Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the pip group with 7 updates #203

Merged
merged 3 commits into from
Dec 4, 2024
Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 4, 2024

Bumps the pip group with 7 updates:

Package From To
pytest 8.0.0 8.3.4
pytest-cov 5.0.0 6.0.0
pytest-mock 3.12.0 3.14.0
aiohttp 3.10.11 3.11.9
blurb 1.2.1 1.3.0
sigstore 1.1.2 3.5.3
mypy 1.10 1.13.0

Updates pytest from 8.0.0 to 8.3.4

Release notes

Sourced from pytest's releases.

8.3.4

pytest 8.3.4 (2024-12-01)

Bug fixes

  • #12592: Fixed KeyError{.interpreted-text role="class"} crash when using --import-mode=importlib in a directory layout where a directory contains a child directory with the same name.

  • #12818: Assertion rewriting now preserves the source ranges of the original instructions, making it play well with tools that deal with the AST, like executing.

  • #12849: ANSI escape codes for colored output now handled correctly in pytest.fail{.interpreted-text role="func"} with [pytrace=False]{.title-ref}.

  • #9353: pytest.approx{.interpreted-text role="func"} now uses strict equality when given booleans.

Improved documentation

  • #10558: Fix ambiguous docstring of pytest.Config.getoption{.interpreted-text role="func"}.

  • #10829: Improve documentation on the current handling of the --basetemp option and its lack of retention functionality (temporary directory location and retention{.interpreted-text role="ref"}).

  • #12866: Improved cross-references concerning the recwarn{.interpreted-text role="fixture"} fixture.

  • #12966: Clarify filterwarnings{.interpreted-text role="ref"} docs on filter precedence/order when using multiple @pytest.mark.filterwarnings <pytest.mark.filterwarnings ref>{.interpreted-text role="ref"} marks.

Contributor-facing changes

  • #12497: Fixed two failing pdb-related tests on Python 3.13.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

  • #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

  • #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

... (truncated)

Commits
  • 53f8b4e Update pypa/gh-action-pypi-publish to v1.12.2
  • 98dff36 Prepare release version 8.3.4
  • 1b474e2 approx: use exact comparison for bool (#13013)
  • b541721 docs: Fix wrong statement about sys.modules with importlib import mode (#1298...
  • 16cb87b pytest.fail: fix ANSI escape codes for colored output (#12959) (#12990)
  • be6bc81 Issue #12966 Clarify filterwarnings docs on precedence when using multiple ma...
  • 7aeb72b Improve docs on basetemp and retention (#12912) (#12928)
  • c875841 Merge pull request #12917 from pytest-dev/patchback/backports/8.3.x/ded1f44e5...
  • 6502816 Merge pull request #12913 from jakkdl/dontfailonbadpath
  • 52135b0 Merge pull request #12885 from The-Compiler/pdb-py311 (#12887)
  • Additional commits viewable in compare view

Updates pytest-cov from 5.0.0 to 6.0.0

Changelog

Sourced from pytest-cov's changelog.

6.0.0 (2024-10-29)

  • Updated various documentation inaccuracies, especially on subprocess handling.
  • Changed fail under checks to use the precision set in the coverage configuration. Now it will perform the check just like coverage report would.
  • Added a --cov-precision cli option that can override the value set in your coverage configuration.
  • Dropped support for now EOL Python 3.8.
Commits
  • 9540437 Bump version: 5.0.0 → 6.0.0
  • 9f81754 Further trim down envs and drop Python 3.8.
  • b12b5ec Update conf.
  • 23f4b27 Update changelog.
  • 291a04f Bump test deps and trim config.
  • 08f1101 Add --cov-precision option. Close #655.
  • 76fe2a7 Move the warnings/errors in a place that doesn't import anything.
  • a9ea7b7 Implement error/warning for the bad dynamic_context being set in config.
  • c299e01 Add explicit suffixing to make it easier to see the identify the sources/usag...
  • c87e546 Add reproducer for weird xdist dynamic_context interaction. Ref #604.
  • Additional commits viewable in compare view

Updates pytest-mock from 3.12.0 to 3.14.0

Release notes

Sourced from pytest-mock's releases.

v3.14.0

  • #415: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.
  • #420: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

v3.13.0

  • #417: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
  • pytest-mock now requires pytest>=6.2.5.
  • #410: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly for alternatives.
Changelog

Sourced from pytest-mock's changelog.

3.14.0 (2024-03-21)

  • [#415](https://github.com/pytest-dev/pytest-mock/issues/415) <https://github.com/pytest-dev/pytest-mock/pull/415>_: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes.

  • [#420](https://github.com/pytest-dev/pytest-mock/issues/420) <https://github.com/pytest-dev/pytest-mock/issues/420>_: Fixed a regression which would cause mocker.patch.object to not being properly cleared between tests.

3.13.0 (2024-03-21)

  • [#417](https://github.com/pytest-dev/pytest-mock/issues/417) <https://github.com/pytest-dev/pytest-mock/pull/417>_: spy now has spy_return_list, which is a list containing all the values returned by the spied function.
  • pytest-mock now requires pytest>=6.2.5.
  • [#410](https://github.com/pytest-dev/pytest-mock/issues/410) <https://github.com/pytest-dev/pytest-mock/pull/410>: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary> for alternatives.
Commits
  • 8733134 Update CHANGELOG for 3.14.0
  • 5257e3c Refactor MockCache to have a narrow interface
  • 4faf92a Fix regression with mocker.patch not being undone correctly
  • 6bd8712 Drop pre-Python 3.8 support code
  • 366966b Export MockType/AsyncMockType for type annotations (#415)
  • 852116b Merge pull request #418 from pytest-dev/release-3.13.0
  • ef9461b Add instructions on how to start deploy from command-line
  • 5b9d285 Release 3.13.0
  • 6d5d6dc Implement spy_return_list (#417)
  • dc28a0e [pre-commit.ci] pre-commit autoupdate (#416)
  • Additional commits viewable in compare view

Updates aiohttp from 3.10.11 to 3.11.9

Release notes

Sourced from aiohttp's releases.

3.11.9

Bug fixes

  • Fixed invalid method logging unexpected being logged at exception level on subsequent connections -- by :user:bdraco.

    Related issues and pull requests on GitHub: #10055, #10076.

Miscellaneous internal changes

  • Improved performance of parsing headers when using the C parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: #10073.


3.11.8

Miscellaneous internal changes

  • Improved performance of creating :class:aiohttp.ClientResponse objects when there are no cookies -- by :user:bdraco.

    Related issues and pull requests on GitHub: #10029.

  • Improved performance of creating :class:aiohttp.ClientResponse objects -- by :user:bdraco.

    Related issues and pull requests on GitHub: #10030.

  • Improved performances of creating objects during the HTTP request lifecycle -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.11.9 (2024-12-01)

Bug fixes

  • Fixed invalid method logging unexpected being logged at exception level on subsequent connections -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:10055, :issue:10076.

Miscellaneous internal changes

  • Improved performance of parsing headers when using the C parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:10073.


3.11.8 (2024-11-27)

Miscellaneous internal changes

  • Improved performance of creating :class:aiohttp.ClientResponse objects when there are no cookies -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:10029.

  • Improved performance of creating :class:aiohttp.ClientResponse objects -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:10030.

... (truncated)

Commits
  • 79561a6 Release 3.11.9 (#10085)
  • 9df00a1 [PR #10073/349b7565 backport][3.11] Improve performance of parsing headers (#...
  • da9210b [PR #10076/fad44f6b backport][3.11] Fix request count check for BadHttpMethod...
  • 8b08c9e [PR #10078/0d6a83e backport][3.11] Bump yarl to 1.18.3 (#10079)
  • a37c4f2 Increment version to 3.11.9.dev0 (#10069)
  • 5ddf720 Release 3.11.8 (#10066)
  • 13152c3 [PR #10055/c11fe96 backport][3.11] Downgrade logging of invalid HTTP methods ...
  • 1b78cae [PR #10059/aac6f741 backport][3.11] Combine executor jobs in FileResponse sen...
  • a5a6981 [PR #10058/12372d7 backport][3.11] Remove unreachable content length check fo...
  • 7e628f4 [PR #8699/11f0e7f backport][3.11] Reduce code indent in ResponseHandler.data_...
  • Additional commits viewable in compare view

Updates blurb from 1.2.1 to 1.3.0

Release notes

Sourced from blurb's releases.

v1.3.0

What's Changed

Full Changelog: python/blurb@v1.2.1...v1.3.0

Changelog

Sourced from blurb's changelog.

1.3.0

Commits
  • a0829f7 Update changelog for 1.3.0 (#31)
  • 350fb26 Update changelog for 1.3.0
  • bdcbac2 Generate __version__ at build to avoid slow importlib.metadata import (#30)
  • a95b471 Add version subcommand (#29)
  • 1f87664 Test version()
  • 56bba41 Apply suggestions from code review
  • a6aefbf Generate version at build to avoid slow importlib.metadata import
  • ffafdfc Allow running blurb test from blurb-* directories (#24)
  • 97049c2 Add version subcommand
  • 832ff64 Generate digital attestations for PyPI (PEP 740) (#28)
  • Additional commits viewable in compare view

Updates sigstore from 1.1.2 to 3.5.3

Release notes

Sourced from sigstore's releases.

v3.5.3

Fixed

  • Corrective release for [3.5.2]

v3.5.2

Fixed

  • Pinned cryptography dependency strictly to prevent future breakage

v3.5.1

Fixed

  • Fixed a CLI parsing bug introduced in 3.5.0 when attempting to suppress irrelevant warnings (#1192)

v3.5.0

Added

  • CLI: The sigstore plumbing update-trust-root command has been added. Like other plumbing-level commands, this is considered unstable and changes are not subject to our semver policy until explicitly noted (#1174)

Fixed

  • CLI: Fixed an incorrect warning when verifying detached .crt/.sig inputs (#1179)

v3.4.0

Changed

  • CLI: When verifying, the --offline flag now fully disables all online operations, including routine local TUF repository refreshes (#1143)

  • sigstore-python's minimum supported Python version is now 3.9

Fixed

  • CLI: The sigstore verify subcommands now always check for a matching input file, rather than unconditionally falling back to matching on a valid sha256:... digest pattern (#1152)

v3.3.0

Added

  • CLI: The sigstore verify command now outputs the inner in-toto statement

... (truncated)

Changelog

Sourced from sigstore's changelog.

[3.5.3]

Fixed

  • Corrective release for [3.5.2]

[3.5.2]

Fixed

  • Pinned cryptography dependency strictly to prevent future breakage

[3.5.1]

Fixed

  • Fixed a CLI parsing bug introduced in 3.5.0 when attempting to suppress irrelevant warnings (#1192)

[3.5.0]

Added

  • CLI: The sigstore plumbing update-trust-root command has been added. Like other plumbing-level commands, this is considered unstable and changes are not subject to our semver policy until explicitly noted (#1174)

Fixed

  • CLI: Fixed an incorrect warning when verifying detached .crt/.sig inputs (#1179)

[3.4.0]

Changed

  • CLI: When verifying, the --offline flag now fully disables all online operations, including routine local TUF repository refreshes (#1143)

  • sigstore-python's minimum supported Python version is now 3.9

Fixed

  • CLI: The sigstore verify subcommands now always check for a matching input file, rather than unconditionally falling back to matching on a valid sha256:... digest pattern (#1152)

... (truncated)

Commits
  • 87ff7f1 prep 3.5.3
  • 276ed3d CHANGELOG: prep 3.5.2
  • c5d4701 pyproject: constrain cryptography < 44
  • 0ac33ee sigstore: prep 3.5.1 (#1193)
  • 33951a5 _cli: fix warning check (#1192)
  • f403812 README: bump tag for gh-action-sigstore-python (#1191)
  • 8a94b6b build(deps): bump actions/setup-python from 5.2.0 to 5.3.0 in the actions gro...
  • e56830e build(deps): update ruff requirement from <0.7.1 to <0.7.2 (#1189)
  • 68a7497 Prep 3.5.0 (#1184)
  • 4de8bd7 build(deps): bump actions/checkout from 4.2.1 to 4.2.2 in the actions group (...
  • Additional commits viewable in compare view

Updates mypy from 1.10 to 1.13.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Change to enum membership semantics

As per the updated typing specification for enums, enum members must be left unannotated.

class Pet(Enum):
    CAT = 1  # Member attribute
    DOG = 2  # Member attribute
    WOLF: int = 3  # New error: Enum members must be left unannotated
species: str  # Considered a non-member attribute

In particular, the specification change can result in issues in type stubs (.pyi files), since historically it was common to leave the value absent:

# In a type stub (.pyi file)
class Pet(Enum):
# Change in semantics: previously considered members, now non-member attributes
CAT: int
DOG: int
# Mypy will now issue a warning if it detects this situation in type stubs:
# &gt; Detected enum &quot;Pet&quot; in a type stub with zero members.
# &gt; There is a chance this is due to a recent change in the semantics of enum membership.
# &gt; If so, use `member = value` to mark an enum member, instead of `member: type`

class Pet(Enum):
# As per the specification, you should now do one of the following:
DOG = 1  # Member attribute with value 1 and known type
WOLF = cast(int, ...)  # Member attribute with unknown value but known type
LION = ...  # Member attribute with unknown value and unknown type

Contributed by Terence Honles in PR 17207 and Shantanu Jain in PR 18068.

Mypy 1.13

We’ve just uploaded mypy 1.13 to the Python Package Index (PyPI). Mypy is a static type checker for Python. You can install it as follows:

python3 -m pip install -U mypy

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the pip group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [pytest](https://github.com/pytest-dev/pytest) | `8.0.0` | `8.3.4` |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `5.0.0` | `6.0.0` |
| [pytest-mock](https://github.com/pytest-dev/pytest-mock) | `3.12.0` | `3.14.0` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.10.11` | `3.11.9` |
| [blurb](https://github.com/python/blurb) | `1.2.1` | `1.3.0` |
| [sigstore](https://github.com/sigstore/sigstore-python) | `1.1.2` | `3.5.3` |
| [mypy](https://github.com/python/mypy) | `1.10` | `1.13.0` |


Updates `pytest` from 8.0.0 to 8.3.4
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.0.0...8.3.4)

Updates `pytest-cov` from 5.0.0 to 6.0.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v5.0.0...v6.0.0)

Updates `pytest-mock` from 3.12.0 to 3.14.0
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-mock@v3.12.0...v3.14.0)

Updates `aiohttp` from 3.10.11 to 3.11.9
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.10.11...v3.11.9)

Updates `blurb` from 1.2.1 to 1.3.0
- [Release notes](https://github.com/python/blurb/releases)
- [Changelog](https://github.com/python/blurb/blob/main/CHANGELOG.md)
- [Commits](python/blurb@v1.2.1...v1.3.0)

Updates `sigstore` from 1.1.2 to 3.5.3
- [Release notes](https://github.com/sigstore/sigstore-python/releases)
- [Changelog](https://github.com/sigstore/sigstore-python/blob/main/CHANGELOG.md)
- [Commits](sigstore/sigstore-python@v1.1.2...v3.5.3)

Updates `mypy` from 1.10 to 1.13.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.10.0...v1.13.0)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: pytest-cov
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: pip
- dependency-name: pytest-mock
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: blurb
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: sigstore
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pip
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 4, 2024
requirements.txt Outdated Show resolved Hide resolved
@@ -134,8 +131,8 @@ bcrypt==4.0.1 \
betterproto==2.0.0b6 \
--hash=sha256:a0839ec165d110a69d0d116f4d0e2bec8d186af4db826257931f0831dab73fcf
# via sigstore-protobuf-specs
blurb==1.2.1 \
--hash=sha256:71e3adfc9425bc0f3a2d88dde05a9975391044bde000a67395758001ff3a19b5
blurb==1.3.0 \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reviewed this dependency, LGTM.

@sethmlarson sethmlarson merged commit b37e7f7 into master Dec 4, 2024
17 checks passed
@sethmlarson sethmlarson deleted the dependabot/pip/pip-590e953839 branch December 4, 2024 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants