fix(deps): update all non-major dependencies
This MR contains the following updates:
Package | Type | Update | Change | Age | Confidence |
---|---|---|---|---|---|
Lucas-C/pre-commit-hooks-safety | repository | minor |
v1.3.3 -> v1.4.2
|
||
progress | dependencies | patch |
1.6 -> 1.6.1
|
||
psf/black | repository | minor |
23.3.0 -> 23.12.1
|
||
pycqa/flake8 | repository | minor |
7.1.0 -> 7.3.0
|
||
registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/python | final | minor |
3.11-slim -> 3.13-slim
|
||
requests (source, changelog) | dependencies | minor |
~2.26.0 -> ~2.32.0
|
||
tobix/pywine | image | minor |
3.11 -> 3.13
|
||
uis/devops/continuous-delivery/ci-templates | repository | minor |
v7.6.2 -> v7.14.1
|
Note: The pre-commit
manager in Renovate is not supported by the pre-commit
maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
Lucas-C/pre-commit-hooks-safety (Lucas-C/pre-commit-hooks-safety)
v1.4.2
: Allowing --disable-optional-telemetry-data
Fixed
- Allowed
--disable-optional-telemetry-data
to be specified instead of--disable-optional-telemetry
v1.4.1
: More robust requirements path check & using safety<=2.3.5
Added
- Add more robust requirements path check - cf. MR #55
Fixed
- Added constraint
safety<=2.3.5
insetup.py
in order to be able to still use thecheck
command. A future-proof solution could be to create a newpython-safety-dependencies-scan
hook, cf. issue #52
v1.4.0
Added
- support for Poetry 2.0.0 - cf. MR #55
psf/black (psf/black)
v23.12.1
Packaging
- Fixed a bug that included dependencies from the
d
extra by default (#4108)
v23.12.0
Highlights
It's almost 2024, which means it's time for a new edition of Black's stable style! Together with this release, we'll put out an alpha release 24.1a1 showcasing the draft 2024 stable style, which we'll finalize in the January release. Please try it out and share your feedback.
This release (23.12.0) will still produce the 2023 style. Most but not all of the
changes in --preview
mode will be in the 2024 stable style.
Stable style
- Fix bug where
# fmt: off
automatically dedents when used with the--line-ranges
option, even when it is not within the specified line range. (#4084) - Fix feature detection for parenthesized context managers (#4104)
Preview style
- Prefer more equal signs before a break when splitting chained assignments (#4010)
- Standalone form feed characters at the module level are no longer removed (#4021)
- Additional cases of immediately nested tuples, lists, and dictionaries are now indented less (#4012)
- Allow empty lines at the beginning of all blocks, except immediately before a docstring (#4060)
- Fix crash in preview mode when using a short
--line-length
(#4086) - Keep suites consisting of only an ellipsis on their own lines if they are not functions or class definitions (#4066) (#4103)
Configuration
-
--line-ranges
now skips Black's internal stability check in--safe
mode. This avoids a crash on rare inputs that have many unformatted same-content lines. (#4034)
Packaging
- Upgrade to mypy 1.7.1 (#4049) (#4069)
- Faster compiled wheels are now available for CPython 3.12 (#4070)
Integrations
- Enable 3.12 CI (#4035)
- Build docker images in parallel (#4054)
- Build docker images with 3.12 (#4055)
v23.11.0
Highlights
- Support formatting ranges of lines with the new
--line-ranges
command-line option (#4020)
Stable style
- Fix crash on formatting bytes strings that look like docstrings (#4003)
- Fix crash when whitespace followed a backslash before newline in a docstring (#4008)
- Fix standalone comments inside complex blocks crashing Black (#4016)
- Fix crash on formatting code like
await (a ** b)
(#3994) - No longer treat leading f-strings as docstrings. This matches Python's behaviour and fixes a crash (#4019)
Preview style
- Multiline dicts and lists that are the sole argument to a function are now indented less (#3964)
- Multiline unpacked dicts and lists as the sole argument to a function are now also indented less (#3992)
- In f-string debug expressions, quote types that are visible in the final string are now preserved (#4005)
- Fix a bug where long
case
blocks were not split into multiple lines. Also enable general trailing comma rules oncase
blocks (#4024) - Keep requiring two empty lines between module-level docstring and first function or class definition (#4028)
- Add support for single-line format skip with other comments on the same line (#3959)
Configuration
- Consistently apply force exclusion logic before resolving symlinks (#4015)
- Fix a bug in the matching of absolute path names in
--include
(#3976)
Performance
- Fix mypyc builds on arm64 on macOS (#4017)
Integrations
- Black's pre-commit integration will now run only on git hooks appropriate for a code formatter (#3940)
v23.10.1
Highlights
- Maintenance release to get a fix out for GitHub Action edge case (#3957)
Preview style
- Fix merging implicit multiline strings that have inline comments (#3956)
- Allow empty first line after block open before a comment or compound statement (#3967)
Packaging
- Change Dockerfile to hatch + compile black (#3965)
Integrations
- The summary output for GitHub workflows is now suppressible using the
summary
parameter. (#3958) - Fix the action failing when Black check doesn't pass (#3957)
Documentation
- It is known Windows documentation CI is broken https://github.com/psf/black/issues/3968
v23.10.0
Stable style
- Fix comments getting removed from inside parenthesized strings (#3909)
Preview style
- Fix long lines with power operators getting split before the line length (#3942)
- Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (#3899)
- Magic trailing commas are now respected in return types. (#3916)
- Require one empty line after module-level docstrings. (#3932)
- Treat raw triple-quoted strings as docstrings (#3947)
Configuration
- Fix cache versioning logic when
BLACK_CACHE_DIR
is set (#3937)
Parser
- Fix bug where attributes named
type
were not accepted insidematch
statements (#3950) - Add support for PEP 695 type aliases containing lambdas and other unusual expressions (#3949)
Output
- Black no longer attempts to provide special errors for attempting to format Python 2 code (#3933)
- Black will more consistently print stacktraces on internal errors in verbose mode (#3938)
Integrations
- The action output displayed in the job summary is now wrapped in Markdown (#3914)
v23.9.1
Due to various issues, the previous release (23.9.0) did not include compiled mypyc wheels, which make Black significantly faster. These issues have now been fixed, and this release should come with compiled wheels once again.
There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12 wheels in a future release as soon as the mypyc bug is fixed.
Packaging
- Upgrade to mypy 1.5.1 (#3864)
Performance
- Store raw tuples instead of NamedTuples in Black's cache, improving performance and decreasing the size of the cache (#3877)
v23.9.0
Preview style
- More concise formatting for dummy implementations (#3796)
- In stub files, add a blank line between a statement with a body (e.g an
if sys.version_info > (3, x):
) and a function definition on the same level (#3862) - Fix a bug whereby spaces were removed from walrus operators within subscript(#3823)
Configuration
- Black now applies exclusion and ignore logic before resolving symlinks (#3846)
Performance
- Avoid importing
IPython
if notebook cells do not contain magics (#3782) - Improve caching by comparing file hashes as fallback for mtime and size (#3821)
Blackd
- Fix an issue in
blackd
with single character input (#3558)
Integrations
- Black now has an
official pre-commit mirror. Swapping
https://github.com/psf/black
tohttps://github.com/psf/black-pre-commit-mirror
in your.pre-commit-config.yaml
will make Black about 2x faster (#3828) - The
.black.env
folder specified byENV_PATH
will now be removed on the completion of the GitHub Action (#3759)
v23.7.0
Highlights
- Runtime support for Python 3.7 has been removed. Formatting 3.7 code will still be supported until further notice (#3765)
Stable style
- Fix a bug where an illegal trailing comma was added to return type annotations using PEP 604 unions (#3735)
- Fix several bugs and crashes where comments in stub files were removed or mishandled under some circumstances (#3745)
- Fix a crash with multi-line magic comments like
type: ignore
within parentheses (#3740) - Fix error in AST validation when Black removes trailing whitespace in a type comment (#3773)
Preview style
- Implicitly concatenated strings used as function args are no longer wrapped inside parentheses (#3640)
- Remove blank lines between a class definition and its docstring (#3692)
Configuration
- The
--workers
argument to Black can now be specified via theBLACK_NUM_WORKERS
environment variable (#3743) -
.pytest_cache
,.ruff_cache
and.vscode
are now excluded by default (#3691) - Fix Black not honouring
pyproject.toml
settings when running--stdin-filename
and thepyproject.toml
found isn't in the current working directory (#3719) -
Black will now error if
exclude
andextend-exclude
have invalid data types inpyproject.toml
, instead of silently doing the wrong thing (#3764)
Packaging
- Upgrade mypyc from 0.991 to 1.3 (#3697)
- Remove patching of Click that mitigated errors on Python 3.6 with
LANG=C
(#3768)
Parser
- Add support for the new PEP 695 syntax in Python 3.12 (#3703)
Performance
- Speed up Black significantly when the cache is full (#3751)
- Avoid importing
IPython
in a case where we wouldn't need it (#3748)
Output
- Use aware UTC datetimes internally, avoids deprecation warning on Python 3.12 (#3728)
- Change verbose logging to exactly mirror Black's logic for source discovery (#3749)
Blackd
- The
blackd
argument parser now shows the default values for options in their help text (#3712)
Integrations
- Black is now tested with
PYTHONWARNDEFAULTENCODING = 1
(#3763) - Update GitHub Action to display black output in the job summary (#3688)
Documentation
psf/requests (requests)
v2.32.5
Bugfixes
- The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.
Deprecations
- Added support for Python 3.14.
- Dropped support for Python 3.8 following its end of support.
v2.32.4
Security
- CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.
Improvements
- Numerous documentation improvements
Deprecations
- Added support for pypy 3.11 for Linux and macOS.
- Dropped support for pypy 3.9 following its end of support.
v2.32.3
Bugfixes
- Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
- Fixed issue where Requests started failing to run on Python versions compiled
without the
ssl
module. (#6724)
v2.32.2
Deprecations
-
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed
_get_connection
to a new public API,get_connection_with_tls_context
. Existing custom HTTPAdapters will need to migrate their code to use this new API.get_connection
is considered deprecated in all versions of Requests>=2.32.0.A minimal (2-line) example has been provided in the linked MR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
Bugfixes
- Add missing test certs to the sdist distributed on PyPI.
v2.32.0
Security
- Fixed an issue where setting
verify=False
on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value ofverify
. (https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)
Improvements
-
verify=True
now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667) - Requests now supports optional use of character detection
(
chardet
orcharset_normalizer
) when repackaged or vendored. This enablespip
and other projects to minimize their vendoring surface area. TheResponse.text()
andapparent_encoding
APIs will default toutf-8
if neither library is present. (#6702)
Bugfixes
- Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
- Fixed deserialization bug in JSONDecodeError. (#6629)
- Fixed bug where an extra leading
/
(path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)
Deprecations
- Requests has officially added support for CPython 3.12 (#6503)
- Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
- Requests has officially dropped support for CPython 3.7 (#6642)
- Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)
Documentation
- Various typo fixes and doc improvements.
Packaging
- Requests has started adopting some modern packaging practices.
The source files for the projects (formerly
requests
) is now located insrc/requests
in the Requests sdist. (#6506) - Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using
hatchling
. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.
v2.31.0
Security
-
Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of
Proxy-Authorization
headers to destination servers when following HTTPS redirects.When proxies are defined with user info (
https://user:pass@proxy:8080
), Requests will construct aProxy-Authorization
header that is attached to the request to authenticate with the proxy.In cases where Requests receives a redirect response, it previously reattached the
Proxy-Authorization
header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.
Full details can be read in our Github Security Advisory and CVE-2023-32681.
v2.30.0
Dependencies
-
⚠️ Added support for urllib3 2.0.⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to
urllib3<2
.
v2.29.0
Improvements
- Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
- Requests relaxes header component requirements to support bytes/str subclasses. (#6356)
v2.28.2
Dependencies
- Requests now supports charset_normalizer 3.x. (#6261)
Bugfixes
- Updated MissingSchema exception to suggest https scheme rather than http. (#6188)
v2.28.1
Improvements
- Speed optimization in
iter_content
with transition toyield from
. (#6170)
Dependencies
v2.28.0
Deprecations
-
⚠️ Requests has officially dropped support for Python 2.7.⚠️ (#6091) - Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)
Improvements
- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
an encoding to make
json()
API consistent. (#6097) - Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154)
- Added provisional 3.11 support with current beta build. (#6155)
- Requests got a makeover and we decided to paint it black. (#6095)
Bugfixes
- Fixed bug where setting
CURL_CA_BUNDLE
to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074) - Fixed urllib3 exception leak, wrapping
urllib3.exceptions.SSLError
withrequests.exceptions.SSLError
forcontent
anditer_content
. (#6057) - Fixed issue where invalid Windows registry entries caused proxy resolution to raise an exception rather than ignoring the entry. (#6149)
- Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6036)
v2.27.1
Bugfixes
- Fixed parsing issue that resulted in the
auth
component being dropped from proxy URLs. (#6028)
v2.27.0
Improvements
-
Officially added support for Python 3.10. (#5928)
-
Added a
requests.exceptions.JSONDecodeError
to unify JSON exceptions between Python 2 and 3. This gets raised in theresponse.json()
method, and is backwards compatible as it inherits from previously thrown exceptions. Can be caught fromrequests.exceptions.RequestException
as well. (#5856) -
Improved error text for misnamed
InvalidSchema
andMissingSchema
exceptions. This is a temporary fix until exceptions can be renamed (Schema->Scheme). (#6017) -
Improved proxy parsing for proxy URLs missing a scheme. This will address recent changes to
urlparse
in Python 3.9+. (#5917)
Bugfixes
-
Fixed defect in
extract_zipped_paths
which could result in an infinite loop for some paths. (#5851) -
Fixed handling for
AttributeError
when calculating length of files obtained byTarfile.extractfile()
. (#5239) -
Fixed urllib3 exception leak, wrapping
urllib3.exceptions.InvalidHeader
withrequests.exceptions.InvalidHeader
. (#5914) -
Fixed bug where two Host headers were sent for chunked requests. (#5391)
-
Fixed regression in Requests 2.26.0 where
Proxy-Authorization
was incorrectly stripped from all requests sent withSession.send
. (#5924) -
Fixed performance regression in 2.26.0 for hosts with a large number of proxies available in the environment. (#5924)
-
Fixed idna exception leak, wrapping
UnicodeError
withrequests.exceptions.InvalidURL
for URLs with a leading dot (.) in the domain. (#5414)
Deprecations
- Requests support for Python 2.7 and 3.6 will be ending in 2022. While we don't have exact dates, Requests 2.27.x is likely to be the last release series providing support.
uis/devops/continuous-delivery/ci-templates (uis/devops/continuous-delivery/ci-templates)
v7.14.1
: 7.14.1
7.14.1 (2025-09-04)
Bug Fixes
- maven.gitlab-ci.yml: move services section under maven job (a2c5dca)
v7.14.0
: 7.14.0
7.14.0 (2025-09-02)
Features
v7.13.1
: 7.13.1
7.13.1 (2025-09-01)
Bug Fixes
- rename detect-non-utf8-files job and make it work with spaces in filenames (4d7ec69)
v7.13.0
: 7.13.0
7.13.0 (2025-08-27)
Features
- add detect-non-utf-files job (f629243)
v7.12.0
: 7.12.0
7.12.0 (2025-08-27)
Features
- terraform-pipeline: remove duplicate kics job (354c3cc)
v7.11.1
: 7.11.1
7.11.1 (2025-08-21)
v7.11.0
: 7.11.0
7.11.0 (2025-08-21)
Features
- trivy job now to use logan-terrafrom image and run terraform init in before_script (b03b3e4)
v7.10.4
: 7.10.4
7.10.4 (2025-08-14)
v7.10.3
: 7.10.3
7.10.3 (2025-08-14)
v7.10.2
: 7.10.2
7.10.2 (2025-08-14)
v7.10.1
: 7.10.1
7.10.1 (2025-08-14)
v7.10.0
: 7.10.0
7.10.0 (2025-08-14)
Features
- auto-devops: remove mandatory jobs from auto-devops template (5f7de9c)
v7.9.1
: 7.9.1
7.9.1 (2025-08-13)
v7.9.0
: 7.9.0
7.9.0 (2025-08-13)
Features
- mandatory-jobs: provide AST-related CI/CD variable defaults (3421a2e)
v7.8.0
: 7.8.0
7.8.0 (2025-08-13)
Features
- add mandatory jobs template (975f4aa)
v7.7.0
: 7.7.0
7.7.0 (2025-08-07)
Features
- add dind support to terraform-test (a17505d)
v7.6.4
: 7.6.4
7.6.4 (2025-08-07)
Reverts
- Revert "fix(common-pipeline): pin secret detector image version" (b62bc91)
v7.6.3
: 7.6.3
7.6.3 (2025-08-06)
Bug Fixes
- common-pipeline: pin secret detector image version (8109734)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.