Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update static analysis dependencies #422

Merged
merged 4 commits into from
Dec 9, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 30, 2024

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
astral-sh/ruff-pre-commit repository minor v0.6.9 -> v0.8.2 age adoption passing confidence
bandit (source, changelog) minor ==1.7.10 -> ==1.8.0 age adoption passing confidence
pyright patch ==1.1.383 -> ==1.1.390 age adoption passing confidence
ruff (source, changelog) minor ==0.6.9 -> ==0.8.2 age adoption passing confidence

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.


Release Notes

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.8.2

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.8.2

v0.8.1

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.8.1

v0.8.0

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.8.0

v0.7.4

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.4

v0.7.3

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.3

v0.7.2

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.2

v0.7.1

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.1

v0.7.0

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.0

PyCQA/bandit (bandit)

v1.8.0

Compare Source

What's Changed

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

RobertCraigie/pyright-python (pyright)

v1.1.390

Compare Source

v1.1.389

Compare Source

v1.1.388

Compare Source

v1.1.387

Compare Source

v1.1.386

Compare Source

v1.1.385

Compare Source

v1.1.384

Compare Source

astral-sh/ruff (ruff)

v0.8.2

Compare Source

Preview features
  • [airflow] Avoid deprecated values (AIR302) (#​14582)
  • [airflow] Extend removed names for AIR302 (#​14734)
  • [ruff] Extend unnecessary-regular-expression to non-literal strings (RUF055) (#​14679)
  • [ruff] Implement used-dummy-variable (RUF052) (#​14611)
  • [ruff] Implement unnecessary-cast-to-int (RUF046) (#​14697)
Rule changes
  • [airflow] Check AIR001 from builtin or providers operators module (#​14631)
  • [flake8-pytest-style] Remove @ in pytest.mark.parametrize rule messages (#​14770)
  • [pandas-vet] Skip rules if the panda module hasn't been seen (#​14671)
  • [pylint] Fix false negatives for ascii and sorted in len-as-condition (PLC1802) (#​14692)
  • [refurb] Guard hashlib imports and mark hashlib-digest-hex fix as safe (FURB181) (#​14694)
Configuration
  • [flake8-import-conventions] Improve syntax check for aliases supplied in configuration for unconventional-import-alias (ICN001) (#​14745)
Bug fixes
  • Revert: [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#​14615) (#​14726)
  • [pep8-naming] Avoid false positive for class Bar(type(foo)) (N804) (#​14683)
  • [pycodestyle] Handle f-strings properly for invalid-escape-sequence (W605) (#​14748)
  • [pylint] Ignore @overload in PLR0904 (#​14730)
  • [refurb] Handle non-finite decimals in verbose-decimal-constructor (FURB157) (#​14596)
  • [ruff] Avoid emitting assignment-in-assert when all references to the assigned variable are themselves inside asserts (RUF018) (#​14661)
Documentation
  • Improve docs for flake8-use-pathlib rules (#​14741)
  • Improve error messages and docs for flake8-comprehensions rules (#​14729)
  • [flake8-type-checking] Expands TC006 docs to better explain itself (#​14749)

v0.8.1

Compare Source

Preview features
  • Formatter: Avoid invalid syntax for format-spec with quotes for all Python versions (#​14625)
  • Formatter: Consider quotes inside format-specs when choosing the quotes for an f-string (#​14493)
  • Formatter: Do not consider f-strings with escaped newlines as multiline (#​14624)
  • Formatter: Fix f-string formatting in assignment statement (#​14454)
  • Formatter: Fix unnecessary space around power operator (**) in overlong f-string expressions (#​14489)
  • [airflow] Avoid implicit schedule argument to DAG and @dag (AIR301) (#​14581)
  • [flake8-builtins] Exempt private built-in modules (A005) (#​14505)
  • [flake8-pytest-style] Fix pytest.mark.parametrize rules to check calls instead of decorators (#​14515)
  • [flake8-type-checking] Implement runtime-cast-value (TC006) (#​14511)
  • [flake8-type-checking] Implement unquoted-type-alias (TC007) and quoted-type-alias (TC008) (#​12927)
  • [flake8-use-pathlib] Recommend Path.iterdir() over os.listdir() (PTH208) (#​14509)
  • [pylint] Extend invalid-envvar-default to detect os.environ.get (PLW1508) (#​14512)
  • [pylint] Implement len-test (PLC1802) (#​14309)
  • [refurb] Fix bug where methods defined using lambdas were flagged by FURB118 (#​14639)
  • [ruff] Auto-add r prefix when string has no backslashes for unraw-re-pattern (RUF039) (#​14536)
  • [ruff] Implement invalid-assert-message-literal-argument (RUF040) (#​14488)
  • [ruff] Implement unnecessary-nested-literal (RUF041) (#​14323)
  • [ruff] Implement unnecessary-regular-expression (RUF055) (#​14659)
Rule changes
  • Ignore more rules for stub files (#​14541)
  • [pep8-naming] Eliminate false positives for single-letter names (N811, N814) (#​14584)
  • [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#​14615)
  • [ruff] Detect redirected-noqa in file-level comments (RUF101) (#​14635)
  • [ruff] Mark fixes for unsorted-dunder-all and unsorted-dunder-slots as unsafe when there are complex comments in the sequence (RUF022, RUF023) (#​14560)
Bug fixes
  • Avoid fixing code to None | None for redundant-none-literal (PYI061) and never-union (RUF020) (#​14583, #​14589)
  • [flake8-bugbear] Fix mutable-contextvar-default to resolve annotated function calls properly (B039) (#​14532)
  • [flake8-pyi, ruff] Fix traversal of nested literals and unions (PYI016, PYI051, PYI055, PYI062, RUF041) (#​14641)
  • [flake8-pyi] Avoid rewriting invalid type expressions in unnecessary-type-union (PYI055) (#​14660)
  • [flake8-type-checking] Avoid syntax errors and type checking problem for quoted annotations autofix (TC003, TC006) (#​14634)
  • [pylint] Do not wrap function calls in parentheses in the fix for unnecessary-dunder-call (PLC2801) (#​14601)
  • [ruff] Handle attrs's auto_attribs correctly (RUF009) (#​14520)

v0.8.0

Compare Source

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

  • Default to Python 3.9

    Ruff now defaults to Python 3.9 instead of 3.8 if no explicit Python version is configured using ruff.target-version or project.requires-python (#​13896)

  • Changed location of pydoclint diagnostics

    pydoclint diagnostics now point to the first-line of the problematic docstring. Previously, this was not the case.

    If you've opted into these preview rules but have them suppressed using
    noqa comments in
    some places, this change may mean that you need to move the noqa suppression
    comments. Most users should be unaffected by this change.

  • Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the standalone installer

    Previously, Ruff's installer used $CARGO_HOME or ~/.cargo/bin for its target install directory. Now, Ruff will be installed into $XDG_BIN_HOME, $XDG_DATA_HOME/../bin, or ~/.local/bin (in that order).

    This change is only relevant to users of the standalone Ruff installer (using the shell or PowerShell script). If you installed Ruff using uv or pip, you should be unaffected.

  • Changes to the line width calculation

    Ruff now uses a new version of the unicode-width Rust crate to calculate the line width. In very rare cases, this may lead to lines containing Unicode characters being reformatted, or being considered too long when they were not before (E501).

Removed Rules

The following deprecated rules have been removed:

Remapped rules

The following rules have been remapped to new rule codes:

Stabilization

The following rules have been stabilized and are no longer in preview:

The following behaviors have been stabilized:

The following fixes have been stabilized:

Preview features
  • [flake8-datetimez] Exempt min.time() and max.time() (DTZ901) (#​14394)
  • [flake8-pie] Mark fix as unsafe if the following statement is a string literal (PIE790) (#​14393)
  • [flake8-pyi] New rule redundant-none-literal (PYI061) (#​14316)
  • [flake8-pyi] Add autofix for redundant-numeric-union (PYI041) (#​14273)
  • [ruff] New rule map-int-version-parsing (RUF048) (#​14373)
  • [ruff] New rule redundant-bool-literal (RUF038) (#​14319)
  • [ruff] New rule unraw-re-pattern (RUF039) (#​14446)
  • [pycodestyle] Exempt pytest.importorskip() calls (E402) (#​14474)
  • [pylint] Autofix suggests using sets when possible (PLR1714) (#​14372)
Rule changes
  • invalid-pyproject-toml (RUF200): Updated to reflect the provisionally accepted PEP 639.
  • [flake8-pyi] Avoid panic in unfixable case (PYI041) (#​14402)
  • [flake8-type-checking] Correctly handle quotes in subscript expression when generating an autofix (#​14371)
  • [pylint] Suggest correct autofix for __contains__ (PLC2801) (#​14424)
Configuration
  • Ruff now emits a warning instead of an error when a configuration ignores a rule that has been removed (#​14435)
  • Ruff now validates that lint.flake8-import-conventions.aliases only uses valid module names and aliases (#​14477)

v0.7.4

Compare Source

Preview features
  • [flake8-datetimez] Detect usages of datetime.max/datetime.min (DTZ901) (#​14288)
  • [flake8-logging] Implement root-logger-calls (LOG015) (#​14302)
  • [flake8-no-pep420] Detect empty implicit namespace packages (INP001) (#​14236)
  • [flake8-pyi] Add "replace with Self" fix (PYI019) (#​14238)
  • [perflint] Implement quick-fix for manual-list-comprehension (PERF401) (#​13919)
  • [pylint] Implement shallow-copy-environ (W1507) (#​14241)
  • [ruff] Implement none-not-at-end-of-union (RUF036) (#​14314)
  • [ruff] Implementation unsafe-markup-call from flake8-markupsafe plugin (RUF035) (#​14224)
  • [ruff] Report problems for attrs dataclasses (RUF008, RUF009) (#​14327)
Rule changes
  • [flake8-boolean-trap] Exclude dunder methods that define operators (FBT001) (#​14203)
  • [flake8-pyi] Add "replace with Self" fix (PYI034) (#​14217)
  • [flake8-pyi] Always autofix duplicate-union-members (PYI016) (#​14270)
  • [flake8-pyi] Improve autofix for nested and mixed type unions for unnecessary-type-union (PYI055) (#​14272)
  • [flake8-pyi] Mark fix as unsafe when type annotation contains comments for duplicate-literal-member (PYI062) (#​14268)
Server
  • Use the current working directory to resolve settings from ruff.configuration (#​14352)
Bug fixes
  • Avoid conflicts between PLC014 (useless-import-alias) and I002 (missing-required-import) by considering lint.isort.required-imports for PLC014 (#​14287)
  • [flake8-type-checking] Skip quoting annotation if it becomes invalid syntax (TCH001)
  • [flake8-pyi] Avoid using typing.Self in stub files pre-Python 3.11 (PYI034) (#​14230)
  • [flake8-pytest-style] Flag pytest.raises call with keyword argument expected_exception (PT011) (#​14298)
  • [flake8-simplify] Infer "unknown" truthiness for literal iterables whose items are all unpacks (SIM222) (#​14263)
  • [flake8-type-checking] Fix false positives for typing.Annotated (TCH001) (#​14311)
  • [pylint] Allow await at the top-level scope of a notebook (PLE1142) (#​14225)
  • [pylint] Fix miscellaneous issues in await-outside-async detection (PLE1142) (#​14218)
  • [pyupgrade] Avoid applying PEP 646 rewrites in invalid contexts (UP044) (#​14234)
  • [pyupgrade] Detect permutations in redundant open modes (UP015) (#​14255)
  • [refurb] Avoid triggering hardcoded-string-charset for reordered sets (FURB156) (#​14233)
  • [refurb] Further special cases added to verbose-decimal-constructor (FURB157) (#​14216)
  • [refurb] Use UserString instead of non-existent UserStr (FURB189) (#​14209)
  • [ruff] Avoid treating lowercase letters as # noqa codes (RUF100) (#​14229)
  • [ruff] Do not report when Optional has no type arguments (RUF013) (#​14181)
Documentation
  • Add "Notebook behavior" section for F704, PLE1142 (#​14266)
  • Document comment policy around fix safety (#​14300)

v0.7.3

Compare Source

Preview features
  • Formatter: Disallow single-line implicit concatenated strings (#​13928)
  • [flake8-pyi] Include all Python file types for PYI006 and PYI066 (#​14059)
  • [flake8-simplify] Implement split-of-static-string (SIM905) (#​14008)
  • [refurb] Implement subclass-builtin (FURB189) (#​14105)
  • [ruff] Improve diagnostic messages and docs (RUF031, RUF032, RUF034) (#​14068)
Rule changes
  • Detect items that hash to same value in duplicate sets (B033, PLC0208) (#​14064)
  • [eradicate] Better detection of IntelliJ language injection comments (ERA001) (#​14094)
  • [flake8-pyi] Add autofix for docstring-in-stub (PYI021) (#​14150)
  • [flake8-pyi] Update duplicate-literal-member (PYI062) to alawys provide an autofix (#​14188)
  • [pyflakes] Detect items that hash to same value in duplicate dictionaries (F601) (#​14065)
  • [ruff] Fix false positive for decorators (RUF028) (#​14061)
Bug fixes
  • Avoid parsing joint rule codes as distinct codes in # noqa (#​12809)
  • [eradicate] ignore # language= in commented-out-code rule (ERA001) (#​14069)
  • [flake8-bugbear] - do not run mutable-argument-default on stubs (B006) (#​14058)
  • [flake8-builtins] Skip lambda expressions in builtin-argument-shadowing (A002) (#​14144)
  • [flake8-comprehension] Also remove trailing comma while fixing C409 and C419 (#​14097)
  • [flake8-simplify] Allow open without context manager in return statement (SIM115) (#​14066)
  • [pylint] Respect hash-equivalent literals in iteration-over-set (PLC0208) (#​14063)
  • [pylint] Update known dunder methods for Python 3.13 (PLW3201) (#​14146)
  • [pyupgrade] - ignore kwarg unpacking for UP044 (#​14053)
  • [refurb] Parse more exotic decimal strings in verbose-decimal-constructor (FURB157) (#​14098)
Documentation
  • Add links to missing related options within rule documentations (#​13971)
  • Add rule short code to mkdocs tags to allow searching via rule codes (#​14040)

v0.7.2

Compare Source

Preview features
  • Fix formatting of single with-item with trailing comment (#​14005)
  • [pyupgrade] Add PEP 646 Unpack conversion to * with fix (UP044) (#​13988)
Rule changes
  • Regenerate known_stdlibs.rs with stdlibs 2024.10.25 (#​13963)
  • [flake8-no-pep420] Skip namespace package enforcement for PEP 723 scripts (INP001) (#​13974)
Server
  • Fix server panic when undoing an edit (#​14010)
Bug fixes
  • Fix issues in discovering ruff in pip build environments (#​13881)
  • [flake8-type-checking] Fix false positive for singledispatchmethod (TCH003) (#​13941)
  • [flake8-type-checking] Treat return type of singledispatch as runtime-required (TCH003) (#​13957)
Documentation
  • [flake8-simplify] Include caveats of enabling if-else-block-instead-of-if-exp (SIM108) (#​14019)

v0.7.1

Compare Source

Preview features
  • Fix E221 and E222 to flag missing or extra whitespace around == operator (#​13890)
  • Formatter: Alternate quotes for strings inside f-strings in preview (#​13860)
  • Formatter: Join implicit concatenated strings when they fit on a line (#​13663)
  • [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#​13731)
Rule changes
  • [flake8-type-checking] Support auto-quoting when annotations contain quotes (#​11811)
Server
  • Avoid indexing the workspace for single-file mode (#​13770)
Bug fixes
  • Make ARG002 compatible with EM101 when raising NotImplementedError (#​13714)
Other changes
  • Introduce more Docker tags for Ruff (similar to uv) (#​13274)

v0.7.0

Compare Source

Check out the blog post for a migration guide and overview of the changes!

Breaking changes
  • The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments
    (#​12838, #​13292).
    This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part.
    See the blog post for more details.
  • The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to
    TRY203 (#​13502). This ensures Ruff's code is consistent with
    the same rule in the tryceratops linter.
  • The lint.allow-unused-imports setting has been removed (#​13677). Use
    lint.pyflakes.allow-unused-imports
    instead.
Formatter preview style
  • Normalize implicit concatenated f-string quotes per part (#​13539)
Preview linter features
  • [refurb] implement hardcoded-string-charset (FURB156) (#​13530)
  • [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#​13631)
Rule changes
  • [pylint] Mark PLE1141 fix as unsafe (#​13629)
  • [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#​13639)
  • [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#​13656)
  • [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#​13640)
  • [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#​13704)
  • [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files
    being opened from a wider range of standard-library functions (#​12959).
CLI
  • Add explanation of fixable in --statistics command (#​13774)
Bug fixes
  • [pyflakes] Allow ipytest cell magic (F401) (#​13745)
  • [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#​13616)
  • [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#​13574)
  • [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#​13727)

Configuration

📅 Schedule: Branch creation - "before 3am on Saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from rparini as a code owner November 30, 2024 01:15
@renovate renovate bot force-pushed the renovate/static-analysis-dependencies branch 2 times, most recently from 6850f6c to 6f79b14 Compare December 4, 2024 17:56
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@renovate renovate bot force-pushed the renovate/static-analysis-dependencies branch 3 times, most recently from 652a306 to b0dba60 Compare December 7, 2024 08:16
@renovate renovate bot force-pushed the renovate/static-analysis-dependencies branch 2 times, most recently from aa588fc to 503161f Compare December 9, 2024 22:14
@renovate renovate bot force-pushed the renovate/static-analysis-dependencies branch from 503161f to 8291bdc Compare December 9, 2024 22:17
Copy link
Contributor Author

renovate bot commented Dec 9, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@rparini rparini merged commit cd478a9 into master Dec 9, 2024
14 checks passed
@rparini rparini deleted the renovate/static-analysis-dependencies branch December 9, 2024 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant