Bump the pip group with 12 updates

[dependabot]

Bumps the pip group with 12 updates:

Package	From	To
fastapi	0.110.0	0.110.1
uvicorn	0.27.1	0.29.0
sentry-sdk	1.40.6	1.44.1
sqlalchemy	2.0.28	2.0.29
typing-extensions	4.10.0	4.11.0
pytest	8.0.2	8.1.1
pytest-cov	4.1.0	5.0.0
pytest-mock	3.12.0	3.14.0
black	24.2.0	24.3.0
pre-commit	3.6.2	3.7.0
respx	0.20.2	0.21.1
pytest-asyncio	0.23.5	0.23.6

Updates fastapi from 0.110.0 to 0.110.1

Release notes

Sourced from fastapi's releases.

0.110.1

Fixes

• 🐛 Fix parameterless Depends() with generics. PR #9479 by @​nzig.

Refactors

• ♻️ Update mypy. PR #11049 by @​k0t3n.
• ♻️ Simplify string format with f-strings in fastapi/applications.py. PR #11335 by @​igeni.

Upgrades

• ⬆️ Upgrade Starlette to >=0.37.2,<0.38.0, remove Starlette filterwarning for internal tests. PR #11266 by @​nothielf.

Docs

• 📝 Tweak docs and translations links and remove old docs translations. PR #11381 by @​tiangolo.
• ✏️ Fix typo in fastapi/security/oauth2.py. PR #11368 by @​shandongbinzhou.
• 📝 Update links to Pydantic docs to point to new website. PR #11328 by @​alejsdev.
• ✏️ Fix typo in docs/en/docs/tutorial/extra-models.md. PR #11329 by @​alejsdev.
• 📝 Update project-generation.md. PR #11326 by @​alejsdev.
• 📝 Update External Links. PR #11327 by @​alejsdev.
• 🔥 Remove link to Pydantic's benchmark, on other i18n pages.. PR #11224 by @​hirotoKirimaru.
• ✏️ Fix typos in docstrings. PR #11295 by @​davidhuser.
• 🛠️ Improve Node.js script in docs to generate TypeScript clients. PR #11293 by @​alejsdev.
• 📝 Update examples for tests to replace "inexistent" for "nonexistent". PR #11220 by @​Homesteady.
• 📝 Update python-multipart GitHub link in all docs from https://andrew-d.github.io/python-multipart/ to https://github.com/Kludex/python-multipart. PR #11239 by @​joshjhans.

Translations

• 🌐 Add German translation for docs/de/docs/tutorial/response-status-code.md. PR #10357 by @​nilslindemann.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/query-params.md. PR #3480 by @​jaystone776.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/body.md. PR #3481 by @​jaystone776.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/path-params.md. PR #3479 by @​jaystone776.
• 🌐 Update Chinese translation for docs/tutorial/body-fields.md. PR #3496 by @​jaystone776.
• 🌐 Update Chinese translation for docs/tutorial/extra-models.md. PR #3497 by @​jaystone776.
• 🌐 Add Japanese translation for docs/ja/docs/tutorial/metadata.md. PR #2667 by @​tokusumi.
• 🌐 Add German translation for docs/de/docs/contributing.md. PR #10487 by @​nilslindemann.
• 🌐 Update Japanese translation of docs/ja/docs/tutorial/query-params.md. PR #10808 by @​urushio.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/security/get-current-user.md. PR #3842 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/openapi-callbacks.md. PR #3825 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/extending-openapi.md. PR #3823 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/testing-dependencies.md. PR #3819 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/custom-request-and-route.md. PR #3816 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/external-links.md. PR #3833 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/templates.md. PR #3812 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/sub-applications.md. PR #3811 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/async-sql-databases.md. PR #3805 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/middleware.md. PR #3804 by @​jaystone776.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/dataclasses.md. PR #3803 by @​jaystone776.

... (truncated)

Commits

• 50a880b 🔖 Release version 0.110.1
• 5f96d7e 📝 Update release notes
• d3d9f60 ⬆ Bump actions/cache from 3 to 4 (#10988)
• 2016de0 📝 Update release notes
• c27439d 📝 Update release notes
• 5977417 📝 Update release notes
• eec612c 🐛 Fix parameterless Depends() with generics (#9479)
• 3c39b1c ⬆ Bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.14 (#11318)
• dce7c66 📝 Update release notes
• 7fb46ea ⬆ Bump pillow from 10.1.0 to 10.2.0 (#11011)
• Additional commits viewable in compare view

Updates uvicorn from 0.27.1 to 0.29.0

Release notes

Sourced from uvicorn's releases.

Version 0.29.0

Added

• Cooperative signal handling by @​maxfischer2781 in encode/uvicorn#1600

---

Full Changelog: encode/uvicorn@0.28.1...0.29.0

Version 0.28.1

Fixed

• Revert raise ClientDisconnected on HTTP (#2276)

---

Full Changelog: encode/uvicorn@0.28.0...0.28.1

Version 0.28.0

Added

• Raise ClientDisconnected on send() when client disconnected (#2220) 12/02/24

Fixed

• Except AttributeError on sys.stdin.fileno() for Windows IIS10 (#1947) 29/02/24
• Use X-Forwarded-Proto for WebSockets scheme when the proxy provides it (#2258) 01/03/24

---

Full Changelog: encode/uvicorn@0.27.1...0.28.0

Changelog

Sourced from uvicorn's changelog.

0.29.0 - 2024-03-19

Added

• Cooperative signal handling (#1600) 19/03/24

0.28.1 - 2024-03-19

Fixed

• Revert raise ClientDisconnected on HTTP (#2276) 19/03/24

0.28.0 - 2024-03-09

Added

• Raise ClientDisconnected on send() when client disconnected (#2220) 12/02/24

Fixed

• Except AttributeError on sys.stdin.fileno() for Windows IIS10 (#1947) 29/02/24
• Use X-Forwarded-Proto for WebSockets scheme when the proxy provides it (#2258) 01/03/24

Commits

• fe85206 Version 0.29.0 (#2279)
• 9e32e8e Cooperative signal handling (#1600)
• f73b8be Version 0.28.1 (#2277)
• 76a3812 Revert raise ClientDisconnected on HTTP (#2276) (#2276)
• a05ae64 Version 0.28.0 (#2269)
• 4a503d8 Change ruff rules (#2251)
• 0d4747e Use X-Forwarded-Proto for WebSockets scheme when the proxy provides it (#2258)
• 93897b5 Except AttributeError on sys.stdin.fileno() for Windows IIS10 (#1947)
• ed2d655 Bump cryptography from 42.0.2 to 42.0.4 (#2253)
• 1e5f1be Raise ClientDisconnected on send() when client disconnected (#2220)
• See full diff in compare view

Updates sentry-sdk from 1.40.6 to 1.44.1

Release notes

Sourced from sentry-sdk's releases.

1.44.1

Various fixes & improvements

• Make monitor async friendly (#2912) by @​sentrivana

  You can now decorate your async functions with the monitor decorator and they will correctly report their duration and completion status.

• Fixed Event | None runtime TypeError (#2928) by @​szokeasaurusrex

1.44.0

Various fixes & improvements

• ref: Define types at runtime (#2914) by @​szokeasaurusrex
• Explicit reexport of types (#2866) (#2913) by @​szokeasaurusrex
• feat(profiling): Add thread data to spans (#2843) by @​Zylphrex

1.43.0

Various fixes & improvements

• Add optional keep_alive (#2842) by @​sentrivana

  If you're experiencing frequent network issues between the SDK and Sentry, you can try turning on TCP keep-alive:

  import sentry_sdk
  sentry_sdk.init(
  # ...your usual settings...
  keep_alive=True,
  )

• Add support for Celery Redbeat cron tasks (#2643) by @​kwigley

  The SDK now supports the Redbeat scheduler in addition to the default Celery Beat scheduler for auto instrumenting crons. See the docs for more information about how to set this up.

• aws_event can be an empty list (#2849) by @​sentrivana

• Re-export Event in types.py (#2829) by @​szokeasaurusrex

• Small API docs improvement (#2828) by @​antonpirker

• Fixed OpenAI tests (#2834) by @​antonpirker

• Bump checkouts/data-schemas from ed078ed to 8232f17 (#2832) by @​dependabot

1.42.0

Various fixes & improvements

• New integration: OpenAI integration (#2791) by @​colin-sentry

  We added an integration for OpenAI to capture errors and also performance data when using the OpenAI Python SDK.

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

1.44.1

Various fixes & improvements

• Make monitor async friendly (#2912) by @​sentrivana

  You can now decorate your async functions with the monitor decorator and they will correctly report their duration and completion status.

• Fixed Event | None runtime TypeError (#2928) by @​szokeasaurusrex

1.44.0

Various fixes & improvements

• ref: Define types at runtime (#2914) by @​szokeasaurusrex
• Explicit reexport of types (#2866) (#2913) by @​szokeasaurusrex
• feat(profiling): Add thread data to spans (#2843) by @​Zylphrex

1.43.0

Various fixes & improvements

• Add optional keep_alive (#2842) by @​sentrivana

  If you're experiencing frequent network issues between the SDK and Sentry, you can try turning on TCP keep-alive:

  import sentry_sdk
  sentry_sdk.init(
  # ...your usual settings...
  keep_alive=True,
  )

• Add support for Celery Redbeat cron tasks (#2643) by @​kwigley

  The SDK now supports the Redbeat scheduler in addition to the default Celery Beat scheduler for auto instrumenting crons. See the docs for more information about how to set this up.

• aws_event can be an empty list (#2849) by @​sentrivana

• Re-export Event in types.py (#2829) by @​szokeasaurusrex

• Small API docs improvement (#2828) by @​antonpirker

• Fixed OpenAI tests (#2834) by @​antonpirker

• Bump checkouts/data-schemas from ed078ed to 8232f17 (#2832) by @​dependabot

... (truncated)

Commits

• f015268 Update CHANGELOG.md
• be0e196 release: 1.44.1
• 336f7d5 fix(types): Fixed Event | None runtime TypeError (#2928)
• fd8a9b2 Merge branch 'release/1.44.0'
• b742c45 feat(crons): Make monitor async friendly (#2912)
• 4d8db71 Update CHANGELOG.md
• a4e44fa release: 1.44.0
• 6c2eb53 ref: Define types at runtime (#2914)
• 790ee6a Explicit reexport of types (#2866) (#2913)
• 05d1e5c build(deps): bump checkouts/data-schemas from 8232f17 to 1e17eb5 (#2901)
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.28 to 2.0.29

Release notes

Sourced from sqlalchemy's releases.

2.0.29

Released: March 23, 2024

orm

• [orm] [usecase] Added support for the PEP 695 TypeAliasType construct as well as the python 3.12 native type keyword to work with ORM Annotated Declarative form when using these constructs to link to a PEP 593 Annotated container, allowing the resolution of the Annotated to proceed when these constructs are used in a _orm.Mapped typing container.

  References: #11130

• [orm] [bug] Fixed Declarative issue where typing a relationship using _orm.Relationship rather than _orm.Mapped would inadvertently pull in the "dynamic" relationship loader strategy for that attribute.

  References: #10611

• [orm] [bug] Fixed issue in ORM annotated declarative where using _orm.mapped_column() with an _orm.mapped_column.index or _orm.mapped_column.unique setting of False would be overridden by an incoming Annotated element that featured that parameter set to True, even though the immediate _orm.mapped_column() element is more specific and should take precedence. The logic to reconcile the booleans has been enhanced to accommodate a local value of False as still taking precedence over an incoming True value from the annotated element.

  References: #11091

• [orm] [bug] [regression] Fixed regression from version 2.0.28 caused by the fix for #11085 where the newer method of adjusting post-cache bound parameter values would interefere with the implementation for the _orm.subqueryload() loader option, which has some more legacy patterns in use internally, when the additional loader criteria feature were used with this loader option.

  References: #11173

engine

• [engine] [bug] Fixed issue in engine_insertmanyvalues feature where using a primary key column with an "inline execute" default generator such as an explicit Sequence with an explcit schema name, while at the same time using the _engine.Connection.execution_options.schema_translate_map

... (truncated)

Commits

• See full diff in compare view

Updates typing-extensions from 4.10.0 to 4.11.0

Release notes

Sourced from typing-extensions's releases.

4.11.0

Release 4.11.0 (April 5, 2024)

This feature release provides improvements to various recently added features, most importantly type parameter defaults (PEP 696).

There are no changes since 4.11.0rc1.

Changes since 4.10.0:

• Fix tests on Python 3.13.0a5. Patch by Jelle Zijlstra.
• Fix the runtime behavior of type parameters with defaults (PEP 696). Patch by Nadir Chowdhury.
• Fix minor discrepancy between error messages produced by typing and typing_extensions on Python 3.10. Patch by Jelle Zijlstra.
• When include_extra=False, get_type_hints() now strips ReadOnly from the annotation.

4.11.0rc1

• Fix tests on Python 3.13.0a5. Patch by Jelle Zijlstra.
• Fix the runtime behavior of type parameters with defaults (PEP 696). Patch by Nadir Chowdhury.
• Fix minor discrepancy between error messages produced by typing and typing_extensions on Python 3.10. Patch by Jelle Zijlstra.
• When include_extra=False, get_type_hints() now strips ReadOnly from the annotation.

Changelog

Sourced from typing-extensions's changelog.

Release 4.11.0 (April 5, 2024)

This feature release provides improvements to various recently added features, most importantly type parameter defaults (PEP 696).

There are no changes since 4.11.0rc1.

Release 4.11.0rc1 (March 24, 2024)

• Fix tests on Python 3.13.0a5. Patch by Jelle Zijlstra.
• Fix the runtime behavior of type parameters with defaults (PEP 696). Patch by Nadir Chowdhury.
• Fix minor discrepancy between error messages produced by typing and typing_extensions on Python 3.10. Patch by Jelle Zijlstra.
• When include_extra=False, get_type_hints() now strips ReadOnly from the annotation.

Commits

• d4d929d Prepare release 4.11.0 (#363)
• 94bec44 Prepare release 4.11.0rc1 (#362)
• 10648b6 Fix tests on 3.13.0a5 (#358)
• 8170fc7 Fix runtime behaviour of PEP 696 (#293)
• d34c389 Try to fix GH actions syntax (#355)
• d409ec9 Run CPython test suite in our CI (#353)
• 9d1689e Fix indentation in TypedDict docs (#352)
• 4fdc09d Third-party tests: don't run pydantic tests on pypy (#351)
• 3304a5f Stabilise third party tests (#348)
• c3dc681 Make sure that ReadOnly is removed when using `get_type_hints(include_extra...
• Additional commits viewable in compare view

Updates pytest from 8.0.2 to 8.1.1

Release notes

Sourced from pytest's releases.

8.1.1

pytest 8.1.1 (2024-03-08)

::: {.note} ::: {.title} Note :::

This release is not a usual bug fix release -- it contains features and improvements, being a follow up to 8.1.0, which has been yanked from PyPI. :::

Features

• #11475: Added the new consider_namespace_packages{.interpreted-text role="confval"} configuration option, defaulting to False.

  If set to True, pytest will attempt to identify modules that are part of namespace packages when importing modules.

• #11653: Added the new verbosity_test_cases{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity. See Fine-grained verbosity <pytest.fine_grained_verbosity>{.interpreted-text role="ref"} for more details.

Improvements

• #10865: pytest.warns{.interpreted-text role="func"} now validates that warnings.warn{.interpreted-text role="func"} was called with a [str]{.title-ref} or a [Warning]{.title-ref}. Currently in Python it is possible to use other types, however this causes an exception when warnings.filterwarnings{.interpreted-text role="func"} is used to filter those warnings (see [CPython #103577](python/cpython#103577) for a discussion). While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.

• #11311: When using --override-ini for paths in invocations without a configuration file defined, the current working directory is used as the relative directory.

  Previoulsy this would raise an AssertionError{.interpreted-text role="class"}.

• #11475: --import-mode=importlib <import-mode-importlib>{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :pysys.path{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.

  This means that installed packages will be imported under their canonical name if possible first, for example app.core.models, instead of having the module name always be derived from their path (for example .env310.lib.site_packages.app.core.models).

• #11801: Added the iter_parents() <_pytest.nodes.Node.iter_parents>{.interpreted-text role="func"} helper method on nodes. It is similar to listchain <_pytest.nodes.Node.listchain>{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.

• #11850: Added support for sys.last_exc{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.

• #11962: In case no other suitable candidates for configuration file are found, a pyproject.toml (even without a [tool.pytest.ini_options] table) will be considered as the configuration file and define the rootdir.

• #11978: Add --log-file-mode option to the logging plugin, enabling appending to log-files. This option accepts either "w" or "a" and defaults to "w".

  Previously, the mode was hard-coded to be "w" which truncates the file before logging.

... (truncated)

Commits

• 81653ee Adjust changelog manually for 8.1.1
• e60b4b9 Prepare release version 8.1.1
• 15fbe57 [8.1.x] Revert legacy path removals (#12093)
• 86c3aab [8.1.x] Do not import duplicated modules with --importmode=importlib (#12077)
• 5b82b0c [8.1.x] Yank version 8.1.0 (#12076)
• 0a53681 Merge pull request #12054 from pytest-dev/release-8.1.0
• b9a167f Prepare release version 8.1.0
• 00043f7 Merge pull request #12038 from bluetech/fixtures-rm-arg2index
• f4e1025 Merge pull request #12048 from bluetech/fixture-teardown-excgroup
• 43492f5 Merge pull request #12051 from jakkdl/test_debugging_pythonbreakpoint
• Additional commits viewable in compare view

Updates pytest-cov from 4.1.0 to 5.0.0

Changelog

Sourced from pytest-cov's changelog.

5.0.0 (2024-03-24)

• Removed support for xdist rsync (now deprecated). Contributed by Matthias Reichenbach in [#623](https://github.com/pytest-dev/pytest-cov/issues/623) <https://github.com/pytest-dev/pytest-cov/pull/623>_.
• Switched docs theme to Furo.
• Various legacy Python cleanup and CI improvements. Contributed by Christian Clauss and Hugo van Kemenade in [#630](https://github.com/pytest-dev/pytest-cov/issues/630) <https://github.com/pytest-dev/pytest-cov/pull/630>, [#631](https://github.com/pytest-dev/pytest-cov/issues/631) <https://github.com/pytest-dev/pytest-cov/pull/631>, [#632](https://github.com/pytest-dev/pytest-cov/issues/632) <https://github.com/pytest-dev/pytest-cov/pull/632>_ and [#633](https://github.com/pytest-dev/pytest-cov/issues/633) <https://github.com/pytest-dev/pytest-cov/pull/633>_.
• Added a pyproject.toml example in the docs. Contributed by Dawn James in [#626](https://github.com/pytest-dev/pytest-cov/issues/626) <https://github.com/pytest-dev/pytest-cov/pull/626>_.
• Modernized project's pre-commit hooks to use ruff. Initial POC contributed by Christian Clauss in [#584](https://github.com/pytest-dev/pytest-cov/issues/584) <https://github.com/pytest-dev/pytest-cov/pull/584>_.

Commits

• 5295ce0 Bump version: 4.1.0 → 5.0.0
• 1181b06 Update changelog.
• 9757222 Fix a minor grammar error (#636)
• 9f5cd81 Cleanup releasing instructions. Closes #616.
• 93b5047 Add test for pyproject.toml loading without explicit --cov-config. Ref #508.
• ff50860 docs: add config instructions for pyproject.toml.
• 4a5a4b5 Keep GitHub Actions up to date with GitHub's Dependabot
• 1d7f559 Fix or remove URLs that are causing docs tests to fail
• 6a5af8e Update changelog.
• d9fe8df Switch to furo. Closes #618.
• Additional commits viewable in compare view

Updates pytest-mock from 3.12.0 to 3.14.0

Release notes

Sourced from pytest-mock's releases.

v3.14.0

• #415: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.
• #420: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

v3.13.0

• #417: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
• pytest-mock now requires pytest>=6.2.5.
• #410: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly for alternatives.

Changelog

Sourced from pytest-mock's changelog.

3.14.0 (2024-03-21)

• [#415](https://github.com/pytest-dev/pytest-mock/issues/415) <https://github.com/pytest-dev/pytest-mock/pull/415>_: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.

• [#420](https://github.com/pytest-dev/pytest-mock/issues/420) <https://github.com/pytest-dev/pytest-mock/issues/420>_: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

3.13.0 (2024-03-21)

• [#417](https://github.com/pytest-dev/pytest-mock/issues/417) <https://github.com/pytest-dev/pytest-mock/pull/417>_: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
• pytest-mock now requires pytest>=6.2.5.
• [#410](https://github.com/pytest-dev/pytest-mock/issues/410) <https://github.com/pytest-dev/pytest-mock/pull/410>: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary> for alternatives.

Commits

• 8733134 Update CHANGELOG for 3.14.0
• 5257e3c Refactor MockCache to have a narrow interface
• 4faf92a Fix regression with mocker.patch not being undone correctly
• 6bd8712 Drop pre-Python 3.8 support code
• 366966b Export MockType/AsyncMockType for type annotations (#415)
• 852116b Merge pull request #418 from pytest-dev/release-3.13.0
• ef9461b Add instructions on how to start deploy from command-line
• 5b9d285 Release 3.13.0
• 6d5d6dc Implement spy_return_list (#417)
• dc28a0e [pre-commit.ci] pre-commit autoupdate (#416)
• Additional commits viewable in compare view

Updates black from 24.2.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates pre-commit from 3.6.2 to 3.7.0

Release notes

Sourced from pre-commit's releases.

pre-commit v3.7.0

Features

• Use a tty for docker and docker_image hooks when --color is specified.
  • #3122 PR by @​glehmann.

Fixes

• Fix fail_fast for individual hooks stopping when previous hooks had failed.
  • #3167 issue by @​tp832944.
  • #3168 PR by @​asottile.

Updating

• The per-hook behaviour of fail_fast was fixed. If you want the pre-3.7.0 behaviour, add fail_fast: true to all hooks before the last fail_fast hook.

Changelog

Sourced from pre-commit's changelog.

3.7.0 - 2024-03-24

Features

• Use a tty for docker and docker_image hooks when --color is specified.
  • #3122 PR by @​glehmann.

Fixes

• Fix fail_fast for individual hooks stopping when previous hooks had failed.
  • #3167 issue by @​tp832944.
  • #3168 PR by @​asottile.

Updating

• The per-hook behaviour of fail_fast was fixed. If you want the pre-3.7.0 behaviour, add fail_fast: true to all hooks before the last fail_fast hook.

Commits

• 7b4667e v3.7.0
• d46c8fc Merge pull request #3168 from pre-commit/fix-fail-fast
• fc62215 fix per-hook fail_fast to not fail on previous failures
• 716da1e Merge pull request #3155 from pre-commit/pre-commit-ci-update-config
• 0939c11 [pre-commit.ci] pre-commit autoupdate
• 3bdf9fb Merge pull request #3150 from pre-commit/pre-commit-ci-update-config
• 75b3e52 [pre-commit.ci] pre-commit autoupdate
• 5e11c26 Merge pull request #3122 from glehmann/docker-tty
• e580096 give docker a tty output when expecting color
• 7b868c3 Merge pull request #3132 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates respx from 0.20.2 to 0.21.1

Release notes

Sourced from respx's releases.

Version 0.21.1

0.21.1 (27th March 2024)

Fixed

• Fix files pattern not handling str and BytesIO, thanks @​pierremonico for input (

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud