Deps: Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
rope	1.12.0	1.13.0
coverage	7.4.3	7.4.4
pontos	24.3.1	24.3.2
black	24.2.0	24.3.0
ruff	0.3.2	0.3.4

Updates rope from 1.12.0 to 1.13.0

Release notes

Sourced from rope's releases.

1.13.0

What's Changed

Date: 2024-03-25

• #781, #783 Isolate tests that uses external_fixturepkg into a venv (@​lieryan)
• #751 Check for ast.Attributes when finding occurrences in fstrings (@​sandratsy)
• #777, #698 add validation to refuse Rename refactoring to a python keyword (@​lieryan)
• #730 Match on module aliases for autoimport suggestions (@​MrBago)
• #755 Remove dependency on build package being installed while running tests (@​lieryan)
• #780 Improved function parser to use ast parser instead of Worder (@​lieryan)
• #752 Update pre-commit (@​bagel897)
• #782 Integrate codecov with GHA (@​lieryan)
• #754 Minor type hint improvements (@​lieryan)

New Contributors

• @​sandratsy made their first contribution in python-rope/rope#751

Full Changelog: python-rope/rope@1.12.0...1.13.0

Changelog

Sourced from rope's changelog.

Release 1.13.0

• #781, #783 Isolate tests that uses external_fixturepkg into a venv (@​lieryan)
• #751 Check for ast.Attributes when finding occurrences in fstrings (@​sandratsy)
• #777, #698 add validation to refuse Rename refactoring to a python keyword (@​lieryan)
• #730 Match on module aliases for autoimport suggestions (@​MrBago)
• #755 Remove dependency on build package being installed while running tests (@​lieryan)
• #780 Improved function parser to use ast parser instead of Worder (@​lieryan)
• #752 Update pre-commit (@​bagel897)
• #782 Integrate codecov with GHA (@​lieryan)
• #754 Minor type hint improvements (@​lieryan)

Commits

• 5409da0 Update CHANGELOG.md
• 186f2ed Update python-publish.yml workflow to publish to actual PyPI
• f720159 Update release-process.txt to follow new GHA-based publishing procedure
• 32a8a7d Update CHANGELOG.md
• b93ee0e Update CHANGELOG.md
• e261463 Merge pull request #783 from python-rope/lieryan-781-venv-isolate
• aa0ffa6 Merge branch 'master' into lieryan-781-venv-isolate
• 1489d32 Update main.yml
• 6bbef1e Update CHANGELOG.md
• 67edcd7 Fix venv Lib path for Windows
• Additional commits viewable in compare view

Updates coverage from 7.4.3 to 7.4.4

Changelog

Sourced from coverage's changelog.

Version 7.4.4 — 2024-03-14

• Fix: in some cases, even with [run] relative_files=True, a data file could be created with absolute path names. When combined with other relative data files, it was random whether the absolute file names would be made relative or not. If they weren't, then a file would be listed twice in reports, as detailed in issue 1752_. This is now fixed: absolute file names are always made relative when combining. Thanks to Bruno Rodrigues dos Santos for support.

• Fix: the last case of a match/case statement had an incorrect message if the branch was missed. It said the pattern never matched, when actually the branch is missed if the last case always matched.

• Fix: clicking a line number in the HTML report now positions more accurately.

• Fix: the report:format setting was defined as a boolean, but should be a string. Thanks, Tanaydin Sirin <pull 1754_>_. It is also now documented on the :ref:configuration page <config_report_format>.

.. _issue 1752: nedbat/coveragepy#1752 .. _pull 1754: nedbat/coveragepy#1754

.. _changes_7-4-3:

Commits

• bc5e2d7 docs: sample HTML for 7.4.4
• 9b0008b docs: prep for 7.4.4
• a536161 docs: thanks, Bruno Rodrigues dos Santos
• e06e4f9 chore: make doc_upgrade
• f30818e chore: make upgrade
• 1b19799 fix: ensure absolute paths are relative when combined #1752
• 1ef020d build: more cheats for convenient URLs
• 3d57a07 docs: document the report:format setting
• 8e30221 fix: correct the type of report:format in config.py (#1754)
• 6289be8 refactor: use dataclasses, no namedtuple
• Additional commits viewable in compare view

Updates pontos from 24.3.1 to 24.3.2

Release notes

Sourced from pontos's releases.

pontos 24.3.2

24.3.2 - 2024-03-19

Added

• delete_all on labels f27c0cb

Dependencies

• Bump the python-packages group with 4 updates 176ad88
• Bump the python-packages group with 5 updates 341cfc4

Commits

• 2268422 Automatic release to 24.3.2
• f27c0cb Add: delete_all on labels
• 176ad88 Deps: Bump the python-packages group with 4 updates
• 341cfc4 Deps: Bump the python-packages group with 5 updates
• e1732b4 Automatic adjustments after release [skip ci]
• See full diff in compare view

Updates black from 24.2.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates ruff from 0.3.2 to 0.3.4

Release notes

Sourced from ruff's releases.

v0.3.4

Changes

Preview features

• [flake8-simplify] Detect implicit else cases in needless-bool (SIM103) (#10414)
• [pylint] Implement nan-comparison (PLW0117) (#10401)
• [pylint] Implement nonlocal-and-global (E115) (#10407)
• [pylint] Implement singledispatchmethod-function (PLE5120) (#10428)
• [refurb] Implement list-reverse-copy (FURB187) (#10212)

Rule changes

• [flake8-pytest-style] Add automatic fix for pytest-parametrize-values-wrong-type (PT007) (#10461)
• [pycodestyle] Allow SPDX license headers to exceed the line length (E501) (#10481)

Formatter

• Fix unstable formatting for trailing subscript end-of-line comment (#10492)

Bug fixes

• Avoid code comment detection in PEP 723 script tags (#10464)
• Avoid incorrect tuple transformation in single-element case (C409) (#10491)
• Bug fix: Prevent fully defined links name from being reformatted (#10442)
• Consider raw source code for W605 (#10480)
• Docs: Link inline settings when not part of options section (#10499)
• Don't treat annotations as redefinitions in .pyi files (#10512)
• Fix E231 bug: Inconsistent catch compared to pycodestyle, such as when dict nested in list (#10469)
• Fix pylint upstream categories not showing in docs (#10441)
• Add missing Options references to blank line docs (#10498)
• 'Revert "F821: Fix false negatives in .py files when from __future__ import annotations is active (#10362)"' (#10513)
• Apply NFKC normalization to unicode identifiers in the lexer (#10412)
• Avoid failures due to non-deterministic binding ordering (#10478)
• [flake8-bugbear] Allow tuples of exceptions (B030) (#10437)
• [flake8-quotes] Avoid syntax errors due to invalid quotes (Q000, Q002) (#10199)

Contributors

• @​AlexWaygood
• @​MichaReiser
• @​VascoSch92
• @​WindowGenerator
• @​alex-700
• @​augustelalande
• @​autinerd
• @​boolean-light
• @​charliermarsh
• @​dhruvmanila
• @​dopplershift

... (truncated)

Changelog

Sourced from ruff's changelog.

0.3.4

Preview features

• [flake8-simplify] Detect implicit else cases in needless-bool (SIM103) (#10414)
• [pylint] Implement nan-comparison (PLW0117) (#10401)
• [pylint] Implement nonlocal-and-global (E115) (#10407)
• [pylint] Implement singledispatchmethod-function (PLE5120) (#10428)
• [refurb] Implement list-reverse-copy (FURB187) (#10212)

Rule changes

• [flake8-pytest-style] Add automatic fix for pytest-parametrize-values-wrong-type (PT007) (#10461)
• [pycodestyle] Allow SPDX license headers to exceed the line length (E501) (#10481)

Formatter

• Fix unstable formatting for trailing subscript end-of-line comment (#10492)

Bug fixes

• Avoid code comment detection in PEP 723 script tags (#10464)
• Avoid incorrect tuple transformation in single-element case (C409) (#10491)
• Bug fix: Prevent fully defined links name from being reformatted (#10442)
• Consider raw source code for W605 (#10480)
• Docs: Link inline settings when not part of options section (#10499)
• Don't treat annotations as redefinitions in .pyi files (#10512)
• Fix E231 bug: Inconsistent catch compared to pycodestyle, such as when dict nested in list (#10469)
• Fix pylint upstream categories not showing in docs (#10441)
• Add missing Options references to blank line docs (#10498)
• 'Revert "F821: Fix false negatives in .py files when from __future__ import annotations is active (#10362)"' (#10513)
• Apply NFKC normalization to unicode identifiers in the lexer (#10412)
• Avoid failures due to non-deterministic binding ordering (#10478)
• [flake8-bugbear] Allow tuples of exceptions (B030) (#10437)
• [flake8-quotes] Avoid syntax errors due to invalid quotes (Q000, Q002) (#10199)

0.3.3

Preview features

• [flake8-bandit]: Implement S610 rule (#10316)
• [pycodestyle] Implement blank-line-at-end-of-file (W391) (#10243)
• [pycodestyle] Implement redundant-backslash (E502) (#10292)
• [pylint] - implement redeclared-assigned-name (W0128) (#9268)

Rule changes

• [flake8_comprehensions] Handled special case for C400 which also matches C416 (#10419)
• [flake8-bandit] Implement upstream updates for S311, S324 and S605 (#10313)
• [pyflakes] Remove F401 fix for __init__ imports by default and allow opt-in to unsafe fix (#10365)

... (truncated)

Commits

• 5062572 Bump version to v0.3.4 (#10515)
• dc6f639 Rename list-reassign-reversed to list-reverse-copy (#10514)
• 01fe268 [refurb] Implement list_assign_reversed lint (FURB187) (#10212)
• c62184d 'Revert "F821: Fix false negatives in .py files when `from future import ...
• 9b3c732 Docs: Link inline settings when not part of options section (#10499)
• caa1450 Don't treat annotations as redefinitions in .pyi files (#10512)
• 60fd98e Update Rust to v1.77 (#10510)
• ac150b9 Spruce up docs for flake8-pyi rules (part 2) (#10494)
• d9ac170 Fix E231 bug: Inconsistent catch compared to pycodestyle, such as when dict...
• c5ea420 chore: remove repetitive words (#10502)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.