Skip to content

build(deps-dev): bump black from 23.9.1 to 23.10.0 #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 18, 2023
Merged

build(deps-dev): bump black from 23.9.1 to 23.10.0 #193

merged 2 commits into from
Oct 18, 2023

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 17, 2023
edited
Loading

Bumps black from 23.9.1 to 23.10.0.

Release notes

Sourced from black's releases.

23.10.0

Stable style

  • Fix comments getting removed from inside parenthesized strings (#3909)

Preview style

  • Fix long lines with power operators getting split before the line length (#3942)
  • Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (#3899)
  • Magic trailing commas are now respected in return types. (#3916)
  • Require one empty line after module-level docstrings. (#3932)
  • Treat raw triple-quoted strings as docstrings (#3947)

Configuration

  • Fix cache versioning logic when BLACK_CACHE_DIR is set (#3937)

Parser

  • Fix bug where attributes named type were not acccepted inside match statements (#3950)
  • Add support for PEP 695 type aliases containing lambdas and other unusual expressions (#3949)

Output

  • Black no longer attempts to provide special errors for attempting to format Python 2 code (#3933)
  • Black will more consistently print stacktraces on internal errors in verbose mode (#3938)

Integrations

  • The action output displayed in the job summary is now wrapped in Markdown (#3914)
Changelog

Sourced from black's changelog.

23.10.0

Stable style

  • Fix comments getting removed from inside parenthesized strings (#3909)

Preview style

  • Fix long lines with power operators getting split before the line length (#3942)
  • Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (#3899)
  • Magic trailing commas are now respected in return types. (#3916)
  • Require one empty line after module-level docstrings. (#3932)
  • Treat raw triple-quoted strings as docstrings (#3947)

Configuration

  • Fix cache versioning logic when BLACK_CACHE_DIR is set (#3937)

Parser

  • Fix bug where attributes named type were not acccepted inside match statements (#3950)
  • Add support for PEP 695 type aliases containing lambdas and other unusual expressions (#3949)

Output

  • Black no longer attempts to provide special errors for attempting to format Python 2 code (#3933)
  • Black will more consistently print stacktraces on internal errors in verbose mode (#3938)

Integrations

  • The action output displayed in the job summary is now wrapped in Markdown (#3914)
Commits
  • 9edba85 Prepare release 23.10.0 (#3951)
  • bb58807 Fix parser bug where "type" was misinterpreted as a keyword inside a match (#...
  • 722735d Fix grammar for type alias support (#3949)
  • abe57e3 Treat raw strings like other docstrings (#3947)
  • 1648ac5 Fix long lines with power operator(s) getting splitted before line length (#3...
  • 6f84f65 Migrate mypy config to pyproject.toml (#3936)
  • 3bb9214 CI Test: Deprecating 'Healthcheck.all()' from Hypothesis in fuzz.py (#3945)
  • 935f303 Fix test that was not being run (#3939)
  • b7717c3 Standardise newlines after module-level docstrings (#3932)
  • 7aa37ea Report all stacktraces in verbose mode (#3938)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the topic: infrastructure Related to project infrastructure label Oct 17, 2023
@codecov-commenter
Copy link

codecov-commenter commented Oct 17, 2023

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (31ec133) 99.81% compared to head (d2ce78a) 99.81%.
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #193   +/-   ##
=======================================
  Coverage   99.81%   99.81%           
=======================================
  Files           2        2           
  Lines        1608     1608           
=======================================
  Hits         1605     1605           
  Misses          3        3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@per1234
Copy link
Collaborator

per1234 commented Oct 18, 2023

@dependabot rebase

@per1234 per1234 added the type: enhancement Proposed improvement label Oct 18, 2023
@dependabot
build(deps-dev): bump black from 23.9.1 to 23.10.0
6d66474 
Bumps [black](https://github.com/psf/black) from 23.9.1 to 23.10.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@23.9.1...23.10.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/black-23.10.0 branch from d2ce78a to 6d66474 Compare October 18, 2023 01:28
@per1234
Use token when uploading unit test code coverage data to Codecov from…
02168a6 
… workflow

Codecov claims a token is not needed when using the codecov/codecov-action GitHub Actions action in workflows of a public repository:

https://github.com/codecov/codecov-action#usage

> For public repositories, no token is needed

However, experience shows that that step of the workflow is subject to intermittent spurious failures caused by a 404
error during the upload attempt:

```
[2023-10-17T04:37:33.792Z] ['error'] There was an error running the uploader: Error uploading to https://codecov.io: Error: There was an error fetching the storage URL during POST: 404 - {'detail': ErrorDetail(string='Unable to locate build via Github Actions API. Please upload with the Codecov repository upload token to resolve issue.', code='not_found')}
```

It is suggested that this can be avoided by providing the upload token:

https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954

It should be noted that PRs from forks do not have access to repository secrets, so the recommended approach of using an
encrypted repository secret for the token would mean that PRs from forks (the workflow runs for which don't have access
to secrets) would still be subject to the same intermittent spurious workflow run failures.

The alternative solution is to add the token in plaintext directly in the workflow. The security implications of that
approach are described here:

https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954

> Public repositories that rely on PRs via forks will find that they cannot effectively use Codecov if the token is
> stored as a GitHub secret. The scope of the Codecov token is only to confirm that the coverage uploaded comes from a
> specific repository, not to pull down source code or make any code changes.
>
> For this reason, we recommend that teams with public repositories that rely on PRs via forks consider the security
> ramifications of making the Codecov token available as opposed to being in a secret.
>
> A malicious actor would be able to upload incorrect or misleading coverage reports to a specific repository if they
> have access to your upload token, but would not be able to pull down source code or make any code changes.

We have evaluated the risks of exposing the token and are intentionally choosing to accept the possibility of abuse.
@per1234 per1234 merged commit f25d3c9 into main Oct 18, 2023
@per1234 per1234 deleted the dependabot/pip/black-23.10.0 branch October 18, 2023 01:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@per1234 per1234 per1234 approved these changes

Assignees

@per1234 per1234

Labels

topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @per1234