Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): Update dependency black to v24.3.0 #144

Merged
merged 1 commit into from
Mar 20, 2024
Merged

Conversation

cq-bot
Copy link
Contributor

@cq-bot cq-bot commented Mar 20, 2024

This PR contains the following updates:

Package Update Change
black (changelog) minor ==24.2.0 -> ==24.3.0

Release Notes

psf/black (black)

v24.3.0

Compare Source

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style
  • Don't move comments along with delimiters, which could cause crashes (#​4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
    of Black would incorrectly format the contents of certain unusual f-strings containing
    nested strings with the same quote type. Now, Black will crash on such strings until
    support for the new f-string syntax is implemented. (#​4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected
    (#​4273)
Performance
  • Fix catastrophic performance on docstrings that contain large numbers of leading tab
    characters. This fixes
    CVE-2024-21503.
    (#​4278)
Documentation
  • Note what happens when --check is used with --quiet (#​4236)

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@cq-bot cq-bot added the automerge Add to automerge PRs once requirements are met label Mar 20, 2024
@kodiakhq kodiakhq bot merged commit 6dd4cd1 into main Mar 20, 2024
5 checks passed
@kodiakhq kodiakhq bot deleted the renovate/black-24.x branch March 20, 2024 18:18
kodiakhq bot pushed a commit that referenced this pull request Mar 20, 2024
🤖 I have created a release *beep* *boop*
---


## [0.1.17](v0.1.16...v0.1.17) (2024-03-20)


### Bug Fixes

* **deps:** Update dependency black to v24.3.0 ([#144](#144)) ([6dd4cd1](6dd4cd1))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
automerge Add to automerge PRs once requirements are met
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants