New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace the PEP-386 parser for the more general PEP-440 #860

Merged
merged 4 commits into from Jun 29, 2018

Conversation

Projects
None yet
3 participants
@gaborbernat
Member

gaborbernat commented Jun 26, 2018

This means we drop the vendor and not really tested _verlib.py (PEP-386) in favour of a more general and battle-tested PEP-440 implementation of the packaging library (new install requires dependency).

Slight refactor of the functions affected to make them more readable.

@gaborbernat gaborbernat requested review from asottile and obestwalter Jun 26, 2018

@gaborbernat gaborbernat added this to the 3.1 milestone Jun 26, 2018

@gaborbernat gaborbernat force-pushed the gaborbernat:semver branch from 54d1396 to eadc907 Jun 26, 2018

Replace the PEP-386 parser for the more general PEP-440
This means we drop the vendore and not really tested _verlib.py
(PEP-386) in favour of a more battle-tested PEP-440 implementation
of the packaging library (new install requires dependency).

Slight refactor of the functions affected to make them more readable.

@gaborbernat gaborbernat force-pushed the gaborbernat:semver branch from eadc907 to a52ea6d Jun 26, 2018

setup.py Outdated
"pluggy >= 0.3.0, <1",
"six >= 1.0.0, <2",
"virtualenv >= 1.11.2",
"packaging >= 17.1",

This comment has been minimized.

@asottile

asottile Jun 26, 2018

Member

let's sort these since we're rewriting them in this PR

dep = dep.__class__(res)
deps.append(dep)
return deps
def _get_resolved_dependencies(self):

This comment has been minimized.

@asottile

asottile Jun 26, 2018

Member

I realize it's not a public interface, but this breaks at least this plugin

This comment has been minimized.

@gaborbernat

gaborbernat Jun 26, 2018

Member

Hmm, I was careful to not change anything that's public. If there's a need we should expose it as public, rather than encourage people using a private interface. 🤔

This comment has been minimized.

@asottile

asottile Jun 26, 2018

Member

let's not needlessly break this as part of this PR

This comment has been minimized.

@gaborbernat

gaborbernat Jun 26, 2018

Member

I find it hard to argue against breaking a private function. I'm inclined to break it just to force people not relying on it.

This comment has been minimized.

@asottile

asottile Jun 26, 2018

Member

I find it hard to advocate for:

  • renaming variables and functions unrelated to PR
  • needlessly breaking compatibility
  • invalidating git blame

if you were removing the function or changing its behaviour then fine, break compatibility -- but when there's no replacement, no migration pathway, and in a tox-dev plugin I can't see why you'd intentionally advocate for breaking something (that seems borderline malicious!)

This comment has been minimized.

@gaborbernat

gaborbernat Jun 26, 2018

Member

@asottile

Both the functions and variables are related to PR: I've refactored the code handling the dependency parsing: As part of the dependency parsing the version parsing is used and as such the version parser is invoked via the _getresolvedeps path.

Private functions are that private. They don't promise any compatibility. So there was no compatibility guarantee there in the first place.

Git blame has little value overall (especially given no one in the git blame are maintaining the library currently), compared to maintaining the library. Recently I've tried adding type information to the library, and the version library what we don't test was a major pain point to showcase an example. I value an easy to read code over maintainability any day. _getresolvedeps break at least snake case usage as far as readability goes.

I'm changing the behaviour ever so slightest, as note PEP-440 is a bit more permissive than PEP-338. Private functions are private, they don't need a migration path. That being said let's meet in the middle:

I've kept the private function as it was but made it deprecated. We'll remove later on. As migration path, you can use the public get_resolved_dependencies function in the future.

gaborbernat added some commits Jun 26, 2018

Fix test and move them over to a dedicated file
these tests are not bound to the cmdline
@codecov

This comment has been minimized.

codecov bot commented Jun 26, 2018

Codecov Report

Merging #860 into master will decrease coverage by <1%.
The diff coverage is 89%.

@@          Coverage Diff           @@
##           master   #860    +/-   ##
======================================
- Coverage      93%    92%   -<1%     
======================================
  Files          12     12            
  Lines        2326   2331     +5     
  Branches      408    408            
======================================
+ Hits         2153   2155     +2     
- Misses        107    110     +3     
  Partials       66     66
@asottile

This comment has been minimized.

Member

asottile commented Jun 26, 2018

I'd also comb through the official plugins and make PRs if you're going to change it -- breaking backward compatibility should not be taken lightly :)

@gaborbernat

This comment has been minimized.

Member

gaborbernat commented Jun 26, 2018

Both the functions and variables are related to PR: I've refactored the code handling the dependency parsing: As part of the dependency parsing the version parsing is used and as such the version parser is invoked via the _getresolvedeps path.

Private functions are that private. They don't promise any compatibility. So there was no compatibility guarantee there in the first place.

Git blame has little value overall (especially given no one in the git blame are maintaining the library currently), compared to maintaining the library. Recently I've tried adding type information to the library, and the version library what we don't test was a major pain point to showcase an example. I value an easy to read code over maintainability any day. _getresolvedeps break at least snake case usage as far as readability goes.

I'm changing the behaviour ever so slightest, as note PEP-440 is a bit more permissive than PEP-338 (e.g. 1.4.7dev is parsed as 1.4.7.dev0 instead of failing - given Python packages use the PEP-440 nowadays as version validator, such as in case of publishing to PyPi, I think the change is mandated). Private functions are private, they don't need a migration path. That being said let's meet in the middle:

I've kept the private function as it was but made it deprecated. We'll remove later on. As migration path, you can use the public get_resolved_dependencies function in the future.

@@ -45,41 +44,6 @@ def wait(self):
report.expect("logpopen")
def test__resolve_pkg(tmpdir, mocksession):

This comment has been minimized.

@gaborbernat

gaborbernat Jun 26, 2018

Member

This file at the moment is more or less a general collection of everything else. We'll slowly phase it out. For now I've just moved out tests related to the version parsing, that have nothing to do with the command line.

@gaborbernat gaborbernat force-pushed the gaborbernat:semver branch from 6115452 to 1e650f5 Jun 26, 2018

@gaborbernat gaborbernat merged commit fd7ae13 into tox-dev:master Jun 29, 2018

2 of 4 checks passed

codecov/patch 89% of diff hit (target 93%)
Details
codecov/project 92% (-<1%) compared to 88aa305
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@gaborbernat gaborbernat deleted the gaborbernat:semver branch Jun 29, 2018

@obestwalter

This comment has been minimized.

Member

obestwalter commented Jul 1, 2018

Nice one 👍

@gaborbernat, what's your opinion of the tests for this? Are we covering enough with the existing tests to be reasonably sure that this does not introduce any surprises? I did not have the time to have a closer look or even to check the branch out and play with it to look for potential problems, so I am merely curious at the moment.

@gaborbernat

This comment has been minimized.

Member

gaborbernat commented Jul 2, 2018

@obestwalter I think we're covering enough. That being said this might break some people; who were relying on the less permissive PEP-386 logic. E.g. 1.4.3dev now is accepted as 1.4.3dev0; while beforehand it failed. However, according to the latest PyPi rules, the aforementioned should be accepted as 1.4.3dev0, so I would consider this a bug fix.

@obestwalter

This comment has been minimized.

Member

obestwalter commented Jul 2, 2018

o.k. - how about adding a little warning about this in the changelog entry?

sfdye added a commit to pydanny/cookiecutter-django that referenced this pull request Jul 10, 2018

Update tox to 3.1.1 (#1715)
This PR updates [tox](https://pypi.org/project/tox) from **3.0.0** to **3.1.1**.



<details>
  <summary>Changelog</summary>
  
  
   ### 3.1.0
   ```
   ------------------

Bugfixes
^^^^^^^^

- Add ``ignore_basepython_conflict``, which determines whether conflicting
  ``basepython`` settings for environments containing default factors, such as
  ``py27`` or ``django18-py35``, should be ignored or result in warnings. This
  was a common source of misconfiguration and is rarely, if ever, desirable from
  a user perspective - by :user:`stephenfin` (`477 &lt;https://github.com/tox-dev/tox/issues/477&gt;`_)
- Fix bug with incorrectly defactorized dependencies (deps passed to pip were not de-factorized) - by :user:`bartsanchez` (`706 &lt;https://github.com/tox-dev/tox/issues/706&gt;`_)


Features
^^^^^^^^

- Add support for multiple PyPy versions using default factors. This allows you
  to use, for example, ``pypy27`` knowing that the correct intepreter will be
  used by default - by :user:`stephenfin` (`19 &lt;https://github.com/tox-dev/tox/issues/19&gt;`_)
- Add support to explicitly invoke interpreter directives for environments with
  long path lengths. In the event that ``tox`` cannot invoke scripts with a
  system-limited shebang (e.x. a Linux host running a Jenkins Pipeline), a user
  can set the environment variable ``TOX_LIMITED_SHEBANG`` to workaround the
  system&#39;s limitation (e.x. ``export TOX_LIMITED_SHEBANG=1``) - by :user:`jdknight` (`794 &lt;https://github.com/tox-dev/tox/issues/794&gt;`_)
- introduce a constants module to be used internally and as experimental API - by :user:`obestwalter` (`798 &lt;https://github.com/tox-dev/tox/issues/798&gt;`_)
- Make ``py2`` and ``py3`` aliases also resolve via ``py`` on windows by :user:`asottile`. This enables the following things:
  ``tox -e py2`` and ``tox -e py3`` work on windows (they already work on posix); and setting ``basepython=python2`` or ``basepython=python3`` now works on windows. (`856 &lt;https://github.com/tox-dev/tox/issues/856&gt;`_)
- Replace the internal version parsing logic from the not well tested `PEP-386 &lt;https://www.python.org/dev/peps/pep-0386/&gt;`_ parser for the more general `PEP-440 &lt;https://www.python.org/dev/peps/pep-0440/&gt;`_. `packaging &gt;= 17.1 &lt;https://pypi.org/project/packaging/&gt;`_ is now an install dependency by :user:`gaborbernat`. (`860 &lt;https://github.com/tox-dev/tox/issues/860&gt;`_)


Documentation
^^^^^^^^^^^^^

- extend the plugin documentation and make lot of small fixes and improvements - by :user:`obestwalter` (`797 &lt;https://github.com/tox-dev/tox/issues/797&gt;`_)
- tidy up tests - remove unused fixtures, update old cinstructs, etc. - by :user:`obestwalter` (`799 &lt;https://github.com/tox-dev/tox/issues/799&gt;`_)
- Various improvements to documentation: open browser once documentation generation is done, show Github/Travis info on documentation page, remove duplicate header for changelog, generate unreleased news as DRAFT on top of changelog, make the changelog page more compact and readable (width up to 1280px) by :user:`gaborbernat` (`859 &lt;https://github.com/tox-dev/tox/issues/859&gt;`_)


Miscellaneous
^^^^^^^^^^^^^

- filter out unwanted files in package - by :user:`obestwalter` (`754 &lt;https://github.com/tox-dev/tox/issues/754&gt;`_)
- make the already existing implicit API explicit - by :user:`obestwalter` (`800 &lt;https://github.com/tox-dev/tox/issues/800&gt;`_)
- improve tox quickstart and corresponding tests - by :user:`obestwalter` (`801 &lt;https://github.com/tox-dev/tox/issues/801&gt;`_)
- tweak codecov settings via .codecov.yml - by :user:`obestwalter` (`802 &lt;https://github.com/tox-dev/tox/issues/802&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/tox
  - Changelog: https://pyup.io/changelogs/tox/
  - Docs: https://tox.readthedocs.org/
</details>

sloria added a commit to sloria/doitlive that referenced this pull request Jul 15, 2018

Update tox to 3.1.2 (#56)
This PR updates [tox](https://pypi.org/project/tox) from **3.0.0** to **3.1.2**.



<details>
  <summary>Changelog</summary>
  
  
   ### 3.1.1
   ```
   ------------------

Bugfixes
^^^^^^^^

- PyPi documentation for ``3.1.0`` is broken. Added test to check for this, and
  fix it by :user:`gaborbernat`. (`879
  &lt;https://github.com/tox-dev/tox/issues/879&gt;`_)
   ```
   
  
  
   ### 3.1.0
   ```
   ------------------

Bugfixes
^^^^^^^^

- Add ``ignore_basepython_conflict``, which determines whether conflicting
  ``basepython`` settings for environments containing default factors, such as
  ``py27`` or ``django18-py35``, should be ignored or result in warnings. This
  was a common source of misconfiguration and is rarely, if ever, desirable from
  a user perspective - by :user:`stephenfin` (`477 &lt;https://github.com/tox-dev/tox/issues/477&gt;`_)
- Fix bug with incorrectly defactorized dependencies (deps passed to pip were not de-factorized) - by :user:`bartsanchez` (`706 &lt;https://github.com/tox-dev/tox/issues/706&gt;`_)


Features
^^^^^^^^

- Add support for multiple PyPy versions using default factors. This allows you
  to use, for example, ``pypy27`` knowing that the correct intepreter will be
  used by default - by :user:`stephenfin` (`19 &lt;https://github.com/tox-dev/tox/issues/19&gt;`_)
- Add support to explicitly invoke interpreter directives for environments with
  long path lengths. In the event that ``tox`` cannot invoke scripts with a
  system-limited shebang (e.x. a Linux host running a Jenkins Pipeline), a user
  can set the environment variable ``TOX_LIMITED_SHEBANG`` to workaround the
  system&#39;s limitation (e.x. ``export TOX_LIMITED_SHEBANG=1``) - by :user:`jdknight` (`794 &lt;https://github.com/tox-dev/tox/issues/794&gt;`_)
- introduce a constants module to be used internally and as experimental API - by :user:`obestwalter` (`798 &lt;https://github.com/tox-dev/tox/issues/798&gt;`_)
- Make ``py2`` and ``py3`` aliases also resolve via ``py`` on windows by :user:`asottile`. This enables the following things:
  ``tox -e py2`` and ``tox -e py3`` work on windows (they already work on posix); and setting ``basepython=python2`` or ``basepython=python3`` now works on windows. (`856 &lt;https://github.com/tox-dev/tox/issues/856&gt;`_)
- Replace the internal version parsing logic from the not well tested `PEP-386 &lt;https://www.python.org/dev/peps/pep-0386/&gt;`_ parser for the more general `PEP-440 &lt;https://www.python.org/dev/peps/pep-0440/&gt;`_. `packaging &gt;= 17.1 &lt;https://pypi.org/project/packaging/&gt;`_ is now an install dependency by :user:`gaborbernat`. (`860 &lt;https://github.com/tox-dev/tox/issues/860&gt;`_)


Documentation
^^^^^^^^^^^^^

- extend the plugin documentation and make lot of small fixes and improvements - by :user:`obestwalter` (`797 &lt;https://github.com/tox-dev/tox/issues/797&gt;`_)
- tidy up tests - remove unused fixtures, update old cinstructs, etc. - by :user:`obestwalter` (`799 &lt;https://github.com/tox-dev/tox/issues/799&gt;`_)
- Various improvements to documentation: open browser once documentation generation is done, show Github/Travis info on documentation page, remove duplicate header for changelog, generate unreleased news as DRAFT on top of changelog, make the changelog page more compact and readable (width up to 1280px) by :user:`gaborbernat` (`859 &lt;https://github.com/tox-dev/tox/issues/859&gt;`_)


Miscellaneous
^^^^^^^^^^^^^

- filter out unwanted files in package - by :user:`obestwalter` (`754 &lt;https://github.com/tox-dev/tox/issues/754&gt;`_)
- make the already existing implicit API explicit - by :user:`obestwalter` (`800 &lt;https://github.com/tox-dev/tox/issues/800&gt;`_)
- improve tox quickstart and corresponding tests - by :user:`obestwalter` (`801 &lt;https://github.com/tox-dev/tox/issues/801&gt;`_)
- tweak codecov settings via .codecov.yml - by :user:`obestwalter` (`802 &lt;https://github.com/tox-dev/tox/issues/802&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/tox
  - Changelog: https://pyup.io/changelogs/tox/
  - Docs: https://tox.readthedocs.org/
</details>

DmytroLitvinov added a commit to DmytroLitvinov/kuna that referenced this pull request Aug 6, 2018

Scheduled weekly dependency update for week 31 (#19)



### Update [pip](https://pypi.org/project/pip) from **10.0.1** to **18.0**.


<details>
  <summary>Changelog</summary>
  
  
   ### 18.0
   ```
   =================

Process
-------

- Switch to a Calendar based versioning scheme.
- Formally document our deprecation process as a minimum of 6 months of deprecation
  warnings.
- Adopt and document NEWS fragment writing style.
- Switch to releasing a new, non bug fix version of pip every 3 months.

Deprecations and Removals
-------------------------

- Remove the legacy format from pip list. (3651, 3654)
- Dropped support for Python 3.3. (3796)
- Remove support for cleaning up egg fragment postfixes. (4174)
- Remove the shim for the old get-pip.py location. (5520)

  For the past 2 years, it&#39;s only been redirecting users to use the newer
  https://bootstrap.pypa.io/get-pip.py location.

Features
--------

- Introduce a new --prefer-binary flag, to prefer older wheels over newer source packages. (3785)
- Improve autocompletion function on file name completion after options
  which have ``&lt;file&gt;``, ``&lt;dir&gt;`` or ``&lt;path&gt;`` as metavar. (4842, 5125)
- Add support for installing PEP 518 build dependencies from source. (5229)
- Improve status message when upgrade is skipped due to only-if-needed strategy. (5319)

Bug Fixes
---------

- Update pip&#39;s self-check logic to not use a virtualenv specific file and honor cache-dir. (3905)
- Remove compiled pyo files for wheel packages. (4471)
- Speed up printing of newly installed package versions. (5127)
- Restrict install time dependency warnings to directly-dependant packages. (5196, 5457)

  Warning about the entire package set has resulted in users getting confused as
  to why pip is printing these warnings.
- Improve handling of PEP 518 build requirements: support environment markers and extras. (5230, 5265)
- Remove username/password from log message when using index with basic auth. (5249)
- Remove trailing os.sep from PATH directories to avoid false negatives. (5293)
- Fix &quot;pip wheel pip&quot; being blocked by the &quot;don&#39;t use pip to modify itself&quot; check. (5311, 5312)
- Disable pip&#39;s version check (and upgrade message) when installed by a different package manager. (5346)

  This works better with Linux distributions where pip&#39;s upgrade message may
  result in users running pip in a manner that modifies files that should be
  managed by the OS&#39;s package manager.
- Check for file existence and unlink first when clobbering existing files during a wheel install. (5366)
- Improve error message to be more specific when no files are found as listed in as listed in PKG-INFO. (5381)
- Always read ``pyproject.toml`` as UTF-8. This fixes Unicode handling on Windows and Python 2. (5482)
- Fix a crash that occurs when PATH not set, while generating script location warning. (5558)
- Disallow packages with ``pyproject.toml`` files that have an empty build-system table. (5627)

Vendored Libraries
------------------

- Update CacheControl to 0.12.5.
- Update certifi to 2018.4.16.
- Update distro to 1.3.0.
- Update idna to 2.7.
- Update ipaddress to 1.0.22.
- Update pkg_resources to 39.2.0 (via setuptools).
- Update progress to 1.4.
- Update pytoml to 0.1.16.
- Update requests to 2.19.1.
- Update urllib3 to 1.23.

Improved Documentation
----------------------

- Document how to use pip with a proxy server. (512, 5574)
- Document that the output of pip show is in RFC-compliant mail header format. (5261)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pip
  - Changelog: https://pyup.io/changelogs/pip/
  - Homepage: https://pip.pypa.io/
</details>





### Update [tox](https://pypi.org/project/tox) from **3.0.0** to **3.1.3**.


<details>
  <summary>Changelog</summary>
  
  
   ### 3.1.2
   ```
   ------------------

Bugfixes
^^^^^^^^

- Revert &quot;Fix bug with incorrectly defactorized dependencies (`772 &lt;https://github.com/tox-dev/tox/issues/772&gt;`_)&quot; due to a regression (`(799) &lt;https://github.com/tox-dev/tox/issues/899&gt;`_) - by :user:`obestwalter`
   ```
   
  
  
   ### 3.1.1
   ```
   ------------------

Bugfixes
^^^^^^^^

- PyPi documentation for ``3.1.0`` is broken. Added test to check for this, and
  fix it by :user:`gaborbernat`. (`879
  &lt;https://github.com/tox-dev/tox/issues/879&gt;`_)
   ```
   
  
  
   ### 3.1.0
   ```
   ------------------

Bugfixes
^^^^^^^^

- Add ``ignore_basepython_conflict``, which determines whether conflicting
  ``basepython`` settings for environments containing default factors, such as
  ``py27`` or ``django18-py35``, should be ignored or result in warnings. This
  was a common source of misconfiguration and is rarely, if ever, desirable from
  a user perspective - by :user:`stephenfin` (`477 &lt;https://github.com/tox-dev/tox/issues/477&gt;`_)
- Fix bug with incorrectly defactorized dependencies (deps passed to pip were not de-factorized) - by :user:`bartsanchez` (`706 &lt;https://github.com/tox-dev/tox/issues/706&gt;`_)


Features
^^^^^^^^

- Add support for multiple PyPy versions using default factors. This allows you
  to use, for example, ``pypy27`` knowing that the correct intepreter will be
  used by default - by :user:`stephenfin` (`19 &lt;https://github.com/tox-dev/tox/issues/19&gt;`_)
- Add support to explicitly invoke interpreter directives for environments with
  long path lengths. In the event that ``tox`` cannot invoke scripts with a
  system-limited shebang (e.x. a Linux host running a Jenkins Pipeline), a user
  can set the environment variable ``TOX_LIMITED_SHEBANG`` to workaround the
  system&#39;s limitation (e.x. ``export TOX_LIMITED_SHEBANG=1``) - by :user:`jdknight` (`794 &lt;https://github.com/tox-dev/tox/issues/794&gt;`_)
- introduce a constants module to be used internally and as experimental API - by :user:`obestwalter` (`798 &lt;https://github.com/tox-dev/tox/issues/798&gt;`_)
- Make ``py2`` and ``py3`` aliases also resolve via ``py`` on windows by :user:`asottile`. This enables the following things:
  ``tox -e py2`` and ``tox -e py3`` work on windows (they already work on posix); and setting ``basepython=python2`` or ``basepython=python3`` now works on windows. (`856 &lt;https://github.com/tox-dev/tox/issues/856&gt;`_)
- Replace the internal version parsing logic from the not well tested `PEP-386 &lt;https://www.python.org/dev/peps/pep-0386/&gt;`_ parser for the more general `PEP-440 &lt;https://www.python.org/dev/peps/pep-0440/&gt;`_. `packaging &gt;= 17.1 &lt;https://pypi.org/project/packaging/&gt;`_ is now an install dependency by :user:`gaborbernat`. (`860 &lt;https://github.com/tox-dev/tox/issues/860&gt;`_)


Documentation
^^^^^^^^^^^^^

- extend the plugin documentation and make lot of small fixes and improvements - by :user:`obestwalter` (`797 &lt;https://github.com/tox-dev/tox/issues/797&gt;`_)
- tidy up tests - remove unused fixtures, update old cinstructs, etc. - by :user:`obestwalter` (`799 &lt;https://github.com/tox-dev/tox/issues/799&gt;`_)
- Various improvements to documentation: open browser once documentation generation is done, show Github/Travis info on documentation page, remove duplicate header for changelog, generate unreleased news as DRAFT on top of changelog, make the changelog page more compact and readable (width up to 1280px) by :user:`gaborbernat` (`859 &lt;https://github.com/tox-dev/tox/issues/859&gt;`_)


Miscellaneous
^^^^^^^^^^^^^

- filter out unwanted files in package - by :user:`obestwalter` (`754 &lt;https://github.com/tox-dev/tox/issues/754&gt;`_)
- make the already existing implicit API explicit - by :user:`obestwalter` (`800 &lt;https://github.com/tox-dev/tox/issues/800&gt;`_)
- improve tox quickstart and corresponding tests - by :user:`obestwalter` (`801 &lt;https://github.com/tox-dev/tox/issues/801&gt;`_)
- tweak codecov settings via .codecov.yml - by :user:`obestwalter` (`802 &lt;https://github.com/tox-dev/tox/issues/802&gt;`_)
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/tox
  - Changelog: https://pyup.io/changelogs/tox/
  - Docs: https://tox.readthedocs.org/
</details>





### Update [Sphinx](https://pypi.org/project/Sphinx) from **1.7.5** to **1.7.6**.


<details>
  <summary>Changelog</summary>
  
  
   ### 1.7.6
   ```
   ==============================

Dependencies
------------

Incompatible changes
--------------------

Deprecated
----------

Features added
--------------

Bugs fixed
----------

* 5037: LaTeX ``\sphinxupquote{}`` breaks in Russian
* sphinx.testing uses deprecated pytest API; ``Node.get_marker(name)``
* 5016: crashed when recommonmark.AutoStrictify is enabled
* 5022: latex: crashed with docutils package provided by Debian/Ubuntu
* 5009: latex: a label for table is vanished if table does not have a caption
* 5048: crashed with numbered toctree
* 2410: C, render empty argument lists for macros.
* C++, fix lookup of full template specializations with no template arguments.
* 4667: C++, fix assertion on missing references in global scope when using
  intersphinx. Thanks to Alan M. Carroll.
* 5019: autodoc: crashed by Form Feed Character
* 5032: autodoc: loses the first staticmethod parameter for old styled classes
* 5036: quickstart: Typing Ctrl-U clears the whole of line
* 5066: html: &quot;relations&quot; sidebar is not shown by default
* 5091: latex: curly braces in index entries are not handled correctly
* 5070: epub: Wrong internal href fragment links
* 5104: apidoc: Interface of ``sphinx.apidoc:main()`` has changed
* 5076: napoleon raises RuntimeError with python 3.7
* 5125: sphinx-build: Interface of ``sphinx:main()`` has changed
* sphinx-build: ``sphinx.cmd.build.main()`` refers ``sys.argv`` instead of given
  argument
* 5146: autosummary: warning is emitted when the first line of docstring ends
  with literal notation
* autosummary: warnings of autosummary indicates wrong location (refs: 5146)
* 5143: autodoc: crashed on inspecting dict like object which does not support
  sorting

Testing
--------
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/sphinx
  - Changelog: https://pyup.io/changelogs/sphinx/
  - Homepage: http://sphinx-doc.org/
</details>





### Update [cryptography](https://pypi.org/project/cryptography) from **2.2.2** to **2.3**.


<details>
  <summary>Changelog</summary>
  
  
   ### 2.3
   ```
   ~~~~~~~~~~~~~~~~

* **SECURITY ISSUE:**
  :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`
  allowed tag truncation by default which can allow tag forgery in some cases.
  The method now enforces the ``min_tag_length`` provided to the
  :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor.
  *CVE-2018-10903*
* Added support for Python 3.7.
* Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
  authenticated timestamp of a :doc:`Fernet &lt;/fernet&gt;` token.
* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
  We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
  ``cryptography`` release.
* Fixed multiple issues preventing ``cryptography`` from compiling against
  LibreSSL 2.7.x.
* Added
  :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number`
  for quick serial number searches in CRLs.
* The :class:`~cryptography.x509.RelativeDistinguishedName` class now
  preserves the order of attributes. Duplicate attributes now raise an error
  instead of silently discarding duplicates.
* :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and
  :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
  now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if
  the wrapped key is an invalid length, instead of ``ValueError``.

.. _v2-2-2:
   ```
   
  
</details>


 

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/cryptography
  - Changelog: https://pyup.io/changelogs/cryptography/
  - Repo: https://github.com/pyca/cryptography
</details>





### Update [PyYAML](https://pypi.org/project/PyYAML) from **3.12** to **3.13**.


*The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)*

<details>
  <summary>Links</summary>
  
  - PyPI: https://pypi.org/project/pyyaml
  - Homepage: http://pyyaml.org/wiki/PyYAML
</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment