Bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates in the / directory:

Package	From	To
black	24.8.0	24.10.0
bandit	1.7.9	1.7.10
pylint	3.2.6	3.3.1
pytest	8.3.2	8.3.3
pytest-cov	5.0.0	6.0.0
httpx	0.27.0	0.27.2

Updates black from 24.8.0 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Changelog

Sourced from black's changelog.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Commits

• 1b2427a Prepare release 24.10.0 (#4471)
• a22b1eb Add mypyc 3.13 wheel build (#4449)
• b7d0e72 Bump AndreMiras/coveralls-python-action from 65c1672f0b8a201702d86c81b79187df...
• f1a2f92 Include --unstable in cache key (#4466)
• 8d9d18c Fix skipping Jupyter cells with unknown %% magic (#4462)
• bbfdba3 Fix docs CI: use venv for uv to fix 'failed to create directory' (#4460)
• 8fb2add Use builtin generics (#4458)
• 2a45cec Fix crashes with comments in parentheses (#4453)
• b4d6d86 Drop Python 3.8 support (#4452)
• ac018c1 Require newer aiohttp for blackd (#4451)
• Additional commits viewable in compare view

Updates bandit from 1.7.9 to 1.7.10

Release notes

Sourced from bandit's releases.

1.7.10

What's Changed

• Bump docker/build-push-action from 5.4.0 to 6.0.0 by @​dependabot in PyCQA/bandit#1147
• Suggested small refactors in assignments by @​ericwb in PyCQA/bandit#1150
• Performance improvement in blacklist function by @​ericwb in PyCQA/bandit#1148
• Add test for usage of FTP_TLS by @​ericwb in PyCQA/bandit#1149
• New check: B113: TrojanSource - Bidirectional control characters by @​Lucas-C in PyCQA/bandit#757
• Bump docker/build-push-action from 6.0.0 to 6.1.0 by @​dependabot in PyCQA/bandit#1152
• feat(plugins): add support for httpx in B113 by @​mkniewallner in PyCQA/bandit#1060
• Nit: remove unused variable by @​ericwb in PyCQA/bandit#1153
• Add recent releases to version choice in bug report by @​ericwb in PyCQA/bandit#1151
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @​dependabot in PyCQA/bandit#1155
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @​dependabot in PyCQA/bandit#1157
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in PyCQA/bandit#1156
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in PyCQA/bandit#1158
• Bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in PyCQA/bandit#1159
• Bump docker/build-push-action from 6.3.0 to 6.5.0 by @​dependabot in PyCQA/bandit#1160
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @​dependabot in PyCQA/bandit#1163
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @​dependabot in PyCQA/bandit#1166
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in PyCQA/bandit#1165
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @​dependabot in PyCQA/bandit#1168
• Use consistent file naming of docs by @​ericwb in PyCQA/bandit#1170
• Pytorch Load / Save Plugin by @​lukehinds in PyCQA/bandit#1114

New Contributors

• @​Lucas-C made their first contribution in PyCQA/bandit#757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

Commits

• 36fd650 Pytorch Load / Save Plugin (#1114)
• 4ac55df Use consistent file naming of docs (#1170)
• 68022aa Bump docker/build-push-action from 6.6.1 to 6.7.0 (#1168)
• 77566a0 Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#1165)
• 221ced6 Bump docker/build-push-action from 6.5.0 to 6.6.1 (#1166)
• 701b7d5 Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#1163)
• 320495c Bump docker/build-push-action from 6.3.0 to 6.5.0 (#1160)
• 90490c7 Bump docker/login-action from 3.2.0 to 3.3.0 (#1159)
• 708ab74 Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#1158)
• 89d2345 Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#1156)
• Additional commits viewable in compare view

Updates pylint from 3.2.6 to 3.3.1

Commits

• 76bce72 Bump pylint to 3.3.1, update changelog (#9954)
• 55ee816 Bump astroid to 3.3.4 (#9951) (#9952)
• 6350dfa Bump pylint to 3.3.0, update changelog
• 78f3dfa Bump astroid to 3.3.3 (#9939)
• b28c1f6 Add check for unnecessary-default-type-args (#9938)
• bd97b93 [doc framework] Assert that the good and bad example exists in the doc (#9936)
• 7aa4436 Fix duplicate workflow step ids (#9934)
• 0950916 [pre-commit] Add codespell, and fix some existing typos (#9912)
• 3b4a7f9 Add details.rst for c-extension-no-member (#9933)
• 7d60c27 Explicitly save cache in primer jobs
• Additional commits viewable in compare view

Updates pytest from 8.3.2 to 8.3.3

Release notes

Sourced from pytest's releases.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

• #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

• #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

• #12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.

• #12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by Avasam{.interpreted-text role="user"}

• #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.

• #6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in assert condition, msg).

• #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option.

  -- by GTowers1{.interpreted-text role="user"}

Improved documentation

• #12663: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.
• #12678: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.

Miscellaneous internal changes

• #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks.

Commits

• d0f136f build(deps): Bump pypa/gh-action-pypi-publish from 1.10.0 to 1.10.1 (#12790)
• 972f307 Prepare release version 8.3.3
• 0dabdcf Include co-authors in release announcement (#12795) (#12797)
• a9910a4 Do not discover properties when iterating fixtures (#12781) (#12788)
• 0f10b6b Fix issue with slashes being turned into backslashes on Windows (#12760) (#12...
• 300d13d Merge pull request #12785 from pytest-dev/patchback/backports/8.3.x/57cccf7f4...
• e5d32c7 Merge pull request #12784 from svenevs/fix/docs-example-parametrize-minor-typo
• bc913d1 Streamline checks for verbose option (#12706) (#12778)
• 01cfcc9 Fix typos and introduce codespell pre-commit hook (#12769) (#12774)
• 4873394 doc: Remove past training (#12772) (#12773)
• Additional commits viewable in compare view

Updates pytest-cov from 5.0.0 to 6.0.0

Changelog

Sourced from pytest-cov's changelog.

6.0.0 (2024-10-29)

• Updated various documentation inaccuracies, especially on subprocess handling.
• Changed fail under checks to use the precision set in the coverage configuration. Now it will perform the check just like coverage report would.
• Added a --cov-precision cli option that can override the value set in your coverage configuration.
• Dropped support for now EOL Python 3.8.

Commits

• 9540437 Bump version: 5.0.0 → 6.0.0
• 9f81754 Further trim down envs and drop Python 3.8.
• b12b5ec Update conf.
• 23f4b27 Update changelog.
• 291a04f Bump test deps and trim config.
• 08f1101 Add --cov-precision option. Close #655.
• 76fe2a7 Move the warnings/errors in a place that doesn't import anything.
• a9ea7b7 Implement error/warning for the bad dynamic_context being set in config.
• c299e01 Add explicit suffixing to make it easier to see the identify the sources/usag...
• c87e546 Add reproducer for weird xdist dynamic_context interaction. Ref #604.
• Additional commits viewable in compare view

Updates httpx from 0.27.0 to 0.27.2

Release notes

Sourced from httpx's releases.

Version 0.27.2

0.27.2 (27th August, 2024)

Fixed

• Reintroduced supposedly-private URLTypes shortcut. (#2673)

Version 0.27.1

0.27.1 (27th August, 2024)

Added

• Support for zstd content decoding using the python zstandard package is added. Installable using httpx[zstd]. (#3139)

Fixed

• Improved error messaging for InvalidURL exceptions. (#3250)
• Fix app type signature in ASGITransport. (#3109)

Changelog

Sourced from httpx's changelog.

0.27.2 (27th August, 2024)

Fixed

• Reintroduced supposedly-private URLTypes shortcut. (#2673)

0.27.1 (27th August, 2024)

Added

• Support for zstd content decoding using the python zstandard package is added. Installable using httpx[zstd]. (#3139)

Fixed

• Improved error messaging for InvalidURL exceptions. (#3250)
• Fix app type signature in ASGITransport. (#3109)

Commits

• 609df7e Reintroduce URLTypes. (#3288)
• 1d6b663 Update CHANGELOG for 0.27.1 release date. (#3285)
• 1bf1ba5 Version 0.27.1 (#3275)
• 7c0cda1 Improve InvalidURL error message. (#3250)
• beb501f Bump the python-packages group across 1 directory with 8 updates (#3247)
• 359f77d Clean up URL signature. (#3245)
• b351a44 Update requirements.txt (#3246)
• db9072f Add URL parsing tests from WHATWG (#3188)
• 92e9dfb Update asgi.py docstring (#3210)
• e186ecc Bump the python-packages group with 8 updates (#3213)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dagshub]

Join the discussion on DagsHub!