Bump the python-requirements group across 1 directory with 8 updates

[dependabot]

Bumps the python-requirements group with 8 updates in the /requirements directory:

Package	From	To
types-setuptools	69.5.0.20240423	70.0.0.20240524
ruff	0.4.3	0.4.5
pytest	8.2.0	8.2.1
coverage	7.5.1	7.5.2
requests	2.31.0	2.32.2
setuptools	69.5.1	70.0.0
twine	5.0.0	5.1.0
cibuildwheel	2.17.0	2.18.1

Updates types-setuptools from 69.5.0.20240423 to 70.0.0.20240524

Commits

• See full diff in compare view

Updates ruff from 0.4.3 to 0.4.5

Release notes

Sourced from ruff's releases.

v0.4.5

Changes

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

• Add --preview to the README (#11395)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.5

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

... (truncated)

Commits

• 550aa87 Bump version to v0.4.5 (#11502)
• 3c22a3b Minor edits to ruff server docs (#11500)
• 6263923 Update documentation for ruff server with new migration guide (#11499)
• 94abea4 ruff server: Fix multiple issues with Neovim and Helix (#11497)
• 519a650 Mark quotes as unnecessary for non-evaluated annotations (#11485)
• 573facd Fix automatic configuration reloading for text and notebook documents (#11492)
• 3cb2e67 ruff.applyFormat now formats an entire notebook document (#11493)
• f0046ab Move has_comments to CommentRanges (#11495)
• 5bb9720 Avoid multiline quotes warning with quote-style = preserve (#11490)
• 9ff18bf Simplify Neovim docs for the LSP setup (#11489)
• Additional commits viewable in compare view

Updates pytest from 8.2.0 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

Commits

• 66ff8df Prepare release version 8.2.1
• 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
• 0b28313 [8.2.x] Add Python 3.13 (beta) support
• f3dd93a [8.2.x] Attest package provenance (#12335)
• bb5a125 [8.2.x] Spelling (#12331)
• f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
• 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
• 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
• 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
• cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
• Additional commits viewable in compare view

Updates coverage from 7.5.1 to 7.5.2

Changelog

Sourced from coverage's changelog.

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Commits

• 242adea build: don't claim pre-alpha-1 in classifiers
• 7f33622 docs: sample HTML for 7.5.2
• 946fa3a docs: prep for 7.5.2
• 535ddc3 build: pylint can run in parallel
• 60a5d65 docs: explain partial coverage reports on generator expressions (#1789)
• 0700018 docs: changelog for #1788 #1787. Thanks Liam DeVoe
• 364282e fix: catch TokenError on parse (#1788)
• 81089de fix: module docstrings are never counted as statements
• 96bd930 fix: rework exclusion parsing to fix #1779
• 75f9d51 test(build): when running metacov, create json report
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Updates setuptools from 69.5.1 to 70.0.0

Changelog

Sourced from setuptools's changelog.

v70.0.0

Features

• Emit a warning when [tools.setuptools] is present in pyproject.toml and will be ignored. -- by :user:SnoopJ (#4150)
• Improved AttributeError error message if pkg_resources.EntryPoint.require is called without extras or distribution Gracefully "do nothing" when trying to activate a pkg_resources.Distribution with a None location, rather than raising a TypeError -- by :user:Avasam (#4262)
• Typed the dynamically defined variables from pkg_resources -- by :user:Avasam (#4267)
• Modernized and refactored VCS handling in package_index. (#4332)

Bugfixes

• In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
• Fix finder template for lenient editable installs of implicit nested namespaces constructed by using package_dir to reorganise directory structure. (#4278)
• Fix an error with UnicodeDecodeError handling in pkg_resources when trying to read files in UTF-8 with a fallback -- by :user:Avasam (#4348)

Improved Documentation

• Uses RST substitution to put badges in 1 line. (#4312)

Deprecations and Removals

• Further adoption of UTF-8 in setuptools. This change regards mostly files produced and consumed during the build process (e.g. metadata files, script wrappers, automatically updated config files, etc..) Although precautions were taken to minimize disruptions, some edge cases might be subject to backwards incompatibility.

  Support for "locale" encoding is now deprecated. (#4309)

• Remove setuptools.convert_path after long deprecation period. This function was never defined by setuptools itself, but rather a side-effect of an import for internal usage. (#4322)

• Remove fallback for customisations of distutils' build.sub_command after long deprecated period. Users are advised to import build directly from setuptools.command.build. (#4322)

• Removed typing_extensions from vendored dependencies -- by :user:Avasam (#4324)

• Remove deprecated setuptools.dep_util. The provided alternative is setuptools.modified. (#4360)

... (truncated)

Commits

• 5cbf12a Workaround for release error in v70
• 9c1bcc3 Bump version: 69.5.1 → 70.0.0
• 4dc0c31 Remove deprecated setuptools.dep_util (#4360)
• 6c1ef57 Remove xfail now that test passes. Ref #4371.
• d14fa01 Add all site-packages dirs when creating simulated environment for test_edita...
• 6b7f7a1 Prevent bin folders to be taken as extern packages when vendoring (#4370)
• 69141f6 Add doctest for vendorised bin folder
• 2a53cc1 Prevent 'bin' folders to be taken as extern packages
• 7208628 Replace call to deprecated validate_pyproject command (#4363)
• 96d681a Remove call to deprecated validate_pyproject command
• Additional commits viewable in compare view

Updates twine from 5.0.0 to 5.1.0

Changelog

Sourced from twine's changelog.

Twine 5.1.0 (2024-05-15)

Features ^^^^^^^^

• Add the experimental --attestations flag. ([#1095](https://github.com/pypa/twine/issues/1095) <https://github.com/pypa/twine/issues/1095>_)

Twine 5.1.0 (2024-05-15)

Misc ^^^^

• [#1104](https://github.com/pypa/twine/issues/1104) <https://github.com/pypa/twine/issues/1104>_

Commits

• e9f70cf Merge pull request #1108 from pypa/fix-release-workflow
• 1908be7 Fix release workflow
• 6d7ffea Merge pull request #1107 from woodruffw-forks/release-5.1.0
• bc91e57 Update changelog for 5.1.0
• de39ade Merge pull request #1085 from pypa/feature/pep-621
• 75de094 Merge pull request #1104 from ascheel/main
• c512bbf Properly handle repository URLs with auth in them
• e0ed808 Changelog entry
• 72ee030 Change regex string to a raw string.
• 04d7e27 Sanitize URLs for logging/display purposes.
• Additional commits viewable in compare view

Updates cibuildwheel from 2.17.0 to 2.18.1

Release notes

Sourced from cibuildwheel's releases.

v2.18.1

• 🌟 Add free-threaded Linux and Windows builds for 3.13. New identifiers cp313t-*, new option CIBW_FREE_THREADED_SUPPORT/tool.cibuildwheel.free-threaded-support required to opt-in. See the docs for more information. (#1831)
• ✨ The container-engine is now a build (non-global) option. (#1792)
• 🛠 The build backend for cibuildwheel is now hatchling. (#1297)
• 🛠 Significant improvements and modernization to our noxfile. (#1823)
• 🛠 Use pylint's new GitHub Actions reporter instead of a custom matcher. (#1823)
• 🛠 Unpin virtualenv updates for Python 3.7+ (#1830)
• 🐛 Fix running linux tests from Windows or macOS ARM. (#1788)
• 📚 Fix our documentation build. (#1821)

v2.18.0

• ✨ Adds CPython 3.13 support, under the prerelease flag CIBW_PRERELEASE_PYTHONS. This version of cibuildwheel uses 3.13.0b1. Free-threading mode is not available yet (#1657), waiting on official binaries (planned for beta 2) and pip support. While CPython is in beta, the ABI can change, so your wheels might not be compatible with the final release. For this reason, we don't recommend distributing wheels until RC1, at which point 3.13 will be available in cibuildwheel without the flag. (#1815)
• ✨ Musllinux now defaults to musllinux_1_2. You can set the older musllinux_1_1 via config if needed. (#1817)
• 🛠 No longer pre-seed setuptools/wheel in virtual environments (#1819)
• 🛠 Respect the constraints file when building with pip, matching build (#1818)
• 🛠 Use uv to compile our pinned dependencies, 10x faster and doesn't require special setup (#1778)
• 🐛 Fix an issue with the schema (#1788)
• 📚 Document the new delocate error checking macOS versions (#1766)
• 📚 Document Rust builds (#1816)
• 📚 Speed up our readthedocs builds with uv, 26 seconds -> 6 seconds to install dependencies (#1816)

Changelog

Sourced from cibuildwheel's changelog.

v2.18.1

• 🌟 Add free-threaded Linux and Windows builds for 3.13. New identifiers cp313t-*, new option CIBW_FREE_THREADED_SUPPORT/tool.cibuildwheel.free-threaded-support required to opt-in. See the docs for more information. (#1831)
• ✨ The container-engine is now a build (non-global) option. (#1792)
• 🛠 The build backend for cibuildwheel is now hatchling. (#1297)
• 🛠 Significant improvements and modernization to our noxfile. (#1823)
• 🛠 Use pylint's new GitHub Actions reporter instead of a custom matcher. (#1823)
• 🛠 Unpin virtualenv updates for Python 3.7+ (#1830)
• 🐛 Fix running linux tests from Windows or macOS ARM. (#1788)
• 📚 Fix our documentation build. (#1821)

v2.18.0

12 May 2024

• ✨ Adds CPython 3.13 support, under the prerelease flag CIBW_PRERELEASE_PYTHONS. This version of cibuildwheel uses 3.13.0b1. Free-threading mode is not available yet (#1657), waiting on official binaries (planned for beta 2) and pip support.

  While CPython is in beta, the ABI can change, so your wheels might not be compatible with the final release. For this reason, we don't recommend distributing wheels until RC1, at which point 3.13 will be available in cibuildwheel without the flag. (#1815)

• ✨ Musllinux now defaults to musllinux_1_2. You can set the older musllinux_1_1 via config if needed. (#1817)

• 🛠 No longer pre-seed setuptools/wheel in virtual environments (#1819)

• 🛠 Respect the constraints file when building with pip, matching build (#1818)

• 🛠 Use uv to compile our pinned dependencies, 10x faster and doesn't require special setup (#1778)

• 🐛 Fix an issue with the schema (#1788)

• 📚 Document the new delocate error checking macOS versions (#1766)

• 📚 Document Rust builds (#1816)

• 📚 Speed up our readthedocs builds with uv, 26 seconds -> 6 seconds to install dependencies (#1816)

Commits

• ba8be0d Bump version: v2.18.1
• 90dd476 doc: add documentation for the CIBW_FREE_THREADED_SUPPORT option
• b613249 chore: pass a PythonConfiguration to install_cpython
• 3992d57 feat: add option to opt-in free-threaded builds
• 345467c feat: add support for free-threaded (no-gil) Python 3.13
• 791e41c [Bot] Update dependencies (#1832)
• 9d5f5e6 Make container-engine a build (non-global) option (#1792)
• 1b354cf chore: move to hatchling (#1297)
• d1a4c9c chore: un-pin virtualenv update (#1830)
• 78bca57 fix(tests): linux tests from macOS/Windows arm64 (#1829)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #498.