Closed snejus closed 2 weeks ago
Fine with me (even though I'm not sure this really has any security impact). Was there a reason that we capped
black
at a specific minor version (24.3)?Since the format check was skipped in CI, it seems possible that changed
black
defaults in version25
might break our style checks which we can't see here.
Good point, let's make the workflow to get triggered by a change in poetry.lock
too!
Now let me just figure out how to make flake8
ignore poetry.lock
here 😅
I made the linting workflow to check the entire repository whenever poetry.lock
is updated
Run poe check-format
Poe => black --check --diff --color .
All done! ✨ 🍰 ✨
191 files would be left unchanged.
Poe => isort --check --diff --color .
Skipped 1 files
Ignoring flake8-docstrings in aura.py
before https://github.com/beetbox/beets/pull/5234 is merged
Since the format check was skipped in CI, it seems possible that changed black defaults in version 25 might break our style checks which we can't see here.
@wisp3rwind black
version is constrained between >=24.3
and <25
so it can't be updated to 25
, see pyproject.toml
:
black = ">=24.3,<25"
Relatedly,
Was there a reason that we capped black at a specific minor version (24.3)?
It's constrained at least or above this version, as indicated by the security vulnerability details
If you have a glance at poetry.lock
you will find that the resolved version is 24.4.2
.
Merging this in as I think I addressed your comments @wisp3rwind
I made the linting workflow to check the entire repository whenever
poetry.lock
is updated
Nice!
@wisp3rwind
black
version is constrained between>=24.3
and<25
so it can't be updated to25
, seepyproject.toml
:
Obviously, I wasn't sufficiently awake when I commented here yesterday 😅
See https://github.com/beetbox/beets/security/dependabot/7