Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump the dependencies group with 3 updates (#136)
Bumps the dependencies group with 3 updates: [bandit[toml]](https://github.com/PyCQA/bandit), [mypy](https://github.com/python/mypy) and [pytest](https://github.com/pytest-dev/pytest). Updates `bandit[toml]` from 1.7.7 to 1.7.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyCQA/bandit/releases">bandit[toml]'s releases</a>.</em></p> <blockquote> <h2>1.7.8</h2> <h2>What's Changed</h2> <ul> <li>Incorrect tag naming in readme by <a href="https://github.com/lukehinds"><code>@lukehinds</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1105">PyCQA/bandit#1105</a></li> <li>Utilize PyPI's trusted publishing by <a href="https://github.com/ericwb"><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1107">PyCQA/bandit#1107</a></li> <li>Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1109">PyCQA/bandit#1109</a></li> <li>Add 1.7.7 to versions of bug template by <a href="https://github.com/ericwb"><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1110">PyCQA/bandit#1110</a></li> <li>Use datetime to avoid updating copyright year by <a href="https://github.com/ericwb"><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1112">PyCQA/bandit#1112</a></li> <li>filter data is safe for tarfile extractall by <a href="https://github.com/etienneschalk"><code>@etienneschalk</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1111">PyCQA/bandit#1111</a></li> <li>Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1115">PyCQA/bandit#1115</a></li> <li>[B605] Add functions that are vulnerable to shell injection. by <a href="https://github.com/shihai1991"><code>@shihai1991</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1116">PyCQA/bandit#1116</a></li> <li>Add a SARIF output formatter by <a href="https://github.com/ericwb"><code>@ericwb</code></a> in <a href="https://redirect.github.com/PyCQA/bandit/pull/1113">PyCQA/bandit#1113</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/etienneschalk"><code>@etienneschalk</code></a> made their first contribution in <a href="https://redirect.github.com/PyCQA/bandit/pull/1111">PyCQA/bandit#1111</a></li> <li><a href="https://github.com/shihai1991"><code>@shihai1991</code></a> made their first contribution in <a href="https://redirect.github.com/PyCQA/bandit/pull/1116">PyCQA/bandit#1116</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8">https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyCQA/bandit/commit/22b4226078b041a16bf05163347a66ab4dbcf3a5"><code>22b4226</code></a> Add a SARIF output formatter (<a href="https://redirect.github.com/PyCQA/bandit/issues/1113">#1113</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/b603dce79aefe794ce6a0531cb191a45f4e52e01"><code>b603dce</code></a> [B605] Add functions that are vulnerable to shell injection. (<a href="https://redirect.github.com/PyCQA/bandit/issues/1116">#1116</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/a682a18af59ee7bccbeb8591637a31845be62c15"><code>a682a18</code></a> Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1115">#1115</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/c8d5f77b35ffac67a04cf94d8279c6b5c833c667"><code>c8d5f77</code></a> filter data is safe for tarfile extractall (<a href="https://redirect.github.com/PyCQA/bandit/issues/1111">#1111</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/e041e1216cf86f978614689fcf9e2d180db9c388"><code>e041e12</code></a> Use datetime to avoid updating copyright year (<a href="https://redirect.github.com/PyCQA/bandit/issues/1112">#1112</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/5b16b6a832a7f1dbdb38f0c61ea2f882852d4594"><code>5b16b6a</code></a> Add 1.7.7 to versions of bug template (<a href="https://redirect.github.com/PyCQA/bandit/issues/1110">#1110</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/858bfd882e25b6c936b56f71398f2dddb7cc95d2"><code>858bfd8</code></a> Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (<a href="https://redirect.github.com/PyCQA/bandit/issues/1109">#1109</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/be5d6ace29e30bc21593f02a0466426cebdc24a2"><code>be5d6ac</code></a> Utilize PyPI's trusted publishing (<a href="https://redirect.github.com/PyCQA/bandit/issues/1107">#1107</a>)</li> <li><a href="https://github.com/PyCQA/bandit/commit/c3a07e5ee7d45b73dcac1843052dacb8a4fc6fc6"><code>c3a07e5</code></a> Incorrect tag naming in readme (<a href="https://redirect.github.com/PyCQA/bandit/issues/1105">#1105</a>)</li> <li>See full diff in <a href="https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8">compare view</a></li> </ul> </details> <br /> Updates `mypy` from 1.8.0 to 1.9.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h1>Mypy Release Notes</h1> <h2>Mypy 1.9</h2> <p>We’ve just uploaded mypy 1.9 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <h4>Breaking Changes</h4> <p>Because the version of typeshed we use in mypy 1.9 doesn't support 3.7, neither does mypy 1.9. (Jared Hance, PR <a href="https://redirect.github.com/python/mypy/pull/16883">16883</a>)</p> <p>We are planning to enable <a href="https://mypy.readthedocs.io/en/stable/command_line.html#cmdoption-mypy-local-partial-types">local partial types</a> (enabled via the <code>--local-partial-types</code> flag) later this year by default. This change was announced years ago, but now it's finally happening. This is a major backward-incompatible change, so we'll probably include it as part of the upcoming mypy 2.0 release. This makes daemon and non-daemon mypy runs have the same behavior by default.</p> <p>Local partial types can also be enabled in the mypy config file:</p> <pre><code>local_partial_types = True </code></pre> <p>We are looking at providing a tool to make it easier to migrate projects to use <code>--local-partial-types</code>, but it's not yet clear whether this is practical. The migration usually involves adding some explicit type annotations to module-level and class-level variables.</p> <h4>Basic Support for Type Parameter Defaults (PEP 696)</h4> <p>This release contains new experimental support for type parameter defaults (<a href="https://peps.python.org/pep-0696">PEP 696</a>). Please try it out! This feature was contributed by Marc Mueller.</p> <p>Since this feature will be officially introduced in the next Python feature release (3.13), you will need to import <code>TypeVar</code>, <code>ParamSpec</code> or <code>TypeVarTuple</code> from <code>typing_extensions</code> to use defaults for now.</p> <p>This example adapted from the PEP defines a default for <code>BotT</code>:</p> <pre lang="python"><code>from typing import Generic from typing_extensions import TypeVar <p>class Bot: ...</p> <p>BotT = TypeVar("BotT", bound=Bot, default=Bot) </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/5ff46f8b3706d005fabab2227ec84476d605bfd4"><code>5ff46f8</code></a> Remove +dev.</li> <li><a href="https://github.com/python/mypy/commit/155909ad1bde747d89fcd091621d7cd9b1e15818"><code>155909a</code></a> [Release 1.9] Unsupport targetting 3.7. (<a href="https://redirect.github.com/python/mypy/issues/16883">#16883</a>) (<a href="https://redirect.github.com/python/mypy/issues/16900">#16900</a>)</li> <li><a href="https://github.com/python/mypy/commit/6615cabe57c661114d0ed44784f67301619faadf"><code>6615cab</code></a> [Release 1.9] Stubtest: ignore a new protocol dunder (<a href="https://redirect.github.com/python/mypy/issues/16895">#16895</a>) (<a href="https://redirect.github.com/python/mypy/issues/16899">#16899</a>)</li> <li><a href="https://github.com/python/mypy/commit/b956e6a57c4dd36d670097a3eccf7dc092348fec"><code>b956e6a</code></a> stubtest: Private parameters can be omitted (<a href="https://redirect.github.com/python/mypy/issues/16507">#16507</a>)</li> <li><a href="https://github.com/python/mypy/commit/ede0b200a10186a095378516d840389f8da4edd4"><code>ede0b20</code></a> Bump ruff to 0.2.0 (<a href="https://redirect.github.com/python/mypy/issues/16870">#16870</a>)</li> <li><a href="https://github.com/python/mypy/commit/7bdd61f2d89ecd2cee4ebe6eb2375a72b29f0b10"><code>7bdd61f</code></a> stubgen: Fix crash on star unpack of TypeVarTuple (<a href="https://redirect.github.com/python/mypy/issues/16869">#16869</a>)</li> <li><a href="https://github.com/python/mypy/commit/8c2ef9dde8aa803e04038427ad84f09664d9d93f"><code>8c2ef9d</code></a> Update hashes in sync-typeshed.py following recent typeshed sync</li> <li><a href="https://github.com/python/mypy/commit/0dd4b6f7576be3d3857fecefb298decdf0711ac7"><code>0dd4b6f</code></a> Revert use of <code>ParamSpec</code> for <code>functools.wraps</code></li> <li><a href="https://github.com/python/mypy/commit/dd12a2d810f2bbe7a8686674397043b18575480f"><code>dd12a2d</code></a> Revert typeshed ctypes change</li> <li><a href="https://github.com/python/mypy/commit/d132999ba631b332d0684173897e5947591f4acc"><code>d132999</code></a> Revert sum literal integer change (<a href="https://redirect.github.com/python/mypy/issues/13961">#13961</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/mypy/compare/v1.8.0...1.9.0">compare view</a></li> </ul> </details> <br /> Updates `pytest` from 8.0.2 to 8.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>8.1.1</h2> <h1>pytest 8.1.1 (2024-03-08)</h1> <p>::: {.note} ::: {.title} Note :::</p> <p>This release is not a usual bug fix release -- it contains features and improvements, being a follow up to <code>8.1.0</code>, which has been yanked from PyPI. :::</p> <h2>Features</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11475">#11475</a>: Added the new <code>consider_namespace_packages</code>{.interpreted-text role="confval"} configuration option, defaulting to <code>False</code>.</p> <p>If set to <code>True</code>, pytest will attempt to identify modules that are part of <a href="https://packaging.python.org/en/latest/guides/packaging-namespace-packages">namespace packages</a> when importing modules.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11653">#11653</a>: Added the new <code>verbosity_test_cases</code>{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity. See <code>Fine-grained verbosity <pytest.fine_grained_verbosity></code>{.interpreted-text role="ref"} for more details.</p> </li> </ul> <h2>Improvements</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/10865">#10865</a>: <code>pytest.warns</code>{.interpreted-text role="func"} now validates that <code>warnings.warn</code>{.interpreted-text role="func"} was called with a [str]{.title-ref} or a [Warning]{.title-ref}. Currently in Python it is possible to use other types, however this causes an exception when <code>warnings.filterwarnings</code>{.interpreted-text role="func"} is used to filter those warnings (see [CPython <a href="https://redirect.github.com/pytest-dev/pytest/issues/103577">#103577</a>](<a href="https://redirect.github.com/python/cpython/issues/103577">python/cpython#103577</a>) for a discussion). While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11311">#11311</a>: When using <code>--override-ini</code> for paths in invocations without a configuration file defined, the current working directory is used as the relative directory.</p> <p>Previoulsy this would raise an <code>AssertionError</code>{.interpreted-text role="class"}.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11475">#11475</a>: <code>--import-mode=importlib <import-mode-importlib></code>{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :py<code>sys.path</code>{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.</p> <p>This means that installed packages will be imported under their canonical name if possible first, for example <code>app.core.models</code>, instead of having the module name always be derived from their path (for example <code>.env310.lib.site_packages.app.core.models</code>).</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11801">#11801</a>: Added the <code>iter_parents() <_pytest.nodes.Node.iter_parents></code>{.interpreted-text role="func"} helper method on nodes. It is similar to <code>listchain <_pytest.nodes.Node.listchain></code>{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11850">#11850</a>: Added support for <code>sys.last_exc</code>{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11962">#11962</a>: In case no other suitable candidates for configuration file are found, a <code>pyproject.toml</code> (even without a <code>[tool.pytest.ini_options]</code> table) will be considered as the configuration file and define the <code>rootdir</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/11978">#11978</a>: Add <code>--log-file-mode</code> option to the logging plugin, enabling appending to log-files. This option accepts either <code>"w"</code> or <code>"a"</code> and defaults to <code>"w"</code>.</p> <p>Previously, the mode was hard-coded to be <code>"w"</code> which truncates the file before logging.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/81653ee385f4c62ee7e64502a7b7530096553115"><code>81653ee</code></a> Adjust changelog manually for 8.1.1</li> <li><a href="https://github.com/pytest-dev/pytest/commit/e60b4b9ed80f761e3a51868a01338911a567b093"><code>e60b4b9</code></a> Prepare release version 8.1.1</li> <li><a href="https://github.com/pytest-dev/pytest/commit/15fbe57c44fed6737f5c6dad99cf4437b6755a6c"><code>15fbe57</code></a> [8.1.x] Revert legacy path removals (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12093">#12093</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/86c3aab005a98de7e12ee5e37782837f5db70ac3"><code>86c3aab</code></a> [8.1.x] Do not import duplicated modules with --importmode=importlib (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12077">#12077</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/5b82b0cd20c3adcc21f34ae30c595c7355a87e23"><code>5b82b0c</code></a> [8.1.x] Yank version 8.1.0 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/12076">#12076</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/0a536810dc5f51dac99bdb90dde06704b5aa034e"><code>0a53681</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12054">#12054</a> from pytest-dev/release-8.1.0</li> <li><a href="https://github.com/pytest-dev/pytest/commit/b9a167f9bbbd6eda4f0360c5bf5b7f5af50f2bc4"><code>b9a167f</code></a> Prepare release version 8.1.0</li> <li><a href="https://github.com/pytest-dev/pytest/commit/00043f7f1047b29fdaeb18e169fe9d6146988cb8"><code>00043f7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12038">#12038</a> from bluetech/fixtures-rm-arg2index</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f4e10251a4a003495b5228cea421d4de5fa0ce89"><code>f4e1025</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12048">#12048</a> from bluetech/fixture-teardown-excgroup</li> <li><a href="https://github.com/pytest-dev/pytest/commit/43492f5707b38dab9b62dfb829bb41a13579629f"><code>43492f5</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12051">#12051</a> from jakkdl/test_debugging_pythonbreakpoint</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/8.0.2...8.1.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
7d4d73c
commit dccd5d2