Sourced from pytest's releases.

7.2.0

pytest 7.2.0 (2022-10-23)

Deprecations

• #10012: Update pytest.PytestUnhandledCoroutineWarning{.interpreted-text role="class"} to a deprecation; it will raise an error in pytest 8.

• #10396: pytest no longer depends on the py library. pytest provides a vendored copy of py.error and py.path modules but will use the py library if it is installed. If you need other py.* modules, continue to install the deprecated py library separately, otherwise it can usually be removed as a dependency.

• #4562: Deprecate configuring hook specs/impls using attributes/marks.

  Instead use :pypytest.hookimpl{.interpreted-text role="func"} and :pypytest.hookspec{.interpreted-text role="func"}. For more details, see the docs <legacy-path-hooks-deprecated>{.interpreted-text role="ref"}.

• #9886: The functionality for running tests written for nose has been officially deprecated.

  This includes:

  • Plain setup and teardown functions and methods: this might catch users by surprise, as setup() and teardown() are not pytest idioms, but part of the nose support.
  • Setup/teardown using the @​with_setup decorator.

  For more details, consult the deprecation docs <nose-deprecation>{.interpreted-text role="ref"}.

Features

• #9897: Added shell-style wildcard support to testpaths.

Improvements

• #10218: @pytest.mark.parametrize() (and similar functions) now accepts any Sequence[str] for the argument names, instead of just list[str] and tuple[str, ...].

  (Note that str, which is itself a Sequence[str], is still treated as a comma-delimited name list, as before).

• #10381: The --no-showlocals flag has been added. This can be passed directly to tests to override --showlocals declared through addopts.

• #3426: Assertion failures with strings in NFC and NFD forms that normalize to the same string now have a dedicated error message detailing the issue, and their utf-8 representation is expresed instead.

• #7337: A warning is now emitted if a test function returns something other than [None]{.title-ref}. This prevents a common mistake among beginners that expect that returning a [bool]{.title-ref} (for example [return foo(a, b) == result]{.title-ref}) would cause a test to pass or fail, instead of using [assert]{.title-ref}.

• #8508: Introduce multiline display for warning matching via :pypytest.warns{.interpreted-text role="func"} and enhance match comparison for :py_pytest._code.ExceptionInfo.match{.interpreted-text role="func"} as returned by :pypytest.raises{.interpreted-text role="func"}.

• #8646: Improve :pypytest.raises{.interpreted-text role="func"}. Previously passing an empty tuple would give a confusing error. We now raise immediately with a more helpful message.

• #9741: On Python 3.11, use the standard library's tomllib{.interpreted-text role="mod"} to parse TOML.

  tomli{.interpreted-text role="mod"}` is no longer a dependency on Python 3.11.

• #9742: Display assertion message without escaped newline characters with -vv.

• #9823: Improved error message that is shown when no collector is found for a given file.

... (truncated)

• 3af3f56 Prepare release version 7.2.0
• bc2c3b6 Merge pull request #10408 from NateMeyvis/patch-2
• d84ed48 Merge pull request #10409 from pytest-dev/asottile-patch-1
• ffe49ac Merge pull request #10396 from pytest-dev/pylib-hax
• d352098 allow jobs to pass if codecov.io fails
• c5c562b Fix typos in CONTRIBUTING.rst
• d543a45 add deprecation changelog for py library vendoring
• f341a5c Merge pull request #10407 from NateMeyvis/patch-1
• 1027dc8 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 6b905ee Add note on tags to CONTRIBUTING.rst
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b7788fc Update version to remove "+dev" for releasing 0.991
• 6077d19 manually CP typeshed #9130
• ab0ea1e Fix crash with function redefinition (#14064)
• 592a9ce Fix another crash with report generation on namespace packages (#14063)
• 1650ae0 Update --no-warn-no-return docs for empty body changes (#14065)
• b9daa31 Don't ignore errors in files passed on the command line (#14060)
• 02fd8a5 Filter out wasm32 wheel in upload-pypi.py (#14035)
• 131c8d7 Fix crash on inference with recursive alias to recursive instance (#14038)
• 1368338 Change version to 0.991+dev in preparation for the point release
• b71dc3d Remove +dev from version
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b71dc3d Remove +dev from version
• 719cef9 Add support for exception groups and except* (#14020)
• 91b6fc3 Fix crash on nested unions in recursive types (#14007)
• 42a4c69 Make TryStar not crash (#13991)
• 5fad1ac Warn on invalid *args and **kwargs with ParamSpec (#13892)
• 184add9 Revert sum literal integer change (#13961)
• 74e0dff Add hidden options to disable bytes promotion (#13952)
• ec6d9d9 [mypyc] Fix ircheck if register is initialized through LoadAddress (#13944)
• 8ef701d Use 3.11 instead of 3.11-dev (#13945)
• ec149da [mypyc] Fix glue methods with native int types (#13939)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from safety's releases.

2.3.1

No release notes provided.

2.3.0

What's Changed

• Safety Alerts: GitHub PRs and GitHub issues support by @​cb22 in pyupio/safety#411
• Safety 2.3.0 patch by @​cb22 in pyupio/safety#415

Full Changelog: https://github.com/pyupio/safety/compare/2.2.1...2.3.0

2.2.1

What's Changed

• Pull from Master by @​yeisonvargasf in pyupio/safety#410
• Common fixes for next release by @​yeisonvargasf in pyupio/safety#412
• 2.2.1 Patch by @​yeisonvargasf in pyupio/safety#414

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

PyUp is excited to release Safety 2.0 CLI and Safety as a GitHub Action!

Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs. The new GitHub Action enables you to configure Python dependency security and compliance scans on your repositories on new commits, new branches, pull requests, and more.

Summary:

• Safety 2.0 major release (notes below) and GitHub Action release

Updated outputs:

• Text & screen output: Upgraded the text and screen outputs, removing the old table style and adding new data and formats to vulnerabilities.
• JSON output: New and updated JSON output (breaking change). Safety adds all the possible information in the JSON report. The structure of this JSON file has been improved.
• Improved the support for exit codes. There are now custom exit codes with detailed information about the result. Examples include: VULNERABILITIES_FOUND and INVALID_API_KEY.
• Added remediations (fix recommendations) sections to outputs. Now, Safety will suggest the steps to fix a detected vulnerability when an API key is used.
• Added new summary meta-data data to the reports showing the Safety version used, the dependencies found, the timestamp, the target scanned, and more. These data are included in the text, screen, and JSON output for improved audit capabilities.
• Added more info per vulnerability, including URLs to read more about a vulnerability and/or a package.

... (truncated)

Sourced from safety's changelog.

[2.3.1] - 2022-10-05

• Add safety.alerts module to setup.cfg

[2.3.0] - 2022-10-05

• Safety can now create GitHub PRs and Issues for vulnerabilities directly, with the new safety alert subcommand.
• Support for GitHub PR and Issue alerting has been added to the GitHub Action.

[2.2.1] - 2022-10-04

• Fixed the use of the SAFETY_COLOR environment variable
• Fixed bug in the case of vulnerabilities without a CVE linked
• Fixed GitHub version in the README

[2.2.0] - 2022-09-19

• Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
• Added logic for custom integrations like pipenv check.
• The --db flag is compatible remote sources too.
• Added more logging
• Upgrade dparse dependency to avoid a possible ReDos security issue
• Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

Updated outputs:

• Text & screen output: If a scan has been logged, this is now mentioned in the output.
• JSON output: The JSON output now includes git metadata about the folder Safety was run in. It also includes a version field, and telemetry information that would be sent separately. There are no breaking changes in the output.

New inputs:

• New command line flags
  • The --disable-audit-and-monitor flag can be set to disable sending a scan's result to pyup.io
  • The --project flag can be set to manually specify a project to associate these scans with. By default, it'll autodetect based on the current folder and git.

[2.0.0] - 2022-06-28

Summary:

• Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs.

Updated outputs:

• Text & screen output: Upgraded the text and screen outputs, removing the old table style and adding new data and formats to vulnerabilities.
• JSON output: New and updated JSON output (breaking change). Safety adds all the possible information in the JSON report. The structure of this JSON file has been improved.
• Improved the support for exit codes. There are now custom exit codes with detailed information about the result. Examples include: VULNERABILITIES_FOUND and INVALID_API_KEY.
• Added remediations (fix recommendations) sections to outputs. Now, Safety will suggest the steps to fix a detected vulnerability when an API key is used.

... (truncated)

• 6631403 Fix bugged 2.3.0 release - safety.alerts module not included in setup.cfg
• 12cd289 Version 2.3.0
• 43dd831 Fix workflows for master -> main rename
• 40fb27a Merge pull request #415 from pyupio/develop
• 679cd54 Add dataclasses requirement to test_requirements.txt
• 1134fb9 Fix test case with expanded more_info_url
• 320aa5c Merge branch 'main' into develop
• 195aefc Merge pull request #411 from cb22/develop
• 1172ea6 Handle cvss3 score being None it utils too
• 5717d5a Handle when optional extras are not installed
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from safety's releases.

2.2.1

What's Changed

• Pull from Master by @​yeisonvargasf in pyupio/safety#410
• Common fixes for next release by @​yeisonvargasf in pyupio/safety#412
• 2.2.1 Patch by @​yeisonvargasf in pyupio/safety#414

Full Changelog: https://github.com/pyupio/safety/compare/2.2.0...2.2.1

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

PyUp is excited to release Safety 2.0 CLI and Safety as a GitHub Action!

Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs. The new GitHub Action enables you to configure Python dependency security and compliance scans on your repositories on new commits, new branches, pull requests, and more.

Summary:

• Safety 2.0 major release (notes below) and GitHub Action release

Updated outputs:

• Text & screen output: Upgraded the text and screen outputs, removing the old table style and adding new data and formats to vulnerabilities.
• JSON output: New and updated JSON output (breaking change). Safety adds all the possible information in the JSON report. The structure of this JSON file has been improved.
• Improved the support for exit codes. There are now custom exit codes with detailed information about the result. Examples include: VULNERABILITIES_FOUND and INVALID_API_KEY.
• Added remediations (fix recommendations) sections to outputs. Now, Safety will suggest the steps to fix a detected vulnerability when an API key is used.
• Added new summary meta-data data to the reports showing the Safety version used, the dependencies found, the timestamp, the target scanned, and more. These data are included in the text, screen, and JSON output for improved audit capabilities.
• Added more info per vulnerability, including URLs to read more about a vulnerability and/or a package.

New command line flags:

• New command line flags
  • The --output flag replaces --bare, --text, --screen, and --json flags. In this new release, examples would be: --output json or --output bare.
  • The --continue-on-error flag suppresses non-zero exit codes to force pass CI/CD checks, if required.
  • The --debug flag allows for a more detailed output.
  • The --disable-telemetry flag has been added to disable telemetry data
  • The --policy-file flag to include a local security policy file. This file (called .safety-policy.yml, found in either the root directory where Safety is being run or in a custom location) is based on YAML 1.2 and allows for:
    • Ignoring individual vulnerabilities with optionally a note and an expiry date.
    • Filtering vulnerabilities by their CVSS severity. (CVSS data is only available for some paid accounts.)

Other

... (truncated)

Sourced from safety's changelog.

[2.2.1] - 2022-10-04

• Fixed the use of the SAFETY_COLOR environment variable
• Fixed bug in the case of vulnerabilities without a CVE linked
• Fixed GitHub version in the README

[2.2.0] - 2022-09-19

• Safety starts to use dparse to parse files, now Safety supports mainly Poetry and Pipenv lock files plus other files supported by dparse.
• Added logic for custom integrations like pipenv check.
• The --db flag is compatible remote sources too.
• Added more logging
• Upgrade dparse dependency to avoid a possible ReDos security issue
• Removed Travis and Appveyor, the CI/CD was migrated to GitHub Actions

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

Updated outputs:

• Text & screen output: If a scan has been logged, this is now mentioned in the output.
• JSON output: The JSON output now includes git metadata about the folder Safety was run in. It also includes a version field, and telemetry information that would be sent separately. There are no breaking changes in the output.

New inputs:

• New command line flags
  • The --disable-audit-and-monitor flag can be set to disable sending a scan's result to pyup.io
  • The --project flag can be set to manually specify a project to associate these scans with. By default, it'll autodetect based on the current folder and git.

[2.0.0] - 2022-06-28

Summary:

• Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs.

Updated outputs:

• Text & screen output: Upgraded the text and screen outputs, removing the old table style and adding new data and formats to vulnerabilities.
• JSON output: New and updated JSON output (breaking change). Safety adds all the possible information in the JSON report. The structure of this JSON file has been improved.
• Improved the support for exit codes. There are now custom exit codes with detailed information about the result. Examples include: VULNERABILITIES_FOUND and INVALID_API_KEY.
• Added remediations (fix recommendations) sections to outputs. Now, Safety will suggest the steps to fix a detected vulnerability when an API key is used.
• Added new summary meta-data data to the reports showing the Safety version used, the dependencies found, the timestamp, the target scanned, and more. These data are included in the text, screen, and JSON output for improved audit capabilities.
• Added more info per vulnerability, including URLs to read more about a vulnerability and/or a package.

###New command line flags:

• New command line flags
  • The --output flag replaces --bare, --text, --screen, and --json flags. In this new release, examples would be: --output json or --output bare.
  • The --continue-on-error flag suppresses non-zero exit codes to force pass CI/CD checks, if required.

... (truncated)

• d41e98c Version 2.2.1
• 01866b9 Merge pull request #414 from pyupio/develop
• 97916f6 Merge pull request #412 from pyupio/fix/common-fixes
• 56a4b48 Handling None cases for CVE ids
• 2ad7a06 Adding the proper validation for the SAFETY_COLOR env var
• 394ef07 Merge pull request #410 from pyupio/master
• cef4eb2 Update README.md
• 7455228 Release version 2.2.0
• b6adb77 Updating fixtures for gh action
• 79ba71f Version 2.2.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 1c2b899 Bump version to 0.982
• 51d9858 Restore Type vs Callable special-casing that was broken in refactoring (#13784)
• d03f201 Suggest using upper bound for unbound tvar (#13730)
• 5b17cc6 Fix overload overlap check for UninhabitedType (#13461)
• c7b4714 Update version to 0.981
• 2bd7da2 [0.980 backport] build changes (#13688)
• 2b2953a [0.980 backport] Update pos-only unit tests for Python 3.10.7 (#13660) (#13665)
• ada0078 Remove dev from version
• efd1d38 [0.980 backport] Fix stubtest custom_typeshed_dir regression (#13656) (#13658)
• 70bc348 [0.980 backport] Allow unpacking from TypeVars with iterable bounds (#13425) ...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• c7b4714 Update version to 0.981
• 2bd7da2 [0.980 backport] build changes (#13688)
• 2b2953a [0.980 backport] Update pos-only unit tests for Python 3.10.7 (#13660) (#13665)
• ada0078 Remove dev from version
• efd1d38 [0.980 backport] Fix stubtest custom_typeshed_dir regression (#13656) (#13658)
• 70bc348 [0.980 backport] Allow unpacking from TypeVars with iterable bounds (#13425) ...
• e43dbb9 Work around mypyc test failures in CI (#13593)
• 64add91 Another cherry-pick fix
• 228bd29 Fix error codes option serialization (#13523)
• 1f80611 Allow per-module error codes (#13502)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from wemake-python-styleguide's releases.

Version 0.17.0

Features

• Breaking: drops python3.6 support
• Adds support for pattern matching naming rules, same as other variables
• Adds --show-violation-links option to show links to violation docs
• Adds __init_subclass__ in the beginning of accepted methods order as per WPS338 #2411
• Adds WrongEmptyLinesCountViolation to check for too many lines in functions and methods definitions #2486

Bugfixes

• Fixes WPS226 false positives on | use in SomeType | AnotherType type hints syntax
• Now -1 is not reported to be an overused expression
• Allow __aiter__ to be async iterator
• Adds violation method name to error message of YieldMagicMethodViolation
• Fixes direct docker image invocation #2492

Misc

• Adds full violation codes to docs and BaseViolation.full_code #2409
• Fix documentation mismatch between default setting for max-string-usages and enforced rule #2456
• Domain name was changed from wemake-python-stylegui.de to wemake-python-styleguide.rtfd.io

Version 0.16.1

Bugfixes

• Fixes crash on 'Literal["raise"]' annotation #2341
• Fixes WPS471 was not detected on complex assignment targets #2301
• Fixes flake8-bandit and bandit version conflict #2368

Sourced from wemake-python-styleguide's changelog.

0.17.0

Features

• Breaking: drops python3.6 support
• Adds support for pattern matching naming rules, same as other variables
• Adds --show-violation-links option to show links to violation docs
• Adds __init_subclass__ in the beginning of accepted methods order as per WPS338 #2411
• Adds WrongEmptyLinesCountViolation to check for too many lines in functions and methods definitions #2486

Bugfixes

• Fixes WPS226 false positives on | use in SomeType | AnotherType type hints syntax
• Now -1 is not reported to be an overused expression
• Allow __aiter__ to be async iterator
• Adds violation method name to error message of YieldMagicMethodViolation
• Fixes direct docker image invocation #2492

Misc

• Adds full violation codes to docs and BaseViolation.full_code #2409
• Fix documentation mismatch between default setting for max-string-usages and enforced rule #2456
• Domain name was changed from wemake-python-stylegui.de to wemake-python-styleguide.rtfd.io

0.16.1

Bugfixes

• Fixes crash on 'Literal["raise"]' annotation #2341
• Fixes WPS471 was not detected on complex assignment targets #2301
• Fixes flake8-bandit and bandit version conflict #2368

• 657508a Version 0.17.0 release
• 651d5f5 Version 0.17.0 release
• 5e12ee0 Improve CHANGELOG
• a8a5448 Fix dockerfile direct invocation (#2493)
• 7b34423 Add pattern matching support for naming rules (#2501)
• 4ca670e Limit empty lines in functions or methods body (#2487)
• 5bfdbdd Fix magic method yields (next, anext, aiter) (#2400)
• e8c5485 Closes #2362 (#2500)
• 534008b Drop python3.6 support (#2499)
• 45cd76a Do not check | in type hints in WPS226 (#2495)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from safety's releases.

2.2.0

What's Changed

• Eat stderr messages from git commands. by @​tarmack in pyupio/safety#399
• Update from master branch by @​yeisonvargasf in pyupio/safety#404
• Remove AppVeyor and Travis by @​yeisonvargasf in pyupio/safety#405
• Using dparse to read requirements and fixes for custom integrations by @​yeisonvargasf in pyupio/safety#406
• Safety 2.2.0 patch by @​yeisonvargasf in pyupio/safety#407

New Contributors

• @​tarmack made their first contribution in pyupio/safety#399

Full Changelog: https://github.com/pyupio/safety/compare/2.1.1...2.2.0

Safety 2.0.0 and Safety GitHub Action - Python Dependency Scanner

PyUp is excited to release Safety 2.0 CLI and Safety as a GitHub Action!

Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs. The new GitHub Action enables you to configure Python dependency security and compliance scans on your repositories on new commits, new branches, pull requests, and more.

Summary:

• Safety 2.0 major release (notes below) and GitHub Action release

Updated outputs:

• Text & screen output: Upgraded the text and screen outputs, removing the old table style and adding new data and formats to vulnerabilities.
• JSON output: New and updated JSON output (breaking change). Safety adds all the possible information in the JSON report. The structure of this JSON file has been improved.
• Improved the support for exit codes. There are now custom exit codes with detailed information about the result. Examples include: VULNERABILITIES_FOUND and INVALID_API_KEY.
• Added remediations (fix recommendations) sections to outputs. Now, Safety will suggest the steps to fix a detected vulnerability when an API key is used.
• Added new summary meta-data data to the reports showing the Safety version used, the dependencies found, the timestamp, the target scanned, and more. These data are included in the text, screen, and JSON output for improved audit capabilities.
• Added more info per vulnerability, including URLs to read more about a vulnerability and/or a package.

New command line flags:

• New command line flags
  • The --output flag replaces --bare, --text, --screen, and --json flags. In this new release, examples would be: --output json or --output bare.
  • The --continue-on-error flag suppresses non-zero exit codes to force pass CI/CD checks, if required.
  • The --debug flag allows for a more detailed output.
  • The --disable-telemetry flag has been added to disable telemetry data
  • The --policy-file flag to include a local security policy file. This file (called .safety-policy.yml, found in either the root directory where Safety is being run or in a custom location) is based on YAML 1.2 and allows for:
    • Ignoring individual vulnerabilities with optionally a note and an expiry date.
    • Filtering vulnerabilities by their CVSS severity. (CVSS data is only available for some paid accounts.)

Other

• Dropped support for Python < 3.6
• The free version of the Safety vulnerability database is downloaded from a public S3 bucket (via PyUp.io) and no longer from GitHub. This free database is only updated once a month and is not licensed for commercial use.
• Telemetry data will be sent with every Safety call. These data are anonymous and not sensitive. This includes the Python version, the Safety command used (check/license/review), and the Safety options used (without their values). Users can disable this functionality by adding the --disable-telemetry flag.
• Added validations to avoid the use of exclusive options.
• Added announcements feature to receive informative or critical messages from the PyUp Safety team.
• Increased test coverage.
• Now Safety can be used as a dependency in your code
• Added Safety as a Github Action
• Improved the help text in the CLI

... (truncated)

Sourced from safety's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is partly based on Keep a Changelog, and this project adheres to Semantic Versioning and PEP 440

[Unreleased] 2.2.0.dev

[2.1.1] - 2022-07-18

• Fix crash when running on systems without git present (Thanks @​andyjones)

[2.1.0] - 2022-07-14

Summary:

• Improved error messages & fixed issues with proxies
• Fixed license command
• Added the ability for scan outputs to be sent to pyup.io. This will only take effect if using an API key, the feature is enabled on your profile, and the --disable-audit-and-monitor is not set
• Added the ability to have a Safety policy file set centrally on your pyup.io profile. This remote policy file will be used if there's no local policy file present, otherwise a warning will be issued.

Updated outputs:

• Text & screen output: If a scan has been logged, this is now mentioned in the output.
• JSON output: The JSON output now includes git metadata about the folder Safety was run in. It also includes a version field, and telemetry information that would be sent separately. There are no breaking changes in the output.

New inputs:

• New command line flags
  • The --disable-audit-and-monitor flag can be set to disable sending a scan's result to pyup.io
  • The --project flag can be set to manually specify a project to associate these scans with. By default, it'll autodetect based on the current folder and git.

[2.0.0] - 2022-06-28

Summary:

• Compared to previous versions, Safety 2.0 will be a significant update that includes new features and refactors, resulting in breaking changes to some inputs and outputs.

Updated outputs:

• Text & screen output: Upgraded the text and screen outputs, removing the old table style and adding new data and formats to vulnerabilities.
• JSON output: New and updated JSON output (breaking change). Safety adds all the possible information in the JSON report. The structure of this JSON file has been improved.
• Improved the support for exit codes. There are now custom exit codes with detailed information about the result. Examples include: VULNERABILITIES_FOUND and INVALID_API_KEY.
• Added remediations (fix recommendations) sections to outputs. Now, Safety will suggest the steps to fix a detected vulnerability when an API key is used.
• Added new summary meta-data data to the reports showing the Safety version used, the dependencies found, the timestamp, the target scanned, and more. These data are included in the text, screen, and JSON output for improved audit capabilities.
• Added more info per vulnerability, including URLs to read more about a vulnerability and/or a package.

###New command line flags:

• New command line flags
  • The --output flag replaces --bare, --text, --screen, and --json flags. In this new release, examples would be: --output json or --output bare.
  • The --continue-on-error flag suppresses non-zero exit codes to force pass CI/CD checks, if required.
  • The --debug flag allows for a more detailed output.
  • The --disable-telemetry flag has been added to disable telemetry data
  • The --policy-file flag to include a local security policy file. This file (called .safety-policy.yml, found in either the root directory where Safety is being run or in a custom location) is based on YAML 1.2 and allows for:
    • Ignoring individual vulnerabilities with optionally a note and an expiry date.

... (truncated)

• 7455228 Release version 2.2.0
• b6adb77 Updating fixtures for gh action
• 79ba71f Version 2.2.0
• af1db69 Merge pull request #407 from pyupio/develop
• 003eb3a Using the latest dparse version
• 6423099 Including the dep file in the logging
• 5b953cf More logging...
• af2776f Debug log level on binaries testing
• c95eeca Adding more logging
• 77f8a7a Merge pull request #406 from pyupio/feature/use-dparse-to-parsing-dependencies
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pytest's releases.

7.1.3

pytest 7.1.3 (2022-08-31)

Bug Fixes

• #10060: When running with --pdb, TestCase.tearDown is no longer called for tests when the class has been skipped via unittest.skip or pytest.mark.skip.
• #10190: Invalid XML characters in setup or teardown error messages are now properly escaped for JUnit XML reports.
• #10230: Ignore .py files created by pyproject.toml-based editable builds introduced in pip 21.3.
• #3396: Doctests now respect the --import-mode flag.
• #9514: Type-annotate FixtureRequest.param as Any as a stop gap measure until 8073{.interpreted-text role="issue"} is fixed.
• #9791: Fixed a path handling code in rewrite.py that seems to work fine, but was incorrect and fails in some systems.
• #9917: Fixed string representation for pytest.approx{.interpreted-text role="func"} when used to compare tuples.

Improved Documentation

• #9937: Explicit note that tmpdir{.interpreted-text role="fixture"} fixture is discouraged in favour of tmp_path{.interpreted-text role="fixture"}.

Trivial/Internal Changes

• #10114: Replace atomicwrites dependency on windows with [os.replace]{.title-ref}.

7.1.2

pytest 7.1.2 (2022-04-23)

Bug Fixes

• #9726: An unnecessary numpy import inside pytest.approx{.interpreted-text role="func"} was removed.
• #9820: Fix comparison of dataclasses with InitVar.
• #9869: Increase stacklevel for the NODE_CTOR_FSPATH_ARG deprecation to point to the user's code, not pytest.
• #9871: Fix a bizarre (and fortunately rare) bug where the [temp_path]{.title-ref} fixture could raise an internal error while attempting to get the current user's username.

7.1.1

pytest 7.1.1 (2022-03-17)

Bug Fixes

• #9767: Fixed a regression in pytest 7.1.0 where some conftest.py files outside of the source tree (e.g. in the [site-packages]{.title-ref} directory) were not picked up.

7.1.0

pytest 7.1.0 (2022-03-13)

... (truncated)

• 4645bcd Remove incorrect output in how-to/fixtures.rst
• fadfb4f Prepare release version 7.1.3
• ab96ea8 Merge pull request #10258 from pytest-dev/backport-10252-to-7.1.x
• fc0e024 [7.1.x] Fix regendoc
• 8f5088f Merge pull request #10249 from pytest-dev/backport-10231-to-7.1.x
• aae93d6 Ignore type-errors related to attr.asdict
• 71b79fc [7.1.x] Ignore editable installation modules
• 89f7518 Merge pull request #10222 from pytest-dev/backport-10171-to-7.1.x
• 88fc45b [7.1.x] Update fixtures.rst w/ finalizer order
• d0b53d6 Merge pull request #10221 from pytest-dev/backport-10217-to-7.1.x
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 1f08cf4 Update version to 0.971
• 61c0064 Add back workaround to avoid confusing mypy.types and types in pyinfo (#13176)
• d8d900c Update version to 0.971+dev
• 72fa325 Update version to 0.970
• 2132036 Handle cwd correctly in pyinfo (#13161) (#13162)
• ee10d29 flush keepalives on operator assignment statements (#13144) (#13151)
• 88c1b85 [mypyc] Add LoadAddress op for PyFloat_Type & PyTuple_Type (#13078) (#13150)
• d06dcf0 [0.970 backport] add typing_extensions.NamedTuple (#13149)
• 9f99400 Fix crash overriding partial-type attribute with method (#12943)
• 49b4b3d Don't add match_args for dataclasses and named tuples with --python-versi...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's releases.

v3.1.0

What's Changed

• Inject GitHub host to be able to clone from another GitHub instance by @​peter-murray in actions/checkout#922
• Bump @​actions/core to 1.10.0 by @​rentziass in actions/checkout#939

New Contributors

• @​peter-murray made their first contribution in actions/checkout#922
• @​rentziass made their first contribution in actions/checkout#939

Full Changelog: https://github.com/actions/checkout/compare/v3.0.2...v3.1.0

v3.0.2

What's Changed

• Add set-safe-directory input to allow customers to take control. by @​TingluoHuang in actions/checkout#770
• Prepare changelog for v3.0.2. by @​TingluoHuang in actions/checkout#777

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.0.2

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Updated to the node16 runtime by default
  • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

v2.4.2

What's Changed

• Add set-safe-directory input to allow customers to take control. (#770) by @​TingluoHuang in actions/checkout#776
• Prepare changelog for v2.4.2. by @​TingluoHuang in actions/checkout#778

Full Changelog: https://github.com/actions/checkout/compare/v2...v2.4.2

v2.4.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

• Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

• Add missing awaits
• Swap to Environment Files

v2.3.3

• Remove Unneeded commit information from build logs

... (truncated)

Sourced from actions/checkout's changelog.

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Update to node 16

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

• 93ea575 Prepare release v3.1.0 (#940)
• 6a84743 Bump @​actions/core to 1.10.0 (#939)
• e6d535c Inject GitHub host to be able to clone from another GitHub instance (#922)
• 2541b12 Prepare changelog for v3.0.2. (#777)
• 0ffe6f9 Add set-safe-directory input to allow customers to take control. (#770)
• dcd71f6 Enforce safe directory (#762)
• add3486 Patch to fix the dependbot alert. (#744)
• 5126516 Bump minimist from 1.2.5 to 1.2.6 (#741)
• d50f8ea Add v3.0 release information to changelog (#740)
• 2d1c119 update test workflows to checkout v3 (#709)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/setup-python's releases.

v4.1.0

In scope of this pull request we updated actions/cache package as the new version contains fixes for caching error handling. Moreover, we added a new input update-environment. This option allows to specify if the action shall update environment variables (default) or not.

Update-environment input

    - name: setup-python 3.9
      uses: actions/[email protected]
      with:
        python-version: 3.9
        update-environment: false

Besides, we added such changes as:

• Allow python-version-file to be a relative path: actions/setup-python#431
• Added new environment variables for Cmake: actions/setup-python#440
• Updated error message for resolveVersion: actions/setup-python#450
• Assign default value of AGENT_TOOLSDIRECTORY if not set: actions/setup-python#394

v4.0.0

What's Changed

• Support for python-version-file input: #336

Example of usage:

- uses: actions/[email protected]
  with:
    python-version-file: '.python-version' # Read python version from a file
- run: python my_script.py

There is no default python version for this setup-python major version, the action requires to specify either python-version input or python-version-file input. If the python-version input is not specified the action will try to read required version from file from python-version-file input.

• Use pypyX.Y for PyPy python-version input: #349

Example of usage:

- uses: actions/[email protected]
  with:
    python-version: 'pypy3.9' # pypy-X.Y kept for backward compatibility
- run: python my_script.py

• RUNNER_TOOL_CACHE environment variable is equal AGENT_TOOLSDIRECTORY: #338

• Bugfix: create missing pypyX.Y symlinks: #347

• PKG_CONFIG_PATH environment variable: #400

• Added python-path output: #405

... (truncated)

• c4e89fa Improve readme for 3.x and 3.11-dev style python-version (#441)
• 0ad0f6a Merge pull request #452 from mayeut/fix-env
• f0bcf8b Merge pull request #456 from akx/patch-1
• af97157 doc: Add multiple wildcards example to readme
• 364e819 Merge pull request #394 from akv-platform/v-sedoli/set-env-by-default
• 782f81b Merge pull request #450 from IvanZosimov/ResolveVersionFix
• 2c9de4e Remove duplicate code introduced in #440
• 412091c Fix tests for update-environment==false
• 78a2330 Merge pull request #451 from dmitry-shibanov/fx-pipenv-python-version
• 96f494e trigger checks
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)