Bump the python group across 1 directory with 15 updates

[dependabot]

Bumps the python group with 15 updates in the / directory:

Package	From	To
certifi	2024.2.2	2024.6.2
flask-caching	2.1.0	2.3.0
itsdangerous	2.1.2	2.2.0
jinja2	3.1.3	3.1.4
packaging	24.0	24.1
requests	2.31.0	2.32.3
typing-extensions	4.11.0	4.12.2
werkzeug	3.0.2	3.0.3
zipp	3.18.1	3.19.2
coverage	7.4.4	7.5.3
pytest	8.1.1	8.2.2
pylint	3.1.0	3.2.3
mypy	1.9.0	1.10.0
types-requests	2.31.0.20240406	2.32.0.20240602
types-setuptools	69.5.0.20240415	70.0.0.20240524

Updates certifi from 2024.2.2 to 2024.6.2

Commits

• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
• 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
• 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
• 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
• Additional commits viewable in compare view

Updates flask-caching from 2.1.0 to 2.3.0

Release notes

Sourced from flask-caching's releases.

2.3.0

https://github.com/pallets-eco/flask-caching/blob/v2.1.0/CHANGES.rst

2.2.0

https://github.com/pallets-eco/flask-caching/blob/v2.1.0/CHANGES.rst

Changelog

Sourced from flask-caching's changelog.

Version 2.3.0

Released 2024-05-04

• Added response_hit_indication flag to Cache.cached decorator for appending 'hit_cache' headers to responses, indicating cache hits.

Version 2.2.0

• Drop python 3.7 support
• python 3.11 officially supported
• Fix issue causing args_to_ignore to not work with flask_caching.Cache.memoize decorator when keyword arguments were used in the decorated function call

Commits

• dfacadd release 2.3.0 (#562)
• 59cf9af Hit cache indication (#532)
• c1b683c release-2.2.0 (#560)
• 67c34a0 Respect kwargs when args_to_ignore is set in memoize (#558)
• 6a2191a Update cache type names in index.rst (#547)
• 3c66171 Remove unused _get_prefix() method from RedisCache class. (#552)
• 7ec3ebd Drop py37 (#559)
• a367b9f Bump cryptography from 41.0.4 to 41.0.6 in /requirements (#549)
• See full diff in compare view

Updates itsdangerous from 2.1.2 to 2.2.0

Release notes

Sourced from itsdangerous's releases.

2.2.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.2.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

Changes: https://itsdangerous.palletsprojects.com/en/2.2.x/changes/#version-2-2-0 Milestone: https://github.com/pallets/itsdangerous/milestone/8?closed=1

• Drop support for Python 3.7.
• Use modern packaging metadata with pyproject.toml instead of setup.cfg.
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead.
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method.
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default.

Changelog

Sourced from itsdangerous's changelog.

Version 2.2.0

Released 2024-04-16

• Drop support for Python 3.7. :pr:372
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:326
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead. :issue:371
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method. :issue:347
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:375

Commits

• 096c8d4 release version 2.2.0
• 7f4dcf8 access sha1 lazily
• 93ae366 change entry for generic serializer
• 135eb23 Generic serializer (#377)
• 999ce7a Improve generic typing further
• 52890d7 improve generic typing
• 385c0eb type Serializer as generic (#374)
• 01001c6 type Serializer as generic
• bc88e94 improve typing (#373)
• 69a3bca improve typing
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates packaging from 24.0 to 24.1

Release notes

Sourced from packaging's releases.

24.1

What's Changed

• pyupgrade/black/isort/flake8 → ruff by @​DimitriPapadopoulos in pypa/packaging#769
• Add support for Python 3.13 and drop EOL 3.7 by @​hugovk in pypa/packaging#783
• Bump the github-actions group with 4 updates by @​dependabot in pypa/packaging#782
• Fix typo in _parser docstring by @​pradyunsg in pypa/packaging#784
• Modernise type annotations using FA rules from ruff by @​pradyunsg in pypa/packaging#785
• Document markers.default_environment() by @​edgarrmondragon in pypa/packaging#753
• Bump the github-actions group with 3 updates by @​dependabot in pypa/packaging#789
• Work around platform.python_version() returning non PEP 440 compliant version for non-tagged CPython builds by @​sbidoul in pypa/packaging#802

New Contributors

• @​dependabot made their first contribution in pypa/packaging#782
• @​edgarrmondragon made their first contribution in pypa/packaging#753

Full Changelog: pypa/packaging@24.0...24.1

Changelog

Sourced from packaging's changelog.

24.1 - 2024-06-10

No unreleased changes.

Commits

• 85442b8 Bump for release
• 3e67fc7 Work around platform.python_version() returning non PEP 440 compliant versi...
• 32deafe Bump the github-actions group with 3 updates (#789)
• e0dda88 Document markers.default_environment() (#753)
• cc938f9 Modernise type annotations using FA rules from ruff (#785)
• 757f559 Fix typo in _parser docstring (#784)
• ec9f203 Bump the github-actions group with 4 updates (#782)
• 5cbe1e4 Add support for Python 3.13 and drop EOL 3.7 (#783)
• cb8fd38 pyupgrade/black/isort/flake8 → ruff (#769)
• e8002b1 Bump for development
• See full diff in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates typing-extensions from 4.11.0 to 4.12.2

Release notes

Sourced from typing-extensions's releases.

4.12.2

• Fix regression in v4.12.0 where specialization of certain generics with an overridden __eq__ method would raise errors. Patch by Jelle Zijlstra.
• Fix tests so they pass on 3.13.0b2

4.12.1

• Preliminary changes for compatibility with the draft implementation of PEP 649 in Python 3.14. Patch by Jelle Zijlstra.
• Fix regression in v4.12.0 where nested Annotated types would cause TypeError to be raised if the nested Annotated type had unhashable metadata. Patch by Alex Waygood.

4.12.0

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

There is a single change since 4.12.0rc1:

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Changes included in 4.12.0rc1:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.
  • Fix bug in PEP-696 implementation where a default value for a ParamSpec

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.12.2 (June 7, 2024)

• Add typing_extensions.get_annotations, a backport of inspect.get_annotations that adds features specified by PEP 649. Patch by Jelle Zijlstra.
• Fix regression in v4.12.0 where specialization of certain generics with an overridden __eq__ method would raise errors. Patch by Jelle Zijlstra.
• Fix tests so they pass on 3.13.0b2

Release 4.12.1 (June 1, 2024)

• Preliminary changes for compatibility with the draft implementation of PEP 649 in Python 3.14. Patch by Jelle Zijlstra.
• Fix regression in v4.12.0 where nested Annotated types would cause TypeError to be raised if the nested Annotated type had unhashable metadata. Patch by Alex Waygood.

Release 4.12.0 (May 23, 2024)

This release is mostly the same as 4.12.0rc1 but fixes one more longstanding bug.

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Release 4.12.0rc1 (May 16, 2024)

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

Full changelog:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None

... (truncated)

Commits

• e1250ff Prepare release 4.12.2 (#426)
• 53bcdde Avoid error if origin has a buggy eq (#422)
• 7269638 Prepare release 4.12.1 (#418)
• 8dfcf3c Fix TypeError on nested Annotated types where the inner type has unhashab...
• d76f591 Switch from flake8 to ruff (#414)
• 920d60d Support my PEP 649 branch (#412)
• e792bce Ignore fewer flake8 rules when linting tests (#413)
• f90a8dc Prepare release 4.12.0 (#408)
• 118e1a6 Make sure isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) is u...
• 910141a Add security documentation (#403)
• Additional commits viewable in compare view

Updates werkzeug from 3.0.2 to 3.0.3

Release notes

Sourced from werkzeug's releases.

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
• Make reloader more robust when "" is in sys.path. #2823
• Better TLS cert format with adhoc dev certs. #2891
• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828
• Type annotation for Rule.endpoint and other uses of endpoint is Any. #2836

Changelog

Sourced from werkzeug's changelog.

Version 3.0.3

Released 2024-05-05

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:2g68-c3qc-8985

• Make reloader more robust when "" is in sys.path. :pr:2823

• Better TLS cert format with adhoc dev certs. :pr:2891

• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:2828

• Type annotation for Rule.endpoint and other uses of endpoint is Any. :issue:2836

• Make reloader more robust when "" is in sys.path. :pr:2823

Commits

• f9995e9 release version 3.0.3
• 3386395 Merge pull request from GHSA-2g68-c3qc-8985
• 890b6b6 only require trusted host for evalex
• 71b69df restrict debugger trusted hosts
• d2d3869 endpoint type is Any (#2895)
• 7080b55 endpoint type is Any
• 7555eff remove iri_to_uri redirect workaround (#2894)
• 97fb2f7 remove _invalid_iri_to_uri workaround
• 249527f make cn field a valid single hostname, and use wildcard in SANs field. (#2892)
• 793be47 update adhoc tls dev cert format
• Additional commits viewable in compare view

Updates zipp from 3.18.1 to 3.19.2

Changelog

Sourced from zipp's changelog.

v3.19.2

No significant changes.

v3.19.1

Bugfixes

• Improved handling of malformed zip files. (#119)

v3.19.0

Features

• Implement is_symlink. (#117)

v3.18.2

No significant changes.

Commits

• c6a3339 Move Python compatibility concerns to the appropriate modules.
• c24fc57 Finalize
• 294a462 Ignore coverage misses in tests.compat.py39
• aab60f4 🧎‍♀️ Genuflect to the types.
• 59f852a Correct typo (incorrect letter used) when expacting alpharep root.
• 2a7a5bc Add test capturing expectation that a Path is a Traversable.
• 7d2b55b Update docstring to reference Traversable.
• 6d1cb72 Finalize
• fd604bd Merge pull request #120 from jaraco/bugfix/119-malformed-paths
• c18417e Add news fragment.
• Additional commits viewable in compare view

Updates coverage from 7.4.4 to 7.5.3

Changelog

Sourced from coverage's changelog.

Version 7.5.3 — 2024-05-28

• Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

• Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: nedbat/coveragepy#1791

.. _changes_7-5-2:

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Version 7.5.1 — 2024-05-04

... (truncated)

Commits

• f310d7e docs: sample HTML for 7.5.3
• a51d52f docs: prep for 7.5.3
• b666f3a perf: it's faster in all versions if we don't cache tokenize #1791
• a2b4929 docs: changelog entry for combine performance improvements
• b9aff50 perf: don't read full line_bits table each time
• c45ebac perf: cache alias mapping
• 390cb97 perf: avoid quadratic behavior when combining line coverage
• d3caf53 docs(build): tweaks to howto
• 909e887 build: bump version
• 242adea build: don't claim pre-alpha-1 in classifiers
• Additional commits viewable in compare view

Updates pytest from 8.1.1 to 8.2.2

Release notes

Sourced from pytest's releases.

8.2.2

pytest 8.2.2 (2024-06-04)

Bug Fixes

• #12355: Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters.
• #12367: Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown.
• #12381: Fix possible "Directory not empty" crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0.

Improved Documentation

• #12290: Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme.
• #12356: Added a subsection to the documentation for debugging flaky tests to mention lack of thread safety in pytest as a possible source of flakyness.
• #12363: The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

• #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

... (truncated)

Commits

• 329d371 Prepare release version 8.2.2
• 214d098 Merge pull request #12414 from bluetech/backport-12409
• 153a436 [8.2.x] fixtures: fix catastrophic performance problem in reorder_items
• b41d5a5 Merge pull request #12412 from pytest-dev/backport-12408-to-8.2.x
• 9bb73d7 [8.2.x] cacheprovider: fix "Directory not empty" crash from cache directory c...
• 4569a01 [8.2.x] doc: Update trainings/events (#12402)
• 1d103e5 [8.2.x] Clarify pytest_ignore_collect docs (#12386)
• 240a252 [8.2.x] Add html_baseurl to sphinx conf.py (#12372)
• a5ee3c4 Merge pull request #12370 from pytest-dev/backport-12368-to-8.2.x
• f7358ae [8.2.x] unittest: fix class instances no longer released on test teardown sin...
• Additional commits viewable in compare view

Updates pylint from 3.1.0 to 3.2.3

Commits

• 918d216 Bump pylint to 3.2.3, update changelog
• 8aba7d1 Fix false positive in use-yield-from when using yield return (#9700) (#9701)
• 192727b [multiple-statements] Make pylint compatible with black's 2024 style (#9697) ...
• 7e5e4f9 Fix a false positive for redefined-outer-name (#9678) (#9695)
• 769ffd2 Bump pylint to 3.2.2, update changelog (#9658)
• 98c5af9 Fix false-positive with contextmanager missing cleanup (#9654) (#9657)
• 9a9db8f Update astroid to 3.2.2 (#9655) (#9656)
• 9223172 Bump pylint to 3.2.1, update changelog
• 926547b [trailing-comma-tuple] Fix enabling with message control locally when disable...
• 1498675 Fix linterstats.get_module_message_count() (#9146) (#9648)
• Additional commits viewable in compare view

Updates mypy from 1.9.0 to 1.10.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.10

We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support TypeIs (PEP 742)

Mypy now supports TypeIs (PEP 742), which allows functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard, TypeIs can narrow in both the if and else branches of an if statement:

from typing_extensions import TypeIs
def is_str(s: object) -> TypeIs[str]:
return isinstance(s, str)
def f(o: str | int) -> None:
if is_str(o):
# Type of o is 'str'
...
else:
# Type of o is 'int'
...

TypeIs will be added to the typing module in Python 3.13, but it can be used on earlier Python versions by importing it from typing_extensions.

This feature was contributed by Jelle Zijlstra (PR 16898).

Support TypeVar Defaults (PEP 696)

PEP 696 adds support for type parameter defaults. Example:

from typing import Generic
from typing_extensions import TypeVar
</tr></table>

... (truncated)

Commits

• 3faf0fc Remove +dev for version for release 1.10
• a5998d2 Update CHANGELOG.md (#17159)
• 62ea5b0 Various updates to changelog for 1.10 (#17158)
• 2f0864c Update CHANGELOG.md with draft for release 1.10 (#17150)
• e1443bb fix: incorrect returned type of access descriptors on unions of types (#16604)
• 5161ac2 Sync typeshed (#17124)
• e2fc1f2 Fix crash when expanding invalid Unpack in a Callable alias (#17028)
• 3ff6e47 Docs: docstrings in checker.py, ast_helpers.py (#16908)
• 732d98e Fix string formatting for string enums (#16555)
• 8019010 Narrow individual items when matching a tuple to a sequence pattern (#16905)
• Additional commits viewable in compare view

Updates types-requests from 2.31.0.20240406 to 2.32.0.20240602

Commits

• See full diff in compare view

Updates types-setuptools from 69.5.0.20240415 to 70.0.0.20240524

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been ma...

Description has been truncated

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.87%. Comparing base (37cba3e) to head (f682428).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1114   +/-   ##
=======================================
  Coverage   76.87%   76.87%           
=======================================
  Files          20       20           
  Lines        1310     1310           
=======================================
  Hits         1007     1007           
  Misses        303      303           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.