Skip to content

fix(deps): update all non-major dependencies

renovate requested to merge renovate/all-minor-patch into master

This MR contains the following updates:

Package Type Update Change
Authlib dependencies patch 1.3.0 -> 1.3.1
Hypercorn dependencies minor ^0.16.0 -> ^0.17.0
Jinja2 (changelog) dependencies patch 3.1.3 -> 3.1.4
SQLAlchemy (changelog) dependencies patch 1.4.52 -> 1.4.53
Werkzeug (changelog) dependencies patch 3.0.2 -> 3.0.3
alembic (source, changelog) dependencies patch 1.13.1 -> 1.13.2
bcrypt dependencies minor 4.1.2 -> 4.2.0
coverage dev-dependencies minor 7.4.4 -> 7.6.0
email-validator dependencies minor 2.1.1 -> 2.2.0
fakeredis dependencies minor 2.21.3 -> 2.23.5
filelock dependencies minor 3.13.3 -> 3.15.4
itsdangerous (changelog) dependencies minor 2.1.2 -> 2.2.0
lxml (source, changelog) dependencies patch 5.2.1 -> 5.2.2
orjson (changelog) dependencies patch 3.10.0 -> 3.10.6
protobuf dependencies minor 5.26.1 -> 5.27.3
pygit2 (changelog) dependencies minor 1.14.1 -> 1.15.1
pytest (changelog) dev-dependencies minor 8.1.1 -> 8.3.2
pytest-asyncio (changelog) dev-dependencies patch 0.23.6 -> 0.23.8
pytest-xdist (changelog) dependencies minor 3.5.0 -> 3.6.1
redis (changelog) dependencies patch 5.0.3 -> 5.0.8
requests (source, changelog) dependencies minor 2.31.0 -> 2.32.3
tomlkit dependencies minor ^0.12.0 -> ^0.13.0
uvicorn (changelog) dependencies minor ^0.29.0 -> ^0.30.0
watchfiles (changelog) dev-dependencies minor ^0.21.0 -> ^0.22.0

Release Notes

lepture/authlib (Authlib)

v1.3.1: Version 1.3.1

Compare Source

Prevent OctKey to import ssh and PEM strings.

pgjones/hypercorn (Hypercorn)

v0.17.3

Compare Source

  • Restore set TCP_NODELAY on TCP sockets
  • Support uvloop >= 0.18 and the loop_factory argument
  • Bugfix ensure ExceptionGroup lifespan failures crash the server.

v0.17.2

Compare Source

  • Bugfix pass the correct quic connection to the H3 Protocol.

v0.17.1

Compare Source

  • Bugfix revert set TCP_NODELAY on sockets.

v0.17.0

Compare Source

  • Set TCP_NODELAY on sockets.
  • Support sending trailing headers on h2/h3.
  • Add support for lifespan state.
  • Allow sending of the response before body data arrives.
  • Bugfix properly set host header to ascii string in ProxyFixMiddleware.
  • Bugfix encode headers using latin-1.
  • Bugfix don't double-access log if the response was sent.
  • Bugfix a statsd logging bug.
  • Bugfix handle already-closed on StreamEnded.
  • Bugfix send a 400 response if data is received before the websocket is accepted.
  • Bugfix ensure only a single QUIC timer task per connection.
  • Bugfix ensure responses are sent with empty bodies for WSGI.
pallets/jinja (Jinja2)

v3.1.4

Compare Source

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj
nedbat/coveragepy (coverage)

v7.6.0

Compare Source

  • Exclusion patterns can now be multi-line, thanks to Daniel Diniz <pull 1807_>*. This enables many interesting exclusion use-cases, including those requested in issues 118 <issue 118_>* (entire files), 996 <issue 996_>_ (multiple lines only when appearing together), 1741 <issue 1741_>_ (remainder of a function), and 1803 <issue 1803_>_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude section of the docs for more details and examples.

  • The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz <pull 1809_>_ for getting the work started. This closes issue 1793_ and issue 1532_.

  • Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.

  • Python 3.13.0b3 is supported.

.. _issue 118: https://github.com/nedbat/coveragepy/issues/118 .. _issue 996: https://github.com/nedbat/coveragepy/issues/996 .. _issue 1532: https://github.com/nedbat/coveragepy/issues/1532 .. _issue 1741: https://github.com/nedbat/coveragepy/issues/1741 .. _issue 1793: https://github.com/nedbat/coveragepy/issues/1793 .. _issue 1803: https://github.com/nedbat/coveragepy/issues/1803 .. _pull 1807: https://github.com/nedbat/coveragepy/pull/1807 .. _pull 1809: https://github.com/nedbat/coveragepy/pull/1809

.. _changes_7-5-4:

v7.5.4

Compare Source

  • If you attempt to combine statement coverage data with branch coverage data, coverage.py used to fail with the message "Can't combine arc data with line data" or its reverse, "Can't combine line data with arc data." These messages used internal terminology, making it hard for people to understand the problem. They are now changed to mention "branch coverage data" and "statement coverage data."

  • Fixed a minor branch coverage problem with wildcard match/case cases using names or guard clauses.

  • Started testing on 3.13 free-threading (nogil) builds of Python. I'm not claiming full support yet. Closes issue 1799_.

.. _issue 1799: https://github.com/nedbat/coveragepy/issues/1799

.. _changes_7-5-3:

v7.5.3

Compare Source

  • Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

  • Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: https://github.com/nedbat/coveragepy/issues/1791

.. _changes_7-5-2:

v7.5.2

Compare Source

  • Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

  • Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

  • In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

  • Python 3.13.0b1 is supported.

  • Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>*. Closes issue 1787*.

.. _pull 1776: https://github.com/nedbat/coveragepy/pull/1776 .. _issue 1779: https://github.com/nedbat/coveragepy/issues/1779 .. _issue 1787: https://github.com/nedbat/coveragepy/issues/1787 .. _pull 1788: https://github.com/nedbat/coveragepy/pull/1788

.. _changes_7-5-1:

v7.5.1

Compare Source

  • Fix: a pragma comment on the continuation lines of a multi-line statement now excludes the statement and its body, the same as if the pragma is on the first line. This closes issue 754*. The fix was contributed by Daniel Diniz <pull 1773_>*.

  • Fix: very complex source files like this one <resolvent_lookup_>_ could cause a maximum recursion error when creating an HTML report. This is now fixed, closing issue 1774_.

  • HTML report improvements:

    • Support files (JavaScript and CSS) referenced by the HTML report now have hashes added to their names to ensure updated files are used instead of stale cached copies.

    • Missing branch coverage explanations that said "the condition was never false" now read "the condition was always true" because it's easier to understand.

    • Column sort order is remembered better as you move between the index pages, fixing issue 1766*. Thanks, Daniel Diniz <pull 1768_>*.

.. _resolvent_lookup: https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py .. _issue 754: https://github.com/nedbat/coveragepy/issues/754 .. _issue 1766: https://github.com/nedbat/coveragepy/issues/1766 .. _pull 1768: https://github.com/nedbat/coveragepy/pull/1768 .. _pull 1773: https://github.com/nedbat/coveragepy/pull/1773 .. _issue 1774: https://github.com/nedbat/coveragepy/issues/1774

.. _changes_7-5-0:

v7.5.0

Compare Source

  • Added initial support for function and class reporting in the HTML report. There are now three index pages which link to each other: files, functions, and classes. Other reports don't yet have this information, but it will be added in the future where it makes sense. Feedback gladly accepted! Finishes issue 780_.

  • Other HTML report improvements:

    • There is now a "hide covered" checkbox to filter out 100% files, finishing issue 1384_.

    • The index page is always sorted by one of its columns, with clearer indications of the sorting.

    • The "previous file" shortcut key didn't work on the index page, but now it does, fixing issue 1765_.

  • The debug output showing which configuration files were tried now shows absolute paths to help diagnose problems where settings aren't taking effect, and is renamed from "attempted_config_files" to the more logical "config_files_attempted."

  • Python 3.13.0a6 is supported.

.. _issue 780: https://github.com/nedbat/coveragepy/issues/780 .. _issue 1384: https://github.com/nedbat/coveragepy/issues/1384 .. _issue 1765: https://github.com/nedbat/coveragepy/issues/1765

.. _changes_7-4-4:

JoshData/python-email-validator (email-validator)

v2.2.0

Compare Source

  • Email addresses with internationalized local parts could, with rare Unicode characters, be returned as valid but actually be invalid in their normalized form (returned in the normalized field). In particular, it is possible to get a normalized address with a ";" character, which is not valid and could change the interpretation of the address. Local parts now re-validated after Unicode NFC normalization to ensure that invalid characters cannot be injected into the normalized address and that characters with length-increasing NFC normalizations cannot cause a local part to exceed the maximum length after normalization. Thanks to khanh@calif.io from https://calif.io for reporting the issue.
  • The length check for email addresses with internationalized local parts is now also applied to the original address string prior to Unicode NFC normalization, which may be longer and could exceed the maximum email address length, to protect callers who do not use the returned normalized address.
  • Improved error message for IDNA domains that are too long or have invalid characters after Unicode normalization.
  • A new option to parse My Name <address@domain> strings, i.e. a display name plus an email address in angle brackets, is now available. It is off by default.
  • Improvements to Python typing.
  • Some additional tests added.

v2.1.2

Compare Source

  • The domain name length limit is corrected from 255 to 253 IDNA ASCII characters. I misread the RFCs.
  • When a domain name has no MX record but does have an A or AAAA record, if none of the IP addresses in the response are globally reachable (i.e. not Private-Use, Loopback, etc.), the response is treated as if there was no A/AAAA response and the email address will fail the deliverability check.
  • When a domain name has no MX record but does have an A or AAAA record, the mx field in the object returned by validate_email incorrectly held the IP addresses rather than the domain itself.
  • Fixes in tests.
cunla/fakeredis-py (fakeredis)

v2.23.5: 🌈

Compare Source

🐛 Bug Fixes
  • fix:issue with async connection and blocking operations writing responses twice to socket #​316

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.23.4...v2.23.5

v2.23.4: 🌈

Compare Source

🐛 Bug Fixes
  • fix:move random seed to HeavyKeeper to avoid issues #​315
🧰 Maintenance
  • Documented how to use fakeredis with FastAPI. @​ sjjessop #​292
  • Using black for linting python code.

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.23.3...v2.23.4

v2.23.3: 🌈

Compare Source

🧰 Maintenance
  • docs: Full code for FastAPI integration (#​312)
🐛 Bug Fixes

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.23.2...v2.23.3

v2.23.2: 🌈

Compare Source

🐛 Bug Fixes
  • Fix reading multiple streams with blocking #​309

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.23.1...v2.23.2

v2.23.1: 🌈

Compare Source

🐛 Bug Fixes
  • Fix XREAD behavior when COUNT is not provided but BLOCKING is provided #​308

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.23.0...v2.23.1

v2.23.0: 🌈

Compare Source

🚀 Features
  • Support for TDigest commands: TDIGEST.ADD,TDIGEST.BYRANK,TDIGEST.BYREVRANK,TDIGEST.CDF, TDIGEST.CREATE, TDIGEST.INFO, TDIGEST.MAX, TDIGEST.MERGE, TDIGEST.MIN, TDIGEST.QUANTILE, TDIGEST.RANK, TDIGEST.RESET, TDIGEST.REVRANK, TDIGEST.TRIMMED_MEAN.
🐛 Bug Fixes
  • Import Self from typing vs. typing_extension
🧰 Maintenance
  • Update dependencies
  • Add redis-py 5.0.4 to tests
  • Update lupa version constraint #​306 @​noamkush

Contributors

We'd like to thank all the contributors who supported the work on this release! @​noamkush

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.22.0...v2.23.0

v2.22.0: 🌈

Compare Source

Changes

🚀 Features
  • Support for setting LUA version from environment variable FAKEREDIS_LUA_VERSION #​287
  • Support for loading LUA binary modules in fakeredis #​304
🐛 Bug Fixes
  • Fix the type hint for the version parameter in the async client #​302
  • Using LUA 5.1 like real redis #​287
  • fix: FakeRedisMixin.from_url() return type is really Self. @​ben-xo #​305

@​ben-xo

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.21.3...v2.22.0

tox-dev/py-filelock (filelock)

v3.15.4

Compare Source

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.15.3...3.15.4

v3.15.3

Compare Source

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.15.2...3.15.3

v3.15.2

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.15.1...3.15.2

v3.15.1

Compare Source

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.15.0...3.15.1

v3.15.0

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.14.0...3.15.0

v3.14.0

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.4...3.14.0

v3.13.4

Compare Source

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.3...3.13.4

pallets/itsdangerous (itsdangerous)

v2.2.0

Compare Source

Released 2024-04-16

  • Drop support for Python 3.7. 🇵🇷372
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. 🇵🇷326
  • Use flit_core instead of setuptools as build backend.
  • Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead. :issue:371
  • Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method. :issue:347
  • The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:375
lxml/lxml (lxml)

v5.2.2

Compare Source

==================

Bugs fixed

  • GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

  • If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

ijl/orjson (orjson)

v3.10.6

Compare Source

Changed
  • Improve performance.

v3.10.5

Compare Source

Changed
  • Improve performance.

v3.10.4

Compare Source

Changed
  • Improve performance.

v3.10.3

Compare Source

Changed
  • manylinux amd64 builds include runtime-detected AVX-512 str implementation.
  • Tests now compatible with numpy v2.

v3.10.2

Compare Source

Fixed
  • Fix crash serializing str introduced in 3.10.1.
Changed
  • Improve performance.
  • Drop support for arm7.

v3.10.1

Compare Source

Fixed
  • Serializing numpy.ndarray with non-native endianness raises orjson.JSONEncodeError.
Changed
  • Improve performance of serializing.
libgit2/pygit2 (pygit2)

v1.15.1

Compare Source

  • New Repository.revert(...) #​1297

  • New optional depth argument in submodules add() and update() methods #​1296

  • Now Submodule.url returns None when the submodule does not have a url #​1294

  • Fix use after free bug in error reporting #​1299

  • Fix Submodule.head_id when the submodule is not in the current HEAD tree #​1300

  • Fix Submodule.open() when subclassing Repository #​1295

  • Fix error in the test suite when running with address sanitizer #​1304 #​1301

  • Annotations and documentation fixes #​1293

v1.15.0

Compare Source

  • Many deprecated features have been removed, see below

  • Upgrade to libgit2 v1.8.1

  • New push_options optional argument in Repository.push(...) #​1282

  • New support comparison of Oid with text string

  • Fix CheckoutNotify.IGNORED #​1288

  • Use default error handler when decoding/encoding paths #​537

  • Remove setuptools runtime dependency #​1281

  • Coding style with ruff #​1280

  • Add wheels for ppc64le #​1279

  • Fix tests on EPEL8 builds for s390x #​1283

Deprecations:

  • Deprecate IndexEntry.hex, use str(IndexEntry.id)

Breaking changes:

  • Remove deprecated oid.hex, use str(oid)

  • Remove deprecated object.hex, use str(object.id)

  • Remove deprecated object.oid, use object.id

  • Remove deprecated Repository.add_submodule(...), use Repository.submodules.add(...)

  • Remove deprecated Repository.lookup_submodule(...), use Repository.submodules[...]

  • Remove deprecated Repository.init_submodules(...), use Repository.submodules.init(...)

  • Remove deprecated Repository.update_submodule(...), use Repository.submodules.update(...)

  • Remove deprecated constants GIT_OBJ_XXX, use ObjectType

  • Remove deprecated constants GIT_REVPARSE_XXX, use RevSpecFlag

  • Remove deprecated constants GIT_REF_XXX, use ReferenceType

  • Remove deprecated ReferenceType.OID, use instead ReferenceType.DIRECT

  • Remove deprecated ReferenceType.LISTALL, use instead ReferenceType.ALL

  • Remove deprecated support for passing dicts to repository's merge(...), merge_commits(...) and merge_trees(...). Instead pass MergeFlag for flags, and MergeFileFlag for file_flags.

  • Remove deprecated support for passing a string for the favor argument to repository's merge(...), merge_commits(...) and merge_trees(...). Instead pass MergeFavor.

pytest-dev/pytest (pytest)

v8.3.2

Compare Source

pytest 8.3.2 (2024-07-24)

Bug fixes

  • #​12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.

    -- by RonnyPfannschmidt{.interpreted-text role="user"}

v8.3.1

Compare Source

pytest 8.3.1 (2024-07-20)

The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.

v8.3.0

Compare Source

pytest 8.3.0 (2024-07-20)

New features

  • #​12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.

    • If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
    • The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
    • Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.

    Some history:

    With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.

    This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.

  • #​12281: Added support for keyword matching in marker expressions.

    Now tests can be selected by marker keyword arguments. Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.

    See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.

    -- by lovetheguitar{.interpreted-text role="user"}

  • #​12567: Added --no-fold-skipped command line option.

    If this option is set, then skipped tests in short summary are no longer grouped by reason but all tests are printed individually with their nodeid in the same way as other statuses.

    -- by pbrezina{.interpreted-text role="user"}

Improvements in existing functionality

  • #​12469: The console output now uses the "third-party plugins" terminology, replacing the previously established but confusing and outdated reference to setuptools <setuptools:index>{.interpreted-text role="std:doc"} -- by webknjaz{.interpreted-text role="user"}.

  • #​12544, #​12545: Python virtual environment detection was improved by checking for a pyvenv.cfg{.interpreted-text role="file"} file, ensuring reliable detection on various platforms -- by zachsnickers{.interpreted-text role="user"}.

  • #​2871: Do not truncate arguments to functions in output when running with [-vvv]{.title-ref}.

  • #​389: The readability of assertion introspection of bound methods has been enhanced -- by farbodahm{.interpreted-text role="user"}, webknjaz{.interpreted-text role="user"}, obestwalter{.interpreted-text role="user"}, flub{.interpreted-text role="user"} and glyphack{.interpreted-text role="user"}.

    Earlier, it was like:

    =================================== FAILURES ===================================
_____________________________________ test _____________________________________

    def test():
>       assert Help().fun() == 2
E       assert 1 == 2
E        +  where 1 = <bound method Help.fun of <example.Help instance at 0x256a830>>()
E        +    where <bound method Help.fun of <example.Help instance at 0x256a830>> = <example.Help instance at 0x256a830>.fun
E        +      where <example.Help instance at 0x256a830> = Help()

example.py:7: AssertionError
=========================== 1 failed in 0.03 seconds ===========================

    And now it's like:

    =================================== FAILURES ===================================
_____________________________________ test _____________________________________

    def test():
>       assert Help().fun() == 2
E       assert 1 == 2
E        +  where 1 = fun()
E        +    where fun = <test_local.Help object at 0x1074be230>.fun
E        +      where <test_local.Help object at 0x1074be230> = Help()

test_local.py:13: AssertionError
=========================== 1 failed in 0.03 seconds ===========================

  • #​7662: Added timezone information to the testsuite timestamp in the JUnit XML report.

Bug fixes

  • #​11706: Fixed reporting of teardown errors in higher-scoped fixtures when using [--maxfail]{.title-ref} or [--stepwise]{.title-ref}.

    Originally added in pytest 8.0.0, but reverted in 8.0.2 due to a regression in pytest-xdist. This regression was fixed in pytest-xdist 3.6.1.

  • #​11797: pytest.approx{.interpreted-text role="func"} now correctly handles Sequence <collections.abc.Sequence>{.interpreted-text role="class"}-like objects.

  • #​12204, #​12264: Fixed a regression in pytest 8.0 where tracebacks get longer and longer when multiple tests fail due to a shared higher-scope fixture which raised -- by bluetech{.interpreted-text role="user"}.

    Also fixed a similar regression in pytest 5.4 for collectors which raise during setup.

    The fix necessitated internal changes which may affect some plugins:

    • FixtureDef.cached_result[2] is now a tuple (exc, tb) instead of exc.
    • SetupState.stack failures are now a tuple (exc, tb) instead of exc.

  • #​12275: Fixed collection error upon encountering an abstract <abc>{.interpreted-text role="mod"} class, including abstract [unittest.TestCase]{.title-ref} subclasses.

  • #​12328: Fixed a regression in pytest 8.0.0 where package-scoped parameterized items were not correctly reordered to minimize setups/teardowns in some cases.

  • #​12424: Fixed crash with [assert testcase is not None]{.title-ref} assertion failure when re-running unittest tests using plugins like pytest-rerunfailures. Regressed in 8.2.2.

  • #​12472: Fixed a crash when returning category "error" or "failed" with a custom test status from pytest_report_teststatus{.interpreted-text role="hook"} hook -- pbrezina{.interpreted-text role="user"}.

  • #​12505: Improved handling of invalid regex patterns in pytest.raises(match=r'...') <pytest.raises>{.interpreted-text role="func"} by providing a clear error message.

  • #​12580: Fixed a crash when using the cache class on Windows and the cache directory was created concurrently.

  • #​6962: Parametrization parameters are now compared using [==]{.title-ref} instead of [is]{.title-ref} ([is]{.title-ref} is still used as a fallback if the parameter does not support [==]{.title-ref}). This fixes use of parameters such as lists, which have a different [id]{.title-ref} but compare equal, causing fixtures to be re-computed instead of being cached.

  • #​7166: Fixed progress percentages (the [ 87%] at the edge of the screen) sometimes not aligning correctly when running with pytest-xdist -n.

Improved documentation

  • #​12153: Documented using PYTEST_VERSION{.interpreted-text role="envvar"} to detect if code is running from within a pytest run.

  • #​12469: The external plugin mentions in the documentation now avoid mentioning setuptools entry-points <setuptools:index>{.interpreted-text role="std:doc"} as the concept is much more generic nowadays. Instead, the terminology of "external", "installed", or "third-party" plugins (or packages) replaces that.

    -- by webknjaz{.interpreted-text role="user"}

  • #​12577: [CI]{.title-ref} and [BUILD_NUMBER]{.title-ref} environment variables role is discribed in the reference doc. They now also appear when doing [pytest -h]{.title-ref} -- by MarcBresson{.interpreted-text role="user"}.

Contributor-facing changes

  • #​12467: Migrated all internal type-annotations to the python3.10+ style by using the [annotations]{.title-ref} future import.

    -- by RonnyPfannschmidt{.interpreted-text role="user"}

  • #​11771, #​12557: The PyPy runtime version has been updated to 3.9 from 3.8 that introduced a flaky bug at the garbage collector which was not expected to fix there as the 3.8 is EoL.

    -- by x612skm{.interpreted-text role="user"}

  • #​12493: The change log draft preview integration has been refactored to use a third party extension sphinxcontib-towncrier. The previous in-repo script was putting the change log preview file at doc/en/_changelog_towncrier_draft.rst{.interpreted-text role="file"}. Said file is no longer ignored in Git and might show up among untracked files in the development environments of the contributors. To address that, the contributors can run the following command that will clean it up:

    $ git clean -x -i -- doc/en/_changelog_towncrier_draft.rst

    -- by webknjaz{.interpreted-text role="user"}

  • #​12498: All the undocumented tox environments now have descriptions. They can be listed in one's development environment by invoking tox -av in a terminal.

    -- by webknjaz{.interpreted-text role="user"}

  • #​12501: The changelog configuration has been updated to introduce more accurate audience-tailored categories. Previously, there was a trivial change log fragment type with an unclear and broad meaning. It was removed and we now have contrib, misc and packaging in place of it.

    The new change note types target the readers who are downstream packagers and project contributors. Additionally, the miscellaneous section is kept for unspecified updates that do not fit anywhere else.

    -- by webknjaz{.interpreted-text role="user"}

  • #​12502: The UX of the GitHub automation making pull requests to update the plugin list has been updated. Previously, the maintainers had to close the automatically created pull requests and re-open them to trigger the CI runs. From now on, they only need to click the [Ready for review]{.title-ref} button instead.

    -- by webknjaz{.interpreted-text role="user"}

  • #​12522: The :pull: RST role has been replaced with a shorter :pr: due to starting to use the implementation from the third-party sphinx-issues{.interpreted-text role="pypi"} Sphinx extension -- by webknjaz{.interpreted-text role="user"}.

  • #​12531: The coverage reporting configuration has been updated to exclude pytest's own tests marked as expected to fail from the coverage report. This has an effect of reducing the influence of flaky tests on the resulting number.

    -- by webknjaz{.interpreted-text role="user"}

  • #​12533: The extlinks Sphinx extension is no longer enabled. The :bpo: role it used to declare has been removed with that. BPO itself has migrated to GitHub some years ago and it is possible to link the respective issues by using their GitHub issue numbers and the :issue: role that the sphinx-issues extension implements.

    -- by webknjaz{.interpreted-text role="user"}

  • #​12562: Possible typos in using the :user: RST role is now being linted through the pre-commit tool integration -- by webknjaz{.interpreted-text role="user"}.

v8.2.2

Compare Source

pytest 8.2.2 (2024-06-04)

Bug Fixes

  • #​12355: Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters.
  • #​12367: Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown.
  • #​12381: Fix possible "Directory not empty" crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0.

Improved Documentation

  • #​12290: Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme.
  • #​12356: Added a subsection to the documentation for debugging flaky tests to mention lack of thread safety in pytest as a possible source of flakyness.
  • #​12363: The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results.

v8.2.1

Compare Source

pytest 8.2.1 (2024-05-19)

Improvements

  • #​12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

  • #​12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
  • #​12191: Keyboard interrupts and system exits are now properly handled during the test collection.
  • #​12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
  • #​12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

  • #​12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

v8.2.0

Compare Source

pytest 8.2.0 (2024-04-27)

Deprecations

  • #​12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

    • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
    • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
    • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
    • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
    • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

    The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

    See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

  • #​11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @&#8203;tests.txt. The file must have one argument per line.

    See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

  • #​11523: pytest.importorskip{.interpreted-text role="func"} will now issue a warning if the module could be found, but raised ImportError{.interpreted-text role="class"} instead of ModuleNotFoundError{.interpreted-text role="class"}.

    The warning can be suppressed by passing exc_type=ImportError to pytest.importorskip{.interpreted-text role="func"}.

    See import-or-skip-import-error{.interpreted-text role="ref"} for details.

  • #​11728: For unittest-based tests, exceptions during class cleanup (as raised by functions registered with TestCase.addClassCleanup <unittest.TestCase.addClassCleanup>{.interpreted-text role="meth"}) are now reported instead of silently failing.

  • #​11777: Text is no longer truncated in the short test summary info section when -vv is given.

  • #​12112: Improved namespace packages detection when consider_namespace_packages{.interpreted-text role="confval"} is enabled, covering more situations (like editable installs).

  • #​9502: Added PYTEST_VERSION{.interpreted-text role="envvar"} environment variable which is defined at the start of the pytest session and undefined afterwards. It contains the value of pytest.__version__, and among other things can be used to easily check if code is running from within a pytest run.

Bug Fixes

  • #​12065: Fixed a regression in pytest 8.0.0 where test classes containing setup_method and tests using @staticmethod or @classmethod would crash with AttributeError: 'NoneType' object has no attribute 'setup_method'.

    Now the request.instance <pytest.FixtureRequest.instance>{.interpreted-text role="attr"} attribute of tests using @staticmethod and @classmethod is no longer None, but a fresh instance of the class, like in non-static methods. Previously it was None, and all fixtures of such tests would share a single self.

  • #​12135: Fixed issue where fixtures adding their finalizer multiple times to fixtures they request would cause unreliable and non-intuitive teardown ordering in some instances.

  • #​12194: Fixed a bug with --importmode=importlib and --doctest-modules where child modules did not appear as attributes in parent modules.

  • #​1489: Fixed some instances where teardown of higher-scoped fixtures was not happening in the reverse order they were initialized in.

Trivial/Internal Changes

  • #​12069: pluggy>=1.5.0 is now required.
  • #​12167: cache <cache>{.interpreted-text role="ref"}: create supporting files (CACHEDIR.TAG, .gitignore, etc.) in a temporary directory to provide atomic semantics.

v8.1.2

Compare Source

pytest 8.1.2 (2024-04-26)

Bug Fixes

  • #​12114: Fixed error in pytest.approx{.interpreted-text role="func"} when used with [numpy]{.title-ref} arrays and comparing with other types.
pytest-dev/pytest-asyncio (pytest-asyncio)

v0.23.8: pytest-asyncio 0.23.8

Compare Source

0.23.8 (2024-07-17)

  • Fixes a bug that caused duplicate markers in async tests #​813

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #​706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

v0.23.7: pytest-asyncio 0.23.7

Compare Source

0.23.7 (2024-05-19)

  • Silence deprecation warnings about unclosed event loops that occurred with certain CPython patch releases #​817

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #​706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

pytest-dev/pytest-xdist (pytest-xdist)

v3.6.1

Compare Source

===============================

Bug Fixes

  • #&#8203;1071 <https://github.com/pytest-dev/pytest-xdist/issues/1071>_: Add backward compatibility for deadlock issue with the execnet new main_thread_only "execmodel" triggered when pytest-cov accesses rinfo.

v3.6.0

Compare Source

===============================

This release was YANKED due to a regression fixed in 3.6.1.

Features

  • #&#8203;1027 <https://github.com/pytest-dev/pytest-xdist/pull/1027>_:pytest-xdist workers now always execute the tests in the main thread. Previously some tests might end up executing in a separate thread other than main in the workers, due to some internal execnet`` details. This can cause problems specially with async frameworks where the event loop is running in the ``main`` thread (for example #​620 #​620`__).

Bug Fixes

  • #&#8203;1024 <https://github.com/pytest-dev/pytest-xdist/issues/1024>_: Added proper handling of shouldstop (such as set by --max-fail) and shouldfail conditions in workers. Previously, a worker might have continued executing further tests before the controller could terminate the session.

  • #&#8203;1028 <https://github.com/pytest-dev/pytest-xdist/issues/1028>_: Fixed compatibility issue between looponfail and editable installs.

  • #&#8203;620 <https://github.com/pytest-dev/pytest-xdist/issues/620>_: Use the new main_thread_only execnet "execmodel" so that code which expects to only run in the main thread will now work as expected.

  • #&#8203;937 <https://github.com/pytest-dev/pytest-xdist/issues/937>_: Fixed a bug where plugin would raise an incompatibility error with --pdb despite using -n0.

Removals

  • #&#8203;1053 <https://github.com/pytest-dev/pytest-xdist/issues/1053>_: Dropped support for Python 3.7.

  • #&#8203;1057 <https://github.com/pytest-dev/pytest-xdist/issues/1057>_: pytest>=7.0.0 is now required.

    execnet>=2.1.0 is now required.

Trivial Changes

  • #&#8203;1020 <https://github.com/pytest-dev/pytest-xdist/issues/1020>_: pytest-xdist's setup.py file is removed.

    If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary>_ for alternatives.

  • #&#8203;1057 <https://github.com/pytest-dev/pytest-xdist/issues/1057>_: The internals of pytest-xdist are now fully typed. The typing is not exposed yet.

  • #&#8203;996 <https://github.com/pytest-dev/pytest-xdist/issues/996>_: Adjusted license file format and content to ensure security scanners will identity the license.

redis/redis-py (redis)

v5.0.8: 5.0.8

Compare Source

Changes

  • Resolve some docs warnings (#​3322)
  • Add missing type hints for retry.py (#​3250)

🔥 Breaking Changes

  • Timeseries insertion filters for close samples (#​3228)

🚀 New Features

  • Hash field expiration commands (#​3218)
  • Support the MAXAGE option for CLIENT KILL (#​3187)
  • Support NOVALUES parameter for HSCAN (#​3157)
  • Document XREAD of last message (+) (#​3187)
  • Support missing/empty values in search (#​3231)
  • Timeseries insertion filters for close samples (#​3228)

🧰 Maintenance

  • Add extra tests for GEO search (#​3244)
  • Test special characters escaping in search (#​3276)

🐛 Bug Fixes

  • Decode search results at field level (#​3309)

v5.0.7: 5.0.7

Compare Source

Changes

🐛 Bug Fixes

  • None UnixDomainSocket timeout (#​3293)

🧰 Maintenance

  • Updated redis version to represent latest available build (#​3296)

Contributors

We'd like to thank all the contributors who worked on this release!

@​vladvildanov @​dmaier-redislabs

v5.0.6: 5.0.6

Compare Source

Changes

🐛 Bug Fixes

  • Handle lists in the response of INFO

v5.0.5: 5.0.5

Compare Source

Changes

🐛 Bug Fixes

  • Fix parsing of INFO response (#​3265)

v5.0.4: 5.0.4

Compare Source

Changes

🐛 Bug Fixes

  • Make it possible to customize SSL ciphers (#​3212)
psf/requests (requests)

v2.32.3

Compare Source

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#​6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#​6724)

v2.32.2

Compare Source

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked MR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#​6710)

v2.32.1

Compare Source

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

Compare Source

Security

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#​6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#​6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#​6589)
  • Fixed deserialization bug in JSONDecodeError. (#​6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#​6644)

Deprecations

  • Requests has officially added support for CPython 3.12 (#​6503)
  • Requests has officially added support for PyPy 3.9 and 3.10 (#​6641)
  • Requests has officially dropped support for CPython 3.7 (#​6642)
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#​6641)

Documentation

  • Various typo fixes and doc improvements.

Packaging

  • Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#​6506)
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.
sdispater/tomlkit (tomlkit)

v0.13.0

Compare Source

Changed
  • Expect a tomlkit-specific error instead of TypeError from a custom encoder. (#​355)
  • Drop support for Python older than 3.8. Remove 3.7 from the CI matrix.
Fixed
  • Fix the incompatiblity with 3.13 because of the datetime.replace() change. (#​333)
  • Revert the change of parsing out-of-order tables. (#​347)
  • Keep the nested out-of-order table. (#​361)

v0.12.5

Compare Source

Fixed
  • Remove the extra minus sign added to the float value after calculation. (#​341)
  • Fix unexpected newline added after accessing the out-of-order table. (#​343)
encode/uvicorn (uvicorn)

v0.30.5

Compare Source

Fixed
  • Don't close connection before receiving body on H11 (#​2408)

v0.30.4

Compare Source

Fixed
  • Close connection when h11 sets client state to MUST_CLOSE (#​2375)

v0.30.3

Compare Source

Fixed
  • Suppress KeyboardInterrupt from CLI and programmatic usage (#​2384)
  • ClientDisconnect inherits from OSError instead of IOError (#​2393)

v0.30.2

Compare Source

Added
Fixed
  • Iterate subprocesses in-place on the process manager (#​2373)

v0.30.1

Compare Source

Fixed
  • Allow horizontal tabs \t in response header values (#​2345)

v0.30.0

Compare Source

Added
  • New multiprocess manager (#​2183)
  • Allow ConfigParser or a io.IO[Any] on log_config (#​1976)
Fixed
  • Suppress side-effects of signal propagation (#​2317)
  • Send content-length header on 5xx (#​2304)
Deprecated
  • Deprecate the uvicorn.workers module (#​2302)
samuelcolvin/watchfiles (watchfiles)

v0.22.0: 2024-05-27

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/samuelcolvin/watchfiles/compare/v0.21.0...v0.22.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by renovate

Merge request reports