Skip to content

Commit 82871a1

Browse files
authored
build(deps-dev): bump the minor group with 2 updates (#544)
Bumps the minor group with 2 updates: [black](https://github.com/psf/black) and [cookiecutter](https://github.com/cookiecutter/cookiecutter). Updates `black` from 26.1.0 to 26.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/black/releases">black's releases</a>.</em></p> <blockquote> <h2>26.3.1</h2> <h3>Stable style</h3> <ul> <li>Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (<a href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li> </ul> <h3>Configuration</h3> <ul> <li>Always hash cache filename components derived from <code>--python-cell-magics</code> so custom magic names cannot affect cache paths (<a href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li> </ul> <h3><em>Blackd</em></h3> <ul> <li>Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (<a href="https://redirect.github.com/psf/black/issues/5039">#5039</a>)</li> </ul> <h2>26.3.0</h2> <h3>Stable style</h3> <ul> <li>Don't double-decode input, causing non-UTF-8 files to be corrupted (<a href="https://redirect.github.com/psf/black/issues/4964">#4964</a>)</li> <li>Fix crash on standalone comment in lambda default arguments (<a href="https://redirect.github.com/psf/black/issues/4993">#4993</a>)</li> <li>Preserve parentheses when <code># type: ignore</code> comments would be merged with other comments on the same line, preventing AST equivalence failures (<a href="https://redirect.github.com/psf/black/issues/4888">#4888</a>)</li> </ul> <h3>Preview style</h3> <ul> <li>Fix bug where <code>if</code> guards in <code>case</code> blocks were incorrectly split when the pattern had a trailing comma (<a href="https://redirect.github.com/psf/black/issues/4884">#4884</a>)</li> <li>Fix <code>string_processing</code> crashing on unassigned long string literals with trailing commas (one-item tuples) (<a href="https://redirect.github.com/psf/black/issues/4929">#4929</a>)</li> <li>Simplify implementation of the power operator &quot;hugging&quot; logic (<a href="https://redirect.github.com/psf/black/issues/4918">#4918</a>)</li> </ul> <h3>Packaging</h3> <ul> <li>Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (<a href="https://redirect.github.com/psf/black/issues/4930">#4930</a>)</li> </ul> <h3>Performance</h3> <ul> <li>Introduce winloop for windows as an alternative to uvloop (<a href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li> <li>Remove deprecated function <code>uvloop.install()</code> in favor of <code>uvloop.new_event_loop()</code> (<a href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li> <li>Rename <code>maybe_install_uvloop</code> function to <code>maybe_use_uvloop</code> to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (<a href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li> </ul> <h3>Output</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/black/blob/main/CHANGES.md">black's changelog</a>.</em></p> <blockquote> <h2>26.3.1</h2> <h3>Stable style</h3> <ul> <li>Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (<a href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li> </ul> <h3>Configuration</h3> <ul> <li>Always hash cache filename components derived from <code>--python-cell-magics</code> so custom magic names cannot affect cache paths (<a href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li> </ul> <h3><em>Blackd</em></h3> <ul> <li>Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (<a href="https://redirect.github.com/psf/black/issues/5039">#5039</a>)</li> </ul> <h2>26.3.0</h2> <h3>Stable style</h3> <ul> <li>Don't double-decode input, causing non-UTF-8 files to be corrupted (<a href="https://redirect.github.com/psf/black/issues/4964">#4964</a>)</li> <li>Fix crash on standalone comment in lambda default arguments (<a href="https://redirect.github.com/psf/black/issues/4993">#4993</a>)</li> <li>Preserve parentheses when <code># type: ignore</code> comments would be merged with other comments on the same line, preventing AST equivalence failures (<a href="https://redirect.github.com/psf/black/issues/4888">#4888</a>)</li> </ul> <h3>Preview style</h3> <ul> <li>Fix bug where <code>if</code> guards in <code>case</code> blocks were incorrectly split when the pattern had a trailing comma (<a href="https://redirect.github.com/psf/black/issues/4884">#4884</a>)</li> <li>Fix <code>string_processing</code> crashing on unassigned long string literals with trailing commas (one-item tuples) (<a href="https://redirect.github.com/psf/black/issues/4929">#4929</a>)</li> <li>Simplify implementation of the power operator &quot;hugging&quot; logic (<a href="https://redirect.github.com/psf/black/issues/4918">#4918</a>)</li> </ul> <h3>Packaging</h3> <ul> <li>Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (<a href="https://redirect.github.com/psf/black/issues/4930">#4930</a>)</li> </ul> <h3>Performance</h3> <ul> <li>Introduce winloop for windows as an alternative to uvloop (<a href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li> <li>Remove deprecated function <code>uvloop.install()</code> in favor of <code>uvloop.new_event_loop()</code> (<a href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li> <li>Rename <code>maybe_install_uvloop</code> function to <code>maybe_use_uvloop</code> to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (<a href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9"><code>c6755bb</code></a> Prepare release 26.3.1 (<a href="https://redirect.github.com/psf/black/issues/5046">#5046</a>)</li> <li><a href="https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0"><code>69973fd</code></a> Harden blackd browser-facing request handling (<a href="https://redirect.github.com/psf/black/issues/5039">#5039</a>)</li> <li><a href="https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d"><code>4937fe6</code></a> Fix some shenanigans with the cache file and IPython (<a href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li> <li><a href="https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f"><code>2e641d1</code></a> docs: remove outdated Black Playground references (<a href="https://redirect.github.com/psf/black/issues/5044">#5044</a>)</li> <li><a href="https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88"><code>c014b22</code></a> Remove unused internal code (<a href="https://redirect.github.com/psf/black/issues/5041">#5041</a>)</li> <li><a href="https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9"><code>0dae20b</code></a> Add new changelog (<a href="https://redirect.github.com/psf/black/issues/5036">#5036</a>)</li> <li><a href="https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030"><code>c5c1cbd</code></a> Minor release patches (<a href="https://redirect.github.com/psf/black/issues/5035">#5035</a>)</li> <li><a href="https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4"><code>7e5a828</code></a> docs: clarify relationship between Black style and PEP 8 (<a href="https://redirect.github.com/psf/black/issues/5025">#5025</a>)</li> <li><a href="https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77"><code>69705de</code></a> docs: add clearer pyproject configuration guidance (<a href="https://redirect.github.com/psf/black/issues/5026">#5026</a>)</li> <li><a href="https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76"><code>35ea679</code></a> Prepare release 26.3.0 (<a href="https://redirect.github.com/psf/black/issues/5032">#5032</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/black/compare/26.1.0...26.3.1">compare view</a></li> </ul> </details> <br /> Updates `cookiecutter` from 2.6.0 to 2.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cookiecutter/cookiecutter/releases">cookiecutter's releases</a>.</em></p> <blockquote> <h2>Cookiecutter 2.7.1: The One Where It Knows Its Own Name</h2> <p>You know that thing where you release an album, it's on the shelves, people are buying it, and then someone points out the spine says it's your previous album? That's what happened with Cookiecutter 2.7.0. We put out the long-awaited release with 27 improvements and 17 contributors, and <code>cookiecutter -V</code> proudly announced: <strong>2.6.0</strong>.</p> <pre><code>$ cookiecutter -V Cookiecutter 2.6.0 <p>$ # narrator voice: it was not 2.6.0<br /> </code></pre></p> <p>Go on, run this and see for yourself that the 2.7.1 release knows its own version number now:</p> <pre lang="bash"><code>uv tool upgrade cookiecutter </code></pre> <h3>What's fixed</h3> <p><strong><code>cookiecutter -V</code> now reports the real version.</strong> Rather than patch <code>VERSION.txt</code>, this release removes it entirely. The version is now read from package metadata at runtime, so <code>pyproject.toml</code> is the single source of truth and there's nothing left to drift. Thanks <a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> for the bug report PR and for suggesting the <code>importlib.metadata</code> approach, and thanks <a href="https://github.com/tranzystorekk"><code>@​tranzystorekk</code></a> for filing <a href="https://redirect.github.com/cookiecutter/cookiecutter/issues/2195">#2195</a>!</p> <h3>What's better</h3> <p><strong>CI runs each Python version as its own job.</strong> Tests for 3.10 through 3.14 used to run sequentially inside a single job per OS, which pushed Windows past 30 minutes. Each version now runs in parallel with a 15-minute timeout. Windows tests focus on the boundary versions (3.10 and 3.14) since intermediate versions add little signal beyond Ubuntu and macOS.</p> <h3>Contributors</h3> <p><a href="https://audrey.feldroy.com"><code>@​audreyfeldroy</code></a> (Audrey M. Roy Greenfeld) and <a href="https://daniel.feldroy.com"><code>@​pydanny</code></a> (Daniel Roy Greenfeld) built this release, with help from Claude roleplaying as David Bowie.</p> <p>Thanks to <a href="https://github.com/bollwyvl"><code>@​bollwyvl</code></a> (Nicholas Bollweg) for the version fix PR and the <code>importlib.metadata</code> suggestion, and <a href="https://github.com/tranzystorekk"><code>@​tranzystorekk</code></a> for reporting the version mismatch.</p> <h2>2.7.0</h2> <p>Cookiecutter 2.7.0 is tested on Python 3.10 through 3.14, ships with a security policy documenting the trust model for template hook scripts, and publishes to PyPI with cryptographic provenance so you can verify every release. Seventeen contributors from the community helped build it.</p> <pre lang="bash"><code>uv tool upgrade cookiecutter </code></pre> <h3>What's new</h3> <p><strong>A security policy that explains what you're trusting.</strong> Cookiecutter templates can run arbitrary code through hook scripts, and that's by design. The new <a href="https://github.com/cookiecutter/cookiecutter/blob/main/SECURITY.md">SECURITY.md</a> lays out the trust model: what Cookiecutter sandboxes (nothing), what's in scope for vulnerability reports, and how to report them privately through GitHub. If you maintain templates or run unfamiliar ones, this is worth reading.</p> <p><strong>Python 3.10 through 3.14.</strong> Full test coverage across five Python versions. If you're on 3.7, 3.8, or 3.9, this is the release where you'll want to upgrade.</p> <p><strong>Pretty-printed JSON in templates.</strong> The <code>jsonify</code> Jinja2 extension takes an <code>indent</code> argument, so you can generate formatted JSON in your templates instead of single-line blobs. Thanks <a href="https://github.com/pabloxio"><code>@​pabloxio</code></a>! (<a href="https://redirect.github.com/cookiecutter/cookiecutter/pull/2050">#2050</a>)</p> <p><strong>Boolean variables from the command line.</strong> Pass <code>use_docker=y</code> via <code>--no-input</code> and it arrives as a proper boolean in your template context. Thanks <a href="https://github.com/tylermilner"><code>@​tylermilner</code></a>! (<a href="https://redirect.github.com/cookiecutter/cookiecutter/pull/2029">#2029</a>)</p> <p><strong>Structured bug reports.</strong> The GitHub issue form collects environment details upfront, so maintainers can reproduce your issue faster.</p> <p><strong>Tutorial videos and slides.</strong> Conference talk recordings and slide decks linked from the docs. Thanks <a href="https://github.com/datasharp"><code>@​datasharp</code></a>! (<a href="https://redirect.github.com/cookiecutter/cookiecutter/pull/2137">#2137</a>)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/083dd3c6104124221e2cbc3e13e0929795861ed5"><code>083dd3c</code></a> Release 2.7.1</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/59e7eb18e19556764966eff72ba73e115763f140"><code>59e7eb1</code></a> Ground the runtime version in package metadata instead of a hand-maintained file</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/730d2eb8dde2f7bad61241de0e2b27b5e8c10db6"><code>730d2eb</code></a> Run each Python version as its own CI job instead of sequentially</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/db674d8b2028f774a05c51a224e743d985651435"><code>db674d8</code></a> Reflect that PyPI publishing runs automatically on tag push</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/718f6851a00f71cdbd2f882da97b7cc20ecba9cb"><code>718f685</code></a> Release 2.7.0</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/14da0904d5422a456fd28e069081eea978750f0b"><code>14da090</code></a> Let contributors focus on what interests them, not a milestone plan</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/a4a7e995f4302cac3c8b60dec4f0d5ea96191d44"><code>a4a7e99</code></a> Give release managers a safe, documented path from version bump to PyPI</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/cf3bd2ff4f7329a58e429de088cba2b637e3dfb8"><code>cf3bd2f</code></a> Drop the Release Drafter integration</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/0ff1fa8a2c25659abde1d37cb10250afe8135700"><code>0ff1fa8</code></a> Tell template creators what Cookiecutter actually gives them</li> <li><a href="https://github.com/cookiecutter/cookiecutter/commit/154d94673ec4e2eb87a1f1a9a53fc6cb8eafb154"><code>154d946</code></a> Modernize the README around uv and a leaner project page</li> <li>Additional commits viewable in <a href="https://github.com/cookiecutter/cookiecutter/compare/2.6.0...v2.7.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
2 parents 98fd284 + f1e43f1 commit 82871a1

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

pyproject.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,9 @@ dev-flake8 = [
7575
"pydoclint == 0.8.3",
7676
"pydocstyle == 6.3.0",
7777
]
78-
dev-formatting = ["black == 26.1.0", "isort == 8.0.1"]
78+
dev-formatting = ["black == 26.3.1", "isort == 8.0.1"]
7979
dev-mkdocs = [
80-
"black == 26.1.0",
80+
"black == 26.3.1",
8181
"Markdown == 3.10.2",
8282
"mike == 2.1.4",
8383
"mkdocs-gen-files == 0.6.1",
@@ -107,7 +107,7 @@ dev-pylint = [
107107
dev-pytest = [
108108
"pytest == 9.0.2",
109109
"pylint == 4.0.5", # We need this to check for the examples
110-
"cookiecutter == 2.6.0", # For checking the cookiecutter scripts
110+
"cookiecutter == 2.7.1", # For checking the cookiecutter scripts
111111
"jinja2 == 3.1.6", # For checking the cookiecutter scripts
112112
"sybil >= 6.1.1, < 10", # Should be consistent with the extra-lint-examples dependency
113113
# This is a hack to overcome an outdated version check in requests, see

0 commit comments

Comments
 (0)