Bump the dependencies group in /.config with 8 updates

[dependabot]

Bumps the dependencies group in /.config with 8 updates:

Package	From	To
black	24.1.1	24.2.0
cryptography	42.0.2	42.0.3
dnspython	2.5.0	2.6.0
pipdeptree	2.13.2	2.14.0
pytest	8.0.0	8.0.1
rpds-py	0.17.1	0.18.0
ruff	0.2.1	0.2.2
tox	4.12.1	4.13.0

Updates black from 24.1.1 to 24.2.0

Release notes

Sourced from black's releases.

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

• Fix issue where Black would ignore input files in the presence of symlinks (#4222)
• Black now ignores pyproject.toml that is missing a tool.black section when discovering project root and configuration. Since Black continues to use version control as an indicator of project root, this is expected to primarily change behavior for users in a monorepo setup (desirably). If you wish to preserve previous behavior, simply add an empty [tool.black] to the previously discovered pyproject.toml (#4204)

Output

• Black will swallow any SyntaxWarnings or DeprecationWarnings produced by the ast module when performing equivalence checks (#4189)

Integrations

• Add a JSONSchema and provide a validate-pyproject entry-point (#4181)

Changelog

Sourced from black's changelog.

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

• Fix issue where Black would ignore input files in the presence of symlinks (#4222)
• Black now ignores pyproject.toml that is missing a tool.black section when discovering project root and configuration. Since Black continues to use version control as an indicator of project root, this is expected to primarily change behavior for users in a monorepo setup (desirably). If you wish to preserve previous behavior, simply add an empty [tool.black] to the previously discovered pyproject.toml (#4204)

Output

• Black will swallow any SyntaxWarnings or DeprecationWarnings produced by the ast module when performing equivalence checks (#4189)

Integrations

• Add a JSONSchema and provide a validate-pyproject entry-point (#4181)

Commits

• 6fdf8a4 Prepare release 24.2.0 (#4226)
• 8af4394 fix: Don't remove comments along with parens (#4218)
• 35e9776 Bump pre-commit/action from 3.0.0 to 3.0.1 (#4225)
• 23dfc5b Fix ignoring input files for symlink reasons (#4222)
• a201003 Simplify check for symlinks that resolve outside root (#4221)
• dab37a6 Remove redundant parentheses in case statement if guards (#4214)
• 32230e6 fix: bug where the doublestar operation had inconsistent formatting. (#4154)
• 7edb50f fix: additional newline added to docstring when the previous line length is l...
• 3e80de3 Bump furo from 2023.9.10 to 2024.1.29 in /docs (#4211)
• a08b480 Bump pypa/cibuildwheel from 2.16.4 to 2.16.5 (#4212)
• Additional commits viewable in compare view

Updates cryptography from 42.0.2 to 42.0.3

Changelog

Sourced from cryptography's changelog.

42.0.3 - 2024-02-15

* Fixed an initialization issue that caused key loading failures for some
  users.
.. _v42-0-2:

Commits

• c49a7a5 changelog and version bump for 42.0.3 (#10396)
• 396bcf6 fix provider loading take two (#10390) (#10395)
• 0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
• See full diff in compare view

Updates dnspython from 2.5.0 to 2.6.0

Release notes

Sourced from dnspython's releases.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.0

• As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

  This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

• Added support for the NSID EDNS option.

• Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

• The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

Commits

• cecb853 Further improve CVE fix coverage to 100% for sync and async.
• 7952e31 test IgnoreErrors
• e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
• 3af9f78 2.6.0 versioning
• ca63d95 Require cryptography >=41 instead of 42.
• 902cbf3 Create CODE_OF_CONDUCT.md
• ed9795f github contributing and pull request template
• 1a581c7 The DoHNameserver now supports using GET instead of POST
• 742fddb 2.6.0 prep
• 80b03f8 2.6.0 prep
• Additional commits viewable in compare view

Updates pipdeptree from 2.13.2 to 2.14.0

Release notes

Sourced from pipdeptree's releases.

2.14.0

What's Changed

• Implement --license option by @​kemzeb in tox-dev/pipdeptree#318

Full Changelog: tox-dev/pipdeptree@2.13.2...2.14.0

Commits

• 134ca6e Implement --license option (#318)
• 312818a [pre-commit.ci] pre-commit autoupdate (#317)
• 9d8f2b7 [pre-commit.ci] pre-commit autoupdate (#316)
• 1cd3453 [pre-commit.ci] pre-commit autoupdate (#315)
• 75389a0 [pre-commit.ci] pre-commit autoupdate (#314)
• d317f9b [pre-commit.ci] pre-commit autoupdate (#313)
• See full diff in compare view

Updates pytest from 8.0.0 to 8.0.1

Release notes

Sourced from pytest's releases.

8.0.1

pytest 8.0.1 (2024-02-16)

Bug Fixes

• #11875: Correctly handle errors from getpass.getuser{.interpreted-text role="func"} in Python 3.13.
• #11879: Fix an edge case where ExceptionInfo._stringify_exception could crash pytest.raises{.interpreted-text role="func"}.
• #11906: Fix regression with pytest.warns{.interpreted-text role="func"} using custom warning subclasses which have more than one parameter in their [__init__]{.title-ref}.
• #11907: Fix a regression in pytest 8.0.0 whereby calling pytest.skip{.interpreted-text role="func"} and similar control-flow exceptions within a pytest.warns(){.interpreted-text role="func"} block would get suppressed instead of propagating.
• #11929: Fix a regression in pytest 8.0.0 whereby autouse fixtures defined in a module get ignored by the doctests in the module.
• #11937: Fix a regression in pytest 8.0.0 whereby items would be collected in reverse order in some circumstances.

Commits

• d7d320a Prepare release version 8.0.1
• 9369916 Merge pull request #11992 from bluetech/backport-11991
• a232abd [8.0.x] recwarn: fix pytest.warns handling of Warnings with multiple arguments
• 92203d2 Merge pull request #11990 from bluetech/backport-11920
• f1aa922 [8.0.x] recwarn: let base exceptions propagate through pytest.warns again
• d86d081 [8.0.x] Added logot to the plugin list (#11977)
• c554c3d Merge pull request #11968 from pytest-dev/backport-11957-to-8.0.x
• a6851e3 [8.0.x] main: fix reversed collection order in Session
• e6f6be3 [8.0.x] Improve error message when using @​pytest.fixture twice (#11958)
• 23b91d1 [8.0.x] Merge pull request #11941 from bluetech/doctest-parsefactories (#11948)
• Additional commits viewable in compare view

Updates rpds-py from 0.17.1 to 0.18.0

Release notes

Sourced from rpds-py's releases.

v0.18.0

Full Changelog: crate-py/rpds@v0.17.1...v0.18.0

Commits

• ce3bf37 Type annotation and test for HashTrieMap.update.
• 7ff2d43 Merge pull request #52 from crate-py/dependabot/github_actions/pre-commit/act...
• d57b92c Bump pre-commit/action from 3.0.0 to 3.0.1
• 0b1a9ac Merge pull request #51 from crate-py/pre-commit-ci-update-config
• ce4b8bc [pre-commit.ci] auto fixes from pre-commit.com hooks
• c581b56 [pre-commit.ci] pre-commit autoupdate
• 783e3ef Implement Queue.hash.
• ee1bf7e Explicitly remind ourselves that dict.values != dict.values in the tests.
• See full diff in compare view

Updates ruff from 0.2.1 to 0.2.2

Release notes

Sourced from ruff's releases.

v0.2.2

Highlights include:

• Initial support formatting f-strings (in --preview).
• Support for overriding arbitrary configuration options via the CLI through an expanded --config argument (e.g., --config "lint.isort.combine-as-imports=false").
• Significant performance improvements in Ruff's lexer, parser, and lint rules.

Changes

Preview features

• Implement minimal f-string formatting (#9642)
• [pycodestyle] Add blank line(s) rules (E301, E302, E303, E304, E305, E306) (#9266)
• [refurb] Implement readlines_in_for (FURB129) (#9880)

Rule changes

• [ruff] Ensure closing parentheses for multiline sequences are always on their own line (RUF022, RUF023) (#9793)
• [numpy] Add missing deprecation violations (NPY002) (#9862)
• [flake8-bandit] Detect mark_safe usages in decorators (#9887)
• [ruff] Expand asyncio-dangling-task (RUF006) to include new_event_loop (#9976)
• [flake8-pyi] Ignore 'unused' private type dicts in class scopes (#9952)

Formatter

• Docstring formatting: Preserve tab indentation when using indent-style=tabs (#9915)
• Disable top-level docstring formatting for notebooks (#9957)
• Stabilize quote-style's preserve mode (#9922)

CLI

• Allow arbitrary configuration options to be overridden via the CLI (#9599)

Bug fixes

• Make show-settings filters directory-agnostic (#9866)
• Respect duplicates when rewriting type aliases (#9905)
• Respect tuple assignments in typing analyzer (#9969)
• Use atomic write when persisting cache (#9981)
• Use non-parenthesized range for DebugText (#9953)
• [flake8-simplify] Avoid false positive with async for loops (SIM113) (#9996)
• [flake8-trio] Respect async with in timeout-without-await (#9859)
• [perflint] Catch a wider range of mutations in PERF101 (#9955)
• [pycodestyle] Fix E30X panics on blank lines with trailing white spaces (#9907)
• [pydocstyle] Allow using parameters as a subsection header (D405) (#9894)
• [pydocstyle] Fix blank-line docstring rules for module-level docstrings (#9878)
• [pylint] Accept 0.0 and 1.0 as common magic values (PLR2004) (#9964)
• [pylint] Avoid suggesting set rewrites for non-hashable types (#9956)
• [ruff] Avoid false negatives with string literals inside of method calls (RUF027) (#9865)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.2.2

Highlights include:

• Initial support formatting f-strings (in --preview).
• Support for overriding arbitrary configuration options via the CLI through an expanded --config argument (e.g., --config "lint.isort.combine-as-imports=false").
• Significant performance improvements in Ruff's lexer, parser, and lint rules.

Preview features

• Implement minimal f-string formatting (#9642)
• [pycodestyle] Add blank line(s) rules (E301, E302, E303, E304, E305, E306) (#9266)
• [refurb] Implement readlines_in_for (FURB129) (#9880)

Rule changes

• [ruff] Ensure closing parentheses for multiline sequences are always on their own line (RUF022, RUF023) (#9793)
• [numpy] Add missing deprecation violations (NPY002) (#9862)
• [flake8-bandit] Detect mark_safe usages in decorators (#9887)
• [ruff] Expand asyncio-dangling-task (RUF006) to include new_event_loop (#9976)
• [flake8-pyi] Ignore 'unused' private type dicts in class scopes (#9952)

Formatter

• Docstring formatting: Preserve tab indentation when using indent-style=tabs (#9915)
• Disable top-level docstring formatting for notebooks (#9957)
• Stabilize quote-style's preserve mode (#9922)

CLI

• Allow arbitrary configuration options to be overridden via the CLI (#9599)

Bug fixes

• Make show-settings filters directory-agnostic (#9866)
• Respect duplicates when rewriting type aliases (#9905)
• Respect tuple assignments in typing analyzer (#9969)
• Use atomic write when persisting cache (#9981)
• Use non-parenthesized range for DebugText (#9953)
• [flake8-simplify] Avoid false positive with async for loops (SIM113) (#9996)
• [flake8-trio] Respect async with in timeout-without-await (#9859)
• [perflint] Catch a wider range of mutations in PERF101 (#9955)
• [pycodestyle] Fix E30X panics on blank lines with trailing white spaces (#9907)
• [pydocstyle] Allow using parameters as a subsection header (D405) (#9894)
• [pydocstyle] Fix blank-line docstring rules for module-level docstrings (#9878)
• [pylint] Accept 0.0 and 1.0 as common magic values (PLR2004) (#9964)
• [pylint] Avoid suggesting set rewrites for non-hashable types (#9956)
• [ruff] Avoid false negatives with string literals inside of method calls (RUF027) (#9865)
• [ruff] Fix panic on with f-string detection (RUF027) (#9990)

... (truncated)

Commits

• 235cfb7 Bump version to v0.2.2 (#10018)
• 91ae81b Move RUF001, RUF002 to AST checker (#9993)
• d46c5d8 docs: Formatter compatibility warning for D207 and D300 (#10007)
• 20217e9 Fix panic on RUF027 (#9990)
• 72bf1c2 Preview minimal f-string formatting (#9642)
• c47ff65 chore(docs): update Discord invite to permalink (#10005)
• c3bba54 Fix SIM113 false positive with async for loops (#9996)
• fe79798 split string module (#9987)
• bb8d203 Use atomic write when persisting cache (#9981)
• f40e012 Use name directly in RUF006 (#9979)
• Additional commits viewable in compare view

Updates tox from 4.12.1 to 4.13.0

Release notes

Sourced from tox's releases.

4.13.0

What's Changed

• Document usage of Pytest with Tox as a FAQ entry by @​faph in tox-dev/tox#3192
• docs/config.rst: State in config directive sections their ini file sections by @​0cjs in tox-dev/tox#3194
• .gitignore: Add /tests/demo_pkg_inline/.tox/ by @​0cjs in tox-dev/tox#3198
• docs/development: Summarise important points experienced devs need to know by @​0cjs in tox-dev/tox#3197
• Add tests for CliEnv by @​0cjs in tox-dev/tox#3204
• Document how CliEnv works by @​0cjs in tox-dev/tox#3206
• docs/development "Key points": Two updates and general improvement by @​0cjs in tox-dev/tox#3205
• session.env_select.CliEnv: Document and test spaces behaviour by @​0cjs in tox-dev/tox#3208
• config.cli.test_cli_ini: Re-order for clarity (textual moves only) by @​0cjs in tox-dev/tox#3209
• Revert previous "precommit autoupdate (#3214)" commit; it's broken by @​0cjs in tox-dev/tox#3215
• Extract packaging virtualenv code to its own class by @​gaborbernat in tox-dev/tox#3221

New Contributors

• @​faph made their first contribution in tox-dev/tox#3192
• @​0cjs made their first contribution in tox-dev/tox#3194

Full Changelog: tox-dev/tox@4.12.1...4.13.0

Changelog

Sourced from tox's changelog.

v4.13.0 (2024-02-16)

Features - 4.13.0

- Extract virtual environment packaging code to its own base class not tied to ``virtualenv`` - by :user:`gaborbernat`. (:issue:`3221`)
Improved Documentation - 4.13.0

• Documented usage of pytest with tox run-parallel - by :user:faph. (:issue:3187)
• Configuration: state in config directive sections their ini file sections - by :user:0cjs. (:issue:3194)
• Development: summarize important points experienced developers need to know - by :user:0cjs. (:issue:3197)

Commits

• ae156e2 release 4.13.0
• fa923ec Extract packaging virtualenv code to its own class (#3221)
• 47bcea6 [pre-commit.ci] pre-commit autoupdate (#3217)
• fb83a3a Revert previous "precommit autoupdate (#3214)" commit; it's broken (#3215)
• 3347933 [pre-commit.ci] pre-commit autoupdate (#3214)
• 2bcc3ec config.cli.test_cli_ini: Re-order for clarity (textual moves only) (#3209)
• 387834a session.env_select.CliEnv: Document and test spaces behaviour (#3208)
• 47fa093 docs/development "Key points": Two updates and general improvement (#3205)
• 1b5b187 Document how CliEnv works (#3206)
• b3eb86a Add tests for CliEnv (#3204)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The following labels could not be found: dependabot-deps-updates.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.