-
-
Notifications
You must be signed in to change notification settings - Fork 435
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hashed pins only cause headaches #1592
Comments
nedbat
added
bug
Something isn't working
needs triage
build
and removed
needs triage
labels
Mar 21, 2023
nedbat
added a commit
that referenced
this issue
Mar 26, 2023
nedbat
added a commit
that referenced
this issue
Mar 26, 2023
nedbat
added a commit
that referenced
this issue
Mar 26, 2023
This is now released as part of coverage 7.2.3. |
renovate bot
referenced
this issue
in allenporter/flux-local
Apr 7, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [coverage](https://togithub.com/nedbat/coveragepy) | `==7.2.2` -> `==7.2.3` | [![age](https://badges.renovateapi.com/packages/pypi/coverage/7.2.3/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/coverage/7.2.3/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/coverage/7.2.3/compatibility-slim/7.2.2)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/coverage/7.2.3/confidence-slim/7.2.2)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nedbat/coveragepy</summary> ### [`v7.2.3`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-723--2023-04-06) [Compare Source](https://togithub.com/nedbat/coveragepy/compare/7.2.2...7.2.3) - Fix: the :ref:`config_run_sigterm` setting was meant to capture data if a process was terminated with a SIGTERM signal, but it didn't always. This was fixed thanks to `Lewis Gaul <pull 1600_>`*, closing `issue 1599`*. - Performance: HTML reports with context information are now much more compact. File sizes are typically as small as one-third the previous size, but can be dramatically smaller. This closes `issue 1584`\_ thanks to `Oleh Krehel <pull 1587_>`\_. - Development dependencies no longer use hashed pins, closing `issue 1592`\_. .. \_issue 1584:[https://github.com/nedbat/coveragepy/issues/1584](https://togithub.com/nedbat/coveragepy/issues/1584)4 .. \_pull 1587[https://github.com/nedbat/coveragepy/pull/1587](https://togithub.com/nedbat/coveragepy/pull/1587)87 .. \_issue 159[https://github.com/nedbat/coveragepy/issues/1592](https://togithub.com/nedbat/coveragepy/issues/1592)592 .. \_issue 15[https://github.com/nedbat/coveragepy/issues/1599](https://togithub.com/nedbat/coveragepy/issues/1599)1599 .. \_pull 1[https://github.com/nedbat/coveragepy/pull/1600](https://togithub.com/nedbat/coveragepy/pull/1600)/1600 .. \_changes\_7-2-2: </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zNC4xIiwidXBkYXRlZEluVmVyIjoiMzUuMzQuMSJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
I opened a relevant issue, ossf/scorecard#2518, not too long ago, which you may be interested to look at. |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
May 5, 2023
Version 7.2.5 — 2023-04-30 -------------------------- - Fix: ``html_report()`` could fail with an AttributeError on ``isatty`` if run in an unusual environment where sys.stdout had been replaced. This is now fixed. Version 7.2.4 — 2023-04-28 -------------------------- PyCon 2023 sprint fixes! - Fix: with ``relative_files = true``, specifying a specific file to include or omit wouldn't work correctly (`issue 1604`_). This is now fixed, with testing help by `Marc Gibbons <pull 1608_>`_. - Fix: the XML report would have an incorrect ``<source>`` element when using relative files and the source option ended with a slash (`issue 1541`_). This is now fixed, thanks to `Kevin Brown-Silva <pull 1608_>`_. - When the HTML report location is printed to the terminal, it's now a terminal-compatible URL, so that you can click the location to open the HTML file in your browser. Finishes `issue 1523`_ thanks to `Ricardo Newbery <pull 1613_>`_. - Docs: a new :ref:`Migrating page <migrating>` with details about how to migrate between major versions of coverage.py. It currently covers the wildcard changes in 7.x. Thanks, `Brian Grohe <pull 1610_>`_. .. _issue 1523: nedbat/coveragepy#1523 .. _issue 1541: nedbat/coveragepy#1541 .. _issue 1604: nedbat/coveragepy#1604 .. _pull 1608: nedbat/coveragepy#1608 .. _pull 1609: nedbat/coveragepy#1609 .. _pull 1610: nedbat/coveragepy#1610 .. _pull 1613: nedbat/coveragepy#1613 Version 7.2.3 — 2023-04-06 -------------------------- - Fix: the :ref:`config_run_sigterm` setting was meant to capture data if a process was terminated with a SIGTERM signal, but it didn't always. This was fixed thanks to `Lewis Gaul <pull 1600_>`_, closing `issue 1599`_. - Performance: HTML reports with context information are now much more compact. File sizes are typically as small as one-third the previous size, but can be dramatically smaller. This closes `issue 1584`_ thanks to `Oleh Krehel <pull 1587_>`_. - Development dependencies no longer use hashed pins, closing `issue 1592`_. .. _issue 1584: nedbat/coveragepy#1584 .. _pull 1587: nedbat/coveragepy#1587 .. _issue 1592: nedbat/coveragepy#1592 .. _issue 1599: nedbat/coveragepy#1599 .. _pull 1600: nedbat/coveragepy#1600 Version 7.2.2 — 2023-03-16 -------------------------- - Fix: if a virtualenv was created inside a source directory, and a sourced package was installed inside the virtualenv, then all of the third-party packages inside the virtualenv would be measured. This was incorrect, but has now been fixed: only the specified packages will be measured, thanks to `Manuel Jacob <pull 1560_>`_. - Fix: the ``coverage lcov`` command could create a .lcov file with incorrect LF (lines found) and LH (lines hit) totals. This is now fixed, thanks to `Ian Moore <pull 1583_>`_. - Fix: the ``coverage xml`` command on Windows could create a .xml file with duplicate ``<package>`` elements. This is now fixed, thanks to `Benjamin Parzella <pull 1574_>`_, closing `issue 1573`_. .. _pull 1560: nedbat/coveragepy#1560 .. _issue 1573: nedbat/coveragepy#1573 .. _pull 1574: nedbat/coveragepy#1574 .. _pull 1583: nedbat/coveragepy#1583 Version 7.2.1 — 2023-02-26 -------------------------- - Fix: the PyPI page had broken links to documentation pages, but no longer does, closing `issue 1566`_. - Fix: public members of the coverage module are now properly indicated so that mypy will find them, fixing `issue 1564`_. .. _issue 1564: nedbat/coveragepy#1564 .. _issue 1566: nedbat/coveragepy#1566 Version 7.2.0 — 2023-02-22 -------------------------- - Added a new setting ``[report] exclude_also`` to let you add more exclusions without overwriting the defaults. Thanks, `Alpha Chen <pull 1557_>`_, closing `issue 1391`_. - Added a :meth:`.CoverageData.purge_files` method to remove recorded data for a particular file. Contributed by `Stephan Deibel <pull 1547_>`_. - Fix: when reporting commands fail, they will no longer congratulate themselves with messages like "Wrote XML report to file.xml" before spewing a traceback about their failure. - Fix: arguments in the public API that name file paths now accept pathlib.Path objects. This includes the ``data_file`` and ``config_file`` arguments to the Coverage constructor and the ``basename`` argument to CoverageData. Closes `issue 1552`_. - Fix: In some embedded environments, an IndexError could occur on stop() when the originating thread exits before completion. This is now fixed, thanks to `Russell Keith-Magee <pull 1543_>`_, closing `issue 1542`_. - Added a ``py.typed`` file to announce our type-hintedness. Thanks, `KotlinIsland <pull 1550_>`_. .. _issue 1391: nedbat/coveragepy#1391 .. _issue 1542: nedbat/coveragepy#1542 .. _pull 1543: nedbat/coveragepy#1543 .. _pull 1547: nedbat/coveragepy#1547 .. _pull 1550: nedbat/coveragepy#1550 .. _issue 1552: nedbat/coveragepy#1552 .. _pull 1557: nedbat/coveragepy#1557 Version 7.1.0 — 2023-01-24 -------------------------- - Added: the debug output file can now be specified with ``[run] debug_file`` in the configuration file. Closes `issue 1319`_. - Performance: fixed a slowdown with dynamic contexts that's been around since 6.4.3. The fix closes `issue 1538`_. Thankfully this doesn't break the `Cython change`_ that fixed `issue 972`_. Thanks to Mathieu Kniewallner for the deep investigative work and comprehensive issue report. - Typing: all product and test code has type annotations. .. _Cython change: nedbat/coveragepy#1347 .. _issue 972: nedbat/coveragepy#972 .. _issue 1319: nedbat/coveragepy#1319 .. _issue 1538: nedbat/coveragepy#1538 Version 7.0.5 — 2023-01-10 -------------------------- - Fix: On Python 3.7, a file with type annotations but no ``from __future__ import annotations`` would be missing statements in the coverage report. This is now fixed, closing `issue 1524`_. .. _issue 1524: nedbat/coveragepy#1524 Version 7.0.4 — 2023-01-07 -------------------------- - Performance: an internal cache of file names was accidentally disabled, resulting in sometimes drastic reductions in performance. This is now fixed, closing `issue 1527`_. Thanks to Ivan Ciuvalschii for the reproducible test case. .. _issue 1527: nedbat/coveragepy#1527 Version 7.0.3 — 2023-01-03 -------------------------- - Fix: when using pytest-cov or pytest-xdist, or perhaps both, the combining step could fail with ``assert row is not None`` using 7.0.2. This was due to a race condition that has always been possible and is still possible. In 7.0.1 and before, the error was silently swallowed by the combining code. Now it will produce a message "Couldn't combine data file" and ignore the data file as it used to do before 7.0.2. Closes `issue 1522`_. .. _issue 1522: nedbat/coveragepy#1522 Version 7.0.2 — 2023-01-02 -------------------------- - Fix: when using the ``[run] relative_files = True`` setting, a relative ``[paths]`` pattern was still being made absolute. This is now fixed, closing `issue 1519`_. - Fix: if Python doesn't provide tomllib, then TOML configuration files can only be read if coverage.py is installed with the ``[toml]`` extra. Coverage.py will raise an error if TOML support is not installed when it sees your settings are in a .toml file. But it didn't understand that ``[tools.coverage]`` was a valid section header, so the error wasn't reported if you used that header, and settings were silently ignored. This is now fixed, closing `issue 1516`_. - Fix: adjusted how decorators are traced on PyPy 7.3.10, fixing `issue 1515`_. - Fix: the ``coverage lcov`` report did not properly implement the ``--fail-under=MIN`` option. This has been fixed. - Refactor: added many type annotations, including a number of refactorings. This should not affect outward behavior, but they were a bit invasive in some places, so keep your eyes peeled for oddities. - Refactor: removed the vestigial and long untested support for Jython and IronPython. .. _issue 1515: nedbat/coveragepy#1515 .. _issue 1516: nedbat/coveragepy#1516 .. _issue 1519: nedbat/coveragepy#1519 Version 7.0.1 — 2022-12-23 -------------------------- - When checking if a file mapping resolved to a file that exists, we weren't considering files in .whl files. This is now fixed, closing `issue 1511`_. - File pattern rules were too strict, forbidding plus signs and curly braces in directory and file names. This is now fixed, closing `issue 1513`_. - Unusual Unicode or control characters in source files could prevent reporting. This is now fixed, closing `issue 1512`_. - The PyPy wheel now installs on PyPy 3.7, 3.8, and 3.9, closing `issue 1510`_. .. _issue 1510: nedbat/coveragepy#1510 .. _issue 1511: nedbat/coveragepy#1511 .. _issue 1512: nedbat/coveragepy#1512 .. _issue 1513: nedbat/coveragepy#1513 Version 7.0.0 — 2022-12-18 -------------------------- Nothing new beyond 7.0.0b1. Version 7.0.0b1 — 2022-12-03 ---------------------------- A number of changes have been made to file path handling, including pattern matching and path remapping with the ``[paths]`` setting (see :ref:`config_paths`). These changes might affect you, and require you to update your settings. (This release includes the changes from `6.6.0b1 <changes_6-6-0b1_>`_, since 6.6.0 was never released.) - Changes to file pattern matching, which might require updating your configuration: - Previously, ``*`` would incorrectly match directory separators, making precise matching difficult. This is now fixed, closing `issue 1407`_. - Now ``**`` matches any number of nested directories, including none. - Improvements to combining data files when using the :ref:`config_run_relative_files` setting, which might require updating your configuration: - During ``coverage combine``, relative file paths are implicitly combined without needing a ``[paths]`` configuration setting. This also fixed `issue 991`_. - A ``[paths]`` setting like ``*/foo`` will now match ``foo/bar.py`` so that relative file paths can be combined more easily. - The :ref:`config_run_relative_files` setting is properly interpreted in more places, fixing `issue 1280`_. - When remapping file paths with ``[paths]``, a path will be remapped only if the resulting path exists. The documentation has long said the prefix had to exist, but it was never enforced. This fixes `issue 608`_, improves `issue 649`_, and closes `issue 757`_. - Reporting operations now implicitly use the ``[paths]`` setting to remap file paths within a single data file. Combining multiple files still requires the ``coverage combine`` step, but this simplifies some single-file situations. Closes `issue 1212`_ and `issue 713`_. - The ``coverage report`` command now has a ``--format=`` option. The original style is now ``--format=text``, and is the default. - Using ``--format=markdown`` will write the table in Markdown format, thanks to `Steve Oswald <pull 1479_>`_, closing `issue 1418`_. - Using ``--format=total`` will write a single total number to the output. This can be useful for making badges or writing status updates. - Combining data files with ``coverage combine`` now hashes the data files to skip files that add no new information. This can reduce the time needed. Many details affect the speed-up, but for coverage.py's own test suite, combining is about 40% faster. Closes `issue 1483`_. - When searching for completely un-executed files, coverage.py uses the presence of ``__init__.py`` files to determine which directories have source that could have been imported. However, `implicit namespace packages`_ don't require ``__init__.py``. A new setting ``[report] include_namespace_packages`` tells coverage.py to consider these directories during reporting. Thanks to `Felix Horvat <pull 1387_>`_ for the contribution. Closes `issue 1383`_ and `issue 1024`_. - Fixed environment variable expansion in pyproject.toml files. It was overly broad, causing errors outside of coverage.py settings, as described in `issue 1481`_ and `issue 1345`_. This is now fixed, but in rare cases will require changing your pyproject.toml to quote non-string values that use environment substitution. - An empty file has a coverage total of 100%, but used to fail with ``--fail-under``. This has been fixed, closing `issue 1470`_. - The text report table no longer writes out two separator lines if there are no files listed in the table. One is plenty. - Fixed a mis-measurement of a strange use of wildcard alternatives in match/case statements, closing `issue 1421`_. - Fixed internal logic that prevented coverage.py from running on implementations other than CPython or PyPy (`issue 1474`_). - The deprecated ``[run] note`` setting has been completely removed. .. _implicit namespace packages: https://peps.python.org/pep-0420/ .. _issue 608: nedbat/coveragepy#608 .. _issue 649: nedbat/coveragepy#649 .. _issue 713: nedbat/coveragepy#713 .. _issue 757: nedbat/coveragepy#757 .. _issue 991: nedbat/coveragepy#991 .. _issue 1024: nedbat/coveragepy#1024 .. _issue 1212: nedbat/coveragepy#1212 .. _issue 1280: nedbat/coveragepy#1280 .. _issue 1345: nedbat/coveragepy#1345 .. _issue 1383: nedbat/coveragepy#1383 .. _issue 1407: nedbat/coveragepy#1407 .. _issue 1418: nedbat/coveragepy#1418 .. _issue 1421: nedbat/coveragepy#1421 .. _issue 1470: nedbat/coveragepy#1470 .. _issue 1474: nedbat/coveragepy#1474 .. _issue 1481: nedbat/coveragepy#1481 .. _issue 1483: nedbat/coveragepy#1483 .. _pull 1387: nedbat/coveragepy#1387 .. _pull 1479: nedbat/coveragepy#1479 Version 6.6.0b1 — 2022-10-31 ---------------------------- (Note: 6.6.0 final was never released. These changes are part of `7.0.0b1 <changes_7-0-0b1_>`_.) - Changes to file pattern matching, which might require updating your configuration: - Previously, ``*`` would incorrectly match directory separators, making precise matching difficult. This is now fixed, closing `issue 1407`_. - Now ``**`` matches any number of nested directories, including none. - Improvements to combining data files when using the :ref:`config_run_relative_files` setting: - During ``coverage combine``, relative file paths are implicitly combined without needing a ``[paths]`` configuration setting. This also fixed `issue 991`_. - A ``[paths]`` setting like ``*/foo`` will now match ``foo/bar.py`` so that relative file paths can be combined more easily. - The setting is properly interpreted in more places, fixing `issue 1280`_. - Fixed environment variable expansion in pyproject.toml files. It was overly broad, causing errors outside of coverage.py settings, as described in `issue 1481`_ and `issue 1345`_. This is now fixed, but in rare cases will require changing your pyproject.toml to quote non-string values that use environment substitution. - Fixed internal logic that prevented coverage.py from running on implementations other than CPython or PyPy (`issue 1474`_). .. _issue 991: nedbat/coveragepy#991 .. _issue 1280: nedbat/coveragepy#1280 .. _issue 1345: nedbat/coveragepy#1345 .. _issue 1407: nedbat/coveragepy#1407 .. _issue 1474: nedbat/coveragepy#1474 .. _issue 1481: nedbat/coveragepy#1481
RobertCraigie
referenced
this issue
in RobertCraigie/prisma-client-py
May 8, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [coverage](https://togithub.com/nedbat/coveragepy) | `==7.2.2` -> `==7.2.5` | [![age](https://badges.renovateapi.com/packages/pypi/coverage/7.2.5/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/coverage/7.2.5/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/coverage/7.2.5/compatibility-slim/7.2.2)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/coverage/7.2.5/confidence-slim/7.2.2)](https://docs.renovatebot.com/merge-confidence/) | | [dirty-equals](https://togithub.com/samuelcolvin/dirty-equals) ([changelog](https://togithub.com/samuelcolvin/dirty-equals/releases)) | `==0.5.0` -> `==0.6.0` | [![age](https://badges.renovateapi.com/packages/pypi/dirty-equals/0.6.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/dirty-equals/0.6.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/dirty-equals/0.6.0/compatibility-slim/0.5.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/dirty-equals/0.6.0/confidence-slim/0.5.0)](https://docs.renovatebot.com/merge-confidence/) | | [mkdocs](https://togithub.com/mkdocs/mkdocs) ([changelog](https://www.mkdocs.org/about/release-notes/)) | `==1.4.2` -> `==1.4.3` | [![age](https://badges.renovateapi.com/packages/pypi/mkdocs/1.4.3/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/mkdocs/1.4.3/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/mkdocs/1.4.3/compatibility-slim/1.4.2)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/mkdocs/1.4.3/confidence-slim/1.4.2)](https://docs.renovatebot.com/merge-confidence/) | | [mkdocs-material](https://togithub.com/squidfunk/mkdocs-material) | `==9.1.5` -> `==9.1.9` | [![age](https://badges.renovateapi.com/packages/pypi/mkdocs-material/9.1.9/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/mkdocs-material/9.1.9/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/mkdocs-material/9.1.9/compatibility-slim/9.1.5)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/mkdocs-material/9.1.9/confidence-slim/9.1.5)](https://docs.renovatebot.com/merge-confidence/) | | [mock](http://mock.readthedocs.org/en/latest/) ([source](https://togithub.com/testing-cabal/mock)) | `==5.0.1` -> `==5.0.2` | [![age](https://badges.renovateapi.com/packages/pypi/mock/5.0.2/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/mock/5.0.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/mock/5.0.2/compatibility-slim/5.0.1)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/mock/5.0.2/confidence-slim/5.0.1)](https://docs.renovatebot.com/merge-confidence/) | | [pyright](https://togithub.com/RobertCraigie/pyright-python) | `==1.1.302` -> `==1.1.306` | [![age](https://badges.renovateapi.com/packages/pypi/pyright/1.1.306/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/pyright/1.1.306/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/pyright/1.1.306/compatibility-slim/1.1.302)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/pyright/1.1.306/confidence-slim/1.1.302)](https://docs.renovatebot.com/merge-confidence/) | | [pytest](https://docs.pytest.org/en/latest/) ([source](https://togithub.com/pytest-dev/pytest), [changelog](https://docs.pytest.org/en/stable/changelog.html)) | `==7.2.2` -> `==7.3.1` | [![age](https://badges.renovateapi.com/packages/pypi/pytest/7.3.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/pytest/7.3.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/pytest/7.3.1/compatibility-slim/7.2.2)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/pytest/7.3.1/confidence-slim/7.2.2)](https://docs.renovatebot.com/merge-confidence/) | | [typer](https://togithub.com/tiangolo/typer) | `==0.7.0` -> `==0.9.0` | [![age](https://badges.renovateapi.com/packages/pypi/typer/0.9.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/typer/0.9.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/typer/0.9.0/compatibility-slim/0.7.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/typer/0.9.0/confidence-slim/0.7.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nedbat/coveragepy</summary> ### [`v7.2.5`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-725--2023-04-30) [Compare Source](https://togithub.com/nedbat/coveragepy/compare/7.2.4...7.2.5) - Fix: `html_report()` could fail with an AttributeError on `isatty` if run in an unusual environment where sys.stdout had been replaced. This is now fixed. .. \_changes\_7-2-4: ### [`v7.2.4`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-724--2023-04-28) [Compare Source](https://togithub.com/nedbat/coveragepy/compare/7.2.3...7.2.4) PyCon 2023 sprint fixes! - Fix: with `relative_files = true`, specifying a specific file to include or omit wouldn't work correctly (`issue 1604`*). This is now fixed, with testing help by `Marc Gibbons <pull 1608_>`*. - Fix: the XML report would have an incorrect `<source>` element when using relative files and the source option ended with a slash (`issue 1541`*). This is now fixed, thanks to `Kevin Brown-Silva <pull 1608_>`*. - When the HTML report location is printed to the terminal, it's now a terminal-compatible URL, so that you can click the location to open the HTML file in your browser. Finishes `issue 1523`\_ thanks to `Ricardo Newbery <pull 1613_>`\_. - Docs: a new :ref:`Migrating page <migrating>` with details about how to migrate between major versions of coverage.py. It currently covers the wildcard changes in 7.x. Thanks, `Brian Grohe <pull 1610_>`\_. .. \_issue 1523:[https://github.com/nedbat/coveragepy/issues/1523](https://togithub.com/nedbat/coveragepy/issues/1523)3 .. \_issue 1541[https://github.com/nedbat/coveragepy/issues/1541](https://togithub.com/nedbat/coveragepy/issues/1541)41 .. \_issue 160[https://github.com/nedbat/coveragepy/issues/1604](https://togithub.com/nedbat/coveragepy/issues/1604)604 .. \_pull 16[https://github.com/nedbat/coveragepy/pull/1608](https://togithub.com/nedbat/coveragepy/pull/1608)1608 .. \_pull 1[https://github.com/nedbat/coveragepy/pull/1609](https://togithub.com/nedbat/coveragepy/pull/1609)/1609 .. \_pull [https://github.com/nedbat/coveragepy/pull/1610](https://togithub.com/nedbat/coveragepy/pull/1610)l/1610 .. \_pull[https://github.com/nedbat/coveragepy/pull/1613](https://togithub.com/nedbat/coveragepy/pull/1613)ll/1613 .. \_changes\_7-2-3: ### [`v7.2.3`](https://togithub.com/nedbat/coveragepy/blob/HEAD/CHANGES.rst#Version-723--2023-04-06) [Compare Source](https://togithub.com/nedbat/coveragepy/compare/7.2.2...7.2.3) - Fix: the :ref:`config_run_sigterm` setting was meant to capture data if a process was terminated with a SIGTERM signal, but it didn't always. This was fixed thanks to `Lewis Gaul <pull 1600_>`*, closing `issue 1599`*. - Performance: HTML reports with context information are now much more compact. File sizes are typically as small as one-third the previous size, but can be dramatically smaller. This closes `issue 1584`\_ thanks to `Oleh Krehel <pull 1587_>`\_. - Development dependencies no longer use hashed pins, closing `issue 1592`\_. .. \_issue 1584:[https://github.com/nedbat/coveragepy/issues/1584](https://togithub.com/nedbat/coveragepy/issues/1584)4 .. \_pull 1587[https://github.com/nedbat/coveragepy/pull/1587](https://togithub.com/nedbat/coveragepy/pull/1587)87 .. \_issue 159[https://github.com/nedbat/coveragepy/issues/1592](https://togithub.com/nedbat/coveragepy/issues/1592)592 .. \_issue 15[https://github.com/nedbat/coveragepy/issues/1599](https://togithub.com/nedbat/coveragepy/issues/1599)1599 .. \_pull 1[https://github.com/nedbat/coveragepy/pull/1600](https://togithub.com/nedbat/coveragepy/pull/1600)/1600 .. \_changes\_7-2-2: </details> <details> <summary>samuelcolvin/dirty-equals</summary> ### [`v0.6.0`](https://togithub.com/samuelcolvin/dirty-equals/releases/tag/v0.6.0): 2023-04-28 [Compare Source](https://togithub.com/samuelcolvin/dirty-equals/compare/v0.5.0...v0.6.0) #### What's Changed - Depend on typing-extensions only for Python < 3.8 by [@​mgorny](https://togithub.com/mgorny) in [https://github.com/samuelcolvin/dirty-equals/pull/50](https://togithub.com/samuelcolvin/dirty-equals/pull/50) - Feat add IsHash by [@​osintalex](https://togithub.com/osintalex) in [https://github.com/samuelcolvin/dirty-equals/pull/44](https://togithub.com/samuelcolvin/dirty-equals/pull/44) - feat: add IsUrl by [@​osintalex](https://togithub.com/osintalex) in [https://github.com/samuelcolvin/dirty-equals/pull/47](https://togithub.com/samuelcolvin/dirty-equals/pull/47) - FloatInf & FloatNan by [@​FBruzzesi](https://togithub.com/FBruzzesi) in [https://github.com/samuelcolvin/dirty-equals/pull/57](https://togithub.com/samuelcolvin/dirty-equals/pull/57) - ci: move to Python 3.11 final by [@​browniebroke](https://togithub.com/browniebroke) in [https://github.com/samuelcolvin/dirty-equals/pull/56](https://togithub.com/samuelcolvin/dirty-equals/pull/56) - add check job to CI, remove caching by [@​samuelcolvin](https://togithub.com/samuelcolvin) in [https://github.com/samuelcolvin/dirty-equals/pull/62](https://togithub.com/samuelcolvin/dirty-equals/pull/62) - uprev deps by [@​samuelcolvin](https://togithub.com/samuelcolvin) in [https://github.com/samuelcolvin/dirty-equals/pull/63](https://togithub.com/samuelcolvin/dirty-equals/pull/63) - numeric exact by [@​samuelcolvin](https://togithub.com/samuelcolvin) in [https://github.com/samuelcolvin/dirty-equals/pull/64](https://togithub.com/samuelcolvin/dirty-equals/pull/64) - use pydantic-examples to test examples by [@​samuelcolvin](https://togithub.com/samuelcolvin) in [https://github.com/samuelcolvin/dirty-equals/pull/65](https://togithub.com/samuelcolvin/dirty-equals/pull/65) - Add mike by [@​samuelcolvin](https://togithub.com/samuelcolvin) in [https://github.com/samuelcolvin/dirty-equals/pull/66](https://togithub.com/samuelcolvin/dirty-equals/pull/66) #### New Contributors - [@​mgorny](https://togithub.com/mgorny) made their first contribution in [https://github.com/samuelcolvin/dirty-equals/pull/50](https://togithub.com/samuelcolvin/dirty-equals/pull/50) - [@​FBruzzesi](https://togithub.com/FBruzzesi) made their first contribution in [https://github.com/samuelcolvin/dirty-equals/pull/57](https://togithub.com/samuelcolvin/dirty-equals/pull/57) - [@​browniebroke](https://togithub.com/browniebroke) made their first contribution in [https://github.com/samuelcolvin/dirty-equals/pull/56](https://togithub.com/samuelcolvin/dirty-equals/pull/56) **Full Changelog**: samuelcolvin/dirty-equals@v0.5.0...v0.6.0 </details> <details> <summary>mkdocs/mkdocs</summary> ### [`v1.4.3`](https://togithub.com/mkdocs/mkdocs/releases/tag/1.4.3) [Compare Source](https://togithub.com/mkdocs/mkdocs/compare/1.4.2...1.4.3) - Bugfix: for the `hooks` feature, modules no longer fail to load if using some advanced Python features like dataclasses ([#​3193](https://togithub.com/mkdocs/mkdocs/issues/3193)) - Bugfix: Don't create `None` sitemap entries if the page has no populated URL - affects sites that exclude some files from navigation ([`07a297b`](https://togithub.com/mkdocs/mkdocs/commit/07a297b3b4de4a1b49469b1497ee34039b9f38fa)) - "readthedocs" theme: - Accessibility: add aria labels to Home logo ([#​3129](https://togithub.com/mkdocs/mkdocs/issues/3129)) and search inputs ([#​3046](https://togithub.com/mkdocs/mkdocs/issues/3046)) - "readthedocs" theme now supports `hljs_style:` config, same as "mkdocs" theme ([#​3199](https://togithub.com/mkdocs/mkdocs/issues/3199)) - Translations: - Built-in themes now also support Indonesian language ([#​3154](https://togithub.com/mkdocs/mkdocs/issues/3154)) - Fixed `zh_CN` translation ([#​3125](https://togithub.com/mkdocs/mkdocs/issues/3125)) - `tr_TR` translation becomes just `tr` - usage should remain unaffected ([#​3195](https://togithub.com/mkdocs/mkdocs/issues/3195)) See [commit log](https://togithub.com/mkdocs/mkdocs/compare/1.4.2...1.4.3). </details> <details> <summary>squidfunk/mkdocs-material</summary> ### [`v9.1.9`](https://togithub.com/squidfunk/mkdocs-material/releases/tag/9.1.9): mkdocs-material-9.1.9 [Compare Source](https://togithub.com/squidfunk/mkdocs-material/compare/9.1.8...9.1.9) - Added Telugu, Kannada and Sanskrit translations - Fixed [#​5428](https://togithub.com/squidfunk/mkdocs-material/issues/5428): Fixed margins for light/dark mode images in figures - Fixed [#​5420](https://togithub.com/squidfunk/mkdocs-material/issues/5420): Social plugin crashing for some specific Google Fonts - Fixed [#​5160](https://togithub.com/squidfunk/mkdocs-material/issues/5160): Instant loading makes code annotations jump (9.1.1 regression) - Fixed [#​4920](https://togithub.com/squidfunk/mkdocs-material/issues/4920): Social plugin not loading logo from custom icon set - Fixed social plugin crashing when only code font is specified ### [`v9.1.8`](https://togithub.com/squidfunk/mkdocs-material/releases/tag/9.1.8): mkdocs-material-9.1.8 [Compare Source](https://togithub.com/squidfunk/mkdocs-material/compare/9.1.7...9.1.8) - Fixed [#​5417](https://togithub.com/squidfunk/mkdocs-material/issues/5417): Theme breaks when `palette` is not defined (9.1.7 regression) ### [`v9.1.7`](https://togithub.com/squidfunk/mkdocs-material/releases/tag/9.1.7): mkdocs-material-9.1.7 [Compare Source](https://togithub.com/squidfunk/mkdocs-material/compare/9.1.6...9.1.7) - Updated Persian (Farsi) and Turkish translations - Fixed [#​5401](https://togithub.com/squidfunk/mkdocs-material/issues/5401): Added missing flag to disable built-in tags plugin - Fixed [#​5206](https://togithub.com/squidfunk/mkdocs-material/issues/5206): Ensure defaults are set for primary and accent colors - Fixed unnecessary inclusion of palette CSS when unused ### [`v9.1.6`](https://togithub.com/squidfunk/mkdocs-material/releases/tag/9.1.6): mkdocs-material-9.1.6 [Compare Source](https://togithub.com/squidfunk/mkdocs-material/compare/9.1.5...9.1.6) - Updated Persian (Farsi) translations - Fixed [#​5300](https://togithub.com/squidfunk/mkdocs-material/issues/5300): Boxes in Mermaid sequence diagrams not color-abiding </details> <details> <summary>testing-cabal/mock</summary> ### [`v5.0.2`](https://togithub.com/testing-cabal/mock/blob/HEAD/CHANGELOG.rst#​502) [Compare Source](https://togithub.com/testing-cabal/mock/compare/5.0.1...5.0.2) - [gh-102978](https://togithub.com/testing-cabal/mock/issues/102978): Fixes :func:`unittest.mock.patch` not enforcing function signatures for methods decorated with `@classmethod` or `@staticmethod` when patch is called with `autospec=True`. - [gh-103329](https://togithub.com/testing-cabal/mock/issues/103329): Regression tests for the behaviour of `unittest.mock.PropertyMock` were added. </details> <details> <summary>RobertCraigie/pyright-python</summary> ### [`v1.1.306`](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.305...v1.1.306) [Compare Source](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.305...v1.1.306) ### [`v1.1.305`](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.304...v1.1.305) [Compare Source](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.304...v1.1.305) ### [`v1.1.304`](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.303...v1.1.304) [Compare Source](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.303...v1.1.304) ### [`v1.1.303`](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.302...v1.1.303) [Compare Source](https://togithub.com/RobertCraigie/pyright-python/compare/v1.1.302...v1.1.303) </details> <details> <summary>pytest-dev/pytest</summary> ### [`v7.3.1`](https://togithub.com/pytest-dev/pytest/releases/tag/7.3.1) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/7.3.0...7.3.1) # pytest 7.3.1 (2023-04-14) ## Improvements - [#​10875](https://togithub.com/pytest-dev/pytest/issues/10875): Python 3.12 support: fixed `RuntimeError: TestResult has no addDuration method` when running `unittest` tests. - [#​10890](https://togithub.com/pytest-dev/pytest/issues/10890): Python 3.12 support: fixed `shutil.rmtree(onerror=...)` deprecation warning when using `tmp_path`{.interpreted-text role="fixture"}. ## Bug Fixes - [#​10896](https://togithub.com/pytest-dev/pytest/issues/10896): Fixed performance regression related to `tmp_path`{.interpreted-text role="fixture"} and the new `tmp_path_retention_policy`{.interpreted-text role="confval"} option. - [#​10903](https://togithub.com/pytest-dev/pytest/issues/10903): Fix crash `INTERNALERROR IndexError: list index out of range` which happens when displaying an exception where all entries are hidden. This reverts the change "Correctly handle `__tracebackhide__` for chained exceptions." introduced in version 7.3.0. ### [`v7.3.0`](https://togithub.com/pytest-dev/pytest/releases/tag/7.3.0) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/7.2.2...7.3.0) # pytest 7.3.0 (2023-04-08) ## Features - [#​10525](https://togithub.com/pytest-dev/pytest/issues/10525): Test methods decorated with `@classmethod` can now be discovered as tests, following the same rules as normal methods. This fills the gap that static methods were discoverable as tests but not class methods. - [#​10755](https://togithub.com/pytest-dev/pytest/issues/10755): `console_output_style`{.interpreted-text role="confval"} now supports `progress-even-when-capture-no` to force the use of the progress output even when capture is disabled. This is useful in large test suites where capture may have significant performance impact. - [#​7431](https://togithub.com/pytest-dev/pytest/issues/7431): `--log-disable` CLI option added to disable individual loggers. - [#​8141](https://togithub.com/pytest-dev/pytest/issues/8141): Added `tmp_path_retention_count`{.interpreted-text role="confval"} and `tmp_path_retention_policy`{.interpreted-text role="confval"} configuration options to control how directories created by the `tmp_path`{.interpreted-text role="fixture"} fixture are kept. ## Improvements - [#​10226](https://togithub.com/pytest-dev/pytest/issues/10226): If multiple errors are raised in teardown, we now re-raise an `ExceptionGroup` of them instead of discarding all but the last. - [#​10658](https://togithub.com/pytest-dev/pytest/issues/10658): Allow `-p` arguments to include spaces (eg: `-p no:logging` instead of `-pno:logging`). Mostly useful in the `addopts` section of the configuration file. - [#​10710](https://togithub.com/pytest-dev/pytest/issues/10710): Added `start` and `stop` timestamps to `TestReport` objects. - [#​10727](https://togithub.com/pytest-dev/pytest/issues/10727): Split the report header for `rootdir`, `config file` and `testpaths` so each has its own line. - [#​10840](https://togithub.com/pytest-dev/pytest/issues/10840): pytest should no longer crash on AST with pathological position attributes, for example testing AST produced by \[Hylang \<https://github.com/hylang/hy>\__]{.title-ref}. - [#​6267](https://togithub.com/pytest-dev/pytest/issues/6267): The full output of a test is no longer truncated if the truncation message would be longer than the hidden text. The line number shown has also been fixed. ## Bug Fixes - [#​10743](https://togithub.com/pytest-dev/pytest/issues/10743): The assertion rewriting mechanism now works correctly when assertion expressions contain the walrus operator. - [#​10765](https://togithub.com/pytest-dev/pytest/issues/10765): Fixed `tmp_path`{.interpreted-text role="fixture"} fixture always raising `OSError`{.interpreted-text role="class"} on `emscripten` platform due to missing `os.getuid`{.interpreted-text role="func"}. - [#​1904](https://togithub.com/pytest-dev/pytest/issues/1904): Correctly handle `__tracebackhide__` for chained exceptions. ## Improved Documentation - [#​10782](https://togithub.com/pytest-dev/pytest/issues/10782): Fixed the minimal example in `goodpractices`{.interpreted-text role="ref"}: `pip install -e .` requires a `version` entry in `pyproject.toml` to run successfully. ## Trivial/Internal Changes - [#​10669](https://togithub.com/pytest-dev/pytest/issues/10669): pytest no longer depends on the \[attrs]{.title-ref} package (don't worry, nice diffs for attrs classes are still supported). </details> <details> <summary>tiangolo/typer</summary> ### [`v0.9.0`](https://togithub.com/tiangolo/typer/releases/tag/0.9.0) [Compare Source](https://togithub.com/tiangolo/typer/compare/0.8.0...0.9.0) ##### Features - ✨ Add support for PEP-593 `Annotated` for specifying options and arguments. Initial PR [#​584](https://togithub.com/tiangolo/typer/pull/584) by [@​ryangalamb](https://togithub.com/ryangalamb). - New docs: [Optional CLI arguments](https://typer.tiangolo.com/tutorial/arguments/optional/#an-alternative-cli-argument-declaration). - It is no longer required to pass a default value of `...` to mark a *CLI Argument* or *CLI Option* as required. - It is now recommended to use `Annotated` for `typer.Option()` and `typer.Argument()`. - All the docs have been updated to recommend `Annotated`. ##### Docs - 📝 Update docs examples for custom param types using `Annotated`, fix overloads for `typer.Argument`. PR [#​594](https://togithub.com/tiangolo/typer/pull/594) by [@​tiangolo](https://togithub.com/tiangolo). ##### Internal - ⬆ \[pre-commit.ci] pre-commit autoupdate. PR [#​592](https://togithub.com/tiangolo/typer/pull/592) by [@​pre-commit-ci\[bot\]](https://togithub.com/apps/pre-commit-ci). ### [`v0.8.0`](https://togithub.com/tiangolo/typer/releases/tag/0.8.0) [Compare Source](https://togithub.com/tiangolo/typer/compare/0.7.0...0.8.0) ##### Features - ✨ Add support for custom types and parsers. Initial PR [#​583](https://togithub.com/tiangolo/typer/pull/583) by [@​jpurviance](https://togithub.com/jpurviance). Based on original PR [#​443](https://togithub.com/tiangolo/typer/pull/443) by [@​paulo-raca](https://togithub.com/paulo-raca). - New docs: [CLI Parameter Types: Custom Types](https://typer.tiangolo.com/tutorial/parameter-types/custom-types/). ##### Upgrades - ⬆ Upgrade Rich, support 13.x. PR [#​524](https://togithub.com/tiangolo/typer/pull/524) by [@​musicinmybrain](https://togithub.com/musicinmybrain). ##### Docs - 📝 Tweak docs, Custom Types path, main page and READAME colors, broken links. PR [#​588](https://togithub.com/tiangolo/typer/pull/588) by [@​tiangolo](https://togithub.com/tiangolo). - ✏ Fix spelling (shinny -> shiny). PR [#​586](https://togithub.com/tiangolo/typer/pull/586) by [@​runofthemill](https://togithub.com/runofthemill). - 📝 Update docs about helping Typer. PR [#​547](https://togithub.com/tiangolo/typer/pull/547) by [@​tiangolo](https://togithub.com/tiangolo). - ✏️ Fix typo in datetime docs. PR [#​495](https://togithub.com/tiangolo/typer/pull/495) by [@​huxuan](https://togithub.com/huxuan). - ✏️ Add quotes to package name that includes brackets in docs. PR [#​475](https://togithub.com/tiangolo/typer/pull/475) by [@​gjolga](https://togithub.com/gjolga). ##### Internal - ⬆ Bump dawidd6/action-download-artifact from 2.24.2 to 2.26.0. PR [#​558](https://togithub.com/tiangolo/typer/pull/558) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ \[pre-commit.ci] pre-commit autoupdate. PR [#​549](https://togithub.com/tiangolo/typer/pull/549) by [@​pre-commit-ci\[bot\]](https://togithub.com/apps/pre-commit-ci). - 🔧 Add `exclude_lines` to coverage configuration. PR [#​585](https://togithub.com/tiangolo/typer/pull/585) by [@​dmontagu](https://togithub.com/dmontagu). - ⬆️ Upgrade analytics. PR [#​557](https://togithub.com/tiangolo/typer/pull/557) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update new issue chooser to suggest GitHub Discussions. PR [#​544](https://togithub.com/tiangolo/typer/pull/544) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Add GitHub Discussion templates for questions. PR [#​541](https://togithub.com/tiangolo/typer/pull/541) by [@​tiangolo](https://togithub.com/tiangolo). - 🔧 Update pre-commit, Python version, isort version. PR [#​542](https://togithub.com/tiangolo/typer/pull/542) by [@​tiangolo](https://togithub.com/tiangolo). - ⬆ \[pre-commit.ci] pre-commit autoupdate. PR [#​512](https://togithub.com/tiangolo/typer/pull/512) by [@​pre-commit-ci\[bot\]](https://togithub.com/apps/pre-commit-ci). - ⬆ Bump nwtgck/actions-netlify from 1.2.4 to 2.0.0. PR [#​513](https://togithub.com/tiangolo/typer/pull/513) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - 👷 Refactor CI artifact upload/download for docs previews. PR [#​516](https://togithub.com/tiangolo/typer/pull/516) by [@​tiangolo](https://togithub.com/tiangolo). - ⬆ \[pre-commit.ci] pre-commit autoupdate. PR [#​500](https://togithub.com/tiangolo/typer/pull/500) by [@​pre-commit-ci\[bot\]](https://togithub.com/apps/pre-commit-ci). - ⬆ Bump actions/cache from 2 to 3. PR [#​496](https://togithub.com/tiangolo/typer/pull/496) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump dawidd6/action-download-artifact from 2.24.1 to 2.24.2. PR [#​494](https://togithub.com/tiangolo/typer/pull/494) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump dawidd6/action-download-artifact from 2.9.0 to 2.24.1. PR [#​491](https://togithub.com/tiangolo/typer/pull/491) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - ⬆ Bump actions/setup-python from 2 to 4. PR [#​492](https://togithub.com/tiangolo/typer/pull/492) by [@​dependabot\[bot\]](https://togithub.com/apps/dependabot). - 👷♂️ Consistently use `sys.executable` to run subprocesses, needed by OpenSUSE. PR [#​408](https://togithub.com/tiangolo/typer/pull/408) by [@​theMarix](https://togithub.com/theMarix). - 👷♂️ Ensure the `PYTHONPATH` is set properly when testing the tutorial scripts. PR [#​407](https://togithub.com/tiangolo/typer/pull/407) by [@​theMarix](https://togithub.com/theMarix). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/RobertCraigie/prisma-client-py). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zNC4xIiwidXBkYXRlZEluVmVyIjoiMzUuNjkuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Robert Craigie <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, coverage.py has
requirements/*.pip
files that include hashes:This is meant to increase security by ensuring that the package you get is really the package you wanted, by checking the hash of the downloaded package. But coverage.py doesn't need these hashes, and they causes problems.
Coverage.py is a developer tool, it doesn't run in public-facing production environments. Further, it has no runtime dependencies. Installing coverage doesn't pull in any third-party libraries. These hashes only apply to the developer tools that maintainers and modifiers of coverage install in their local machines or their continuous integration.
The problems arise because the exact set of dependencies installed on a machine varies depending on the OS and the Python version. The .pip files are created by pip-tools on my Mac running Python 3.7. If a contributor tries to install them on Windows running 3.10 (for example), conditional dependencies in third-party libraries will try to pull in a package that wasn't needed on Mac 3.7. That package will not have a hash in the .pip files, and the installation will fail. The solution is then to use the .in files directly, which have no hashes, so what have we gained other than a confusing speed bump for contributors?
The OpenSSF scorecard awards points for hashed pins, but does not distinguish between production and development dependencies. This simplistic gamification shouldn't push us towards making the project unfriendly to contributors.
The text was updated successfully, but these errors were encountered: