Update CI dependencies (minor) #504

renovate · 2024-04-01T15:46:50Z

This PR contains the following updates:

Package	Type	Update	Change
PyCQA/autoflake	repository	minor	`v2.2.1` -> `v2.3.1`
poetry (source, changelog)		minor	`1.7.1` -> `1.8.2`
poetry (source, changelog)		minor	`==1.7.1` -> `==1.8.2`
poetry-plugin-export (source)		minor	`==1.6.0` -> `==1.7.1`
pre-commit		minor	`==3.6.2` -> `==3.7.0`
psf/black	repository	minor	`24.1.1` -> `24.3.0`
python-jsonschema/check-jsonschema	repository	minor	`0.27.4` -> `0.28.1`
shellcheck-py/shellcheck-py	repository	minor	`v0.9.0.6` -> `v0.10.0.1`

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

PyCQA/autoflake (PyCQA/autoflake)

python-poetry/poetry (poetry)

`v1.8.2`

Compare Source

Fixed

Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#9051).
Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#9082).
Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#9084).
Improve lazy-wheel to allow redirects for HEAD requests (#9087).
Improve debug logging for lazy-wheel errors (#9059).
Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#9048).
Fix an issue where poetry add failed in non-package mode if no project name was set (#9046).
Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#9073).

`v1.8.1`

Compare Source

Fixed

Update the minimum required version of packaging (#9031).
Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#9030).

Docs

Rename master branch to main (#9022).

`v1.8.0`

Compare Source

Added

Add a non-package mode for use cases where Poetry is only used for dependency management (#8650).
Add support for PEP 658 to fetch metadata without having to download wheels (#5509).
Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#8815,
#8941).
Improve performance of dependency resolution by using shallow copies instead of deep copies (#8671).
poetry check validates that no unknown sources are referenced in dependencies (#8709).
Add archive validation during installation for further hash algorithms (#8851).
Add a to key in tool.poetry.packages to allow custom subpackage names (#8791).
Add a config option to disable keyring (#8910).
Add a --sync option to poetry update (#8931).
Add an --output option to poetry build (#8828).
Add a --dist-dir option to poetry publish (#8828).

Changed

The implicit PyPI source is disabled if at least one primary source is configured (#8771).
Deprecate source priority default (#8771).
Upgrade the warning about an inconsistent lockfile to an error (#8737).
Deprecate setting installer.modern-installation to false (#8988).
Drop support for pip<19 (#8894).
Require requests-toolbelt>=1 (#8680).
Allow platformdirs 4.x (#8668).
Allow and require xattr 1.x on macOS (#8801).
Improve venv shell activation in fish (#8804).
Rename system to base in output of poetry env info (#8832).
Use pretty name in output of poetry version (#8849).
Improve error handling for invalid entries in tool.poetry.scripts (#8898).
Improve verbose output for dependencies with extras during dependency resolution (#8834).
Improve message about an outdated lockfile (#8962).

Fixed

Fix an issue where poetry shell failed when Python has been installed with MSYS2 (#8644).
Fix an issue where Poetry commands failed in a terminal with a non-UTF-8 encoding (#8608).
Fix an issue where a missing project name caused an incomprehensible error message (#8691).
Fix an issue where Poetry failed to install an sdist path dependency (#8682).
Fix an issue where poetry install failed because an unused extra was not available (#8548).
Fix an issue where poetry install --sync did not remove an unrequested extra (#8621).
Fix an issue where poetry init did not allow specific characters in the author field (#8779).
Fix an issue where Poetry could not download sdists from misconfigured servers (#8701).
Fix an issue where metadata of sdists that call CLI tools of their build requirements could not be determined (#8827).
Fix an issue where Poetry failed to use the currently activated environment (#8831).
Fix an issue where poetry shell failed in zsh if a space was in the venv path (#7245).
Fix an issue where scripts with extras could not be installed (#8900).
Fix an issue where explicit sources where not propagated correctly (#8835).
Fix an issue where debug prints where swallowed when using a build script (#8760).
Fix an issue where explicit sources of locked dependencies where not propagated correctly (#8948).
Fix an issue where Poetry's own environment was falsely identified as system environment (#8970).
Fix an issue where dependencies from a setup.py were ignored silently (#9000).
Fix an issue where environment variables for virtualenv.options were ignored (#9015).
Fix an issue where virtualenvs.options.no-pip and virtualenvs.options.no-setuptools were not normalized (#9015).

Docs

Replace deprecated --no-dev with --without dev in the FAQ (#8659).
Recommend poetry-check instead of the deprecated poetry-lock pre-commit hook (#8675).
Clarify the names of the environment variables to provide credentials for repositories (#8782).
Add note how to install several version of Poetry in parallel (#8814).
Improve description of poetry show --why (#8817).
Improve documentation of poetry update (#8706).
Add a warning about passing variables that may start with a hyphen via command line (#8850).
Mention that the virtual environment in which Poetry itself is installed should not be activated (#8833).
Add note about poetry run and externally managed environments (#8748).
Update FAQ entry about tox for tox 4.x (#8658).
Fix documentation for default format option for include and exclude value (#8852).
Add note about tox and configured credentials (#8888).
Add note and link how to install pipx (#8878).
Fix examples for poetry add with git dependencies over ssh (#8911).
Remove reference to deprecated scripts extras feature (#8903).
Change examples to prefer --only main instead of --without dev (#8921).
Mention that the develop attribute is a Poetry-specific feature and not propagated to other tools (#8971).
Fix examples for adding supplemental and secondary sources (#8953).
Add PyTorch example for explicit sources (#9006).

poetry-core (`1.9.0`)

Deprecate scripts that depend on extras (#690).
Add support for path dependencies that do not define a build system (#675).
Update list of supported licenses (#659,
#669,
#678,
#694).
Rework list of files included in build artifacts (#666).
Fix an issue where insignificant errors were printed if the working directory is not inside a git repository (#684).
Fix an issue where the project's directory was not recognized as git repository on Windows due to an encoding issue (#685).

python-poetry/poetry-plugin-export (poetry-plugin-export)

`v1.7.1`

Compare Source

Changed

Export --index-url before --extra-index-url to work around a pip bug (#270).

Fixed

Fix an issue where the source with the highest priority was exported with --index-url despite PyPI being among the sources (#270).

`v1.7.0`

Compare Source

Changed

Bump minimum required poetry version to 1.8.0 (#263).

Fixed

Fix an issue where all sources were exported with --extra-index-url even though PyPI was deactivated (#263).

pre-commit/pre-commit (pre-commit)

`v3.7.0`

Compare Source

==================

Features

Use a tty for docker and docker_image hooks when --color is specified.
- #3122 PR by @glehmann.

Fixes

Fix fail_fast for individual hooks stopping when previous hooks had failed.
- #3167 issue by @tp832944.
- #3168 PR by @asottile.

Updating

The per-hook behaviour of fail_fast was fixed. If you want the pre-3.7.0
behaviour, add fail_fast: true to all hooks before the last fail_fast
hook.

psf/black (psf/black)

`v24.3.0`

Compare Source

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)
Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (#4270)
Fix a bug where line-ranges exceeding the last code line would not work as expected
(#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
CVE-2024-21503.
(#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

`v24.2.0`

Compare Source

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses
(#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (#4198)
Fixed a bug where base expressions caused inconsistent formatting of ** in tenary
expression (#4154)
Checking for newline before adding one on docstring that is almost at the line limit
(#4185)
Remove redundant parentheses in case statement if guards (#4214).

Configuration

Fix issue where Black would ignore input files in the presence of symlinks (#4222)
Black now ignores pyproject.toml that is missing a tool.black section when
discovering project root and configuration. Since Black continues to use version
control as an indicator of project root, this is expected to primarily change behavior
for users in a monorepo setup (desirably). If you wish to preserve previous behavior,
simply add an empty [tool.black] to the previously discovered pyproject.toml
(#4204)

Output

Black will swallow any SyntaxWarnings or DeprecationWarnings produced by the ast
module when performing equivalence checks (#4189)

Integrations

Add a JSONSchema and provide a validate-pyproject entry-point (#4181)

python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)

`v0.28.1`

Compare Source

Update vendored schemas: buildkite, cloudbuild, dependabot, github-actions,
github-workflows, gitlab-ci, renovate, woodpecker-ci (2024-03-31)

`v0.28.0`

Compare Source

Update vendored schemas: cloudbuild, dependabot, gitlab-ci, readthedocs,
renovate (2024-02-06)
Include built-in, efficient implementations of date-time format validation
(RFC 3339) and time format validation (ISO 8601). This makes the date-time
and time formats always available for validation. (:issue:378)
Support the use of orjson for faster JSON parsing when it is installed.
This makes it an optional parser which is preferred over the default
json module when it is available.
TOML parsing is now always available (rather than an optional parser).
This change adds a dependency on tomli on older Python versions, ensuring
that TOML formatted data is always supported. Users should no longer need
to install tomli manually in order to use TOML files.

shellcheck-py/shellcheck-py (shellcheck-py/shellcheck-py)

`v0.10.0.1`

Compare Source

Configuration

📅 Schedule: Branch creation - "after 5pm on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate bot added the dependencies Update the dependencies label Apr 1, 2024

renovate bot enabled auto-merge (rebase) April 1, 2024 15:46

github-actions bot approved these changes Apr 1, 2024

View reviewed changes

Update CI dependencies

6df54f7

renovate bot force-pushed the renovate/ci-dependencies branch from 85070e0 to 6df54f7 Compare April 1, 2024 19:15

renovate bot merged commit 67d0d75 into master Apr 1, 2024

renovate bot deleted the renovate/ci-dependencies branch April 1, 2024 19:35

geo-ghci-int bot added this to the 1.5.2 milestone Jun 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update CI dependencies (minor) #504

Update CI dependencies (minor) #504

Uh oh!

renovate bot commented Apr 1, 2024

Uh oh!

Uh oh!

Update CI dependencies (minor) #504

Update CI dependencies (minor) #504

Uh oh!

Conversation

renovate bot commented Apr 1, 2024

Release Notes

What's Changed

What's Changed

New Contributors

Fixed

Fixed

Docs

Added

Changed

Fixed

Docs

poetry-core (1.9.0)

Changed

Fixed

Changed

Fixed

Features

Fixes

Updating

Highlights

Stable style

Performance

Documentation

Stable style

Preview style

Configuration

Output

Integrations

Configuration

Uh oh!

Uh oh!

poetry-core (`1.9.0`)