astral-sh/ruff/pull/11693))
- \[`numpy`] Update `NPY001` rule for NumPy 2.0
([#&#8203;11735](https://github.com/astral-sh/ruff/pull/11735))

##### Server

- Formatting a document with syntax problems no longer spams a visible
error popup
([#&#8203;11745](https://github.com/astral-sh/ruff/pull/11745))

##### CLI

- Add RDJson support for `--output-format` flag
([#&#8203;11682](https://github.com/astral-sh/ruff/pull/11682))

##### Bug fixes

- \[`pyupgrade`] Write empty string in lieu of panic when fixing `UP032`
([#&#8203;11696](https://github.com/astral-sh/ruff/pull/11696))
- \[`flake8-simplify`] Simplify double negatives in `SIM103`
([#&#8203;11684](https://github.com/astral-sh/ruff/pull/11684))
- Ensure the expression generator adds a newline before `type`
statements
([#&#8203;11720](https://github.com/astral-sh/ruff/pull/11720))
- Respect per-file ignores for blanket and redirected noqa rules
([#&#8203;11728](https://github.com/astral-sh/ruff/pull/11728))

###
[`v0.4.7`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#047)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.6...v0.4.7)

##### Preview features

- \[`flake8-pyi`] Implement `PYI064`
([#&#8203;11325](https://github.com/astral-sh/ruff/pull/11325))
- \[`flake8-pyi`] Implement `PYI066`
([#&#8203;11541](https://github.com/astral-sh/ruff/pull/11541))
- \[`flake8-pyi`] Implement `PYI057`
([#&#8203;11486](https://github.com/astral-sh/ruff/pull/11486))
- \[`pyflakes`] Enable `F822` in `__init__.py` files by default
([#&#8203;11370](https://github.com/astral-sh/ruff/pull/11370))

##### Formatter

- Fix incorrect placement of trailing stub function comments
([#&#8203;11632](https://github.com/astral-sh/ruff/pull/11632))

##### Server

- Respect file exclusions in `ruff server`
([#&#8203;11590](https://github.com/astral-sh/ruff/pull/11590))
- Add support for documents not exist on disk
([#&#8203;11588](https://github.com/astral-sh/ruff/pull/11588))
- Add Vim and Kate setup guide for `ruff server`
([#&#8203;11615](https://github.com/astral-sh/ruff/pull/11615))

##### Bug fixes

- Avoid removing newlines between docstring headers and rST blocks
([#&#8203;11609](https://github.com/astral-sh/ruff/pull/11609))
- Infer indentation with imports when logical indent is absent
([#&#8203;11608](https://github.com/astral-sh/ruff/pull/11608))
- Use char index rather than position for indent slice
([#&#8203;11645](https://github.com/astral-sh/ruff/pull/11645))
- \[`flake8-comprehension`] Strip parentheses around generators in
`C400` ([#&#8203;11607](https://github.com/astral-sh/ruff/pull/11607))
- Mark `repeated-isinstance-calls` as unsafe on Python 3.10 and later
([#&#8203;11622](https://github.com/astral-sh/ruff/pull/11622))

###
[`v0.4.6`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#046)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.5...v0.4.6)

##### Breaking changes

- Use project-relative paths when calculating GitLab fingerprints
([#&#8203;11532](https://github.com/astral-sh/ruff/pull/11532))

##### Preview features

- \[`flake8-async`] Sleep with >24 hour interval should usually sleep
forever (`ASYNC116`)
([#&#8203;11498](https://github.com/astral-sh/ruff/pull/11498))

##### Rule changes

- \[`numpy`] Add missing functions to NumPy 2.0 migration rule
([#&#8203;11528](https://github.com/astral-sh/ruff/pull/11528))
- \[`mccabe`] Consider irrefutable pattern similar to `if .. else` for
`C901` ([#&#8203;11565](https://github.com/astral-sh/ruff/pull/11565))
- Consider `match`-`case` statements for `C901`, `PLR0912`, and
`PLR0915`
([#&#8203;11521](https://github.com/astral-sh/ruff/pull/11521))
- Remove empty strings when converting to f-string (`UP032`)
([#&#8203;11524](https://github.com/astral-sh/ruff/pull/11524))
- \[`flake8-bandit`] `request-without-timeout` should warn for
`requests.request`
([#&#8203;11548](https://github.com/astral-sh/ruff/pull/11548))
- \[`flake8-self`] Ignore sunder accesses in `flake8-self` rules
([#&#8203;11546](https://github.com/astral-sh/ruff/pull/11546))
- \[`pyupgrade`] Lint for `TypeAliasType` usages (`UP040`)
([#&#8203;11530](https://github.com/astral-sh/ruff/pull/11530))

##### Server

- Respect excludes in `ruff server` configuration discovery
([#&#8203;11551](https://github.com/astral-sh/ruff/pull/11551))
- Use default settings if initialization options is empty or not
provided
([#&#8203;11566](https://github.com/astral-sh/ruff/pull/11566))
- `ruff server` correctly treats `.pyi` files as stub files
([#&#8203;11535](https://github.com/astral-sh/ruff/pull/11535))
- `ruff server` searches for configuration in parent directories
([#&#8203;11537](https://github.com/astral-sh/ruff/pull/11537))
- `ruff server`: An empty code action filter no longer returns notebook
source actions
([#&#8203;11526](https://github.com/astral-sh/ruff/pull/11526))

##### Bug fixes

- \[`flake8-logging-format`] Fix autofix title in `logging-warn`
(`G010`)
([#&#8203;11514](https://github.com/astral-sh/ruff/pull/11514))
- \[`refurb`] Avoid recommending `operator.itemgetter` with dependence
on lambda arguments
([#&#8203;11574](https://github.com/astral-sh/ruff/pull/11574))
- \[`flake8-simplify`] Avoid recommending context manager in `__enter__`
implementations
([#&#8203;11575](https://github.com/astral-sh/ruff/pull/11575))
- Create intermediary directories for `--output-file`
([#&#8203;11550](https://github.com/astral-sh/ruff/pull/11550))
- Propagate reads on global variables
([#&#8203;11584](https://github.com/astral-sh/ruff/pull/11584))
- Treat all `singledispatch` arguments as runtime-required
([#&#8203;11523](https://github.com/astral-sh/ruff/pull/11523))

###
[`v0.4.5`](https://github.com/astral-sh/ruff/blob/HEAD/CHANGELOG.md#045)

[Compare
Source](https://github.com/astral-sh/ruff/compare/v0.4.4...v0.4.5)

##### Ruff's language server is now in Beta

`v0.4.5` marks the official Beta release of `ruff server`, an integrated
language server built into Ruff.
`ruff server` supports the same feature set as `ruff-lsp`, powering
linting, formatting, and
code fixes in Ruff's editor integrations -- but with superior
performance and
no installation required. We'd love your feedback!

You can enable `ruff server` in the [VS Code
extension](https://github.com/astral-sh/ruff-vscode?tab=readme-ov-file#enabling-the-rust-based-language-server)
today.

To read more about this exciting milestone, check out our [blog
post](https://astral.sh/blog/ruff-v0.4.5)!

##### Rule changes

- \[`flake8-future-annotations`] Reword
`future-rewritable-type-annotation` (`FA100`) message
([#&#8203;11381](https://github.com/astral-sh/ruff/pull/11381))
- \[`pycodestyle`] Consider soft keywords for `E27` rules
([#&#8203;11446](https://github.com/astral-sh/ruff/pull/11446))
- \[`pyflakes`] Recommend adding unused import bindings to `__all__`
([#&#8203;11314](https://github.com/astral-sh/ruff/pull/11314))
- \[`pyflakes`] Update documentation and deprecate
`ignore_init_module_imports`
([#&#8203;11436](https://github.com/astral-sh/ruff/pull/11436))
- \[`pyupgrade`] Mark quotes as unnecessary for non-evaluated
annotations
([#&#8203;11485](https://github.com/astral-sh/ruff/pull/11485))

##### Formatter

- Avoid multiline quotes warning with `quote-style = preserve`
([#&#8203;11490](https://github.com/astral-sh/ruff/pull/11490))

##### Server

- Support Jupyter Notebook files
([#&#8203;11206](https://github.com/astral-sh/ruff/pull/11206))
- Support `noqa` comment code actions
([#&#8203;11276](https://github.com/astral-sh/ruff/pull/11276))
- Fix automatic configuration reloading
([#&#8203;11492](https://github.com/astral-sh/ruff/pull/11492))
- Fix several issues with configuration in Neovim and Helix
([#&#8203;11497](https://github.com/astral-sh/ruff/pull/11497))

##### CLI

- Add `--output-format` as a CLI option for `ruff config`
([#&#8203;11438](https://github.com/astral-sh/ruff/pull/11438))

##### Bug fixes

- Avoid `PLE0237` for property with setter
([#&#8203;11377](https://github.com/astral-sh/ruff/pull/11377))
- Avoid `TCH005` for `if` stmt with `elif`/`else` block
([#&#8203;11376](https://github.com/astral-sh/ruff/pull/11376))
- Avoid flagging `__future__` annotations as required for non-evaluated
type annotations
([#&#8203;11414](https://github.com/astral-sh/ruff/pull/11414))
- Check for ruff executable in 'bin' directory as installed by 'pip
install --target'.
([#&#8203;11450](https://github.com/astral-sh/ruff/pull/11450))
- Sort edits prior to deduplicating in quotation fix
([#&#8203;11452](https://github.com/astral-sh/ruff/pull/11452))
- Treat escaped newline as valid sequence
([#&#8203;11465](https://github.com/astral-sh/ruff/pull/11465))
- \[`flake8-pie`] Preserve parentheses in `unnecessary-dict-kwargs`
([#&#8203;11372](https://github.com/astral-sh/ruff/pull/11372))
- \[`pylint`] Ignore `__slots__` with dynamic values
([#&#8203;11488](https://github.com/astral-sh/ruff/pull/11488))
- \[`pylint`] Remove `try` body from branch counting
([#&#8203;11487](https://github.com/astral-sh/ruff/pull/11487))
- \[`refurb`] Respect operator precedence in `FURB110`
([#&#8203;11464](https://github.com/astral-sh/ruff/pull/11464))

##### Documentation

- Add `--preview` to the README
([#&#8203;11395](https://github.com/astral-sh/ruff/pull/11395))
- Add Python 3.13 to list of allowed Python versions
([#&#8203;11411](https://github.com/astral-sh/ruff/pull/11411))
- Simplify Neovim setup documentation
([#&#8203;11489](https://github.com/astral-sh/ruff/pull/11489))
- Update CONTRIBUTING.md to reflect the new parser
([#&#8203;11434](https://github.com/astral-sh/ruff/pull/11434))
- Update server documentation with new migration guide
([#&#8203;11499](https://github.com/astral-sh/ruff/pull/11499))
- \[`pycodestyle`] Clarify motivation for `E713` and `E714`
([#&#8203;11483](https://github.com/astral-sh/ruff/pull/11483))
- \[`pyflakes`] Update docs to describe WAI behavior (F541)
([#&#8203;11362](https://github.com/astral-sh/ruff/pull/11362))
- \[`pylint`] Clearly indicate what is counted as a branch
([#&#8203;11423](https://github.com/astral-sh/ruff/pull/11423))

</details>

<details>
<summary>jd/tenacity (tenacity)</summary>

### [`v8.4.1`](https://github.com/jd/tenacity/releases/tag/8.4.1):
tenacity 8.4.1

[Compare Source](https://github.com/jd/tenacity/compare/8.4.0...8.4.1)

#### What's Changed

- Include `tenacity.asyncio` subpackage in release dist by
[@&#8203;cdce8p](https://github.com/cdce8p) in
[https://github.com/jd/tenacity/pull/474](https://github.com/jd/tenacity/pull/474)

**Full Changelog**: jd/tenacity@8.4.0...8.4.1

### [`v8.4.0`](https://github.com/jd/tenacity/releases/tag/8.4.0):
tenacity 8.4.0

[Compare Source](https://github.com/jd/tenacity/compare/8.3.0...8.4.0)

#### What's Changed

- Add async strategies by [@&#8203;hasier](https://github.com/hasier)
in
[https://github.com/jd/tenacity/pull/451](https://github.com/jd/tenacity/pull/451)
- Support Trio out-of-the-box by
[@&#8203;jakkdl](https://github.com/jakkdl) in
[https://github.com/jd/tenacity/pull/463](https://github.com/jd/tenacity/pull/463)

**Full Changelog**: jd/tenacity@8.3.0...8.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerebrotech/cucu).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working fixed performance Something is too slow
Projects
None yet
Development

No branches or pull requests

4 participants