Fix: in some cases, even with [run] relative_files=True, a data file
could be created with absolute path names. When combined with other relative
data files, it was random whether the absolute file names would be made
relative or not. If they weren't, then a file would be listed twice in
reports, as detailed in issue 1752_. This is now fixed: absolute file
names are always made relative when combining. Thanks to Bruno Rodrigues dos
Santos for support.
Fix: the last case of a match/case statement had an incorrect message if the
branch was missed. It said the pattern never matched, when actually the
branch is missed if the last case always matched.
Fix: clicking a line number in the HTML report now positions more accurately.
Fix: the report:format setting was defined as a boolean, but should be a
string. Thanks, Tanaydin Sirin <pull 1754_>_. It is also now documented
on the :ref:configuration page <config_report_format>.
This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.
This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.
Stable style
Don't move comments along with delimiters, which could cause crashes (#4248)
Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (#4270)
Fix a bug where line-ranges exceeding the last code line would not work as expected
(#4273)
Performance
Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
CVE-2024-21503.
(#4278)
Documentation
Note what happens when --check is used with --quiet (#4236)
This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.
This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.
Stable style
Don't move comments along with delimiters, which could cause crashes (#4248)
Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (#4270)
Fix a bug where line-ranges exceeding the last code line would not work as expected
(#4273)
Performance
Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
CVE-2024-21503.
(#4278)
Documentation
Note what happens when --check is used with --quiet (#4236)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the python-packages group with 5 updates:
24.1.0
24.3.0
7.4.3
7.4.4
24.2.0
24.3.0
0.3.2
0.3.3
3.17.0
3.18.1
Updates
python-gvm
from 24.1.0 to 24.3.0Release notes
Sourced from python-gvm's releases.
Commits
b3193a4
Automatic release to 24.3.0efa406d
Update dependency review workflow7135d98
Deps: Bump the python-packages group with 5 updates15ffc0b
Deps: Bump the python-packages group with 6 updates8236645
Change: Use base enum class for most enums in python-gvm5e74178
Add: Add a base class for Enums in python-gvm6db4b1e
Deps: Bump the python-packages group with 8 updates4e3e272
Deps: Bump cryptography from 42.0.3 to 42.0.439a327d
Deps: Bump the python-packages group with 5 updates9f00f18
Deps: Bump the python-packages group with 2 updatesUpdates
coverage
from 7.4.3 to 7.4.4Changelog
Sourced from coverage's changelog.
Commits
bc5e2d7
docs: sample HTML for 7.4.49b0008b
docs: prep for 7.4.4a536161
docs: thanks, Bruno Rodrigues dos Santose06e4f9
chore: make doc_upgradef30818e
chore: make upgrade1b19799
fix: ensure absolute paths are relative when combined #17521ef020d
build: more cheats for convenient URLs3d57a07
docs: document the report:format setting8e30221
fix: correct the type of report:format in config.py (#1754)6289be8
refactor: use dataclasses, no namedtupleUpdates
black
from 24.2.0 to 24.3.0Release notes
Sourced from black's releases.
Changelog
Sourced from black's changelog.
Commits
552baf8
Prepare release 24.3.0 (#4279)f000936
Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)7b5a657
Fix --line-ranges behavior when ranges are at EOF (#4273)1abcffc
Use regex where we ignore case on windows (#4252)719e674
Fix 4227: Improve documentation for --quiet --check (#4236)e5510af
update plugin url for Thonny (#4259)6af7d11
Fix AST safety check false negative (#4270)f03ee11
Ensureblib2to3.pygram
is initialized before use (#4224)e4bfedb
fix: Don't move comments while splitting delimiters (#4248)d0287e1
Make trailing comma logic more concise (#4202)Updates
ruff
from 0.3.2 to 0.3.3Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
Commits
608df9a
Bump version to 0.3.3 (#10425)740c08b
[pylint
] - implementredeclared-assigned-name
(W0128
) (#9268)7e652e8
[flake8_comprehensions
] Handled special case forC400
which also matches ...9675e18
Allow trailing ellipsis intyping.TYPE_CHECKING
(#10413)10ace88
Track conditional deletions in the semantic model (#10415)a8e50a7
[RUF008] Make it clearer that a mutable default in a dataclass is only valid ...e944c16
[pycodestyle
] Do not ignore lines before the first logical line in blank li...5f40371
UseExprFString
forStringLike::FString
variant (#10311)f7802ad
[pylint
] Extend docs and test ininvalid-str-return-type
(E307
) (#10400)e832327
Require --preview forruff server
(#10368)Updates
zipp
from 3.17.0 to 3.18.1Changelog
Sourced from zipp's changelog.
Commits
bfae834
Finalize487066e
Merge changelog into last release.4584ee2
Move changelog entry, saved to the wrong location :(3c06d30
Finalize48b72b8
Merge pull request #113 from jaraco/feature/glob-perf171fa98
Add news fragment.ac8ea7a
Bypass ZipFile.namelist in glob. Closes #106.4cceb49
Add special accounting for pypy when computing the stack level for text encod...2ec3ed8
Add another test at another magnitude.d9bf5aa
Fix name generator for width=1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show