mozilla-services / telescope

A dumb auditing service
Mozilla Public License 2.0
21 stars 10 forks source link

Bump the minor-patch-dependencies group with 2 updates #1474

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the minor-patch-dependencies group with 2 updates: aiohttp and ruff.

Updates aiohttp from 3.10.1 to 3.10.3

Release notes

Sourced from aiohttp's releases.

3.10.3

Bug fixes

  • Fixed multipart reading when stream buffer splits the boundary over several read() calls -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: #8653.

  • Fixed :py:class:aiohttp.TCPConnector doing blocking I/O in the event loop to create the SSLContext -- by :user:bdraco.

    The blocking I/O would only happen once per verify mode. However, it could cause the event loop to block for a long time if the SSLContext creation is slow, which is more likely during startup when the disk cache is not yet present.

    Related issues and pull requests on GitHub: #8672.

Miscellaneous internal changes

  • Improved performance of :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive when there is no timeout. -- by :user:bdraco.

    The timeout context manager is now avoided when there is no timeout as it accounted for up to 50% of the time spent in the :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive methods.

    Related issues and pull requests on GitHub: #8660.

  • Improved performance of starting request handlers with Python 3.12+ -- by :user:bdraco.

    Related issues and pull requests on GitHub: #8661.

  • Improved performance of HTTP keep-alive checks -- by :user:bdraco.

    Previously, when processing a request for a keep-alive connection, the keep-alive check would happen every second; the check is now rescheduled if it fires too early instead.

    Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.3 (2024-08-10)

Bug fixes

  • Fixed multipart reading when stream buffer splits the boundary over several read() calls -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:8653.

  • Fixed :py:class:aiohttp.TCPConnector doing blocking I/O in the event loop to create the SSLContext -- by :user:bdraco.

    The blocking I/O would only happen once per verify mode. However, it could cause the event loop to block for a long time if the SSLContext creation is slow, which is more likely during startup when the disk cache is not yet present.

    Related issues and pull requests on GitHub: :issue:8672.

Miscellaneous internal changes

  • Improved performance of :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive when there is no timeout. -- by :user:bdraco.

    The timeout context manager is now avoided when there is no timeout as it accounted for up to 50% of the time spent in the :py:meth:~aiohttp.ClientWebSocketResponse.receive and :py:meth:~aiohttp.web.WebSocketResponse.receive methods.

    Related issues and pull requests on GitHub: :issue:8660.

  • Improved performance of starting request handlers with Python 3.12+ -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:8661.

  • Improved performance of HTTP keep-alive checks -- by :user:bdraco.

    Previously, when processing a request for a keep-alive connection, the keep-alive check would happen every second; the check is now rescheduled if it fires too early instead.

... (truncated)

Commits
  • ef20502 Release 3.10.3 (#8675)
  • 73d17d4 [PR #8676/2915102 backport][3.10] Fix type ignore in SSLContext creation conn...
  • f3fcba4 [PR #8672/c3219bf backport][3.10] Fix TCPConnector doing blocking I/O in the ...
  • f96182a [PR #8662/be23d16f backport][3.10] Improve performance of keepalive reschedul...
  • dbcdb16 [PR #8667/406cd2c7 backport][3.10] Improve performance of generating random W...
  • b4ad882 [PR #8661/4d604ea backport][3.10] Improve performance of starting request han...
  • 3a9de0c [PR #8660/14d5295 backport][3.10] Improve performance of WebSockets when ther...
  • 1bc8d53 [PR #8657/6c6ecfaf backport][3.10] Fix multipart reading with split boundary ...
  • 491106e Release 3.10.2 (#8655)
  • ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
  • Additional commits viewable in compare view


Updates ruff from 0.5.6 to 0.5.7

Release notes

Sourced from ruff's releases.

0.5.7

Release Notes

Preview features

  • [flake8-comprehensions] Account for list and set comprehensions in unnecessary-literal-within-tuple-call (C409) (#12657)
  • [flake8-pyi] Add autofix for future-annotations-in-stub (PYI044) (#12676)
  • [flake8-return] Avoid syntax error when auto-fixing RET505 with mixed indentation (space and tabs) (#12740)
  • [pydoclint] Add docstring-missing-yields (DOC402) and docstring-extraneous-yields (DOC403) (#12538)
  • [pydoclint] Avoid DOC201 if docstring begins with "Return", "Returns", "Yield", or "Yields" (#12675)
  • [pydoclint] Deduplicate collected exceptions after traversing function bodies (DOC501) (#12642)
  • [pydoclint] Ignore DOC errors for stub functions (#12651)
  • [pydoclint] Teach rules to understand reraised exceptions as being explicitly raised (DOC501, DOC502) (#12639)
  • [ruff] Implement incorrectly-parenthesized-tuple-in-subscript (RUF031) (#12480)
  • [ruff] Mark RUF023 fix as unsafe if __slots__ is not a set and the binding is used elsewhere (#12692)

Rule changes

  • [refurb] Add autofix for implicit-cwd (FURB177) (#12708)
  • [ruff] Add autofix for zip-instead-of-pairwise (RUF007) (#12663)
  • [tryceratops] Add BaseException to raise-vanilla-class rule (TRY002) (#12620)

Server

  • Ignore non-file workspace URL; Ruff will display a warning notification in this case (#12725)

CLI

  • Fix cache invalidation for nested pyproject.toml files (#12727)

Bug fixes

  • [flake8-async] Fix false positives with multiple async with items (ASYNC100) (#12643)
  • [flake8-bandit] Avoid false-positives for list concatenations in SQL construction (S608) (#12720)
  • [flake8-bugbear] Treat return as equivalent to break (B909) (#12646)
  • [flake8-comprehensions] Set comprehensions not a violation for sum in unnecessary-comprehension-in-call (C419) (#12691)
  • [flake8-simplify] Parenthesize conditions based on precedence when merging if arms (SIM114) (#12737)
  • [pydoclint] Try both 'Raises' section styles when convention is unspecified (DOC501) (#12649)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.7

Preview features

  • [flake8-comprehensions] Account for list and set comprehensions in unnecessary-literal-within-tuple-call (C409) (#12657)
  • [flake8-pyi] Add autofix for future-annotations-in-stub (PYI044) (#12676)
  • [flake8-return] Avoid syntax error when auto-fixing RET505 with mixed indentation (space and tabs) (#12740)
  • [pydoclint] Add docstring-missing-yields (DOC402) and docstring-extraneous-yields (DOC403) (#12538)
  • [pydoclint] Avoid DOC201 if docstring begins with "Return", "Returns", "Yield", or "Yields" (#12675)
  • [pydoclint] Deduplicate collected exceptions after traversing function bodies (DOC501) (#12642)
  • [pydoclint] Ignore DOC errors for stub functions (#12651)
  • [pydoclint] Teach rules to understand reraised exceptions as being explicitly raised (DOC501, DOC502) (#12639)
  • [ruff] Implement incorrectly-parenthesized-tuple-in-subscript (RUF031) (#12480)
  • [ruff] Mark RUF023 fix as unsafe if __slots__ is not a set and the binding is used elsewhere (#12692)

Rule changes

  • [refurb] Add autofix for implicit-cwd (FURB177) (#12708)
  • [ruff] Add autofix for zip-instead-of-pairwise (RUF007) (#12663)
  • [tryceratops] Add BaseException to raise-vanilla-class rule (TRY002) (#12620)

Server

  • Ignore non-file workspace URL; Ruff will display a warning notification in this case (#12725)

CLI

  • Fix cache invalidation for nested pyproject.toml files (#12727)

Bug fixes

  • [flake8-async] Fix false positives with multiple async with items (ASYNC100) (#12643)
  • [flake8-bandit] Avoid false-positives for list concatenations in SQL construction (S608) (#12720)
  • [flake8-bugbear] Treat return as equivalent to break (B909) (#12646)
  • [flake8-comprehensions] Set comprehensions not a violation for sum in unnecessary-comprehension-in-call (C419) (#12691)
  • [flake8-simplify] Parenthesize conditions based on precedence when merging if arms (SIM114) (#12737)
  • [pydoclint] Try both 'Raises' section styles when convention is unspecified (DOC501) (#12649)
Commits
  • 221ea66 Bump version to 0.5.7 (#12756)
  • d28c5af [red-knot] Remove mentions of Ruff from the CLI help (#12752)
  • f1de08c [red-knot] Merge the semantic and module-resolver crates (#12751)
  • 33e9a6a SIM110: any() is ~3x slower than the code it replaces (#12746)
  • f577e03 [ruff] Ignore empty tuples for `incorrectly-parenthesized-tuple-in-subscript ...
  • f537335 Remove all useEffect usages (#12659)
  • 2daa914 Gracefully handle errors in CLI (#12747)
  • 6d9205e [ruff_linter] - Use LibCST in adjust_indentation for mixed whitespace (#1...
  • df7345e Exit with an error if there are check failures (#12735)
  • dc6aafe Setup tracing and document tracing usage (#12730)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions