build(deps-dev): bump the development-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the development-dependencies group with 5 updates in the / directory:

Package	From	To
ruff	0.4.4	0.4.5
types-setuptools	69.5.0.20240513	70.0.0.20240524
pytest	8.2.0	8.2.1
coverage	7.5.1	7.5.2
requests	2.31.0	2.32.2

Updates ruff from 0.4.4 to 0.4.5

Release notes

Sourced from ruff's releases.

v0.4.5

Changes

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

• Add --preview to the README (#11395)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.5

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

... (truncated)

Commits

• 550aa87 Bump version to v0.4.5 (#11502)
• 3c22a3b Minor edits to ruff server docs (#11500)
• 6263923 Update documentation for ruff server with new migration guide (#11499)
• 94abea4 ruff server: Fix multiple issues with Neovim and Helix (#11497)
• 519a650 Mark quotes as unnecessary for non-evaluated annotations (#11485)
• 573facd Fix automatic configuration reloading for text and notebook documents (#11492)
• 3cb2e67 ruff.applyFormat now formats an entire notebook document (#11493)
• f0046ab Move has_comments to CommentRanges (#11495)
• 5bb9720 Avoid multiline quotes warning with quote-style = preserve (#11490)
• 9ff18bf Simplify Neovim docs for the LSP setup (#11489)
• Additional commits viewable in compare view

Updates types-setuptools from 69.5.0.20240513 to 70.0.0.20240524

Commits

• See full diff in compare view

Updates pytest from 8.2.0 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

Commits

• 66ff8df Prepare release version 8.2.1
• 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
• 0b28313 [8.2.x] Add Python 3.13 (beta) support
• f3dd93a [8.2.x] Attest package provenance (#12335)
• bb5a125 [8.2.x] Spelling (#12331)
• f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
• 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
• 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
• 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
• cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
• Additional commits viewable in compare view

Updates coverage from 7.5.1 to 7.5.2

Changelog

Sourced from coverage's changelog.

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Commits

• 242adea build: don't claim pre-alpha-1 in classifiers
• 7f33622 docs: sample HTML for 7.5.2
• 946fa3a docs: prep for 7.5.2
• 535ddc3 build: pylint can run in parallel
• 60a5d65 docs: explain partial coverage reports on generator expressions (#1789)
• 0700018 docs: changelog for #1788 #1787. Thanks Liam DeVoe
• 364282e fix: catch TokenError on parse (#1788)
• 81089de fix: module docstrings are never counted as statements
• 96bd930 fix: rework exclusion parsing to fix #1779
• 75f9d51 test(build): when running metacov, create json report
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions