We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:
python3 -m pip install -U mypy
You can read the full documentation for this release on Read the Docs.
Support TypeIs (PEP 742)
Mypy now supports TypeIs (PEP 742), which allows
functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard,
TypeIs can narrow in both the if and else branches of an if statement:
#12334: Support for Python 3.13 (beta1 at the time of writing).
Bug Fixes
#12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
#12191: Keyboard interrupts and system exits are now properly handled during the test collection.
#12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
#12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.
Trivial/Internal Changes
#12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.
8.2.0
pytest 8.2.0 (2024-04-27)
Deprecations
#12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:
pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
The replacement parameters are available since pytest 7.0.0.
The old parameters will be removed in pytest 9.0.0.
See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.
Features
#11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.
See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.
Removed support for xdist rsync (now deprecated).
Contributed by Matthias Reichenbach in [#623](https://github.com/pytest-dev/pytest-cov/issues/623) <https://github.com/pytest-dev/pytest-cov/pull/623>_.
Switched docs theme to Furo.
Various legacy Python cleanup and CI improvements.
Contributed by Christian Clauss and Hugo van Kemenade in
[#630](https://github.com/pytest-dev/pytest-cov/issues/630) <https://github.com/pytest-dev/pytest-cov/pull/630>,
[#631](https://github.com/pytest-dev/pytest-cov/issues/631) <https://github.com/pytest-dev/pytest-cov/pull/631>,
[#632](https://github.com/pytest-dev/pytest-cov/issues/632) <https://github.com/pytest-dev/pytest-cov/pull/632>_ and
[#633](https://github.com/pytest-dev/pytest-cov/issues/633) <https://github.com/pytest-dev/pytest-cov/pull/633>_.
Added a pyproject.toml example in the docs.
Contributed by Dawn James in [#626](https://github.com/pytest-dev/pytest-cov/issues/626) <https://github.com/pytest-dev/pytest-cov/pull/626>_.
Modernized project's pre-commit hooks to use ruff. Initial POC contributed by
Christian Clauss in [#584](https://github.com/pytest-dev/pytest-cov/issues/584) <https://github.com/pytest-dev/pytest-cov/pull/584>_.
#415: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.
#420: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.
v3.13.0
#417: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
pytest-mock now requires pytest>=6.2.5.
#410: pytest-mock's setup.py file is removed.
If you relied on this file, e.g. to install pytest using setup.py install,
please see Why you shouldn't invoke setup.py directly for alternatives.
[#415](https://github.com/pytest-dev/pytest-mock/issues/415) <https://github.com/pytest-dev/pytest-mock/pull/415>_: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.
[#420](https://github.com/pytest-dev/pytest-mock/issues/420) <https://github.com/pytest-dev/pytest-mock/issues/420>_: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.
3.13.0 (2024-03-21)
[#417](https://github.com/pytest-dev/pytest-mock/issues/417) <https://github.com/pytest-dev/pytest-mock/pull/417>_: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
pytest-mock now requires pytest>=6.2.5.
[#410](https://github.com/pytest-dev/pytest-mock/issues/410) <https://github.com/pytest-dev/pytest-mock/pull/410>: pytest-mock's setup.py file is removed.
If you relied on this file, e.g. to install pytest using setup.py install,
please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary> for alternatives.
One part of interfile tainting was missing a constant propagation phase, which causes semgrep to miss some true positives in some cases during interfile analysis.
This fix adds the missing constant propagation. (saf-1032)
Semgrep now matches YAML tags (e.g. !number in !number 42) correctly rather
than ignoring them. (saf-1046)
Upgraded Semgrep's Dockerfile parser. This brings in various
fixes from
tree-sitter-dockerfile
including minimal support for heredoc templates, support for variables in keys
of LABEL instructions, support for multiple parameters for ADD and COPY
instructions, tolerance for blanks after the backslash of a line continuation.
As a result of supporting variables in LABEL keys, the multiple key/value
pairs found in LABEL instructions are now treated as if they each had they own
LABEL instruction. It allows a pattern LABEL a=b to match LABEL a=b c=d
without the need for an ellipsis (LABEL a=b ...). Another consequence is
that the pattern LABEL a=b c=d can no longer match LABEL c=d a=b but it
will match a LABEL a=b instruction immediately followed by a separate
LABEL c=d. (upgrade-dockerfile-parser)
Added new AWS validator syntax for Secrets (scrt-278)
Fixed
Fix couldn't find metavar $MT in the match results error, which may occur
when we capture FQN with the metavariable and use metavariable-type filter on
it. (code-7042)
Fixes the crash (during scan) caused by improper handling of unicode characters present in the source code. (gh-8421)
[Pro Engine Only] Tainted values are now tracked through instantiation of React functional components via JSX. (jsx-taint)
One part of interfile tainting was missing a constant propagation phase, which causes semgrep to miss some true positives in some cases during interfile analysis.
This fix adds the missing constant propagation. (saf-1032)
Semgrep now matches YAML tags (e.g. !number in !number 42) correctly rather
than ignoring them. (saf-1046)
Upgraded Semgrep's Dockerfile parser. This brings in various
fixes from
tree-sitter-dockerfile
including minimal support for heredoc templates, support for variables in keys
of LABEL instructions, support for multiple parameters for ADD and COPY
instructions, tolerance for blanks after the backslash of a line continuation.
As a result of supporting variables in LABEL keys, the multiple key/value
pairs found in LABEL instructions are now treated as if they each had they own
LABEL instruction. It allows a pattern LABEL a=b to match LABEL a=b c=d
without the need for an ellipsis (LABEL a=b ...). Another consequence is
that the pattern LABEL a=b c=d can no longer match LABEL c=d a=b but it
will match a LABEL a=b instruction immediately followed by a separate
LABEL c=d. (upgrade-dockerfile-parser)
Added new AWS validator syntax for Secrets (scrt-278)
Fixed
Fix couldn't find metavar $MT in the match results error, which may occur
when we capture FQN with the metavariable and use metavariable-type filter on
it. (code-7042)
Fixes the crash (during scan) caused by improper handling of unicode characters present in the source code. (gh-8421)
[Pro Engine Only] Tainted values are now tracked through instantiation of React functional components via JSX. (jsx-taint)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dev-dependencies group with 7 updates in the /export directory:
1.6.1
1.10.0
68.2.0.0
70.0.0.20240524
7.4.3
8.2.1
4.1.0
5.0.0
3.12.0
3.14.0
1.48.0
1.74.0
4.9.0.20240207
4.9.0.20240311
Updates
mypy
from 1.6.1 to 1.10.0Changelog
Sourced from mypy's changelog.
... (truncated)
Commits
3faf0fc
Remove +dev for version for release 1.10a5998d2
Update CHANGELOG.md (#17159)62ea5b0
Various updates to changelog for 1.10 (#17158)2f0864c
Update CHANGELOG.md with draft for release 1.10 (#17150)e1443bb
fix: incorrect returned type of access descriptors on unions of types (#16604)5161ac2
Sync typeshed (#17124)e2fc1f2
Fix crash when expanding invalid Unpack in aCallable
alias (#17028)3ff6e47
Docs: docstrings in checker.py, ast_helpers.py (#16908)732d98e
Fix string formatting for string enums (#16555)8019010
Narrow individual items when matching a tuple to a sequence pattern (#16905)Updates
types-setuptools
from 68.2.0.0 to 70.0.0.20240524Commits
Updates
pytest
from 7.4.3 to 8.2.1Release notes
Sourced from pytest's releases.
... (truncated)
Commits
66ff8df
Prepare release version 8.2.13ffcfd1
Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x0b28313
[8.2.x] Add Python 3.13 (beta) supportf3dd93a
[8.2.x] Attest package provenance (#12335)bb5a125
[8.2.x] Spelling (#12331)f179bf2
Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x2b671b5
[8.2.x] cacheprovider: fix.pytest_cache
not being world-readable65ab7cb
Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x4d5fb7d
Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.xcbe5996
[8.2.x] changelog: document unittest 8.2 change as breakingUpdates
pytest-cov
from 4.1.0 to 5.0.0Changelog
Sourced from pytest-cov's changelog.
Commits
5295ce0
Bump version: 4.1.0 → 5.0.01181b06
Update changelog.9757222
Fix a minor grammar error (#636)9f5cd81
Cleanup releasing instructions. Closes #616.93b5047
Add test for pyproject.toml loading without explicit --cov-config. Ref #508.ff50860
docs: add config instructions for pyproject.toml.4a5a4b5
Keep GitHub Actions up to date with GitHub's Dependabot1d7f559
Fix or remove URLs that are causing docs tests to fail6a5af8e
Update changelog.d9fe8df
Switch to furo. Closes #618.Updates
pytest-mock
from 3.12.0 to 3.14.0Release notes
Sourced from pytest-mock's releases.
Changelog
Sourced from pytest-mock's changelog.
Commits
8733134
Update CHANGELOG for 3.14.05257e3c
Refactor MockCache to have a narrow interface4faf92a
Fix regression with mocker.patch not being undone correctly6bd8712
Drop pre-Python 3.8 support code366966b
ExportMockType
/AsyncMockType
for type annotations (#415)852116b
Merge pull request #418 from pytest-dev/release-3.13.0ef9461b
Add instructions on how to start deploy from command-line5b9d285
Release 3.13.06d5d6dc
Implementspy_return_list
(#417)dc28a0e
[pre-commit.ci] pre-commit autoupdate (#416)Updates
semgrep
from 1.48.0 to 1.74.0Release notes
Sourced from semgrep's releases.
... (truncated)
Changelog
Sourced from semgrep's changelog.
... (truncated)
Commits
115c9eb
chore: Bump version to 1.74.08356d21
Revert "fix: remove irrelevant logs for dry run (semgrep/semgrep-proprietary#...e46ab80
fix: add missing const propagation in deep taint (semgrep/semgrep-proprietary...bb90c24
semgrep/semgrep-proprietary#10270
371a6ab
semgrep/semgrep-proprietary#10271
1b01679
semgrep/semgrep-proprietary#1565
59d8786
semgrep/semgrep-proprietary#1564
c1cc51c
semgrep/semgrep-proprietary#1539
5d4633b
semgrep/semgrep-proprietary#1568
fce31df
sync-with-PRO workflow (#10270)Updates
types-pexpect
from 4.9.0.20240207 to 4.9.0.20240311Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show