Commit 82871a1
authored
build(deps-dev): bump the minor group with 2 updates (#544)
Bumps the minor group with 2 updates:
[black](https://github.com/psf/black) and
[cookiecutter](https://github.com/cookiecutter/cookiecutter).
Updates `black` from 26.1.0 to 26.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>26.3.1</h2>
<h3>Stable style</h3>
<ul>
<li>Prevent Jupyter notebook magic masking collisions from corrupting
cells by using
exact-length placeholders for short magics and aborting if a placeholder
can no longer
be unmasked safely (<a
href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Always hash cache filename components derived from
<code>--python-cell-magics</code> so custom
magic names cannot affect cache paths (<a
href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Disable browser-originated requests by default, add configurable
origin allowlisting
and request body limits, and bound executor submissions to improve
backpressure
(<a
href="https://redirect.github.com/psf/black/issues/5039">#5039</a>)</li>
</ul>
<h2>26.3.0</h2>
<h3>Stable style</h3>
<ul>
<li>Don't double-decode input, causing non-UTF-8 files to be corrupted
(<a
href="https://redirect.github.com/psf/black/issues/4964">#4964</a>)</li>
<li>Fix crash on standalone comment in lambda default arguments (<a
href="https://redirect.github.com/psf/black/issues/4993">#4993</a>)</li>
<li>Preserve parentheses when <code># type: ignore</code> comments would
be merged with other
comments on the same line, preventing AST equivalence failures (<a
href="https://redirect.github.com/psf/black/issues/4888">#4888</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Fix bug where <code>if</code> guards in <code>case</code> blocks
were incorrectly split when the pattern had
a trailing comma (<a
href="https://redirect.github.com/psf/black/issues/4884">#4884</a>)</li>
<li>Fix <code>string_processing</code> crashing on unassigned long
string literals with trailing
commas (one-item tuples) (<a
href="https://redirect.github.com/psf/black/issues/4929">#4929</a>)</li>
<li>Simplify implementation of the power operator "hugging"
logic (<a
href="https://redirect.github.com/psf/black/issues/4918">#4918</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Fix shutdown errors in PyInstaller builds on macOS by disabling
multiprocessing in
frozen environments (<a
href="https://redirect.github.com/psf/black/issues/4930">#4930</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Introduce winloop for windows as an alternative to uvloop (<a
href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li>
<li>Remove deprecated function <code>uvloop.install()</code> in favor of
<code>uvloop.new_event_loop()</code>
(<a
href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li>
<li>Rename <code>maybe_install_uvloop</code> function to
<code>maybe_use_uvloop</code> to simplify loop
installation and creation of either a uvloop/winloop evenloop or default
eventloop
(<a
href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li>
</ul>
<h3>Output</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>26.3.1</h2>
<h3>Stable style</h3>
<ul>
<li>Prevent Jupyter notebook magic masking collisions from corrupting
cells by using
exact-length placeholders for short magics and aborting if a placeholder
can no longer
be unmasked safely (<a
href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li>
</ul>
<h3>Configuration</h3>
<ul>
<li>Always hash cache filename components derived from
<code>--python-cell-magics</code> so custom
magic names cannot affect cache paths (<a
href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Disable browser-originated requests by default, add configurable
origin allowlisting
and request body limits, and bound executor submissions to improve
backpressure
(<a
href="https://redirect.github.com/psf/black/issues/5039">#5039</a>)</li>
</ul>
<h2>26.3.0</h2>
<h3>Stable style</h3>
<ul>
<li>Don't double-decode input, causing non-UTF-8 files to be corrupted
(<a
href="https://redirect.github.com/psf/black/issues/4964">#4964</a>)</li>
<li>Fix crash on standalone comment in lambda default arguments (<a
href="https://redirect.github.com/psf/black/issues/4993">#4993</a>)</li>
<li>Preserve parentheses when <code># type: ignore</code> comments would
be merged with other
comments on the same line, preventing AST equivalence failures (<a
href="https://redirect.github.com/psf/black/issues/4888">#4888</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Fix bug where <code>if</code> guards in <code>case</code> blocks
were incorrectly split when the pattern had
a trailing comma (<a
href="https://redirect.github.com/psf/black/issues/4884">#4884</a>)</li>
<li>Fix <code>string_processing</code> crashing on unassigned long
string literals with trailing
commas (one-item tuples) (<a
href="https://redirect.github.com/psf/black/issues/4929">#4929</a>)</li>
<li>Simplify implementation of the power operator "hugging"
logic (<a
href="https://redirect.github.com/psf/black/issues/4918">#4918</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Fix shutdown errors in PyInstaller builds on macOS by disabling
multiprocessing in
frozen environments (<a
href="https://redirect.github.com/psf/black/issues/4930">#4930</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Introduce winloop for windows as an alternative to uvloop (<a
href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li>
<li>Remove deprecated function <code>uvloop.install()</code> in favor of
<code>uvloop.new_event_loop()</code>
(<a
href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li>
<li>Rename <code>maybe_install_uvloop</code> function to
<code>maybe_use_uvloop</code> to simplify loop
installation and creation of either a uvloop/winloop evenloop or default
eventloop
(<a
href="https://redirect.github.com/psf/black/issues/4996">#4996</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9"><code>c6755bb</code></a>
Prepare release 26.3.1 (<a
href="https://redirect.github.com/psf/black/issues/5046">#5046</a>)</li>
<li><a
href="https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0"><code>69973fd</code></a>
Harden blackd browser-facing request handling (<a
href="https://redirect.github.com/psf/black/issues/5039">#5039</a>)</li>
<li><a
href="https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d"><code>4937fe6</code></a>
Fix some shenanigans with the cache file and IPython (<a
href="https://redirect.github.com/psf/black/issues/5038">#5038</a>)</li>
<li><a
href="https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f"><code>2e641d1</code></a>
docs: remove outdated Black Playground references (<a
href="https://redirect.github.com/psf/black/issues/5044">#5044</a>)</li>
<li><a
href="https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88"><code>c014b22</code></a>
Remove unused internal code (<a
href="https://redirect.github.com/psf/black/issues/5041">#5041</a>)</li>
<li><a
href="https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9"><code>0dae20b</code></a>
Add new changelog (<a
href="https://redirect.github.com/psf/black/issues/5036">#5036</a>)</li>
<li><a
href="https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030"><code>c5c1cbd</code></a>
Minor release patches (<a
href="https://redirect.github.com/psf/black/issues/5035">#5035</a>)</li>
<li><a
href="https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4"><code>7e5a828</code></a>
docs: clarify relationship between Black style and PEP 8 (<a
href="https://redirect.github.com/psf/black/issues/5025">#5025</a>)</li>
<li><a
href="https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77"><code>69705de</code></a>
docs: add clearer pyproject configuration guidance (<a
href="https://redirect.github.com/psf/black/issues/5026">#5026</a>)</li>
<li><a
href="https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76"><code>35ea679</code></a>
Prepare release 26.3.0 (<a
href="https://redirect.github.com/psf/black/issues/5032">#5032</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/26.1.0...26.3.1">compare
view</a></li>
</ul>
</details>
<br />
Updates `cookiecutter` from 2.6.0 to 2.7.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cookiecutter/cookiecutter/releases">cookiecutter's
releases</a>.</em></p>
<blockquote>
<h2>Cookiecutter 2.7.1: The One Where It Knows Its Own Name</h2>
<p>You know that thing where you release an album, it's on the shelves,
people are buying it, and then someone points out the spine says it's
your previous album? That's what happened with Cookiecutter 2.7.0. We
put out the long-awaited release with 27 improvements and 17
contributors, and <code>cookiecutter -V</code> proudly announced:
<strong>2.6.0</strong>.</p>
<pre><code>$ cookiecutter -V
Cookiecutter 2.6.0
<p>$ # narrator voice: it was not 2.6.0<br />
</code></pre></p>
<p>Go on, run this and see for yourself that the 2.7.1 release knows its
own version number now:</p>
<pre lang="bash"><code>uv tool upgrade cookiecutter
</code></pre>
<h3>What's fixed</h3>
<p><strong><code>cookiecutter -V</code> now reports the real
version.</strong> Rather than patch <code>VERSION.txt</code>, this
release removes it entirely. The version is now read from package
metadata at runtime, so <code>pyproject.toml</code> is the single source
of truth and there's nothing left to drift. Thanks <a
href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> for the
bug report PR and for suggesting the <code>importlib.metadata</code>
approach, and thanks <a
href="https://github.com/tranzystorekk"><code>@tranzystorekk</code></a>
for filing <a
href="https://redirect.github.com/cookiecutter/cookiecutter/issues/2195">#2195</a>!</p>
<h3>What's better</h3>
<p><strong>CI runs each Python version as its own job.</strong> Tests
for 3.10 through 3.14 used to run sequentially inside a single job per
OS, which pushed Windows past 30 minutes. Each version now runs in
parallel with a 15-minute timeout. Windows tests focus on the boundary
versions (3.10 and 3.14) since intermediate versions add little signal
beyond Ubuntu and macOS.</p>
<h3>Contributors</h3>
<p><a href="https://audrey.feldroy.com"><code>@audreyfeldroy</code></a>
(Audrey M. Roy Greenfeld) and <a
href="https://daniel.feldroy.com"><code>@pydanny</code></a> (Daniel Roy
Greenfeld) built this release, with help from Claude roleplaying as
David Bowie.</p>
<p>Thanks to <a
href="https://github.com/bollwyvl"><code>@bollwyvl</code></a> (Nicholas
Bollweg) for the version fix PR and the <code>importlib.metadata</code>
suggestion, and <a
href="https://github.com/tranzystorekk"><code>@tranzystorekk</code></a>
for reporting the version mismatch.</p>
<h2>2.7.0</h2>
<p>Cookiecutter 2.7.0 is tested on Python 3.10 through 3.14, ships with
a security policy documenting the trust model for template hook scripts,
and publishes to PyPI with cryptographic provenance so you can verify
every release. Seventeen contributors from the community helped build
it.</p>
<pre lang="bash"><code>uv tool upgrade cookiecutter
</code></pre>
<h3>What's new</h3>
<p><strong>A security policy that explains what you're
trusting.</strong> Cookiecutter templates can run arbitrary code through
hook scripts, and that's by design. The new <a
href="https://github.com/cookiecutter/cookiecutter/blob/main/SECURITY.md">SECURITY.md</a>
lays out the trust model: what Cookiecutter sandboxes (nothing), what's
in scope for vulnerability reports, and how to report them privately
through GitHub. If you maintain templates or run unfamiliar ones, this
is worth reading.</p>
<p><strong>Python 3.10 through 3.14.</strong> Full test coverage across
five Python versions. If you're on 3.7, 3.8, or 3.9, this is the release
where you'll want to upgrade.</p>
<p><strong>Pretty-printed JSON in templates.</strong> The
<code>jsonify</code> Jinja2 extension takes an <code>indent</code>
argument, so you can generate formatted JSON in your templates instead
of single-line blobs. Thanks <a
href="https://github.com/pabloxio"><code>@pabloxio</code></a>! (<a
href="https://redirect.github.com/cookiecutter/cookiecutter/pull/2050">#2050</a>)</p>
<p><strong>Boolean variables from the command line.</strong> Pass
<code>use_docker=y</code> via <code>--no-input</code> and it arrives as
a proper boolean in your template context. Thanks <a
href="https://github.com/tylermilner"><code>@tylermilner</code></a>!
(<a
href="https://redirect.github.com/cookiecutter/cookiecutter/pull/2029">#2029</a>)</p>
<p><strong>Structured bug reports.</strong> The GitHub issue form
collects environment details upfront, so maintainers can reproduce your
issue faster.</p>
<p><strong>Tutorial videos and slides.</strong> Conference talk
recordings and slide decks linked from the docs. Thanks <a
href="https://github.com/datasharp"><code>@datasharp</code></a>! (<a
href="https://redirect.github.com/cookiecutter/cookiecutter/pull/2137">#2137</a>)</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/083dd3c6104124221e2cbc3e13e0929795861ed5"><code>083dd3c</code></a>
Release 2.7.1</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/59e7eb18e19556764966eff72ba73e115763f140"><code>59e7eb1</code></a>
Ground the runtime version in package metadata instead of a
hand-maintained file</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/730d2eb8dde2f7bad61241de0e2b27b5e8c10db6"><code>730d2eb</code></a>
Run each Python version as its own CI job instead of sequentially</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/db674d8b2028f774a05c51a224e743d985651435"><code>db674d8</code></a>
Reflect that PyPI publishing runs automatically on tag push</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/718f6851a00f71cdbd2f882da97b7cc20ecba9cb"><code>718f685</code></a>
Release 2.7.0</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/14da0904d5422a456fd28e069081eea978750f0b"><code>14da090</code></a>
Let contributors focus on what interests them, not a milestone plan</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/a4a7e995f4302cac3c8b60dec4f0d5ea96191d44"><code>a4a7e99</code></a>
Give release managers a safe, documented path from version bump to
PyPI</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/cf3bd2ff4f7329a58e429de088cba2b637e3dfb8"><code>cf3bd2f</code></a>
Drop the Release Drafter integration</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/0ff1fa8a2c25659abde1d37cb10250afe8135700"><code>0ff1fa8</code></a>
Tell template creators what Cookiecutter actually gives them</li>
<li><a
href="https://github.com/cookiecutter/cookiecutter/commit/154d94673ec4e2eb87a1f1a9a53fc6cb8eafb154"><code>154d946</code></a>
Modernize the README around uv and a leaner project page</li>
<li>Additional commits viewable in <a
href="https://github.com/cookiecutter/cookiecutter/compare/2.6.0...v2.7.1">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>1 file changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
75 | 75 | | |
76 | 76 | | |
77 | 77 | | |
78 | | - | |
| 78 | + | |
79 | 79 | | |
80 | | - | |
| 80 | + | |
81 | 81 | | |
82 | 82 | | |
83 | 83 | | |
| |||
107 | 107 | | |
108 | 108 | | |
109 | 109 | | |
110 | | - | |
| 110 | + | |
111 | 111 | | |
112 | 112 | | |
113 | 113 | | |
| |||
0 commit comments