FAQ | This is a LIVE service | Changelog

Skip to content

fix(deps): update all non-major dependencies

This MR contains the following updates:

Package Type Update Change Age Confidence
Lucas-C/pre-commit-hooks-safety repository minor v1.3.3 -> v1.4.2 age confidence
progress dependencies patch 1.6 -> 1.6.1 age confidence
psf/black repository minor 23.3.0 -> 23.12.1 age confidence
pycqa/flake8 repository minor 7.1.0 -> 7.3.0 age confidence
registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/python final minor 3.11-slim -> 3.13-slim age confidence
requests (source, changelog) dependencies minor ~2.26.0 -> ~2.32.0 age confidence
tobix/pywine image minor 3.11 -> 3.13 age confidence
uis/devops/continuous-delivery/ci-templates repository minor v7.6.2 -> v7.14.1 age confidence

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.


Release Notes

Lucas-C/pre-commit-hooks-safety (Lucas-C/pre-commit-hooks-safety)

v1.4.2: Allowing --disable-optional-telemetry-data

Compare Source

Fixed
  • Allowed --disable-optional-telemetry-data to be specified instead of --disable-optional-telemetry

v1.4.1: More robust requirements path check & using safety<=2.3.5

Compare Source

Added
  • Add more robust requirements path check - cf. MR #​55
Fixed
  • Added constraint safety<=2.3.5 in setup.py in order to be able to still use the check command. A future-proof solution could be to create a new python-safety-dependencies-scan hook, cf. issue #​52

v1.4.0

Compare Source

Added
psf/black (psf/black)

v23.12.1

Compare Source

Packaging
  • Fixed a bug that included dependencies from the d extra by default (#​4108)

v23.12.0

Compare Source

Highlights

It's almost 2024, which means it's time for a new edition of Black's stable style! Together with this release, we'll put out an alpha release 24.1a1 showcasing the draft 2024 stable style, which we'll finalize in the January release. Please try it out and share your feedback.

This release (23.12.0) will still produce the 2023 style. Most but not all of the changes in --preview mode will be in the 2024 stable style.

Stable style
  • Fix bug where # fmt: off automatically dedents when used with the --line-ranges option, even when it is not within the specified line range. (#​4084)
  • Fix feature detection for parenthesized context managers (#​4104)
Preview style
  • Prefer more equal signs before a break when splitting chained assignments (#​4010)
  • Standalone form feed characters at the module level are no longer removed (#​4021)
  • Additional cases of immediately nested tuples, lists, and dictionaries are now indented less (#​4012)
  • Allow empty lines at the beginning of all blocks, except immediately before a docstring (#​4060)
  • Fix crash in preview mode when using a short --line-length (#​4086)
  • Keep suites consisting of only an ellipsis on their own lines if they are not functions or class definitions (#​4066) (#​4103)
Configuration
  • --line-ranges now skips Black's internal stability check in --safe mode. This avoids a crash on rare inputs that have many unformatted same-content lines. (#​4034)
Packaging
Integrations

v23.11.0

Compare Source

Highlights
  • Support formatting ranges of lines with the new --line-ranges command-line option (#​4020)
Stable style
  • Fix crash on formatting bytes strings that look like docstrings (#​4003)
  • Fix crash when whitespace followed a backslash before newline in a docstring (#​4008)
  • Fix standalone comments inside complex blocks crashing Black (#​4016)
  • Fix crash on formatting code like await (a ** b) (#​3994)
  • No longer treat leading f-strings as docstrings. This matches Python's behaviour and fixes a crash (#​4019)
Preview style
  • Multiline dicts and lists that are the sole argument to a function are now indented less (#​3964)
  • Multiline unpacked dicts and lists as the sole argument to a function are now also indented less (#​3992)
  • In f-string debug expressions, quote types that are visible in the final string are now preserved (#​4005)
  • Fix a bug where long case blocks were not split into multiple lines. Also enable general trailing comma rules on case blocks (#​4024)
  • Keep requiring two empty lines between module-level docstring and first function or class definition (#​4028)
  • Add support for single-line format skip with other comments on the same line (#​3959)
Configuration
  • Consistently apply force exclusion logic before resolving symlinks (#​4015)
  • Fix a bug in the matching of absolute path names in --include (#​3976)
Performance
  • Fix mypyc builds on arm64 on macOS (#​4017)
Integrations
  • Black's pre-commit integration will now run only on git hooks appropriate for a code formatter (#​3940)

v23.10.1

Compare Source

Highlights
  • Maintenance release to get a fix out for GitHub Action edge case (#​3957)
Preview style
  • Fix merging implicit multiline strings that have inline comments (#​3956)
  • Allow empty first line after block open before a comment or compound statement (#​3967)
Packaging
  • Change Dockerfile to hatch + compile black (#​3965)
Integrations
  • The summary output for GitHub workflows is now suppressible using the summary parameter. (#​3958)
  • Fix the action failing when Black check doesn't pass (#​3957)
Documentation

v23.10.0

Compare Source

Stable style
  • Fix comments getting removed from inside parenthesized strings (#​3909)
Preview style
  • Fix long lines with power operators getting split before the line length (#​3942)
  • Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (#​3899)
  • Magic trailing commas are now respected in return types. (#​3916)
  • Require one empty line after module-level docstrings. (#​3932)
  • Treat raw triple-quoted strings as docstrings (#​3947)
Configuration
  • Fix cache versioning logic when BLACK_CACHE_DIR is set (#​3937)
Parser
  • Fix bug where attributes named type were not accepted inside match statements (#​3950)
  • Add support for PEP 695 type aliases containing lambdas and other unusual expressions (#​3949)
Output
  • Black no longer attempts to provide special errors for attempting to format Python 2 code (#​3933)
  • Black will more consistently print stacktraces on internal errors in verbose mode (#​3938)
Integrations
  • The action output displayed in the job summary is now wrapped in Markdown (#​3914)

v23.9.1

Compare Source

Due to various issues, the previous release (23.9.0) did not include compiled mypyc wheels, which make Black significantly faster. These issues have now been fixed, and this release should come with compiled wheels once again.

There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12 wheels in a future release as soon as the mypyc bug is fixed.

Packaging
Performance
  • Store raw tuples instead of NamedTuples in Black's cache, improving performance and decreasing the size of the cache (#​3877)

v23.9.0

Compare Source

Preview style
  • More concise formatting for dummy implementations (#​3796)
  • In stub files, add a blank line between a statement with a body (e.g an if sys.version_info > (3, x):) and a function definition on the same level (#​3862)
  • Fix a bug whereby spaces were removed from walrus operators within subscript(#​3823)
Configuration
  • Black now applies exclusion and ignore logic before resolving symlinks (#​3846)
Performance
  • Avoid importing IPython if notebook cells do not contain magics (#​3782)
  • Improve caching by comparing file hashes as fallback for mtime and size (#​3821)
Blackd
  • Fix an issue in blackd with single character input (#​3558)
Integrations
  • Black now has an official pre-commit mirror. Swapping https://github.com/psf/black to https://github.com/psf/black-pre-commit-mirror in your .pre-commit-config.yaml will make Black about 2x faster (#​3828)
  • The .black.env folder specified by ENV_PATH will now be removed on the completion of the GitHub Action (#​3759)

v23.7.0

Compare Source

Highlights
  • Runtime support for Python 3.7 has been removed. Formatting 3.7 code will still be supported until further notice (#​3765)
Stable style
  • Fix a bug where an illegal trailing comma was added to return type annotations using PEP 604 unions (#​3735)
  • Fix several bugs and crashes where comments in stub files were removed or mishandled under some circumstances (#​3745)
  • Fix a crash with multi-line magic comments like type: ignore within parentheses (#​3740)
  • Fix error in AST validation when Black removes trailing whitespace in a type comment (#​3773)
Preview style
  • Implicitly concatenated strings used as function args are no longer wrapped inside parentheses (#​3640)
  • Remove blank lines between a class definition and its docstring (#​3692)
Configuration
  • The --workers argument to Black can now be specified via the BLACK_NUM_WORKERS environment variable (#​3743)
  • .pytest_cache, .ruff_cache and .vscode are now excluded by default (#​3691)
  • Fix Black not honouring pyproject.toml settings when running --stdin-filename and the pyproject.toml found isn't in the current working directory (#​3719)
  • Black will now error if exclude and extend-exclude have invalid data types in pyproject.toml, instead of silently doing the wrong thing (#​3764)
Packaging
  • Upgrade mypyc from 0.991 to 1.3 (#​3697)
  • Remove patching of Click that mitigated errors on Python 3.6 with LANG=C (#​3768)
Parser
  • Add support for the new PEP 695 syntax in Python 3.12 (#​3703)
Performance
  • Speed up Black significantly when the cache is full (#​3751)
  • Avoid importing IPython in a case where we wouldn't need it (#​3748)
Output
  • Use aware UTC datetimes internally, avoids deprecation warning on Python 3.12 (#​3728)
  • Change verbose logging to exactly mirror Black's logic for source discovery (#​3749)
Blackd
  • The blackd argument parser now shows the default values for options in their help text (#​3712)
Integrations
Documentation
  • Add a CITATION.cff file to the root of the repository, containing metadata on how to cite this software (#​3723)
  • Update the classes and exceptions documentation in Developer reference to match the latest code base (#​3755)
pycqa/flake8 (pycqa/flake8)

v7.3.0

Compare Source

v7.2.0

Compare Source

v7.1.2

Compare Source

v7.1.1

Compare Source

psf/requests (requests)

v2.32.5

Compare Source

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

Compare Source

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

v2.32.3

Compare Source

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#​6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#​6724)

v2.32.2

Compare Source

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked MR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#​6710)

v2.32.1

Compare Source

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

Compare Source

Security

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#​6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#​6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#​6589)
  • Fixed deserialization bug in JSONDecodeError. (#​6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#​6644)

Deprecations

  • Requests has officially added support for CPython 3.12 (#​6503)
  • Requests has officially added support for PyPy 3.9 and 3.10 (#​6641)
  • Requests has officially dropped support for CPython 3.7 (#​6642)
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#​6641)

Documentation

  • Various typo fixes and doc improvements.

Packaging

  • Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#​6506)
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

v2.31.0

Compare Source

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

Compare Source

Dependencies

v2.29.0

Compare Source

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#​6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#​6356)

v2.28.2

Compare Source

Dependencies

  • Requests now supports charset_normalizer 3.x. (#​6261)

Bugfixes

  • Updated MissingSchema exception to suggest https scheme rather than http. (#​6188)

v2.28.1

Compare Source

Improvements

  • Speed optimization in iter_content with transition to yield from. (#​6170)

Dependencies

  • Added support for chardet 5.0.0 (#​6179)
  • Added support for charset-normalizer 2.1.0 (#​6169)

v2.28.0

Compare Source

Deprecations

  • ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#​6091)
  • Requests has officially dropped support for Python 3.6 (including pypy3.6). (#​6091)

Improvements

  • Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#​6097)
  • Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#​6154)
  • Added provisional 3.11 support with current beta build. (#​6155)
  • Requests got a makeover and we decided to paint it black. (#​6095)

Bugfixes

  • Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#​6074)
  • Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#​6057)
  • Fixed issue where invalid Windows registry entries caused proxy resolution to raise an exception rather than ignoring the entry. (#​6149)
  • Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#​6036)

v2.27.1

Compare Source

Bugfixes

  • Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#​6028)

v2.27.0

Compare Source

Improvements

  • Officially added support for Python 3.10. (#​5928)

  • Added a requests.exceptions.JSONDecodeError to unify JSON exceptions between Python 2 and 3. This gets raised in the response.json() method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught from requests.exceptions.RequestException as well. (#​5856)

  • Improved error text for misnamed InvalidSchema and MissingSchema exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#​6017)

  • Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to urlparse in Python 3.9+. (#​5917)

Bugfixes

  • Fixed defect in extract_zipped_paths which could result in an infinite loop for some paths. (#​5851)

  • Fixed handling for AttributeError when calculating length of files obtained by Tarfile.extractfile(). (#​5239)

  • Fixed urllib3 exception leak, wrapping urllib3.exceptions.InvalidHeader with requests.exceptions.InvalidHeader. (#​5914)

  • Fixed bug where two Host headers were sent for chunked requests. (#​5391)

  • Fixed regression in Requests 2.26.0 where Proxy-Authorization was incorrectly stripped from all requests sent with Session.send. (#​5924)

  • Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#​5924)

  • Fixed idna exception leak, wrapping UnicodeError with requests.exceptions.InvalidURL for URLs with a leading dot (.) in the domain. (#​5414)

Deprecations

  • Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.
uis/devops/continuous-delivery/ci-templates (uis/devops/continuous-delivery/ci-templates)

v7.14.1: 7.14.1

Compare Source

7.14.1 (2025-09-04)
Bug Fixes
  • maven.gitlab-ci.yml: move services section under maven job (a2c5dca)

v7.14.0: 7.14.0

Compare Source

7.14.0 (2025-09-02)
Features

v7.13.1: 7.13.1

Compare Source

7.13.1 (2025-09-01)
Bug Fixes
  • rename detect-non-utf8-files job and make it work with spaces in filenames (4d7ec69)

v7.13.0: 7.13.0

Compare Source

7.13.0 (2025-08-27)
Features
  • add detect-non-utf-files job (f629243)

v7.12.0: 7.12.0

Compare Source

7.12.0 (2025-08-27)
Features
  • terraform-pipeline: remove duplicate kics job (354c3cc)

v7.11.1: 7.11.1

Compare Source

7.11.1 (2025-08-21)

v7.11.0: 7.11.0

Compare Source

7.11.0 (2025-08-21)
Features
  • trivy job now to use logan-terrafrom image and run terraform init in before_script (b03b3e4)

v7.10.4: 7.10.4

Compare Source

7.10.4 (2025-08-14)

v7.10.3: 7.10.3

Compare Source

7.10.3 (2025-08-14)

v7.10.2: 7.10.2

Compare Source

7.10.2 (2025-08-14)

v7.10.1: 7.10.1

Compare Source

7.10.1 (2025-08-14)

v7.10.0: 7.10.0

Compare Source

7.10.0 (2025-08-14)
Features
  • auto-devops: remove mandatory jobs from auto-devops template (5f7de9c)

v7.9.1: 7.9.1

Compare Source

7.9.1 (2025-08-13)

v7.9.0: 7.9.0

Compare Source

7.9.0 (2025-08-13)
Features
  • mandatory-jobs: provide AST-related CI/CD variable defaults (3421a2e)

v7.8.0: 7.8.0

Compare Source

7.8.0 (2025-08-13)
Features
  • add mandatory jobs template (975f4aa)

v7.7.0: 7.7.0

Compare Source

7.7.0 (2025-08-07)
Features
  • add dind support to terraform-test (a17505d)

v7.6.4: 7.6.4

Compare Source

7.6.4 (2025-08-07)
Reverts
  • Revert "fix(common-pipeline): pin secret detector image version" (b62bc91)

v7.6.3: 7.6.3

Compare Source

7.6.3 (2025-08-06)

Bug Fixes
  • common-pipeline: pin secret detector image version (8109734)

Configuration

📅 Schedule: Branch creation - Monday through Friday ( * * * * 1-5 ) in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by uis-devops-renovatebot

Merge request reports

Loading