Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.1 to 0.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.7.0</h2>
<h2>Release Notes</h2>
<p>Check out the <a href="https://astral.sh/blog/ruff-v0.7.0">blog
post</a> for a migration guide and overview of the changes!</p>
<h3>Breaking changes</h3>
<ul>
<li>The pytest rules <code>PT001</code> and <code>PT023</code> now
default to omitting the decorator parentheses when there are no
arguments
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/12838">#12838</a>,
<a
href="https://redirect.github.com/astral-sh/ruff/pull/13292">#13292</a>).
This was a change that we attempted to make in Ruff v0.6.0, but only
partially made due to an error on our part.
See the <a href="https://astral.sh/blog/ruff-v0.7.0">blog post</a> for
more details.</li>
<li>The <code>useless-try-except</code> rule (in our
<code>tryceratops</code> category) has been recoded from
<code>TRY302</code> to
<code>TRY203</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13502">#13502</a>).
This ensures Ruff's code is consistent with
the same rule in the <a
href="https://github.com/guilatrova/tryceratops"><code>tryceratops</code></a>
linter.</li>
<li>The <code>lint.allow-unused-imports</code> setting has been removed
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/13677">#13677</a>).
Use
<a
href="https://docs.astral.sh/ruff/settings/#lint_pyflakes_allowed-unused-imports"><code>lint.pyflakes.allow-unused-imports</code></a>
instead.</li>
</ul>
<h3>Formatter preview style</h3>
<ul>
<li>Normalize implicit concatenated f-string quotes per part (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13539">#13539</a>)</li>
</ul>
<h3>Preview linter features</h3>
<ul>
<li>[<code>refurb</code>] implement
<code>hardcoded-string-charset</code> (FURB156) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13530">#13530</a>)</li>
<li>[<code>refurb</code>] Count codepoints not bytes for
<code>slice-to-remove-prefix-or-suffix (FURB188)</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13631">#13631</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pylint</code>] Mark <code>PLE1141</code> fix as unsafe (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13629">#13629</a>)</li>
<li>[<code>flake8-async</code>] Consider async generators to be
"checkpoints" for <code>cancel-scope-no-checkpoint</code>
(<code>ASYNC100</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13639">#13639</a>)</li>
<li>[<code>flake8-bugbear</code>] Do not suggest setting parameter
<code>strict=</code> to <code>False</code> in <code>B905</code>
diagnostic message (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13656">#13656</a>)</li>
<li>[<code>flake8-todos</code>] Only flag the word "TODO", not
words starting with "todo" (<code>TD006</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13640">#13640</a>)</li>
<li>[<code>pycodestyle</code>] Fix whitespace-related false positives
and false negatives inside type-parameter lists (<code>E231</code>,
<code>E251</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13704">#13704</a>)</li>
<li>[<code>flake8-simplify</code>] Stabilize preview behavior for
<code>SIM115</code> so that the rule can detect files
being opened from a wider range of standard-library functions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/12959">#12959</a>).</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Add explanation of fixable in <code>--statistics</code> command (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13774">#13774</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pyflakes</code>] Allow <code>ipytest</code> cell magic
(<code>F401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13745">#13745</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Fix <code>PTH123</code> false
positive when <code>open</code> is passed a file descriptor (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13616">#13616</a>)</li>
<li>[<code>flake8-bandit</code>] Detect patterns from multi line SQL
statements (<code>S608</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13574">#13574</a>)</li>
<li>[<code>flake8-pyi</code>] - Fix dropped expressions in
<code>PYI030</code> autofix (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13727">#13727</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li><a
href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.7.0</h2>
<p>Check out the <a href="https://astral.sh/blog/ruff-v0.7.0">blog
post</a> for a migration guide and overview of the changes!</p>
<h3>Breaking changes</h3>
<ul>
<li>The pytest rules <code>PT001</code> and <code>PT023</code> now
default to omitting the decorator parentheses when there are no
arguments
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/12838">#12838</a>,
<a
href="https://redirect.github.com/astral-sh/ruff/pull/13292">#13292</a>).
This was a change that we attempted to make in Ruff v0.6.0, but only
partially made due to an error on our part.
See the <a href="https://astral.sh/blog/ruff-v0.7.0">blog post</a> for
more details.</li>
<li>The <code>useless-try-except</code> rule (in our
<code>tryceratops</code> category) has been recoded from
<code>TRY302</code> to
<code>TRY203</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13502">#13502</a>).
This ensures Ruff's code is consistent with
the same rule in the <a
href="https://github.com/guilatrova/tryceratops"><code>tryceratops</code></a>
linter.</li>
<li>The <code>lint.allow-unused-imports</code> setting has been removed
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/13677">#13677</a>).
Use
<a
href="https://docs.astral.sh/ruff/settings/#lint_pyflakes_allowed-unused-imports"><code>lint.pyflakes.allow-unused-imports</code></a>
instead.</li>
</ul>
<h3>Formatter preview style</h3>
<ul>
<li>Normalize implicit concatenated f-string quotes per part (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13539">#13539</a>)</li>
</ul>
<h3>Preview linter features</h3>
<ul>
<li>[<code>refurb</code>] implement
<code>hardcoded-string-charset</code> (FURB156) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13530">#13530</a>)</li>
<li>[<code>refurb</code>] Count codepoints not bytes for
<code>slice-to-remove-prefix-or-suffix (FURB188)</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13631">#13631</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pylint</code>] Mark <code>PLE1141</code> fix as unsafe (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13629">#13629</a>)</li>
<li>[<code>flake8-async</code>] Consider async generators to be
"checkpoints" for <code>cancel-scope-no-checkpoint</code>
(<code>ASYNC100</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13639">#13639</a>)</li>
<li>[<code>flake8-bugbear</code>] Do not suggest setting parameter
<code>strict=</code> to <code>False</code> in <code>B905</code>
diagnostic message (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13656">#13656</a>)</li>
<li>[<code>flake8-todos</code>] Only flag the word "TODO", not
words starting with "todo" (<code>TD006</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13640">#13640</a>)</li>
<li>[<code>pycodestyle</code>] Fix whitespace-related false positives
and false negatives inside type-parameter lists (<code>E231</code>,
<code>E251</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13704">#13704</a>)</li>
<li>[<code>flake8-simplify</code>] Stabilize preview behavior for
<code>SIM115</code> so that the rule can detect files
being opened from a wider range of standard-library functions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/12959">#12959</a>).</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Add explanation of fixable in <code>--statistics</code> command (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13774">#13774</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pyflakes</code>] Allow <code>ipytest</code> cell magic
(<code>F401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13745">#13745</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Fix <code>PTH123</code> false
positive when <code>open</code> is passed a file descriptor (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13616">#13616</a>)</li>
<li>[<code>flake8-bandit</code>] Detect patterns from multi line SQL
statements (<code>S608</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13574">#13574</a>)</li>
<li>[<code>flake8-pyi</code>] - Fix dropped expressions in
<code>PYI030</code> autofix (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13727">#13727</a>)</li>
</ul>
<h2>0.6.9</h2>
<h3>Preview features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e6de4e0c6"><code>5e6de4e</code></a>
Changelog for Ruff v0.7 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13794">#13794</a>)</li>
<li><a
href="70e5c4a8ba"><code>70e5c4a</code></a>
Recode <code>TRY302</code> to <code>TRY203</code> (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13502">#13502</a>)</li>
<li><a
href="9218d6bedc"><code>9218d6b</code></a>
Remove <code>allow-unused-imports</code> setting from the common lint
options (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13677">#13677</a>)</li>
<li><a
href="1b79ae9817"><code>1b79ae9</code></a>
[ruff-0.7] Stabilise the expansion of
<code>open-file-with-context-handler</code> to wor...</li>
<li><a
href="2b87587ac2"><code>2b87587</code></a>
[<code>flake8-pytest-style</code>] Fix defaults when
<code>lint.flake8-pytest-style</code> config s...</li>
<li><a
href="d1e15f6246"><code>d1e15f6</code></a>
Remove tab-size setting (<a
href="https://redirect.github.com/astral-sh/ruff/issues/12835">#12835</a>)</li>
<li><a
href="89a82158a1"><code>89a8215</code></a>
Remove error messages for removed CLI aliases (<a
href="https://redirect.github.com/astral-sh/ruff/issues/12833">#12833</a>)</li>
<li><a
href="202c6a6d75"><code>202c6a6</code></a>
Remove <code>output-format=text</code> setting (<a
href="https://redirect.github.com/astral-sh/ruff/issues/12836">#12836</a>)</li>
<li><a
href="5c3c0c4705"><code>5c3c0c4</code></a>
[red-knot] Inference for comparison of union types (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13781">#13781</a>)</li>
<li><a
href="6b7a738825"><code>6b7a738</code></a>
Add explanation of fixable in <code>--statistics</code> command (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13774">#13774</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.6.1...0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because:
- we need the .schema.json files in Desktop;
- they are not currently packaged into either the NPM or PyPI packages;
and
- the generated schemas do not include the custom validation logic
expressed by Pydantic validators
This commit:
- adds JSON schema validation via Pydantic's json_schema_extra hook to
give the JSON schemas validation parity with the Pydantic models and
existing JSON schemas in Desktop;
- generates the JSON schemas and commits them (in schemas/schemas);
- packages the produced schemas into the NPM package;
- packages the produced schemas into the PyPI package (but uncommitted,
since they are duplicates);
- revises the Makefile build steps for schema package generation; and
- bumps the schema package version.
Fixes#11518
Because
- last publish of schemas package to PyPI failed
- failure appears to be related to a bug documented in twine that was
fixed in the latest version
This commit
- upgrades to the latest 5.1.1 version
- bumps version of schemas so it will be published
Fixes#11331
Because
- the schemas package is used by a lot of data tooling
- the data tooling is starting to complain about schemas requiring
pydantic v1 due to other dependencies
- the pydantic-to-typescript package is outdated and does not support
pydantic v2
This commit
- updates the schemas package to v2
- changes the typescript generation to a script internal to experimenter
Fixes#11214
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.4
to 43.0.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>43.0.1 - 2024-09-03</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.3.2.
<p>.. _v43-0-0:</p>
<p>43.0.0 - 2024-07-20<br />
</code></pre></p>
<ul>
<li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for OpenSSL less
than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.</li>
<li><strong>BACKWARDS INCOMPATIBLE:</strong> Dropped support for
LibreSSL < 3.8.</li>
<li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.3.1.</li>
<li>Updated the minimum supported Rust version (MSRV) to 1.65.0, from
1.63.0.</li>
<li>:func:<code>~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key</code>
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is
still
considered insecure, users should generally use a key size of
2048-bits.</li>
<li>:func:<code>~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates</code>
now emits ASN.1 that more closely follows the recommendations in
:rfc:<code>2315</code>.</li>
<li>Added new :doc:<code>/hazmat/decrepit/index</code> module which
contains outdated and
insecure cryptographic primitives.
:class:<code>~cryptography.hazmat.primitives.ciphers.algorithms.CAST5</code>,
:class:<code>~cryptography.hazmat.primitives.ciphers.algorithms.SEED</code>,
:class:<code>~cryptography.hazmat.primitives.ciphers.algorithms.IDEA</code>,
and
:class:<code>~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish</code>,
which were
deprecated in 37.0.0, have been added to this module. They will be
removed
from the <code>cipher</code> module in 45.0.0.</li>
<li>Moved
:class:<code>~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES</code>
and
:class:<code>~cryptography.hazmat.primitives.ciphers.algorithms.ARC4</code>
into
:doc:<code>/hazmat/decrepit/index</code> and deprecated them in the
<code>cipher</code> module.
They will be removed from the <code>cipher</code> module in 48.0.0.</li>
<li>Added support for deterministic
:class:<code>~cryptography.hazmat.primitives.asymmetric.ec.ECDSA</code>
(:rfc:<code>6979</code>)</li>
<li>Added support for client certificate verification to the
:mod:<code>X.509 path validation
<cryptography.x509.verification></code> APIs in the
form of
:class:<code>~cryptography.x509.verification.ClientVerifier</code>,
:class:<code>~cryptography.x509.verification.VerifiedClient</code>, and
<code>PolicyBuilder</code>
:meth:<code>~cryptography.x509.verification.PolicyBuilder.build_client_verifier</code>.</li>
<li>Added Certificate
:attr:<code>~cryptography.x509.Certificate.public_key_algorithm_oid</code>
and Certificate Signing Request
:attr:<code>~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid</code>
to determine the
:class:<code>~cryptography.hazmat._oid.PublicKeyAlgorithmOID</code>
Object Identifier of the public key found inside the certificate.</li>
<li>Added
:attr:<code>~cryptography.x509.InvalidityDate.invalidity_date_utc</code>,
a
timezone-aware alternative to the naïve <code>datetime</code> attribute
:attr:<code>~cryptography.x509.InvalidityDate.invalidity_date</code>.</li>
<li>Added support for parsing empty DN string in</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a773387828"><code>a773387</code></a>
bump for 43.0.1 (<a
href="https://redirect.github.com/pyca/cryptography/issues/11533">#11533</a>)</li>
<li><a
href="0393fef575"><code>0393fef</code></a>
Backport setuptools version ban (<a
href="https://redirect.github.com/pyca/cryptography/issues/11526">#11526</a>)</li>
<li><a
href="6687bab97a"><code>6687bab</code></a>
Bump openssl from 0.10.65 to 0.10.66 in /src/rust (<a
href="https://redirect.github.com/pyca/cryptography/issues/11320">#11320</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/11324">#11324</a>)</li>
<li><a
href="ebf14f2edc"><code>ebf14f2</code></a>
bump for 43.0.0 and update changelog (<a
href="https://redirect.github.com/pyca/cryptography/issues/11311">#11311</a>)</li>
<li><a
href="42788a0353"><code>42788a0</code></a>
Fix exchange with keys that had Q automatically computed (<a
href="https://redirect.github.com/pyca/cryptography/issues/11309">#11309</a>)</li>
<li><a
href="2dbdfb8f39"><code>2dbdfb8</code></a>
don't assign unused name (<a
href="https://redirect.github.com/pyca/cryptography/issues/11310">#11310</a>)</li>
<li><a
href="ccc66e6cdf"><code>ccc66e6</code></a>
Bump openssl from 0.10.64 to 0.10.65 in /src/rust (<a
href="https://redirect.github.com/pyca/cryptography/issues/11308">#11308</a>)</li>
<li><a
href="4310c8727b"><code>4310c87</code></a>
Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (<a
href="https://redirect.github.com/pyca/cryptography/issues/11307">#11307</a>)</li>
<li><a
href="f66a9c4b4f"><code>f66a9c4</code></a>
Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (<a
href="https://redirect.github.com/pyca/cryptography/issues/11306">#11306</a>)</li>
<li><a
href="a8fcf18ee0"><code>a8fcf18</code></a>
Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (<a
href="https://redirect.github.com/pyca/cryptography/issues/11305">#11305</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/42.0.4...43.0.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- analysis tooling is using python 3.10
- schemas package is using 3.11
- analysis tooling relies on schemas package
This commit
- downgrades schemas package to bring them in sync on python 3.10
Fixes#11266
Bumps [black](https://github.com/psf/black) from 24.4.0 to 24.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>24.8.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix crash when <code># fmt: off</code> is used before a closing
parenthesis or bracket. (<a
href="https://redirect.github.com/psf/black/issues/4363">#4363</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Packaging metadata updated: docs are explictly linked, the issue
tracker is now also
linked. This improves the PyPI listing for Black. (<a
href="https://redirect.github.com/psf/black/issues/4345">#4345</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix regression where Black failed to parse a multiline f-string
containing another
multiline string (<a
href="https://redirect.github.com/psf/black/issues/4339">#4339</a>)</li>
<li>Fix regression where Black failed to parse an escaped single quote
inside an f-string
(<a
href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li>Fix bug with Black incorrectly parsing empty lines with a backslash
(<a
href="https://redirect.github.com/psf/black/issues/4343">#4343</a>)</li>
<li>Fix bugs with Black's tokenizer not handling <code>\{</code> inside
f-strings very well (<a
href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li>Fix incorrect line numbers in the tokenizer for certain tokens
within f-strings
(<a
href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve performance when a large directory is listed in
<code>.gitignore</code> (<a
href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix blackd (and all extras installs) for docker container (<a
href="https://redirect.github.com/psf/black/issues/4357">#4357</a>)</li>
</ul>
<h2>24.4.2</h2>
<p>This is a bugfix release to fix two regressions in the new f-string
parser introduced in
24.4.1.</p>
<h3>Parser</h3>
<ul>
<li>Fix regression where certain complex f-strings failed to parse (<a
href="https://redirect.github.com/psf/black/issues/4332">#4332</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix bad performance on certain complex string literals (<a
href="https://redirect.github.com/psf/black/issues/4331">#4331</a>)</li>
</ul>
<h2>24.4.1</h2>
<h3>Highlights</h3>
<ul>
<li>Add support for the new Python 3.12 f-string syntax introduced by
PEP 701 (<a
href="https://redirect.github.com/psf/black/issues/3822">#3822</a>)</li>
</ul>
<h3>Stable style</h3>
<ul>
<li>Fix crash involving indented dummy functions containing newlines (<a
href="https://redirect.github.com/psf/black/issues/4318">#4318</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>24.8.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix crash when <code># fmt: off</code> is used before a closing
parenthesis or bracket. (<a
href="https://redirect.github.com/psf/black/issues/4363">#4363</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Packaging metadata updated: docs are explictly linked, the issue
tracker is now also
linked. This improves the PyPI listing for Black. (<a
href="https://redirect.github.com/psf/black/issues/4345">#4345</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix regression where Black failed to parse a multiline f-string
containing another
multiline string (<a
href="https://redirect.github.com/psf/black/issues/4339">#4339</a>)</li>
<li>Fix regression where Black failed to parse an escaped single quote
inside an f-string
(<a
href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li>Fix bug with Black incorrectly parsing empty lines with a backslash
(<a
href="https://redirect.github.com/psf/black/issues/4343">#4343</a>)</li>
<li>Fix bugs with Black's tokenizer not handling <code>\{</code> inside
f-strings very well (<a
href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li>Fix incorrect line numbers in the tokenizer for certain tokens
within f-strings
(<a
href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve performance when a large directory is listed in
<code>.gitignore</code> (<a
href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix blackd (and all extras installs) for docker container (<a
href="https://redirect.github.com/psf/black/issues/4357">#4357</a>)</li>
</ul>
<h2>24.4.2</h2>
<p>This is a bugfix release to fix two regressions in the new f-string
parser introduced in
24.4.1.</p>
<h3>Parser</h3>
<ul>
<li>Fix regression where certain complex f-strings failed to parse (<a
href="https://redirect.github.com/psf/black/issues/4332">#4332</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix bad performance on certain complex string literals (<a
href="https://redirect.github.com/psf/black/issues/4331">#4331</a>)</li>
</ul>
<h2>24.4.1</h2>
<h3>Highlights</h3>
<ul>
<li>Add support for the new Python 3.12 f-string syntax introduced by
PEP 701 (<a
href="https://redirect.github.com/psf/black/issues/3822">#3822</a>)</li>
</ul>
<h3>Stable style</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b965c2a502"><code>b965c2a</code></a>
Prepare release 24.8.0 (<a
href="https://redirect.github.com/psf/black/issues/4426">#4426</a>)</li>
<li><a
href="9ccf279a17"><code>9ccf279</code></a>
Document <code>find_project_root</code> ignoring
<code>pyproject.toml</code> without <code>[tool.black]</code>...</li>
<li><a
href="14b6e61970"><code>14b6e61</code></a>
fix: Enhace black efficiently to skip directories listed in .gitignore
(<a
href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
<li><a
href="b1c4dd96d7"><code>b1c4dd9</code></a>
fix: respect braces better in f-string parsing (<a
href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li><a
href="4b4ae43e8b"><code>4b4ae43</code></a>
Fix incorrect linenos on fstring tokens with escaped newlines (<a
href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
<li><a
href="7fa1faf83a"><code>7fa1faf</code></a>
docs: fix the installation command of extra for blackd (<a
href="https://redirect.github.com/psf/black/issues/4413">#4413</a>)</li>
<li><a
href="8827accf56"><code>8827acc</code></a>
Bump sphinx from 7.3.7 to 7.4.0 in /docs (<a
href="https://redirect.github.com/psf/black/issues/4404">#4404</a>)</li>
<li><a
href="b0da11d370"><code>b0da11d</code></a>
Bump furo from 2024.5.6 to 2024.7.18 in /docs (<a
href="https://redirect.github.com/psf/black/issues/4409">#4409</a>)</li>
<li><a
href="721dff5493"><code>721dff5</code></a>
fix: avoid formatting backslash strings inside f-strings (<a
href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li><a
href="7e2afc9bfd"><code>7e2afc9</code></a>
Update <code>actions/checkout</code> to v4 to stop node deprecation
warnings (<a
href="https://redirect.github.com/psf/black/issues/4379">#4379</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/24.4.0...24.8.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [zipp](https://github.com/jaraco/zipp) from 3.16.2 to 3.19.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jaraco/zipp/blob/main/NEWS.rst">zipp's
changelog</a>.</em></p>
<blockquote>
<h1>v3.19.1</h1>
<h2>Bugfixes</h2>
<ul>
<li>Improved handling of malformed zip files. (<a
href="https://redirect.github.com/jaraco/zipp/issues/119">#119</a>)</li>
</ul>
<h1>v3.19.0</h1>
<h2>Features</h2>
<ul>
<li>Implement is_symlink. (<a
href="https://redirect.github.com/jaraco/zipp/issues/117">#117</a>)</li>
</ul>
<h1>v3.18.2</h1>
<p>No significant changes.</p>
<h1>v3.18.1</h1>
<p>No significant changes.</p>
<h1>v3.18.0</h1>
<h2>Features</h2>
<ul>
<li>Bypass ZipFile.namelist in glob for better performance. (<a
href="https://redirect.github.com/jaraco/zipp/issues/106">#106</a>)</li>
<li>Refactored glob functionality to support a more generalized solution
with support for platform-specific path separators. (<a
href="https://redirect.github.com/jaraco/zipp/issues/108">#108</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Add special accounting for pypy when computing the stack level for
text encoding warnings. (<a
href="https://redirect.github.com/jaraco/zipp/issues/114">#114</a>)</li>
</ul>
<h1>v3.17.0</h1>
<p>Features</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6d1cb72aa5"><code>6d1cb72</code></a>
Finalize</li>
<li><a
href="fd604bd34f"><code>fd604bd</code></a>
Merge pull request <a
href="https://redirect.github.com/jaraco/zipp/issues/120">#120</a> from
jaraco/bugfix/119-malformed-paths</li>
<li><a
href="c18417ed29"><code>c18417e</code></a>
Add news fragment.</li>
<li><a
href="58115d2be9"><code>58115d2</code></a>
Employ SanitizedNames in CompleteDirs. Fixes broken test.</li>
<li><a
href="564fcc10cd"><code>564fcc1</code></a>
Add SanitizedNames mixin.</li>
<li><a
href="79a309fe54"><code>79a309f</code></a>
Add some assertions about malformed paths.</li>
<li><a
href="2d015c2234"><code>2d015c2</code></a>
Merge <a
href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li>
<li><a
href="a595a0fad0"><code>a595a0f</code></a>
Rename extras to align with core metadata spec.</li>
<li><a
href="608f90a6e7"><code>608f90a</code></a>
Finalize</li>
<li><a
href="3a22d724ac"><code>3a22d72</code></a>
Merge pull request <a
href="https://redirect.github.com/jaraco/zipp/issues/118">#118</a> from
jaraco/feature/is-symlink</li>
<li>Additional commits viewable in <a
href="https://github.com/jaraco/zipp/compare/v3.16.2...v3.19.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.32.2</h2>
<h2>2.32.2 (2024-05-21)</h2>
<p><strong>Deprecations</strong></p>
<ul>
<li>
<p>To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed <code>_get_connection</code>
to
a new public API, <code>get_connection_with_tls_context</code>. Existing
custom
HTTPAdapters will need to migrate their code to use this new API.
<code>get_connection</code> is considered deprecated in all versions of
Requests>=2.32.0.</p>
<p>A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195. (<a
href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>)</p>
</li>
</ul>
<h2>v2.32.1</h2>
<h2>2.32.1 (2024-05-20)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Add missing test certs to the sdist distributed on PyPI.</li>
</ul>
<h2>v2.32.0</h2>
<h2>2.32.0 (2024-05-20)</h2>
<h2>🐍 PYCON US 2024 EDITION 🐍</h2>
<p><strong>Security</strong></p>
<ul>
<li>Fixed an issue where setting <code>verify=False</code> on the first
request from a
Session will cause subsequent requests to the <em>same origin</em> to
also ignore
cert verification, regardless of the value of <code>verify</code>.
(<a
href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li><code>verify=True</code> now reuses a global SSLContext which should
improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x. (<a
href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li>
<li>Requests now supports optional use of character detection
(<code>chardet</code> or <code>charset_normalizer</code>) when
repackaged or vendored.
This enables <code>pip</code> and other projects to minimize their
vendoring
surface area. The <code>Response.text()</code> and
<code>apparent_encoding</code> APIs
will default to <code>utf-8</code> if neither library is present. (<a
href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (<a
href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li>
<li>Fixed deserialization bug in JSONDecodeError. (<a
href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li>
<li>Fixed bug where an extra leading <code>/</code> (path separator)
could lead
urllib3 to unnecessarily reparse the request URI. (<a
href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.32.2 (2024-05-21)</h2>
<p><strong>Deprecations</strong></p>
<ul>
<li>
<p>To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed <code>_get_connection</code>
to
a new public API, <code>get_connection_with_tls_context</code>. Existing
custom
HTTPAdapters will need to migrate their code to use this new API.
<code>get_connection</code> is considered deprecated in all versions of
Requests>=2.32.0.</p>
<p>A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195. (<a
href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>)</p>
</li>
</ul>
<h2>2.32.1 (2024-05-20)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Add missing test certs to the sdist distributed on PyPI.</li>
</ul>
<h2>2.32.0 (2024-05-20)</h2>
<p><strong>Security</strong></p>
<ul>
<li>Fixed an issue where setting <code>verify=False</code> on the first
request from a
Session will cause subsequent requests to the <em>same origin</em> to
also ignore
cert verification, regardless of the value of <code>verify</code>.
(<a
href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li><code>verify=True</code> now reuses a global SSLContext which should
improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x. (<a
href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li>
<li>Requests now supports optional use of character detection
(<code>chardet</code> or <code>charset_normalizer</code>) when
repackaged or vendored.
This enables <code>pip</code> and other projects to minimize their
vendoring
surface area. The <code>Response.text()</code> and
<code>apparent_encoding</code> APIs
will default to <code>utf-8</code> if neither library is present. (<a
href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (<a
href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li>
<li>Fixed deserialization bug in JSONDecodeError. (<a
href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li>
<li>Fixed bug where an extra leading <code>/</code> (path separator)
could lead
urllib3 to unnecessarily reparse the request URI. (<a
href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="88dce9d854"><code>88dce9d</code></a>
v2.32.2</li>
<li><a
href="c98e4d133e"><code>c98e4d1</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>
from nateprewitt/api_rename</li>
<li><a
href="92075b330a"><code>92075b3</code></a>
Add deprecation warning</li>
<li><a
href="aa1461b68a"><code>aa1461b</code></a>
Move _get_connection to get_connection_with_tls_context</li>
<li><a
href="970e8cec98"><code>970e8ce</code></a>
v2.32.1</li>
<li><a
href="d6ebc4a2f1"><code>d6ebc4a</code></a>
v2.32.0</li>
<li><a
href="9a40d12778"><code>9a40d12</code></a>
Avoid reloading root certificates to improve concurrent performance (<a
href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li>
<li><a
href="0c030f78d2"><code>0c030f7</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>
from nateprewitt/no_char_detection</li>
<li><a
href="555b870eb1"><code>555b870</code></a>
Allow character detection dependencies to be optional in post-packaging
steps</li>
<li><a
href="d6dded3f00"><code>d6dded3</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6700">#6700</a>
from franekmagiera/update-redirect-to-invalid-uri-test</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.31.0...v2.32.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.3.0 to 0.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.1</h2>
<h2>Changes</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>pylint</code>] Implement <code>invalid-hash-returned</code>
(<code>PLE0309</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10961">#10961</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-index-returned</code>
(<code>PLE0305</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10962">#10962</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pylint</code>] Allow <code>NoReturn</code>-like functions for
<code>__str__</code>, <code>__len__</code>, etc. (<code>PLE0307</code>)
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11017">#11017</a>)</li>
<li>Parser: Use empty range when there's "gap" in token source
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11032">#11032</a>)</li>
<li>[<code>ruff</code>] Ignore stub functions in
<code>unused-async</code> (<code>RUF029</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11026">#11026</a>)</li>
<li>Parser: Expect indented case block instead of match stmt (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11033">#11033</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li><a
href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li>
<li><a
href="https://github.com/HenryAsa"><code>@HenryAsa</code></a></li>
<li><a
href="https://github.com/MithicSpirit"><code>@MithicSpirit</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@charliermarsh</code></a></li>
<li><a
href="https://github.com/dhruvmanila"><code>@dhruvmanila</code></a></li>
<li><a
href="https://github.com/tibor-reiss"><code>@tibor-reiss</code></a></li>
</ul>
<h2>v0.4.0</h2>
<h2>Changes</h2>
<h3>A new, hand-written parser</h3>
<p>Ruff's new parser is <strong>>2x faster</strong>, which translates
to a <strong>20-40% speedup</strong> for all linting and formatting
invocations. There's a lot to say about this exciting change, so check
out the <a href="https://astral.sh/blog/ruff-v0.4.0">blog post</a> for
more details!</p>
<p>See <a
href="https://redirect.github.com/astral-sh/ruff/pull/10036">#10036</a>
for implementation details.</p>
<h3>A new language server in Rust</h3>
<p>With this release, we also want to highlight our new language server.
<code>ruff server</code> is a Rust-powered language server that comes
built-in with Ruff. It can be used with any editor that supports the <a
href="https://microsoft.github.io/language-server-protocol/">Language
Server Protocol</a> (LSP). It uses a multi-threaded, lock-free
architecture inspired by <code>rust-analyzer</code> and it will open the
door for a lot of exciting features. It’s also faster than our previous
<a href="https://github.com/astral-sh/ruff-lsp">Python-based language
server</a> -- but you probably guessed that already.</p>
<p><code>ruff server</code> is only in alpha, but it has a lot of
features that you can try out today:</p>
<ul>
<li>Lints Python files automatically and shows quick-fixes when
available</li>
<li>Formats Python files, with support for range formatting</li>
<li>Comes with commands for quickly performing actions:
<code>ruff.applyAutofix</code>, <code>ruff.applyFormat</code>, and
<code>ruff.applyOrganizeImports</code></li>
<li>Supports <code>source.fixAll</code> and
<code>source.organizeImports</code> source actions</li>
<li>Automatically reloads your project configuration when you change
it</li>
</ul>
<p>To setup <code>ruff server</code> with your editor, refer to the <a
href="https://github.com/astral-sh/ruff/blob/main/crates/ruff_server/README.md">README.md</a>.</p>
<h3>Preview features</h3>
<ul>
<li>[<code>pycodestyle</code>] Do not trigger <code>E3</code> rules on
<code>def</code>s following a function/method with a dummy body (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10704">#10704</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-bytes-returned</code>
(<code>E0308</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10959">#10959</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.4.1</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>pylint</code>] Implement <code>invalid-hash-returned</code>
(<code>PLE0309</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10961">#10961</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-index-returned</code>
(<code>PLE0305</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10962">#10962</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pylint</code>] Allow <code>NoReturn</code>-like functions for
<code>__str__</code>, <code>__len__</code>, etc. (<code>PLE0307</code>)
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11017">#11017</a>)</li>
<li>Parser: Use empty range when there's "gap" in token source
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11032">#11032</a>)</li>
<li>[<code>ruff</code>] Ignore stub functions in
<code>unused-async</code> (<code>RUF029</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11026">#11026</a>)</li>
<li>Parser: Expect indented case block instead of match stmt (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11033">#11033</a>)</li>
</ul>
<h2>0.4.0</h2>
<h3>A new, hand-written parser</h3>
<p>Ruff's new parser is <strong>>2x faster</strong>, which translates
to a <strong>20-40% speedup</strong> for all linting and formatting
invocations.
There's a lot to say about this exciting change, so check out the <a
href="https://astral.sh/blog/ruff-v0.4.0">blog post</a> for more
details!</p>
<p>See <a
href="https://redirect.github.com/astral-sh/ruff/pull/10036">#10036</a>
for implementation details.</p>
<h3>A new language server in Rust</h3>
<p>With this release, we also want to highlight our new language server.
<code>ruff server</code> is a Rust-powered language
server that comes built-in with Ruff. It can be used with any editor
that supports the <a
href="https://microsoft.github.io/language-server-protocol/">Language
Server Protocol</a> (LSP).
It uses a multi-threaded, lock-free architecture inspired by
<code>rust-analyzer</code> and it will open the door for a lot
of exciting features. It’s also faster than our previous <a
href="https://github.com/astral-sh/ruff-lsp">Python-based language
server</a>
-- but you probably guessed that already.</p>
<p><code>ruff server</code> is only in alpha, but it has a lot of
features that you can try out today:</p>
<ul>
<li>Lints Python files automatically and shows quick-fixes when
available</li>
<li>Formats Python files, with support for range formatting</li>
<li>Comes with commands for quickly performing actions:
<code>ruff.applyAutofix</code>, <code>ruff.applyFormat</code>, and
<code>ruff.applyOrganizeImports</code></li>
<li>Supports <code>source.fixAll</code> and
<code>source.organizeImports</code> source actions</li>
<li>Automatically reloads your project configuration when you change
it</li>
</ul>
<p>To setup <code>ruff server</code> with your editor, refer to the <a
href="https://github.com/astral-sh/ruff/blob/main/crates/ruff_server/README.md">README.md</a>.</p>
<h3>Preview features</h3>
<ul>
<li>[<code>pycodestyle</code>] Do not trigger <code>E3</code> rules on
<code>def</code>s following a function/method with a dummy body (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10704">#10704</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-bytes-returned</code>
(<code>E0308</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10959">#10959</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-length-returned</code>
(<code>E0303</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10963">#10963</a>)</li>
<li>[<code>pylint</code>] Implement <code>self-cls-assignment</code>
(<code>W0642</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/9267">#9267</a>)</li>
<li>[<code>pylint</code>] Omit stubs from <code>invalid-bool</code> and
<code>invalid-str-return-type</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11008">#11008</a>)</li>
<li>[<code>ruff</code>] New rule <code>unused-async</code>
(<code>RUF029</code>) to detect unneeded <code>async</code> keywords on
functions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/9966">#9966</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ff25a540c"><code>0ff25a5</code></a>
Bump version to 0.4.1 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11035">#11035</a>)</li>
<li><a
href="34873ec009"><code>34873ec</code></a>
Add a script to fuzz the parser (courtesy of
<code>pysource-codegen</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11015">#11015</a>)</li>
<li><a
href="d3cd61f804"><code>d3cd61f</code></a>
Use empty range when there's "gap" in token source (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11032">#11032</a>)</li>
<li><a
href="9b80cc09ee"><code>9b80cc0</code></a>
Select fewer ruff rules when linting Python files in
<code>scripts/</code> (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11034">#11034</a>)</li>
<li><a
href="9bb23b0a38"><code>9bb23b0</code></a>
Expect indented case block instead of match stmt (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11033">#11033</a>)</li>
<li><a
href="06c248a126"><code>06c248a</code></a>
[<code>ruff]</code> Ignore stub functions in <code>unused-async</code>
(<code>RUF029</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11026">#11026</a>)</li>
<li><a
href="27902b7130"><code>27902b7</code></a>
[<code>pylint</code>] Implement <code>invalid-index-returned</code>
(<code>PLE0305</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/10962">#10962</a>)</li>
<li><a
href="97acf1d59b"><code>97acf1d</code></a>
ENH: Bump <code>ruff</code> dependency versions to support the latest
release of `v0.4.0...</li>
<li><a
href="adf63d9013"><code>adf63d9</code></a>
[<code>pylint</code>] Implement <code>invalid-hash-returned</code>
(<code>PLE0309</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/10961">#10961</a>)</li>
<li><a
href="5d3c9f2637"><code>5d3c9f2</code></a>
<code>ruff server</code>: fix Neovim setup guide command (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11021">#11021</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/v0.3.0...v0.4.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [black](https://github.com/psf/black) from 24.3.0 to 24.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>24.4.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix unwanted crashes caused by AST equivalency check (<a
href="https://redirect.github.com/psf/black/issues/4290">#4290</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li><code>if</code> guards in <code>case</code> blocks are now wrapped
in parentheses when the line is too long.
(<a
href="https://redirect.github.com/psf/black/issues/4269">#4269</a>)</li>
<li>Stop moving multiline strings to a new line unless inside brackets
(<a
href="https://redirect.github.com/psf/black/issues/4289">#4289</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Add a new option <code>use_pyproject</code> to the GitHub Action
<code>psf/black</code>. This will read the
Black version from <code>pyproject.toml</code>. (<a
href="https://redirect.github.com/psf/black/issues/4294">#4294</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>24.4.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix unwanted crashes caused by AST equivalency check (<a
href="https://redirect.github.com/psf/black/issues/4290">#4290</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li><code>if</code> guards in <code>case</code> blocks are now wrapped
in parentheses when the line is too long.
(<a
href="https://redirect.github.com/psf/black/issues/4269">#4269</a>)</li>
<li>Stop moving multiline strings to a new line unless inside brackets
(<a
href="https://redirect.github.com/psf/black/issues/4289">#4289</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Add a new option <code>use_pyproject</code> to the GitHub Action
<code>psf/black</code>. This will read the
Black version from <code>pyproject.toml</code>. (<a
href="https://redirect.github.com/psf/black/issues/4294">#4294</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8fe627072f"><code>8fe6270</code></a>
Prepare release 24.4.0 (<a
href="https://redirect.github.com/psf/black/issues/4307">#4307</a>)</li>
<li><a
href="6b25e7cdab"><code>6b25e7c</code></a>
Bump peter-evans/find-comment from 3.0.0 to 3.1.0 (<a
href="https://redirect.github.com/psf/black/issues/4304">#4304</a>)</li>
<li><a
href="07fe1ca88a"><code>07fe1ca</code></a>
docs: remove repetitive word (<a
href="https://redirect.github.com/psf/black/issues/4303">#4303</a>)</li>
<li><a
href="3383f531bc"><code>3383f53</code></a>
GitHub Action: Allow reading version from pyproject.toml (<a
href="https://redirect.github.com/psf/black/issues/4294">#4294</a>)</li>
<li><a
href="c8f1a5542c"><code>c8f1a55</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/psf/black/issues/4297">#4297</a>)</li>
<li><a
href="836acad863"><code>836acad</code></a>
Improve AST safety check (<a
href="https://redirect.github.com/psf/black/issues/4290">#4290</a>)</li>
<li><a
href="13bd0925eb"><code>13bd092</code></a>
fix: Stop moving multiline strings to a new line unless inside brackets
(<a
href="https://redirect.github.com/psf/black/issues/4289">#4289</a>)</li>
<li><a
href="c9d2635b55"><code>c9d2635</code></a>
Remove mocking from tests (<a
href="https://redirect.github.com/psf/black/issues/4287">#4287</a>)</li>
<li><a
href="bf1195612c"><code>bf11956</code></a>
Fix two logging calls in the test helper (<a
href="https://redirect.github.com/psf/black/issues/4286">#4286</a>)</li>
<li><a
href="97993f997f"><code>97993f9</code></a>
Bump pypa/cibuildwheel from 2.16.5 to 2.17.0 (<a
href="https://redirect.github.com/psf/black/issues/4283">#4283</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/24.3.0...24.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/releases">idna's
releases</a>.</em></p>
<blockquote>
<h2>v3.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix issue where specially crafted inputs to encode() could take
exceptionally long amount of time to process. [CVE-2024-3651]</li>
</ul>
<p>Thanks to Guido Vranken for reporting the issue.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's
changelog</a>.</em></p>
<blockquote>
<p>3.7 (2024-04-11)
++++++++++++++++</p>
<ul>
<li>Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]</li>
</ul>
<p>Thanks to Guido Vranken for reporting the issue.</p>
<p>3.6 (2023-11-25)
++++++++++++++++</p>
<ul>
<li>Fix regression to include tests in source distribution.</li>
</ul>
<p>3.5 (2023-11-24)
++++++++++++++++</p>
<ul>
<li>Update to Unicode 15.1.0</li>
<li>String codec name is now "idna2008" as overriding the
system codec
"idna" was not working.</li>
<li>Fix typing error for codec encoding</li>
<li>"setup.cfg" has been added for this release due to some
downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.</li>
<li>Removed reliance on a symlink for the "idna-data" tool to
comport
with PEP 517 and the Python Packaging User Guide for sdist
archives.</li>
<li>Added security reporting protocol for project</li>
</ul>
<p>Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for
contributions
to this release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1d365e17e1"><code>1d365e1</code></a>
Release v3.7</li>
<li><a
href="c1b3154939"><code>c1b3154</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from
kjd/optimize-contextj</li>
<li><a
href="0394ec76ff"><code>0394ec7</code></a>
Merge branch 'master' into optimize-contextj</li>
<li><a
href="cd58a23173"><code>cd58a23</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from
elliotwutingfeng/dev</li>
<li><a
href="5beb28b9dd"><code>5beb28b</code></a>
More efficient resolution of joiner contexts</li>
<li><a
href="1b121483ed"><code>1b12148</code></a>
Update ossf/scorecard-action to v2.3.1</li>
<li><a
href="d516b874c3"><code>d516b87</code></a>
Update Github actions/checkout to v4</li>
<li><a
href="c095c75943"><code>c095c75</code></a>
Merge branch 'master' into dev</li>
<li><a
href="60a0a4cb61"><code>60a0a4c</code></a>
Fix typo in GitHub Actions workflow key</li>
<li><a
href="5918a0ef80"><code>5918a0e</code></a>
Merge branch 'master' into dev</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.4...v3.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [black](https://github.com/psf/black) from 23.12.0 to 24.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>24.3.0</h2>
<h3>Highlights</h3>
<p>This release is a milestone: it fixes Black's first CVE security
vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of
leading tab
characters in your docstrings, you are strongly encouraged to upgrade
immediately to fix
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
<p>This release also fixes a bug in Black's AST safety check that
allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and
higher.</p>
<h3>Stable style</h3>
<ul>
<li>Don't move comments along with delimiters, which could cause crashes
(<a
href="https://redirect.github.com/psf/black/issues/4248">#4248</a>)</li>
<li>Strengthen AST safety check to catch more unsafe changes to strings.
Previous versions
of Black would incorrectly format the contents of certain unusual
f-strings containing
nested strings with the same quote type. Now, Black will crash on such
strings until
support for the new f-string syntax is implemented. (<a
href="https://redirect.github.com/psf/black/issues/4270">#4270</a>)</li>
<li>Fix a bug where line-ranges exceeding the last code line would not
work as expected
(<a
href="https://redirect.github.com/psf/black/issues/4273">#4273</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix catastrophic performance on docstrings that contain large
numbers of leading tab
characters. This fixes
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
(<a
href="https://redirect.github.com/psf/black/issues/4278">#4278</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Note what happens when <code>--check</code> is used with
<code>--quiet</code> (<a
href="https://redirect.github.com/psf/black/issues/4236">#4236</a>)</li>
</ul>
<h2>24.2.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fixed a bug where comments where mistakenly removed along with
redundant parentheses
(<a
href="https://redirect.github.com/psf/black/issues/4218">#4218</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Move the <code>hug_parens_with_braces_and_square_brackets</code>
feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (<a
href="https://redirect.github.com/psf/black/issues/4198">#4198</a>)</li>
<li>Fixed a bug where base expressions caused inconsistent formatting of
** in tenary
expression (<a
href="https://redirect.github.com/psf/black/issues/4154">#4154</a>)</li>
<li>Checking for newline before adding one on docstring that is almost
at the line limit
(<a
href="https://redirect.github.com/psf/black/issues/4185">#4185</a>)</li>
<li>Remove redundant parentheses in <code>case</code> statement
<code>if</code> guards (<a
href="https://redirect.github.com/psf/black/issues/4214">#4214</a>).</li>
</ul>
<h3>Configuration</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>24.3.0</h2>
<h3>Highlights</h3>
<p>This release is a milestone: it fixes Black's first CVE security
vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of
leading tab
characters in your docstrings, you are strongly encouraged to upgrade
immediately to fix
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
<p>This release also fixes a bug in Black's AST safety check that
allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and
higher.</p>
<h3>Stable style</h3>
<ul>
<li>Don't move comments along with delimiters, which could cause crashes
(<a
href="https://redirect.github.com/psf/black/issues/4248">#4248</a>)</li>
<li>Strengthen AST safety check to catch more unsafe changes to strings.
Previous versions
of Black would incorrectly format the contents of certain unusual
f-strings containing
nested strings with the same quote type. Now, Black will crash on such
strings until
support for the new f-string syntax is implemented. (<a
href="https://redirect.github.com/psf/black/issues/4270">#4270</a>)</li>
<li>Fix a bug where line-ranges exceeding the last code line would not
work as expected
(<a
href="https://redirect.github.com/psf/black/issues/4273">#4273</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix catastrophic performance on docstrings that contain large
numbers of leading tab
characters. This fixes
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
(<a
href="https://redirect.github.com/psf/black/issues/4278">#4278</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Note what happens when <code>--check</code> is used with
<code>--quiet</code> (<a
href="https://redirect.github.com/psf/black/issues/4236">#4236</a>)</li>
</ul>
<h2>24.2.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fixed a bug where comments where mistakenly removed along with
redundant parentheses
(<a
href="https://redirect.github.com/psf/black/issues/4218">#4218</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Move the <code>hug_parens_with_braces_and_square_brackets</code>
feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (<a
href="https://redirect.github.com/psf/black/issues/4198">#4198</a>)</li>
<li>Fixed a bug where base expressions caused inconsistent formatting of
** in tenary
expression (<a
href="https://redirect.github.com/psf/black/issues/4154">#4154</a>)</li>
<li>Checking for newline before adding one on docstring that is almost
at the line limit
(<a
href="https://redirect.github.com/psf/black/issues/4185">#4185</a>)</li>
<li>Remove redundant parentheses in <code>case</code> statement
<code>if</code> guards (<a
href="https://redirect.github.com/psf/black/issues/4214">#4214</a>).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="552baf8229"><code>552baf8</code></a>
Prepare release 24.3.0 (<a
href="https://redirect.github.com/psf/black/issues/4279">#4279</a>)</li>
<li><a
href="f000936726"><code>f000936</code></a>
Fix catastrophic performance in lines_with_leading_tabs_expanded() (<a
href="https://redirect.github.com/psf/black/issues/4278">#4278</a>)</li>
<li><a
href="7b5a657285"><code>7b5a657</code></a>
Fix --line-ranges behavior when ranges are at EOF (<a
href="https://redirect.github.com/psf/black/issues/4273">#4273</a>)</li>
<li><a
href="1abcffc818"><code>1abcffc</code></a>
Use regex where we ignore case on windows (<a
href="https://redirect.github.com/psf/black/issues/4252">#4252</a>)</li>
<li><a
href="719e67462c"><code>719e674</code></a>
Fix 4227: Improve documentation for --quiet --check (<a
href="https://redirect.github.com/psf/black/issues/4236">#4236</a>)</li>
<li><a
href="e5510afc06"><code>e5510af</code></a>
update plugin url for Thonny (<a
href="https://redirect.github.com/psf/black/issues/4259">#4259</a>)</li>
<li><a
href="6af7d11096"><code>6af7d11</code></a>
Fix AST safety check false negative (<a
href="https://redirect.github.com/psf/black/issues/4270">#4270</a>)</li>
<li><a
href="f03ee113c9"><code>f03ee11</code></a>
Ensure <code>blib2to3.pygram</code> is initialized before use (<a
href="https://redirect.github.com/psf/black/issues/4224">#4224</a>)</li>
<li><a
href="e4bfedbec2"><code>e4bfedb</code></a>
fix: Don't move comments while splitting delimiters (<a
href="https://redirect.github.com/psf/black/issues/4248">#4248</a>)</li>
<li><a
href="d0287e1f75"><code>d0287e1</code></a>
Make trailing comma logic more concise (<a
href="https://redirect.github.com/psf/black/issues/4202">#4202</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/23.12.0...24.3.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.2
to 42.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>42.0.4 - 2024-02-20</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when
creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded
according to the
definitions in :rfc:`2633` :rfc:`3370`.
<p>.. _v42-0-3:</p>
<p>42.0.3 - 2024-02-15
</code></pre></p>
<ul>
<li>Fixed an initialization issue that caused key loading failures for
some
users.</li>
</ul>
<p>.. _v42-0-2:</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe18470f7d"><code>fe18470</code></a>
Bump for 42.0.4 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/10445">#10445</a>)</li>
<li><a
href="aaa2dd06ed"><code>aaa2dd0</code></a>
Fix ASN.1 issues in PKCS#7 and S/MIME signing (<a
href="https://redirect.github.com/pyca/cryptography/issues/10373">#10373</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10442">#10442</a>)</li>
<li><a
href="7a4d012991"><code>7a4d012</code></a>
Fixes <a
href="https://redirect.github.com/pyca/cryptography/issues/10422">#10422</a>
-- don't crash when a PKCS#12 key and cert don't match (<a
href="https://redirect.github.com/pyca/cryptography/issues/10423">#10423</a>)
...</li>
<li><a
href="df314bb182"><code>df314bb</code></a>
backport actions m1 switch to 42.0.x (<a
href="https://redirect.github.com/pyca/cryptography/issues/10415">#10415</a>)</li>
<li><a
href="c49a7a5271"><code>c49a7a5</code></a>
changelog and version bump for 42.0.3 (<a
href="https://redirect.github.com/pyca/cryptography/issues/10396">#10396</a>)</li>
<li><a
href="396bcf64c5"><code>396bcf6</code></a>
fix provider loading take two (<a
href="https://redirect.github.com/pyca/cryptography/issues/10390">#10390</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10395">#10395</a>)</li>
<li><a
href="0e0e46f5f7"><code>0e0e46f</code></a>
backport: initialize openssl's legacy provider in rust (<a
href="https://redirect.github.com/pyca/cryptography/issues/10323">#10323</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10333">#10333</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/42.0.2...42.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.0
to 42.0.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>42.0.2 - 2024-01-30</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol
objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with
``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
<p>.. _v42-0-1:</p>
<p>42.0.1 - 2024-01-24
</code></pre></p>
<ul>
<li>Fixed an issue with incorrect keyword-argument naming with
<code>EllipticCurvePrivateKey</code>
:meth:<code>~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign</code>.</li>
<li>Resolved compatibility issue with loading certain RSA public keys in
:func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>.</li>
</ul>
<p>.. _v42-0-0:</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2202123b50"><code>2202123</code></a>
changelog and version bump 42.0.2 (<a
href="https://redirect.github.com/pyca/cryptography/issues/10268">#10268</a>)</li>
<li><a
href="f7032bdd40"><code>f7032bd</code></a>
bump openssl in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/10298">#10298</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10299">#10299</a>)</li>
<li><a
href="002e886f16"><code>002e886</code></a>
Fixes <a
href="https://redirect.github.com/pyca/cryptography/issues/10294">#10294</a>
-- correct accidental change to exchange kwarg (<a
href="https://redirect.github.com/pyca/cryptography/issues/10295">#10295</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10296">#10296</a>)</li>
<li><a
href="92fa9f2f60"><code>92fa9f2</code></a>
support bytes-like consistently across our asym sign/verify APIs (<a
href="https://redirect.github.com/pyca/cryptography/issues/10260">#10260</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/1">#1</a>...</li>
<li><a
href="6478f7e28b"><code>6478f7e</code></a>
explicitly support bytes-like for signature/data in RSA sign/verify (<a
href="https://redirect.github.com/pyca/cryptography/issues/10259">#10259</a>)
...</li>
<li><a
href="4bb8596ae0"><code>4bb8596</code></a>
fix the release script (<a
href="https://redirect.github.com/pyca/cryptography/issues/10233">#10233</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10254">#10254</a>)</li>
<li><a
href="337437dc2e"><code>337437d</code></a>
42.0.1 bump (<a
href="https://redirect.github.com/pyca/cryptography/issues/10252">#10252</a>)</li>
<li><a
href="56255de6b2"><code>56255de</code></a>
allow SPKI RSA keys to be parsed even if they have an incorrect
delimiter (<a
href="https://redirect.github.com/pyca/cryptography/issues/1">#1</a>...</li>
<li><a
href="12f038b38a"><code>12f038b</code></a>
fixes <a
href="https://redirect.github.com/pyca/cryptography/issues/10237">#10237</a>
-- correct EC sign parameter name (<a
href="https://redirect.github.com/pyca/cryptography/issues/10239">#10239</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10240">#10240</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/42.0.0...42.0.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6
to 42.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>42.0.0 - 2024-01-22</p>
<pre><code>
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field
using
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
or
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
will now raise a ``ValueError`` rather than return an empty list.
* Parsing SSH certificates no longer permits malformed critical options
with
values, as documented in the 41.0.2 release notes.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from
1.56.0.
* We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should
resolve some errors relating to initializing a module multiple times per
process.
* Support
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
X.509 certificate signing requests and certificate revocation lists with
the
keyword-only argument ``rsa_padding`` on the ``sign`` methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder` and
:class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request
signature
algorithm parameters (including PSS) via
:meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`.
* Added support for obtaining X.509 certificate revocation list
signature
algorithm parameters (including PSS) via
:meth:`~cryptography.x509.CertificateRevocationList.signature_algorithm_parameters`.
* Added ``mgf`` property to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`.
* Added ``algorithm`` and ``mgf`` properties to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware ``datetime``
objects:
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`.
These are timezone-aware variants of existing properties that return
naïve
``datetime`` objects.
* Deprecated the following properties that return naïve ``datetime``
objects:
:meth:`~cryptography.x509.Certificate.not_valid_before`,
:meth:`~cryptography.x509.Certificate.not_valid_after`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update`
in favor of the new timezone-aware variants mentioned above.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e64baf360"><code>4e64baf</code></a>
42.0.0 version bump (<a
href="https://redirect.github.com/pyca/cryptography/issues/10232">#10232</a>)</li>
<li><a
href="7cb13a3bc9"><code>7cb13a3</code></a>
we'll ship 3.2.0 for 42 (<a
href="https://redirect.github.com/pyca/cryptography/issues/9951">#9951</a>)</li>
<li><a
href="605c74e41c"><code>605c74e</code></a>
Bump x509-limbo and/or wycheproof in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/10231">#10231</a>)</li>
<li><a
href="97578b98ff"><code>97578b9</code></a>
Bump BoringSSL and/or OpenSSL in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/10230">#10230</a>)</li>
<li><a
href="972a7b5896"><code>972a7b5</code></a>
verification: add test_verify_tz_aware (<a
href="https://redirect.github.com/pyca/cryptography/issues/10229">#10229</a>)</li>
<li><a
href="41daf2d86d"><code>41daf2d</code></a>
Migrate PKCS7 backend to Rust (<a
href="https://redirect.github.com/pyca/cryptography/issues/10228">#10228</a>)</li>
<li><a
href="d54093e62e"><code>d54093e</code></a>
Remove some skips in tests that aren't needed anymore (<a
href="https://redirect.github.com/pyca/cryptography/issues/10223">#10223</a>)</li>
<li><a
href="71929bd91f"><code>71929bd</code></a>
Remove binding that's not used anymore (<a
href="https://redirect.github.com/pyca/cryptography/issues/10224">#10224</a>)</li>
<li><a
href="7ea4b89cea"><code>7ea4b89</code></a>
fixed formatting in changelog (<a
href="https://redirect.github.com/pyca/cryptography/issues/10225">#10225</a>)</li>
<li><a
href="410f4a1ee4"><code>410f4a1</code></a>
Allow brainpool on libressl (<a
href="https://redirect.github.com/pyca/cryptography/issues/10222">#10222</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/41.0.6...42.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- Some of these enums could be useful in the UI as typescript types
This commit
- Copies the enums defined in Experimenter's Jetstream results ingestion
client to the schemas package
Fixes#10001
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4
to 41.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>41.0.6 - 2023-11-27</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when
loading
certificates from a PKCS#7 bundle. Credit to **pkuzco** for reporting
the
issue. **CVE-2023-49083**
<p>.. _v41-0-5:</p>
<p>41.0.5 - 2023-10-24
</code></pre></p>
<ul>
<li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.1.4.</li>
<li>Added a function to support an upcoming <code>pyOpenSSL</code>
release.</li>
</ul>
<p>.. _v41-0-4:</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f09c261ca1"><code>f09c261</code></a>
41.0.6 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/9927">#9927</a>)</li>
<li><a
href="5012bedaef"><code>5012bed</code></a>
bump for 41.0.5 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/9766">#9766</a>)</li>
<li><a
href="563b119399"><code>563b119</code></a>
Added binding needed for pyOpenSSL (<a
href="https://redirect.github.com/pyca/cryptography/issues/9739">#9739</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/9740">#9740</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/41.0.4...41.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [black](https://github.com/psf/black) from 23.9.1 to 23.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>23.10.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix comments getting removed from inside parenthesized strings (<a
href="https://redirect.github.com/psf/black/issues/3909">#3909</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Fix long lines with power operators getting split before the line
length (<a
href="https://redirect.github.com/psf/black/issues/3942">#3942</a>)</li>
<li>Long type hints are now wrapped in parentheses and properly indented
when split across
multiple lines (<a
href="https://redirect.github.com/psf/black/issues/3899">#3899</a>)</li>
<li>Magic trailing commas are now respected in return types. (<a
href="https://redirect.github.com/psf/black/issues/3916">#3916</a>)</li>
<li>Require one empty line after module-level docstrings. (<a
href="https://redirect.github.com/psf/black/issues/3932">#3932</a>)</li>
<li>Treat raw triple-quoted strings as docstrings (<a
href="https://redirect.github.com/psf/black/issues/3947">#3947</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Fix cache versioning logic when <code>BLACK_CACHE_DIR</code> is set
(<a
href="https://redirect.github.com/psf/black/issues/3937">#3937</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix bug where attributes named <code>type</code> were not acccepted
inside <code>match</code> statements
(<a
href="https://redirect.github.com/psf/black/issues/3950">#3950</a>)</li>
<li>Add support for PEP 695 type aliases containing lambdas and other
unusual expressions
(<a
href="https://redirect.github.com/psf/black/issues/3949">#3949</a>)</li>
</ul>
<h3>Output</h3>
<ul>
<li>Black no longer attempts to provide special errors for attempting to
format Python 2
code (<a
href="https://redirect.github.com/psf/black/issues/3933">#3933</a>)</li>
<li>Black will more consistently print stacktraces on internal errors in
verbose mode
(<a
href="https://redirect.github.com/psf/black/issues/3938">#3938</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>The action output displayed in the job summary is now wrapped in
Markdown (<a
href="https://redirect.github.com/psf/black/issues/3914">#3914</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>23.10.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix comments getting removed from inside parenthesized strings (<a
href="https://redirect.github.com/psf/black/issues/3909">#3909</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Fix long lines with power operators getting split before the line
length (<a
href="https://redirect.github.com/psf/black/issues/3942">#3942</a>)</li>
<li>Long type hints are now wrapped in parentheses and properly indented
when split across
multiple lines (<a
href="https://redirect.github.com/psf/black/issues/3899">#3899</a>)</li>
<li>Magic trailing commas are now respected in return types. (<a
href="https://redirect.github.com/psf/black/issues/3916">#3916</a>)</li>
<li>Require one empty line after module-level docstrings. (<a
href="https://redirect.github.com/psf/black/issues/3932">#3932</a>)</li>
<li>Treat raw triple-quoted strings as docstrings (<a
href="https://redirect.github.com/psf/black/issues/3947">#3947</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Fix cache versioning logic when <code>BLACK_CACHE_DIR</code> is set
(<a
href="https://redirect.github.com/psf/black/issues/3937">#3937</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix bug where attributes named <code>type</code> were not acccepted
inside <code>match</code> statements
(<a
href="https://redirect.github.com/psf/black/issues/3950">#3950</a>)</li>
<li>Add support for PEP 695 type aliases containing lambdas and other
unusual expressions
(<a
href="https://redirect.github.com/psf/black/issues/3949">#3949</a>)</li>
</ul>
<h3>Output</h3>
<ul>
<li>Black no longer attempts to provide special errors for attempting to
format Python 2
code (<a
href="https://redirect.github.com/psf/black/issues/3933">#3933</a>)</li>
<li>Black will more consistently print stacktraces on internal errors in
verbose mode
(<a
href="https://redirect.github.com/psf/black/issues/3938">#3938</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>The action output displayed in the job summary is now wrapped in
Markdown (<a
href="https://redirect.github.com/psf/black/issues/3914">#3914</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9edba85f71"><code>9edba85</code></a>
Prepare release 23.10.0 (<a
href="https://redirect.github.com/psf/black/issues/3951">#3951</a>)</li>
<li><a
href="bb588073ab"><code>bb58807</code></a>
Fix parser bug where "type" was misinterpreted as a keyword
inside a match (#...</li>
<li><a
href="722735d20e"><code>722735d</code></a>
Fix grammar for type alias support (<a
href="https://redirect.github.com/psf/black/issues/3949">#3949</a>)</li>
<li><a
href="abe57e3d92"><code>abe57e3</code></a>
Treat raw strings like other docstrings (<a
href="https://redirect.github.com/psf/black/issues/3947">#3947</a>)</li>
<li><a
href="1648ac5180"><code>1648ac5</code></a>
Fix long lines with power operator(s) getting splitted before line
length (<a
href="https://redirect.github.com/psf/black/issues/3">#3</a>...</li>
<li><a
href="6f84f65285"><code>6f84f65</code></a>
Migrate mypy config to pyproject.toml (<a
href="https://redirect.github.com/psf/black/issues/3936">#3936</a>)</li>
<li><a
href="3bb92146f5"><code>3bb9214</code></a>
CI Test: Deprecating 'Healthcheck.all()' from Hypothesis in fuzz.py (<a
href="https://redirect.github.com/psf/black/issues/3945">#3945</a>)</li>
<li><a
href="935f303a0a"><code>935f303</code></a>
Fix test that was not being run (<a
href="https://redirect.github.com/psf/black/issues/3939">#3939</a>)</li>
<li><a
href="b7717c3f1e"><code>b7717c3</code></a>
Standardise newlines after module-level docstrings (<a
href="https://redirect.github.com/psf/black/issues/3932">#3932</a>)</li>
<li><a
href="7aa37ea0ad"><code>7aa37ea</code></a>
Report all stacktraces in verbose mode (<a
href="https://redirect.github.com/psf/black/issues/3938">#3938</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/23.9.1...23.10.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once it's up-to-date and CI passes on it,
as requested by @jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.0.7</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 "See Other" redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.0.7 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 "See Other" redirect responses.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="56f01e088d"><code>56f01e0</code></a>
Release 2.0.7</li>
<li><a
href="4e50fbc5db"><code>4e50fbc</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="80808b04bf"><code>80808b0</code></a>
Fix docs build on Python 3.12 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3144">#3144</a>)</li>
<li><a
href="f28deff1cf"><code>f28deff</code></a>
Add 1.26.17 to the current changelog</li>
<li>See full diff in <a
href="https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- the feature manifest schema is used in Experimenter and desktop;
- there are bugs in the schema (e.g., the definition of hasExposure);
and
- the field names in the Python definition are not pythonic
This commit
- adds a copy of the schema from experimenter/features to
mozilla_nimbus_schemas;
- updates the field names with aliases to be more pythonic; and
- adds a unit test to validate all vendored manifests.
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.4 to 2.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.0.6</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>2.0.5</h2>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation
warning. <a
href="https://redirect.github.com/urllib3/urllib3/issues/3126">#3126</a></li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code>
classes to match high-level classes. Previously was 8KiB, now 16KiB. <a
href="https://redirect.github.com/urllib3/urllib3/issues/3066%3E">#3066</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.0.6 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via
<code>Retry.remove_headers_on_redirect</code>.</li>
</ul>
<h1>2.0.5 (2023-09-20)</h1>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation
warning. (<code>[#3126](https://github.com/urllib3/urllib3/issues/3126)
<https://github.com/urllib3/urllib3/issues/3126></code>__)</li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code>
classes to match high-level classes. Previously was 8KiB, now 16KiB.
(<code>[#3066](https://github.com/urllib3/urllib3/issues/3066)
<https://github.com/urllib3/urllib3/issues/3066></code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="262e3e3322"><code>262e3e3</code></a>
Release 2.0.6</li>
<li><a
href="644124ecd0"><code>644124e</code></a>
Merge pull request from GHSA-v845-jxx5-vc9f</li>
<li><a
href="740380c59c"><code>740380c</code></a>
Bump cryptography from 41.0.3 to 41.0.4 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3131">#3131</a>)</li>
<li><a
href="d9f85a7494"><code>d9f85a7</code></a>
Release 2.0.5</li>
<li><a
href="d41f412296"><code>d41f412</code></a>
Undeprecate pyOpenSSL module (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3127">#3127</a>)</li>
<li><a
href="b6c04cb3e6"><code>b6c04cb</code></a>
Fix a link to "absolute URI" definition (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3128">#3128</a>)</li>
<li><a
href="af7c78fa30"><code>af7c78f</code></a>
refactor: change double conditional to one (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3118">#3118</a>)</li>
<li><a
href="34c13c8e68"><code>34c13c8</code></a>
Refer to current internet standards in docs on proxies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3124">#3124</a>)</li>
<li><a
href="a3e94f218c"><code>a3e94f2</code></a>
Fix a name of an attribute in docs (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3125">#3125</a>)</li>
<li><a
href="da69d4f4f9"><code>da69d4f</code></a>
Fix docs build (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3123">#3123</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.4...2.0.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3
to 41.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>41.0.4 - 2023-09-19</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.1.3.
<p>.. _v41-0-3:
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fc11bce693"><code>fc11bce</code></a>
bump for 41.0.4 (<a
href="https://redirect.github.com/pyca/cryptography/issues/9629">#9629</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/41.0.3...41.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jared Lockhart <119884+jaredlockhart@users.noreply.github.com>
Bumps [black](https://github.com/psf/black) from 23.7.0 to 23.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>23.9.1</h2>
<p>Due to various issues, the previous release (23.9.0) did not include
compiled mypyc
wheels, which make Black significantly faster. These issues have now
been fixed, and
this release should come with compiled wheels once again.</p>
<p>There will be no wheels for Python 3.12 due to a bug in mypyc. We
will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.</p>
<h3>Packaging</h3>
<ul>
<li>Upgrade to mypy 1.5.1 (<a
href="https://redirect.github.com/psf/black/issues/3864">#3864</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Store raw tuples instead of NamedTuples in Black's cache, improving
performance and
decreasing the size of the cache (<a
href="https://redirect.github.com/psf/black/issues/3877">#3877</a>)</li>
</ul>
<h2>23.9.0</h2>
<h3>Preview style</h3>
<ul>
<li>More concise formatting for dummy implementations (<a
href="https://redirect.github.com/psf/black/issues/3796">#3796</a>)</li>
<li>In stub files, add a blank line between a statement with a body (e.g
an
<code>if sys.version_info > (3, x):</code>) and a function definition
on the same level (<a
href="https://redirect.github.com/psf/black/issues/3862">#3862</a>)</li>
<li>Fix a bug whereby spaces were removed from walrus operators within
subscript(<a
href="https://redirect.github.com/psf/black/issues/3823">#3823</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Black now applies exclusion and ignore logic before resolving
symlinks (<a
href="https://redirect.github.com/psf/black/issues/3846">#3846</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Avoid importing <code>IPython</code> if notebook cells do not
contain magics (<a
href="https://redirect.github.com/psf/black/issues/3782">#3782</a>)</li>
<li>Improve caching by comparing file hashes as fallback for mtime and
size (<a
href="https://redirect.github.com/psf/black/issues/3821">#3821</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix an issue in <code>blackd</code> with single character input (<a
href="https://redirect.github.com/psf/black/issues/3558">#3558</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Black now has an
<a href="https://github.com/psf/black-pre-commit-mirror">official
pre-commit mirror</a>. Swapping
<code>https://github.com/psf/black</code> to
<code>https://github.com/psf/black-pre-commit-mirror</code> in
your <code>.pre-commit-config.yaml</code> will make Black about 2x
faster (<a
href="https://redirect.github.com/psf/black/issues/3828">#3828</a>)</li>
<li>The <code>.black.env</code> folder specified by
<code>ENV_PATH</code> will now be removed on the completion
of the GitHub Action (<a
href="https://redirect.github.com/psf/black/issues/3759">#3759</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>23.9.1</h2>
<p>Due to various issues, the previous release (23.9.0) did not include
compiled mypyc
wheels, which make Black significantly faster. These issues have now
been fixed, and
this release should come with compiled wheels once again.</p>
<p>There will be no wheels for Python 3.12 due to a bug in mypyc. We
will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.</p>
<h3>Packaging</h3>
<ul>
<li>Upgrade to mypy 1.5.1 (<a
href="https://redirect.github.com/psf/black/issues/3864">#3864</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Store raw tuples instead of NamedTuples in Black's cache, improving
performance and
decreasing the size of the cache (<a
href="https://redirect.github.com/psf/black/issues/3877">#3877</a>)</li>
</ul>
<h2>23.9.0</h2>
<h3>Preview style</h3>
<ul>
<li>More concise formatting for dummy implementations (<a
href="https://redirect.github.com/psf/black/issues/3796">#3796</a>)</li>
<li>In stub files, add a blank line between a statement with a body (e.g
an
<code>if sys.version_info > (3, x):</code>) and a function definition
on the same level (<a
href="https://redirect.github.com/psf/black/issues/3862">#3862</a>)</li>
<li>Fix a bug whereby spaces were removed from walrus operators within
subscript(<a
href="https://redirect.github.com/psf/black/issues/3823">#3823</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Black now applies exclusion and ignore logic before resolving
symlinks (<a
href="https://redirect.github.com/psf/black/issues/3846">#3846</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Avoid importing <code>IPython</code> if notebook cells do not
contain magics (<a
href="https://redirect.github.com/psf/black/issues/3782">#3782</a>)</li>
<li>Improve caching by comparing file hashes as fallback for mtime and
size (<a
href="https://redirect.github.com/psf/black/issues/3821">#3821</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix an issue in <code>blackd</code> with single character input (<a
href="https://redirect.github.com/psf/black/issues/3558">#3558</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Black now has an
<a href="https://github.com/psf/black-pre-commit-mirror">official
pre-commit mirror</a>. Swapping
<code>https://github.com/psf/black</code> to
<code>https://github.com/psf/black-pre-commit-mirror</code> in
your <code>.pre-commit-config.yaml</code> will make Black about 2x
faster (<a
href="https://redirect.github.com/psf/black/issues/3828">#3828</a>)</li>
<li>The <code>.black.env</code> folder specified by
<code>ENV_PATH</code> will now be removed on the completion
of the GitHub Action (<a
href="https://redirect.github.com/psf/black/issues/3759">#3759</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e87737140f"><code>e877371</code></a>
Prepare release 23.9.1 (<a
href="https://redirect.github.com/psf/black/issues/3878">#3878</a>)</li>
<li><a
href="62dca32dc5"><code>62dca32</code></a>
mypyc builds on PRs, skip mypyc wheels for 3.12 (<a
href="https://redirect.github.com/psf/black/issues/3870">#3870</a>)</li>
<li><a
href="751583a1df"><code>751583a</code></a>
Pickle raw tuples in FileData cache (<a
href="https://redirect.github.com/psf/black/issues/3877">#3877</a>)</li>
<li><a
href="f7917453c9"><code>f791745</code></a>
Re-export black.Mode (<a
href="https://redirect.github.com/psf/black/issues/3875">#3875</a>)</li>
<li><a
href="0b62b9c9a4"><code>0b62b9c</code></a>
Ignore aiohttp DeprecationWarning for 3.12 (<a
href="https://redirect.github.com/psf/black/issues/3876">#3876</a>)</li>
<li><a
href="c83ad6c077"><code>c83ad6c</code></a>
Upgrade to Furo 2023.9.10 to fix docs build (<a
href="https://redirect.github.com/psf/black/issues/3873">#3873</a>)</li>
<li><a
href="4eebfd1a7a"><code>4eebfd1</code></a>
Add mypyc test marks to new tests that patch (<a
href="https://redirect.github.com/psf/black/issues/3871">#3871</a>)</li>
<li><a
href="add161b367"><code>add161b</code></a>
Bump RTD Python version from 3.8 to 3.11 (<a
href="https://redirect.github.com/psf/black/issues/3868">#3868</a>)</li>
<li><a
href="4e93f2aa01"><code>4e93f2a</code></a>
Add classifier for 3.12 (<a
href="https://redirect.github.com/psf/black/issues/3866">#3866</a>)</li>
<li><a
href="716fa08090"><code>716fa08</code></a>
Upgrade mypy (<a
href="https://redirect.github.com/psf/black/issues/3864">#3864</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/23.7.0...23.9.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- we want to use the population sizing schemas for graphql and UI
This commit
- sets up generation of typescript schemas from the pydantic schemas
- sets up publishing the typescript schemas to npm
Because
- we don't want to have to update static test data whenever schemas
change
- we do still want tests on schemas package consumers to test overall
functionality
This commit
- adds some test data generation factories to the schemas package for
consumers to use within tests
Bumps [black](https://github.com/psf/black) from 23.3.0 to 23.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>23.7.0</h2>
<h3>Highlights</h3>
<ul>
<li>Runtime support for Python 3.7 has been removed. Formatting 3.7 code
will still be
supported until further notice (<a
href="https://redirect.github.com/psf/black/issues/3765">#3765</a>)</li>
</ul>
<h3>Stable style</h3>
<ul>
<li>Fix a bug where an illegal trailing comma was added to return type
annotations using
PEP 604 unions (<a
href="https://redirect.github.com/psf/black/issues/3735">#3735</a>)</li>
<li>Fix several bugs and crashes where comments in stub files were
removed or mishandled
under some circumstances (<a
href="https://redirect.github.com/psf/black/issues/3745">#3745</a>)</li>
<li>Fix a crash with multi-line magic comments like <code>type:
ignore</code> within parentheses
(<a
href="https://redirect.github.com/psf/black/issues/3740">#3740</a>)</li>
<li>Fix error in AST validation when <em>Black</em> removes trailing
whitespace in a type comment
(<a
href="https://redirect.github.com/psf/black/issues/3773">#3773</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Implicitly concatenated strings used as function args are no longer
wrapped inside
parentheses (<a
href="https://redirect.github.com/psf/black/issues/3640">#3640</a>)</li>
<li>Remove blank lines between a class definition and its docstring (<a
href="https://redirect.github.com/psf/black/issues/3692">#3692</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>The <code>--workers</code> argument to <em>Black</em> can now be
specified via the <code>BLACK_NUM_WORKERS</code>
environment variable (<a
href="https://redirect.github.com/psf/black/issues/3743">#3743</a>)</li>
<li><code>.pytest_cache</code>, <code>.ruff_cache</code> and
<code>.vscode</code> are now excluded by default (<a
href="https://redirect.github.com/psf/black/issues/3691">#3691</a>)</li>
<li>Fix <em>Black</em> not honouring <code>pyproject.toml</code>
settings when running <code>--stdin-filename</code>
and the <code>pyproject.toml</code> found isn't in the current working
directory (<a
href="https://redirect.github.com/psf/black/issues/3719">#3719</a>)</li>
<li><em>Black</em> will now error if <code>exclude</code> and
<code>extend-exclude</code> have invalid data types in
<code>pyproject.toml</code>, instead of silently doing the wrong thing
(<a
href="https://redirect.github.com/psf/black/issues/3764">#3764</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Upgrade mypyc from 0.991 to 1.3 (<a
href="https://redirect.github.com/psf/black/issues/3697">#3697</a>)</li>
<li>Remove patching of Click that mitigated errors on Python 3.6 with
<code>LANG=C</code> (<a
href="https://redirect.github.com/psf/black/issues/3768">#3768</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Add support for the new PEP 695 syntax in Python 3.12 (<a
href="https://redirect.github.com/psf/black/issues/3703">#3703</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Speed up <em>Black</em> significantly when the cache is full (<a
href="https://redirect.github.com/psf/black/issues/3751">#3751</a>)</li>
<li>Avoid importing <code>IPython</code> in a case where we wouldn't
need it (<a
href="https://redirect.github.com/psf/black/issues/3748">#3748</a>)</li>
</ul>
<h3>Output</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>23.7.0</h2>
<h3>Highlights</h3>
<ul>
<li>Runtime support for Python 3.7 has been removed. Formatting 3.7 code
will still be
supported until further notice (<a
href="https://redirect.github.com/psf/black/issues/3765">#3765</a>)</li>
</ul>
<h3>Stable style</h3>
<ul>
<li>Fix a bug where an illegal trailing comma was added to return type
annotations using
PEP 604 unions (<a
href="https://redirect.github.com/psf/black/issues/3735">#3735</a>)</li>
<li>Fix several bugs and crashes where comments in stub files were
removed or mishandled
under some circumstances (<a
href="https://redirect.github.com/psf/black/issues/3745">#3745</a>)</li>
<li>Fix a crash with multi-line magic comments like <code>type:
ignore</code> within parentheses
(<a
href="https://redirect.github.com/psf/black/issues/3740">#3740</a>)</li>
<li>Fix error in AST validation when <em>Black</em> removes trailing
whitespace in a type comment
(<a
href="https://redirect.github.com/psf/black/issues/3773">#3773</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Implicitly concatenated strings used as function args are no longer
wrapped inside
parentheses (<a
href="https://redirect.github.com/psf/black/issues/3640">#3640</a>)</li>
<li>Remove blank lines between a class definition and its docstring (<a
href="https://redirect.github.com/psf/black/issues/3692">#3692</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>The <code>--workers</code> argument to <em>Black</em> can now be
specified via the <code>BLACK_NUM_WORKERS</code>
environment variable (<a
href="https://redirect.github.com/psf/black/issues/3743">#3743</a>)</li>
<li><code>.pytest_cache</code>, <code>.ruff_cache</code> and
<code>.vscode</code> are now excluded by default (<a
href="https://redirect.github.com/psf/black/issues/3691">#3691</a>)</li>
<li>Fix <em>Black</em> not honouring <code>pyproject.toml</code>
settings when running <code>--stdin-filename</code>
and the <code>pyproject.toml</code> found isn't in the current working
directory (<a
href="https://redirect.github.com/psf/black/issues/3719">#3719</a>)</li>
<li><em>Black</em> will now error if <code>exclude</code> and
<code>extend-exclude</code> have invalid data types in
<code>pyproject.toml</code>, instead of silently doing the wrong thing
(<a
href="https://redirect.github.com/psf/black/issues/3764">#3764</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Upgrade mypyc from 0.991 to 1.3 (<a
href="https://redirect.github.com/psf/black/issues/3697">#3697</a>)</li>
<li>Remove patching of Click that mitigated errors on Python 3.6 with
<code>LANG=C</code> (<a
href="https://redirect.github.com/psf/black/issues/3768">#3768</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Add support for the new PEP 695 syntax in Python 3.12 (<a
href="https://redirect.github.com/psf/black/issues/3703">#3703</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Speed up <em>Black</em> significantly when the cache is full (<a
href="https://redirect.github.com/psf/black/issues/3751">#3751</a>)</li>
<li>Avoid importing <code>IPython</code> in a case where we wouldn't
need it (<a
href="https://redirect.github.com/psf/black/issues/3748">#3748</a>)</li>
</ul>
<h3>Output</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="193ee766ca"><code>193ee76</code></a>
Prepare release 23.7.0 (<a
href="https://redirect.github.com/psf/black/issues/3776">#3776</a>)</li>
<li><a
href="38723bb778"><code>38723bb</code></a>
Unpin pytest-xdist (<a
href="https://redirect.github.com/psf/black/issues/3772">#3772</a>)</li>
<li><a
href="138769aa27"><code>138769a</code></a>
Disable coverage on pypy tests (<a
href="https://redirect.github.com/psf/black/issues/3777">#3777</a>)</li>
<li><a
href="ad3724b7ff"><code>ad3724b</code></a>
Upgrade to latest mypy (<a
href="https://redirect.github.com/psf/black/issues/3775">#3775</a>)</li>
<li><a
href="b8e2ec728c"><code>b8e2ec7</code></a>
Fix crash on type comment with trailing space (<a
href="https://redirect.github.com/psf/black/issues/3773">#3773</a>)</li>
<li><a
href="257d392217"><code>257d392</code></a>
Fix removed comments in stub files (<a
href="https://redirect.github.com/psf/black/issues/3745">#3745</a>)</li>
<li><a
href="2593af2c5d"><code>2593af2</code></a>
Improve performance by skipping unnecessary normalisation (<a
href="https://redirect.github.com/psf/black/issues/3751">#3751</a>)</li>
<li><a
href="f3b50e4669"><code>f3b50e4</code></a>
Add CITATION.cff file (<a
href="https://redirect.github.com/psf/black/issues/3723">#3723</a>)</li>
<li><a
href="0b4d7d55f7"><code>0b4d7d5</code></a>
Run pyupgrade on blib2to3 and src (<a
href="https://redirect.github.com/psf/black/issues/3771">#3771</a>)</li>
<li><a
href="114e8357e6"><code>114e835</code></a>
Remove click patch (<a
href="https://redirect.github.com/psf/black/issues/3768">#3768</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/23.3.0...23.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to
7.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest/releases">pytest's
releases</a>.</em></p>
<blockquote>
<h2>7.4.0</h2>
<h1>pytest 7.4.0 (2023-06-23)</h1>
<h2>Features</h2>
<ul>
<li><a
href="https://redirect.github.com/pytest-dev/pytest/issues/10901">#10901</a>:
Added <code>ExceptionInfo.from_exception()
<pytest.ExceptionInfo.from_exception></code>{.interpreted-text
role="func"}, a simpler way to create an
<code>~pytest.ExceptionInfo</code>{.interpreted-text
role="class"} from an exception.
This can replace <code>ExceptionInfo.from_exc_info()
<pytest.ExceptionInfo.from_exc_info()></code>{.interpreted-text
role="func"} for most uses.</li>
</ul>
<h2>Improvements</h2>
<ul>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/10872">#10872</a>:
Update test log report annotation to named tuple and fixed inconsistency
in docs for <code>pytest_report_teststatus</code>{.interpreted-text
role="hook"} hook.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/10907">#10907</a>:
When an exception traceback to be displayed is completely filtered out
(by mechanisms such as <code>__tracebackhide__</code>, internal frames,
and similar), now only the exception string and the following message
are shown:</p>
<p>"All traceback entries are hidden. Pass
[--full-trace]{.title-ref} to see hidden and internal frames.".</p>
<p>Previously, the last frame of the traceback was shown, even though it
was hidden.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/10940">#10940</a>:
Improved verbose output (<code>-vv</code>) of <code>skip</code> and
<code>xfail</code> reasons by performing text wrapping while leaving a
clear margin for progress output.</p>
<p>Added <code>TerminalReporter.wrap_write()</code> as a helper for
that.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/10991">#10991</a>:
Added handling of <code>%f</code> directive to print microseconds in log
format options, such as <code>log-date-format</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/11005">#11005</a>:
Added the underlying exception to the cache provider's path creation and
write warning messages.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/11013">#11013</a>:
Added warning when <code>testpaths</code>{.interpreted-text
role="confval"} is set, but paths are not found by glob. In
this case, pytest will fall back to searching from the current
directory.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/11043">#11043</a>:
When [--confcutdir]{.title-ref} is not specified, and there is no config
file present, the conftest cutoff directory ([--confcutdir]{.title-ref})
is now set to the <code>rootdir <rootdir></code>{.interpreted-text
role="ref"}.
Previously in such cases, [conftest.py]{.title-ref} files would be
probed all the way to the root directory of the filesystem.
If you are badly affected by this change, consider adding an empty
config file to your desired cutoff directory, or explicitly set
[--confcutdir]{.title-ref}.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/11081">#11081</a>:
The <code>norecursedirs</code>{.interpreted-text
role="confval"} check is now performed in a
<code>pytest_ignore_collect</code>{.interpreted-text
role="hook"} implementation, so plugins can affect it.</p>
<p>If after updating to this version you see that your
[norecursedirs]{.title-ref} setting is not being respected,
it means that a conftest or a plugin you use has a bad
[pytest_ignore_collect]{.title-ref} implementation.
Most likely, your hook returns [False]{.title-ref} for paths it does not
want to ignore,
which ends the processing and doesn't allow other plugins, including
pytest itself, to ignore the path.
The fix is to return [None]{.title-ref} instead of [False]{.title-ref}
for paths your hook doesn't want to ignore.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/pytest-dev/pytest/issues/8711">#8711</a>:
<code>caplog.set_level()
<pytest.LogCaptureFixture.set_level></code>{.interpreted-text
role="func"} and <code>caplog.at_level()
<pytest.LogCaptureFixture.at_level></code>{.interpreted-text
role="func"}
will temporarily enable the requested <code>level</code> if
<code>level</code> was disabled globally via
<code>logging.disable(LEVEL)</code>.</p>
</li>
</ul>
<h2>Bug Fixes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d9bf9dbec1"><code>d9bf9db</code></a>
Prepare release version 7.4.0</li>
<li><a
href="64319dbc01"><code>64319db</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/11128">#11128</a>
from bluetech/pythonpath-note</li>
<li><a
href="1e8135df16"><code>1e8135d</code></a>
reference: add note that <code>pythonpath</code> does not affect
<code>-p</code></li>
<li><a
href="1e32a4b570"><code>1e32a4b</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/10935">#10935</a>
from nondescryptid/10328</li>
<li><a
href="faa1f9d2ad"><code>faa1f9d</code></a>
Merge pull request <a
href="https://redirect.github.com/pytest-dev/pytest/issues/11125">#11125</a>
from bluetech/initial-conftests-testpaths</li>
<li><a
href="14890329dc"><code>1489032</code></a>
config: fix the paths considered for initial conftest discovery</li>
<li><a
href="d97d44a97a"><code>d97d44a</code></a>
config: extract initial paths/nodeids args logic to a function</li>
<li><a
href="f6b995e9d5"><code>f6b995e</code></a>
Use utf-8 debug file</li>
<li><a
href="661b938fca"><code>661b938</code></a>
Add encoding in more tests</li>
<li><a
href="7e510769b4"><code>7e51076</code></a>
Encoding for subprocess.run</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest/compare/7.3.1...7.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.1
to 41.0.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>41.0.2 - 2023-07-10</p>
<pre><code>
* Fixed bugs in creating and parsing SSH certificates where critical
options
with values were handled incorrectly. Certificates are now created
correctly
and parsing accepts correct values as well as the previously generated
invalid forms with a warning. In the next release, support for parsing
these
invalid forms will be removed.
<p>.. _v41-0-1:
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7431db737c"><code>7431db7</code></a>
bump for 41.0.2 (<a
href="https://redirect.github.com/pyca/cryptography/issues/9215">#9215</a>)</li>
<li><a
href="e190ef1905"><code>e190ef1</code></a>
Backport ssh cert fix (<a
href="https://redirect.github.com/pyca/cryptography/issues/9211">#9211</a>)</li>
<li><a
href="bb204c8ca7"><code>bb204c8</code></a>
Backport: Added PyPy 3.10 to CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/8933">#8933</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/9210">#9210</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/41.0.1...41.0.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jared Lockhart <119884+jaredlockhart@users.noreply.github.com>
dependabot[bot]
Beth Rennie
Mike Williams