Skip to content

Scheduled biweekly dependency update for week 11 #1206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Scheduled biweekly dependency update for week 11 #1206

wants to merge 5 commits into from

Conversation

pyup-bot
Copy link
Collaborator

Update black from 24.2.0 to 24.3.0.

Changelog

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
[CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503).

This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

- Don't move comments along with delimiters, which could cause crashes (4248)
- Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (4270)
- Fix a bug where line-ranges exceeding the last code line would not work as expected
(4273)

Performance

- Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
[CVE-2024-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503).
(4278)

Documentation

- Note what happens when `--check` is used with `--quiet` (4236)
Links

Update django-filter from 23.5 to 24.1.

Changelog

24.1

-------------------------

* Updated supported Python and Django versions, and resolved upcoming Django
deprecations.

Required versions are now at least Python 3.8 and Django 4.2.

Thanks to Michael Manganiello.

* Allowed passing a FilterSet class to the filterset_factory().

Thanks to Birger Schacht.

* Set empty default value of filterset data to MultiValueDict.

Thanks to Shlomo Gordon.

* Preserve list values passed to the data dict in CSV widgets.

Thanks to Bryan Brancotte.

* Updates French and Ukrainian localisations.

Thanks to Weblate.
Links

Update Faker from 23.3.0 to 24.2.0.

Changelog

24.2.0

* Add `uk-UA` credit card provider. Thanks lozik4.
* Upgrade `uk_UA` person provider. Thanks lozik4.

24.1.1

* Fix prefix for male `bg_BG` names  Thanks DimitarVanguelov.

24.1.0

* Add Grenville to `land_coords` in geo provider. Thanks lozik4.
* Fix Kyiv name. Thanks lozik4.

24.0.0

* Fix returning random data for person provider in `et_EE` locale when the same seed value is set. Thanks AlexLitvino.
Links

Update pytest from 8.1.0 to 8.1.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update pytest-factoryboy from 2.6.1 to 2.7.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

@pyup-bot
Copy link
Collaborator Author

pyup-bot commented Apr 1, 2024

Closing this in favor of #1213

@pyup-bot pyup-bot closed this Apr 1, 2024
@sliverc sliverc deleted the pyup-scheduled-update-2024-03-18 branch April 1, 2024 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot