search

freedomofpress / securedrop-client

a Qt-based GUI for SecureDrop journalists 📰🗞️
GNU Affero General Public License v3.0
39 stars 37 forks source link

Bump the dev-dependencies group across 1 directory with 7 updates #2047

Closed dependabot[bot] closed 4 weeks ago

dependabot[bot] commented 4 weeks ago

Bumps the dev-dependencies group with 7 updates in the /export directory:

Package From To
mypy 1.6.1 1.10.0
types-setuptools 68.2.0.0 70.0.0.20240524
pytest 7.4.3 8.2.1
pytest-cov 4.1.0 5.0.0
pytest-mock 3.12.0 3.14.0
semgrep 1.48.0 1.74.0
types-pexpect 4.9.0.20240207 4.9.0.20240311

Updates mypy from 1.6.1 to 1.10.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.10

We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support TypeIs (PEP 742)

Mypy now supports TypeIs (PEP 742), which allows functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard, TypeIs can narrow in both the if and else branches of an if statement:

from typing_extensions import TypeIs

def is_str(s: object) -> TypeIs[str]:
return isinstance(s, str)


def f(o: str | int) -> None:
if is_str(o):
# Type of o is 'str'
...
else:
# Type of o is 'int'
...

TypeIs will be added to the typing module in Python 3.13, but it can be used on earlier Python versions by importing it from typing_extensions.

This feature was contributed by Jelle Zijlstra (PR 16898).

Support TypeVar Defaults (PEP 696)

PEP 696 adds support for type parameter defaults. Example:

from typing import Generic
from typing_extensions import TypeVar

</tr></table>

... (truncated)

Commits


Updates types-setuptools from 68.2.0.0 to 70.0.0.20240524

Commits


Updates pytest from 7.4.3 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

  • #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

  • #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
  • #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
  • #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
  • #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

  • #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

  • #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

    • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
    • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
    • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
    • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
    • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

    The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

    See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

  • #11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.

    See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

... (truncated)

Commits
  • 66ff8df Prepare release version 8.2.1
  • 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
  • 0b28313 [8.2.x] Add Python 3.13 (beta) support
  • f3dd93a [8.2.x] Attest package provenance (#12335)
  • bb5a125 [8.2.x] Spelling (#12331)
  • f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
  • 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
  • 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
  • 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
  • cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
  • Additional commits viewable in compare view


Updates pytest-cov from 4.1.0 to 5.0.0

Changelog

Sourced from pytest-cov's changelog.

5.0.0 (2024-03-24)

  • Removed support for xdist rsync (now deprecated). Contributed by Matthias Reichenbach in [#623](https://github.com/pytest-dev/pytest-cov/issues/623) <https://github.com/pytest-dev/pytest-cov/pull/623>_.
  • Switched docs theme to Furo.
  • Various legacy Python cleanup and CI improvements. Contributed by Christian Clauss and Hugo van Kemenade in [#630](https://github.com/pytest-dev/pytest-cov/issues/630) <https://github.com/pytest-dev/pytest-cov/pull/630>, [#631](https://github.com/pytest-dev/pytest-cov/issues/631) <https://github.com/pytest-dev/pytest-cov/pull/631>, [#632](https://github.com/pytest-dev/pytest-cov/issues/632) <https://github.com/pytest-dev/pytest-cov/pull/632>_ and [#633](https://github.com/pytest-dev/pytest-cov/issues/633) <https://github.com/pytest-dev/pytest-cov/pull/633>_.
  • Added a pyproject.toml example in the docs. Contributed by Dawn James in [#626](https://github.com/pytest-dev/pytest-cov/issues/626) <https://github.com/pytest-dev/pytest-cov/pull/626>_.
  • Modernized project's pre-commit hooks to use ruff. Initial POC contributed by Christian Clauss in [#584](https://github.com/pytest-dev/pytest-cov/issues/584) <https://github.com/pytest-dev/pytest-cov/pull/584>_.
Commits
  • 5295ce0 Bump version: 4.1.0 → 5.0.0
  • 1181b06 Update changelog.
  • 9757222 Fix a minor grammar error (#636)
  • 9f5cd81 Cleanup releasing instructions. Closes #616.
  • 93b5047 Add test for pyproject.toml loading without explicit --cov-config. Ref #508.
  • ff50860 docs: add config instructions for pyproject.toml.
  • 4a5a4b5 Keep GitHub Actions up to date with GitHub's Dependabot
  • 1d7f559 Fix or remove URLs that are causing docs tests to fail
  • 6a5af8e Update changelog.
  • d9fe8df Switch to furo. Closes #618.
  • Additional commits viewable in compare view


Updates pytest-mock from 3.12.0 to 3.14.0

Release notes

Sourced from pytest-mock's releases.

v3.14.0

  • #415: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.
  • #420: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

v3.13.0

  • #417: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
  • pytest-mock now requires pytest>=6.2.5.
  • #410: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly for alternatives.
Changelog

Sourced from pytest-mock's changelog.

3.14.0 (2024-03-21)

  • [#415](https://github.com/pytest-dev/pytest-mock/issues/415) <https://github.com/pytest-dev/pytest-mock/pull/415>_: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.

  • [#420](https://github.com/pytest-dev/pytest-mock/issues/420) <https://github.com/pytest-dev/pytest-mock/issues/420>_: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

3.13.0 (2024-03-21)

  • [#417](https://github.com/pytest-dev/pytest-mock/issues/417) <https://github.com/pytest-dev/pytest-mock/pull/417>_: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
  • pytest-mock now requires pytest>=6.2.5.
  • [#410](https://github.com/pytest-dev/pytest-mock/issues/410) <https://github.com/pytest-dev/pytest-mock/pull/410>: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary> for alternatives.
Commits
  • 8733134 Update CHANGELOG for 3.14.0
  • 5257e3c Refactor MockCache to have a narrow interface
  • 4faf92a Fix regression with mocker.patch not being undone correctly
  • 6bd8712 Drop pre-Python 3.8 support code
  • 366966b Export MockType/AsyncMockType for type annotations (#415)
  • 852116b Merge pull request #418 from pytest-dev/release-3.13.0
  • ef9461b Add instructions on how to start deploy from command-line
  • 5b9d285 Release 3.13.0
  • 6d5d6dc Implement spy_return_list (#417)
  • dc28a0e [pre-commit.ci] pre-commit autoupdate (#416)
  • Additional commits viewable in compare view


Updates semgrep from 1.48.0 to 1.74.0

Release notes

Sourced from semgrep's releases.

Release v1.74.0

1.74.0 - 2024-05-23

Fixed

  • One part of interfile tainting was missing a constant propagation phase, which causes semgrep to miss some true positives in some cases during interfile analysis.

    This fix adds the missing constant propagation. (saf-1032)

  • Semgrep now matches YAML tags (e.g. !number in !number 42) correctly rather than ignoring them. (saf-1046)

  • Upgraded Semgrep's Dockerfile parser. This brings in various fixes from tree-sitter-dockerfile including minimal support for heredoc templates, support for variables in keys of LABEL instructions, support for multiple parameters for ADD and COPY instructions, tolerance for blanks after the backslash of a line continuation. As a result of supporting variables in LABEL keys, the multiple key/value pairs found in LABEL instructions are now treated as if they each had they own LABEL instruction. It allows a pattern LABEL a=b to match LABEL a=b c=d without the need for an ellipsis (LABEL a=b ...). Another consequence is that the pattern LABEL a=b c=d can no longer match LABEL c=d a=b but it will match a LABEL a=b instruction immediately followed by a separate LABEL c=d. (upgrade-dockerfile-parser)

Release v1.73.0

1.73.0 - 2024-05-16

Added

  • Added new AWS validator syntax for Secrets (scrt-278)

Fixed

  • Fix couldn't find metavar $MT in the match results error, which may occur when we capture FQN with the metavariable and use metavariable-type filter on it. (code-7042)
  • Fixes the crash (during scan) caused by improper handling of unicode characters present in the source code. (gh-8421)
  • [Pro Engine Only] Tainted values are now tracked through instantiation of React functional components via JSX. (jsx-taint)

Release v1.72.0

1.72.0 - 2024-05-08

Fixed

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.74.0 - 2024-05-23

Fixed

  • One part of interfile tainting was missing a constant propagation phase, which causes semgrep to miss some true positives in some cases during interfile analysis.

    This fix adds the missing constant propagation. (saf-1032)

  • Semgrep now matches YAML tags (e.g. !number in !number 42) correctly rather than ignoring them. (saf-1046)

  • Upgraded Semgrep's Dockerfile parser. This brings in various fixes from tree-sitter-dockerfile including minimal support for heredoc templates, support for variables in keys of LABEL instructions, support for multiple parameters for ADD and COPY instructions, tolerance for blanks after the backslash of a line continuation. As a result of supporting variables in LABEL keys, the multiple key/value pairs found in LABEL instructions are now treated as if they each had they own LABEL instruction. It allows a pattern LABEL a=b to match LABEL a=b c=d without the need for an ellipsis (LABEL a=b ...). Another consequence is that the pattern LABEL a=b c=d can no longer match LABEL c=d a=b but it will match a LABEL a=b instruction immediately followed by a separate LABEL c=d. (upgrade-dockerfile-parser)

1.73.0 - 2024-05-16

Added

  • Added new AWS validator syntax for Secrets (scrt-278)

Fixed

  • Fix couldn't find metavar $MT in the match results error, which may occur when we capture FQN with the metavariable and use metavariable-type filter on it. (code-7042)
  • Fixes the crash (during scan) caused by improper handling of unicode characters present in the source code. (gh-8421)
  • [Pro Engine Only] Tainted values are now tracked through instantiation of React functional components via JSX. (jsx-taint)

1.72.0 - 2024-05-08

Fixed

... (truncated)

Commits
  • 115c9eb chore: Bump version to 1.74.0
  • 8356d21 Revert "fix: remove irrelevant logs for dry run (semgrep/semgrep-proprietary#...
  • e46ab80 fix: add missing const propagation in deep taint (semgrep/semgrep-proprietary...
  • bb90c24semgrep/semgrep-proprietary#10270
  • 371a6absemgrep/semgrep-proprietary#10271
  • 1b01679semgrep/semgrep-proprietary#1565
  • 59d8786semgrep/semgrep-proprietary#1564
  • c1cc51csemgrep/semgrep-proprietary#1539
  • 5d4633bsemgrep/semgrep-proprietary#1568
  • fce31df sync-with-PRO workflow (#10270)
  • Additional commits viewable in compare view


Updates types-pexpect from 4.9.0.20240207 to 4.9.0.20240311

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions