PyCQA/bandit (dev/bandit)
### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8)
[Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8)
#### What's Changed
- Incorrect tag naming in readme by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105)
- Utilize PyPI's trusted publishing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107)
- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109)
- Add 1.7.7 to versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110)
- Use datetime to avoid updating copyright year by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112)
- filter data is safe for tarfile extractall by [@etienneschalk](https://togithub.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111)
- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115)
- \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://togithub.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116)
- Add a SARIF output formatter by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113)
#### New Contributors
- [@etienneschalk](https://togithub.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111)
- [@shihai1991](https://togithub.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116)
**Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8
ipython/ipython (dev/ipython)
### [`v8.22.2`](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2)
[Compare Source](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2)
pytest-dev/pytest (dev/pytest)
### [`v8.1.1`](https://togithub.com/pytest-dev/pytest/releases/tag/8.1.1)
[Compare Source](https://togithub.com/pytest-dev/pytest/compare/8.1.0...8.1.1)
# pytest 8.1.1 (2024-03-08)
::: {.note}
::: {.title}
Note
:::
This release is not a usual bug fix release -- it contains features and improvements, being a follow up
to `8.1.0`, which has been yanked from PyPI.
:::
## Features
- [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): Added the new `consider_namespace_packages`{.interpreted-text role="confval"} configuration option, defaulting to `False`.
If set to `True`, pytest will attempt to identify modules that are part of [namespace packages](https://packaging.python.org/en/latest/guides/packaging-namespace-packages) when importing modules.
- [#11653](https://togithub.com/pytest-dev/pytest/issues/11653): Added the new `verbosity_test_cases`{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity.
See `Fine-grained verbosity `{.interpreted-text role="ref"} for more details.
## Improvements
- [#10865](https://togithub.com/pytest-dev/pytest/issues/10865): `pytest.warns`{.interpreted-text role="func"} now validates that `warnings.warn`{.interpreted-text role="func"} was called with a \[str]{.title-ref} or a \[Warning]{.title-ref}.
Currently in Python it is possible to use other types, however this causes an exception when `warnings.filterwarnings`{.interpreted-text role="func"} is used to filter those warnings (see [CPython #103577](https://togithub.com/python/cpython/issues/103577) for a discussion).
While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.
- [#11311](https://togithub.com/pytest-dev/pytest/issues/11311): When using `--override-ini` for paths in invocations without a configuration file defined, the current working directory is used
as the relative directory.
Previoulsy this would raise an `AssertionError`{.interpreted-text role="class"}.
- [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): `--import-mode=importlib `{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :py`sys.path`{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.
This means that installed packages will be imported under their canonical name if possible first, for example `app.core.models`, instead of having the module name always be derived from their path (for example `.env310.lib.site_packages.app.core.models`).
- [#11801](https://togithub.com/pytest-dev/pytest/issues/11801): Added the `iter_parents() <_pytest.nodes.Node.iter_parents>`{.interpreted-text role="func"} helper method on nodes.
It is similar to `listchain <_pytest.nodes.Node.listchain>`{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.
- [#11850](https://togithub.com/pytest-dev/pytest/issues/11850): Added support for `sys.last_exc`{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.
- [#11962](https://togithub.com/pytest-dev/pytest/issues/11962): In case no other suitable candidates for configuration file are found, a `pyproject.toml` (even without a `[tool.pytest.ini_options]` table) will be considered as the configuration file and define the `rootdir`.
- [#11978](https://togithub.com/pytest-dev/pytest/issues/11978): Add `--log-file-mode` option to the logging plugin, enabling appending to log-files. This option accepts either `"w"` or `"a"` and defaults to `"w"`.
Previously, the mode was hard-coded to be `"w"` which truncates the file before logging.
- [#12047](https://togithub.com/pytest-dev/pytest/issues/12047): When multiple finalizers of a fixture raise an exception, now all exceptions are reported as an exception group.
Previously, only the first exception was reported.
## Bug Fixes
- [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): Fixed regression where `--importmode=importlib` would import non-test modules more than once.
- [#11904](https://togithub.com/pytest-dev/pytest/issues/11904): Fixed a regression in pytest 8.0.0 that would cause test collection to fail due to permission errors when using `--pyargs`.
This change improves the collection tree for tests specified using `--pyargs`, see `12043`{.interpreted-text role="pull"} for a comparison with pytest 8.0 and <8.
- [#12011](https://togithub.com/pytest-dev/pytest/issues/12011): Fixed a regression in 8.0.1 whereby `setup_module` xunit-style fixtures are not executed when `--doctest-modules` is passed.
- [#12014](https://togithub.com/pytest-dev/pytest/issues/12014): Fix the `stacklevel` used when warning about marks used on fixtures.
- [#12039](https://togithub.com/pytest-dev/pytest/issues/12039): Fixed a regression in `8.0.2` where tests created using `tmp_path`{.interpreted-text role="fixture"} have been collected multiple times in CI under Windows.
## Improved Documentation
- [#11790](https://togithub.com/pytest-dev/pytest/issues/11790): Documented the retention of temporary directories created using the `tmp_path` fixture in more detail.
## Trivial/Internal Changes
- [#11785](https://togithub.com/pytest-dev/pytest/issues/11785): Some changes were made to private functions which may affect plugins which access them:
- `FixtureManager._getautousenames()` now takes a `Node` itself instead of the nodeid.
- `FixtureManager.getfixturedefs()` now takes the `Node` itself instead of the nodeid.
- The `_pytest.nodes.iterparentnodeids()` function is removed without replacement.
Prefer to traverse the node hierarchy itself instead.
If you really need to, copy the function from the previous pytest release.
- [#12069](https://togithub.com/pytest-dev/pytest/issues/12069): Delayed the deprecation of the following features to `9.0.0`:
- `node-ctor-fspath-deprecation`{.interpreted-text role="ref"}.
- `legacy-path-hooks-deprecated`{.interpreted-text role="ref"}.
It was discovered after `8.1.0` was released that the warnings about the impeding removal were not being displayed, so the team decided to revert the removal.
This is the reason for `8.1.0` being yanked.
# pytest 8.1.0 (YANKED)
::: {.note}
::: {.title}
Note
:::
This release has been **yanked**: it broke some plugins without the proper warning period, due to
some warnings not showing up as expected.
See [#12069](https://togithub.com/pytest-dev/pytest/issues/12069).
:::
mozilla-services/python-dockerflow (sandbox/dockerflow)
### [`v2024.3.0`](https://togithub.com/mozilla-services/python-dockerflow/releases/tag/2024.3.0)
[Compare Source](https://togithub.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0)
#### What's Changed
**New features**
- Add optional querystring logging to MozLog `"request.summary"` by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/97](https://togithub.com/mozilla-services/python-dockerflow/pull/97)
- Configurable status for failed heartbeat by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/98](https://togithub.com/mozilla-services/python-dockerflow/pull/98)
- Support of request correlation id [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/100](https://togithub.com/mozilla-services/python-dockerflow/pull/100) and [https://github.com/mozilla-services/python-dockerflow/pull/101](https://togithub.com/mozilla-services/python-dockerflow/pull/101)
- Fix docs about heartbeat status on warnings (200, not 5XX) by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/99](https://togithub.com/mozilla-services/python-dockerflow/pull/99)
**Internal Changes**
- Use `ruff` instead of flake8 and black by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/96](https://togithub.com/mozilla-services/python-dockerflow/pull/96)
- Github Action status for each tox combination by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/102](https://togithub.com/mozilla-services/python-dockerflow/pull/102)
**Full Changelog**: https://github.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0
getsentry/sentry-python (sandbox/sentry-sdk)
### [`v1.41.0`](https://togithub.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#1410)
[Compare Source](https://togithub.com/getsentry/sentry-python/compare/1.40.6...1.41.0)
##### Various fixes & improvements
- Add recursive scrubbing to `EventScrubber` ([#2755](https://togithub.com/getsentry/sentry-python/issues/2755)) by [@Cheapshot003](https://togithub.com/Cheapshot003)
By default, the `EventScrubber` will not search your events for potential
PII recursively. With this release, you can enable this behavior with:
```python
import sentry_sdk
from sentry_sdk.scrubber import EventScrubber
sentry_sdk.init(
```
### ...your usual settings...
event_scrubber=EventScrubber(recursive=True),
)
````
- Expose `socket_options` (#2786) by @sentrivana
If the SDK is experiencing connection issues (connection resets, server
closing connection without response, etc.) while sending events to Sentry,
tweaking the default `urllib3` socket options to the following can help:
```python
import socket
from urllib3.connection import HTTPConnection
import sentry_sdk
sentry_sdk.init(
### ...your usual settings...
socket_options=HTTPConnection.default_socket_options + [
(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1),
### note: skip the following line if you're on MacOS since TCP_KEEPIDLE doesn't exist there
(socket.SOL_TCP, socket.TCP_KEEPIDLE, 45),
(socket.SOL_TCP, socket.TCP_KEEPINTVL, 10),
(socket.SOL_TCP, socket.TCP_KEEPCNT, 6),
],
)
````
- Allow to configure merge target for releases ([#2777](https://togithub.com/getsentry/sentry-python/issues/2777)) by [@sentrivana](https://togithub.com/sentrivana)
- Allow empty character in metric tags values ([#2775](https://togithub.com/getsentry/sentry-python/issues/2775)) by [@viglia](https://togithub.com/viglia)
- Replace invalid tag values with an empty string instead of \_ ([#2773](https://togithub.com/getsentry/sentry-python/issues/2773)) by [@markushi](https://togithub.com/markushi)
- Add documentation comment to `scrub_list` ([#2769](https://togithub.com/getsentry/sentry-python/issues/2769)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex)
- Fixed regex to parse version in lambda package file ([#2767](https://togithub.com/getsentry/sentry-python/issues/2767)) by [@antonpirker](https://togithub.com/antonpirker)
- xfail broken AWS Lambda tests for now ([#2794](https://togithub.com/getsentry/sentry-python/issues/2794)) by [@sentrivana](https://togithub.com/sentrivana)
- Removed print statements because it messes with the tests ([#2789](https://togithub.com/getsentry/sentry-python/issues/2789)) by [@antonpirker](https://togithub.com/antonpirker)
- Bump `types-protobuf` from 4.24.0.20240129 to 4.24.0.20240302 ([#2782](https://togithub.com/getsentry/sentry-python/issues/2782)) by [@dependabot](https://togithub.com/dependabot)
- Bump `checkouts/data-schemas` from `eb941c2` to `ed078ed` ([#2781](https://togithub.com/getsentry/sentry-python/issues/2781)) by [@dependabot](https://togithub.com/dependabot)
Configuration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==1.7.7
->==1.7.8
==8.22.1
->==8.22.2
==8.1.0
->==8.1.1
==2024.2.0
->==2024.3.0
==1.40.6
->==1.41.0
Release Notes
PyCQA/bandit (dev/bandit)
### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://togithub.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://togithub.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://togithub.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://togithub.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8ipython/ipython (dev/ipython)
### [`v8.22.2`](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2) [Compare Source](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2)pytest-dev/pytest (dev/pytest)
### [`v8.1.1`](https://togithub.com/pytest-dev/pytest/releases/tag/8.1.1) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/8.1.0...8.1.1) # pytest 8.1.1 (2024-03-08) ::: {.note} ::: {.title} Note ::: This release is not a usual bug fix release -- it contains features and improvements, being a follow up to `8.1.0`, which has been yanked from PyPI. ::: ## Features - [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): Added the new `consider_namespace_packages`{.interpreted-text role="confval"} configuration option, defaulting to `False`. If set to `True`, pytest will attempt to identify modules that are part of [namespace packages](https://packaging.python.org/en/latest/guides/packaging-namespace-packages) when importing modules. - [#11653](https://togithub.com/pytest-dev/pytest/issues/11653): Added the new `verbosity_test_cases`{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity. See `Fine-grained verbositymozilla-services/python-dockerflow (sandbox/dockerflow)
### [`v2024.3.0`](https://togithub.com/mozilla-services/python-dockerflow/releases/tag/2024.3.0) [Compare Source](https://togithub.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0) #### What's Changed **New features** - Add optional querystring logging to MozLog `"request.summary"` by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/97](https://togithub.com/mozilla-services/python-dockerflow/pull/97) - Configurable status for failed heartbeat by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/98](https://togithub.com/mozilla-services/python-dockerflow/pull/98) - Support of request correlation id [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/100](https://togithub.com/mozilla-services/python-dockerflow/pull/100) and [https://github.com/mozilla-services/python-dockerflow/pull/101](https://togithub.com/mozilla-services/python-dockerflow/pull/101) - Fix docs about heartbeat status on warnings (200, not 5XX) by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/99](https://togithub.com/mozilla-services/python-dockerflow/pull/99) **Internal Changes** - Use `ruff` instead of flake8 and black by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/96](https://togithub.com/mozilla-services/python-dockerflow/pull/96) - Github Action status for each tox combination by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/102](https://togithub.com/mozilla-services/python-dockerflow/pull/102) **Full Changelog**: https://github.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0getsentry/sentry-python (sandbox/sentry-sdk)
### [`v1.41.0`](https://togithub.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#1410) [Compare Source](https://togithub.com/getsentry/sentry-python/compare/1.40.6...1.41.0) ##### Various fixes & improvements - Add recursive scrubbing to `EventScrubber` ([#2755](https://togithub.com/getsentry/sentry-python/issues/2755)) by [@Cheapshot003](https://togithub.com/Cheapshot003) By default, the `EventScrubber` will not search your events for potential PII recursively. With this release, you can enable this behavior with: ```python import sentry_sdk from sentry_sdk.scrubber import EventScrubber sentry_sdk.init( ``` ### ...your usual settings... event_scrubber=EventScrubber(recursive=True), ) ```` - Expose `socket_options` (#2786) by @sentrivana If the SDK is experiencing connection issues (connection resets, server closing connection without response, etc.) while sending events to Sentry, tweaking the default `urllib3` socket options to the following can help: ```python import socket from urllib3.connection import HTTPConnection import sentry_sdk sentry_sdk.init( ### ...your usual settings... socket_options=HTTPConnection.default_socket_options + [ (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1), ### note: skip the following line if you're on MacOS since TCP_KEEPIDLE doesn't exist there (socket.SOL_TCP, socket.TCP_KEEPIDLE, 45), (socket.SOL_TCP, socket.TCP_KEEPINTVL, 10), (socket.SOL_TCP, socket.TCP_KEEPCNT, 6), ], ) ```` - Allow to configure merge target for releases ([#2777](https://togithub.com/getsentry/sentry-python/issues/2777)) by [@sentrivana](https://togithub.com/sentrivana) - Allow empty character in metric tags values ([#2775](https://togithub.com/getsentry/sentry-python/issues/2775)) by [@viglia](https://togithub.com/viglia) - Replace invalid tag values with an empty string instead of \_ ([#2773](https://togithub.com/getsentry/sentry-python/issues/2773)) by [@markushi](https://togithub.com/markushi) - Add documentation comment to `scrub_list` ([#2769](https://togithub.com/getsentry/sentry-python/issues/2769)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - Fixed regex to parse version in lambda package file ([#2767](https://togithub.com/getsentry/sentry-python/issues/2767)) by [@antonpirker](https://togithub.com/antonpirker) - xfail broken AWS Lambda tests for now ([#2794](https://togithub.com/getsentry/sentry-python/issues/2794)) by [@sentrivana](https://togithub.com/sentrivana) - Removed print statements because it messes with the tests ([#2789](https://togithub.com/getsentry/sentry-python/issues/2789)) by [@antonpirker](https://togithub.com/antonpirker) - Bump `types-protobuf` from 4.24.0.20240129 to 4.24.0.20240302 ([#2782](https://togithub.com/getsentry/sentry-python/issues/2782)) by [@dependabot](https://togithub.com/dependabot) - Bump `checkouts/data-schemas` from `eb941c2` to `ed078ed` ([#2781](https://togithub.com/getsentry/sentry-python/issues/2781)) by [@dependabot](https://togithub.com/dependabot)Configuration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.