Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ruff from 0.8.1 to 0.9.2 #11589

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Bump ruff from 0.8.1 to 0.9.2 #11589

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 17, 2025

Bumps ruff from 0.8.1 to 0.9.2.

Release notes

Sourced from ruff's releases.

0.9.2

Release Notes

Preview features

  • [airflow] Fix typo "security_managr" to "security_manager" (AIR303) (#15463)
  • [airflow] extend and fix AIR302 rules (#15525)
  • [fastapi] Handle parameters with Depends correctly (FAST003) (#15364)
  • [flake8-pytest-style] Implement pytest.warns diagnostics (PT029, PT030, PT031) (#15444)
  • [flake8-pytest-style] Test function parameters with default arguments (PT028) (#15449)
  • [flake8-type-checking] Avoid false positives for | in TC008 (#15201)

Rule changes

  • [flake8-todos] Allow VSCode GitHub PR extension style links in missing-todo-link (TD003) (#15519)
  • [pyflakes] Show syntax error message for F722 (#15523)

Formatter

  • Fix curly bracket spacing around f-string expressions containing curly braces (#15471)
  • Fix joining of f-strings with different quotes when using quote style Preserve (#15524)

Server

  • Avoid indexing the same workspace multiple times (#15495)
  • Display context for ruff.configuration errors (#15452)

Configuration

  • Remove flatten to improve deserialization error messages (#15414)

Bug fixes

  • Parse triple-quoted string annotations as if parenthesized (#15387)
  • [fastapi] Update Annotated fixes (FAST002) (#15462)
  • [flake8-bandit] Check for builtins instead of builtin (S102, PTH123) (#15443)
  • [flake8-pathlib] Fix --select for os-path-dirname (PTH120) (#15446)
  • [ruff] Fix false positive on global keyword (RUF052) (#15235)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.2

Preview features

  • [airflow] Fix typo "security_managr" to "security_manager" (AIR303) (#15463)
  • [airflow] extend and fix AIR302 rules (#15525)
  • [fastapi] Handle parameters with Depends correctly (FAST003) (#15364)
  • [flake8-pytest-style] Implement pytest.warns diagnostics (PT029, PT030, PT031) (#15444)
  • [flake8-pytest-style] Test function parameters with default arguments (PT028) (#15449)
  • [flake8-type-checking] Avoid false positives for | in TC008 (#15201)

Rule changes

  • [flake8-todos] Allow VSCode GitHub PR extension style links in missing-todo-link (TD003) (#15519)
  • [pyflakes] Show syntax error message for F722 (#15523)

Formatter

  • Fix curly bracket spacing around f-string expressions containing curly braces (#15471)
  • Fix joining of f-strings with different quotes when using quote style Preserve (#15524)

Server

  • Avoid indexing the same workspace multiple times (#15495)
  • Display context for ruff.configuration errors (#15452)

Configuration

  • Remove flatten to improve deserialization error messages (#15414)

Bug fixes

  • Parse triple-quoted string annotations as if parenthesized (#15387)
  • [fastapi] Update Annotated fixes (FAST002) (#15462)
  • [flake8-bandit] Check for builtins instead of builtin (S102, PTH123) (#15443)
  • [flake8-pathlib] Fix --select for os-path-dirname (PTH120) (#15446)
  • [ruff] Fix false positive on global keyword (RUF052) (#15235)

0.9.1

Preview features

  • [pycodestyle] Run too-many-newlines-at-end-of-file on each cell in notebooks (W391) (#15308)
  • [ruff] Omit diagnostic for shadowed private function parameters in used-dummy-variable (RUF052) (#15376)

Rule changes

  • [flake8-bugbear] Improve assert-raises-exception message (B017) (#15389)

Formatter

... (truncated)

Commits
  • 0a39348 Include build binaries
  • 027f800 Comment out non-npm-publish jobs
  • 425870d Upload npm publish logs when failed
  • c20255a Bump version to 0.9.2 (#15529)
  • 4203658 Fix joining of f-strings with different quotes when using quote style `Preser...
  • fc9dd63 [airflow] extend and fix AIR302 rules (#15525)
  • 79e52c7 [pyflakes] Show syntax error message for F722 (#15523)
  • cf4ab7c Parse triple quoted string annotations as if parenthesized (#15387)
  • d2656e8 [flake8-todos] Allow VSCode GitHub PR extension style links in `missing-tod...
  • c53ee60 Typeshed-sync workflow: add appropriate labels, link directly to failing run ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ruff from 0.8.1 to 0.9.2
ba7e07f 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.8.1 to 0.9.2.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.8.1...0.9.2)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 17, 2025
@dependabot dependabot bot mentioned this pull request Jan 17, 2025
Closed
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 17, 2025
edited
Loading

DryRun Security Summary

The pull request updates the ruff library from version 0.8.1 to 0.9.2 in the requirements-lint.txt file, which is a routine version upgrade that appears to pose no immediate security risks but should be thoroughly tested.

Expand for full summary

Summary:

The proposed changes in this pull request involve updating the version of the ruff library from 0.8.1 to 0.9.2 in the requirements-lint.txt file. This is a minor version update, which typically includes bug fixes, performance improvements, and potentially new features.

From an application security perspective, the update to a newer version of the ruff library does not immediately raise any concerns. Version updates are common and often include security fixes, so it is generally a good practice to keep dependencies up-to-date. However, it is important to review the release notes and change logs for the new version to ensure that there are no known security vulnerabilities or breaking changes that could impact the application. Additionally, it is recommended to have a robust testing process in place to verify that the application continues to function as expected after the dependency update.

Files Changed:

  • requirements-lint.txt: This file is being updated to use version 0.9.2 of the ruff library, which is a minor version increase from the previous 0.8.1 version.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants