diff --git a/.github/codeql/codeql-config.yaml b/.github/codeql/codeql-config.yaml index ac9f5f2b..e574984f 100644 --- a/.github/codeql/codeql-config.yaml +++ b/.github/codeql/codeql-config.yaml @@ -1,3 +1,4 @@ name: CodeQL configuration paths: - src/package +- .github/workflows diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 39bbbaae..fe52fc30 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -55,18 +55,18 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ matrix.python }} @@ -134,7 +134,7 @@ jobs: # Currently reusable workflows do not support setting strategy property from the caller workflow. - name: Upload the package artifact for debugging and release if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: artifact-${{ matrix.os }}-python-${{ matrix.python }} path: dist diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml index 19a68c08..b35323d3 100644 --- a/.github/workflows/_generate-rebase.yaml +++ b/.github/workflows/_generate-rebase.yaml @@ -34,12 +34,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/_wiki-documentation.yaml b/.github/workflows/_wiki-documentation.yaml index af588a88..87e399dd 100644 --- a/.github/workflows/_wiki-documentation.yaml +++ b/.github/workflows/_wiki-documentation.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true @@ -49,7 +49,7 @@ jobs: # Check out the repository's Wiki repo into the wiki/ folder. The token is required # only for private repositories. - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: token: ${{ secrets.REPO_ACCESS_TOKEN }} repository: ${{ format('{0}.wiki', github.repository) }} @@ -57,7 +57,7 @@ jobs: # Download the build artifacts attached to this workflow run. - name: Download artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ inputs.artifact-name }} path: dist diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 36a31dcf..826ef9e1 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -11,9 +11,6 @@ on: branches: - release - main - # Avoid unnecessary scans of pull requests. - paths: - - '**/*.py' schedule: - cron: 20 15 * * 3 permissions: @@ -30,23 +27,22 @@ jobs: strategy: fail-fast: false matrix: - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support - language: [python] + language: [python, actions] python: ['3.13'] steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Python ${{ matrix.python }} - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ matrix.python }} @@ -58,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 with: languages: ${{ matrix.language }} config-file: .github/codeql/codeql-config.yaml @@ -71,4 +67,4 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 diff --git a/.github/workflows/pr-change-set.yaml b/.github/workflows/pr-change-set.yaml index 8c09ad72..56f8a789 100644 --- a/.github/workflows/pr-change-set.yaml +++ b/.github/workflows/pr-change-set.yaml @@ -14,6 +14,12 @@ on: permissions: contents: read +# Cancel existing running workflows for a PR when a new change is pushed +# to that PR. See also: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#concurrency +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: build: uses: ./.github/workflows/_build.yaml diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml index 811bc182..f43cfe0a 100644 --- a/.github/workflows/pr-conventional-commits.yaml +++ b/.github/workflows/pr-conventional-commits.yaml @@ -22,12 +22,12 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.13' @@ -36,7 +36,7 @@ jobs: - name: Set up Commitizen run: | pip install --upgrade pip wheel - pip install 'commitizen ==4.5.0' + pip install 'commitizen ==4.9.1' # Run Commitizen to check the title of the PR which triggered this workflow, and check # all commit messages of the PR's branch. If any of the checks fails then this job fails. diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0d4a1dbe..d2e8295d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,7 +12,7 @@ permissions: jobs: check: - if: ${{ !startsWith(github.event.commits[0].message, 'bump:') }} + if: ${{ !startsWith(github.event.head_commit.message, 'bump:') }} uses: ./.github/workflows/_build.yaml permissions: contents: read @@ -30,26 +30,26 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 token: ${{ secrets.REPO_ACCESS_TOKEN }} - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.13' - name: Set up Commitizen run: | pip install --upgrade pip wheel - pip install 'commitizen ==4.5.0' + pip install 'commitizen ==4.9.1' - name: Set up user run: | @@ -77,7 +77,7 @@ jobs: # When triggered by the version bump commit, build the package and publish the release artifacts. build: - if: github.ref == 'refs/heads/release' && startsWith(github.event.commits[0].message, 'bump:') + if: github.ref == 'refs/heads/release' && startsWith(github.event.head_commit.message, 'bump:') uses: ./.github/workflows/_build.yaml permissions: contents: read @@ -98,18 +98,18 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Download artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: artifact-ubuntu-latest-python-3.13 path: dist @@ -126,14 +126,14 @@ jobs: # Create the Release Notes using commitizen. - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.13' - name: Set up Commitizen run: | pip install --upgrade pip wheel - pip install 'commitizen ==4.5.0' + pip install 'commitizen ==4.9.1' - name: Create Release Notes run: cz changelog --dry-run "$(cz version --project)" > RELEASE_NOTES.md @@ -177,7 +177,7 @@ jobs: # https://github.com/slsa-framework/slsa-github-generator/issues/942 provenance: needs: [build, release] - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 with: base64-subjects: ${{ needs.build.outputs.artifacts-sha256 }} compile-generator: false # Do not build the provenance generator from source anymore. @@ -199,18 +199,18 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Download provenance - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ needs.provenance.outputs.provenance-name }} diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index 767cf52c..13f9e50a 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -26,18 +26,18 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif @@ -52,13 +52,13 @@ jobs: # Upload the results as artifacts (optional). - name: Upload artifact - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-with-upstream.yaml b/.github/workflows/sync-with-upstream.yaml index 8b29d998..cfb5f152 100644 --- a/.github/workflows/sync-with-upstream.yaml +++ b/.github/workflows/sync-with-upstream.yaml @@ -21,7 +21,7 @@ jobs: steps: - name: Check out template repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # If you decide to change the upstream template repository to a private one, uncomment # the following argument to pass the required token to be able to check it out. @@ -31,7 +31,7 @@ jobs: path: template - name: Check out current repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: token: ${{ secrets.REPO_ACCESS_TOKEN }} fetch-depth: 0 diff --git a/.gitignore b/.gitignore index fe324aff..89f1b2d5 100644 --- a/.gitignore +++ b/.gitignore @@ -132,3 +132,9 @@ dmypy.json # Pyre type checker .pyre/ + +# macOS cruft +.DS_Store + +# vim swap files +.*.swp diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 399991af..8bb0182d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,7 +15,7 @@ repos: # Commitizen enforces semantic and conventional commit messages. - repo: https://github.com/commitizen-tools/commitizen - rev: v4.5.0 + rev: v4.9.1 hooks: - id: commitizen name: Check conventional commit message @@ -23,7 +23,7 @@ repos: # Sort imports. - repo: https://github.com/pycqa/isort - rev: 5.13.2 + rev: 6.0.1 hooks: - id: isort name: Sort import statements @@ -32,22 +32,22 @@ repos: # Add Black code formatters. - repo: https://github.com/ambv/black - rev: 24.10.0 + rev: 25.9.0 hooks: - id: black name: Format code args: [--config, pyproject.toml] - repo: https://github.com/asottile/blacken-docs - rev: 1.19.1 + rev: 1.20.0 hooks: - id: blacken-docs name: Format code in docstrings args: [--line-length, '120'] - additional_dependencies: [black==24.10.0] + additional_dependencies: [black==25.9.0] # Upgrade and rewrite Python idioms. - repo: https://github.com/asottile/pyupgrade - rev: v3.19.0 + rev: v3.20.0 hooks: - id: pyupgrade name: Upgrade code idioms @@ -57,13 +57,13 @@ repos: # Similar to pylint, with a few more/different checks. For more available # extensions: https://github.com/DmytroLitvinov/awesome-flake8-extensions - repo: https://github.com/pycqa/flake8 - rev: 7.1.1 + rev: 7.3.0 hooks: - id: flake8 name: Check flake8 issues files: ^src/package/|^tests/ types: [text, python] - additional_dependencies: [flake8-bugbear==24.10.31, flake8-builtins==2.5.0, flake8-comprehensions==3.16.0, flake8-docstrings==1.7.0, flake8-logging==1.7.0, flake8-mutable==1.2.0, flake8-noqa==1.4.0, flake8-print==5.0.0, flake8-pyi==24.9.0, flake8-pytest-style==2.0.0, flake8-rst-docstrings==0.3.0, pep8-naming==0.14.1] + additional_dependencies: [flake8-bugbear==24.12.12, flake8-builtins==3.0.0, flake8-comprehensions==3.17.0, flake8-docstrings==1.7.0, flake8-logging==1.8.0, flake8-mutable==1.2.0, flake8-noqa==1.4.0, flake8-print==5.0.0, flake8-pyi==25.5.0, flake8-pytest-style==2.1.0, flake8-rst-docstrings==0.3.1, pep8-naming==0.15.1] args: [--config, .flake8] # Run Pylint from the local repo to make sure venv packages @@ -91,7 +91,7 @@ repos: # Check for potential security issues. - repo: https://github.com/PyCQA/bandit - rev: 1.7.10 + rev: 1.8.6 hooks: - id: bandit name: Check for security issues @@ -103,7 +103,7 @@ repos: # Enable a whole bunch of useful helper hooks, too. # See https://pre-commit.com/hooks.html for more hooks. - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: check-ast - id: check-case-conflict @@ -144,7 +144,7 @@ repos: # Check and prettify the configuration files. - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks - rev: v2.14.0 + rev: v2.15.0 hooks: - id: pretty-format-ini args: [--autofix] @@ -156,16 +156,18 @@ repos: # Check GitHub Actions workflow files. - repo: https://github.com/Mateusz-Grzelinski/actionlint-py - rev: v1.7.4.18 + rev: v1.7.7.24 hooks: - id: actionlint -# On push to the remote, run the unit tests. +# On push to the remote, run the unit tests. Note that the `COVERAGE_CORE` variable is +# required for Python 3.12+ to make sure Coverage uses the new Python monitoring module. +# See also: https://blog.trailofbits.com/2025/05/01/making-pypis-test-suite-81-faster/#optimizing-coverage-with-python-312s-sysmonitoring - repo: local hooks: - id: pytest name: Run unit tests - entry: pytest -c pyproject.toml --cov-config pyproject.toml src/package/ tests/ docs/ + entry: env COVERAGE_CORE=sysmon pytest -c pyproject.toml --cov-config pyproject.toml src/package/ tests/ docs/ language: python verbose: true always_run: true diff --git a/Makefile b/Makefile index 061534ff..b5a71800 100644 --- a/Makefile +++ b/Makefile @@ -176,9 +176,9 @@ test: # set to the build date/epoch. For more details, see: https://flit.pypa.io/en/latest/reproducible.html .PHONY: dist dist: dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-md.zip dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-build-epoch.txt -dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl: check test +dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-py3-none-any.whl: check test dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-build-epoch.txt SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) flit build --setup-py --format wheel -dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz: check test +dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz: check test dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-build-epoch.txt SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) flit build --setup-py --format sdist dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip: docs-html python -m zipfile -c dist/$(PACKAGE_NAME)-$(PACKAGE_VERSION)-docs-html.zip docs/_build/html/ diff --git a/pyproject.toml b/pyproject.toml index e88532f9..fb33d0f7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -41,12 +41,12 @@ something = "package.__main__:main" # We keep them listed here to ensure the infrastructure BOM is consistent with what's # installed. Make sure to keep the requirements in sync with the workflows! actions = [ - "commitizen ==4.5.0", - "twine ==6.1.0", + "commitizen ==4.9.1", + "twine ==6.2.0", ] dev = [ "flit >=3.2.0,<4.0.0", - "mypy >=1.0.0,<1.15", + "mypy >=1.0.0,<1.19", "pip-audit >=2.4.4,<3.0.0", "pylint >=3.0.0,<3.4.0", "perflint >=0.8.0,<1.0.0", @@ -57,17 +57,18 @@ docs = [ "sphinx-markdown-builder >=0.6.4,<1.0.0", ] hooks = [ - "pre-commit >=3.0.0,<4.1.0", + "pre-commit >=3.0.0,<4.4.0", ] # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained. test = [ - "faker ==37.1.0", - "hypothesis >=6.21.0,<6.130.9", + "coverage ==7.6.12; python_version<'3.14'", # https://github.com/pypi/warehouse/pull/17872#issuecomment-2845932281 + "faker ==37.6.0", + "hypothesis >=6.21.0,<6.138.17", "pytest >=7.2.0,<9.0.0", - "pytest-cases ==3.8.6", + "pytest-cases ==3.9.1", "pytest-custom_exit_code ==0.3.0", - "pytest-cov ==6.1.0", - "pytest-doctestplus ==1.3.0", + "pytest-cov ==6.3.0", # Uses: coverage[toml] >=7.5 + "pytest-doctestplus ==1.4.0", "pytest-env ==1.1.5", ] @@ -125,12 +126,15 @@ omit = [ include = [] exclude = [ ".github/", + ".vscode/", "docs/", "tests/", ".flake8", + ".gitattributes", ".gitignore", ".pre-commit-config.yaml", "CHANGELOG.md", + "CODEOWNERS", "Makefile", "SECURITY.md", ] @@ -142,6 +146,7 @@ profile = "black" multi_line_output = 3 line_length = 120 skip_gitignore = true +filter_files = true # https://mypy.readthedocs.io/en/stable/config_file.html#using-a-pyproject-toml @@ -267,6 +272,11 @@ env = [ filterwarnings = [ "error", "always::DeprecationWarning", + # The CoverageWarning warning is issued in two contexts: + # Python 3.10, 3.11: sys.monitoring isn't available in this version, using default core (no-sysmon) + # Python 3.12, 3.13: sys.monitoring can't measure branches in this version, using default core (no-sysmon) + "ignore:sys.monitoring isn't available in this version:coverage.exceptions.CoverageWarning", + "always::coverage.exceptions.CoverageWarning", # https://docs.pytest.org/en/latest/how-to/failures.html#warning-about-unraisable-exceptions-and-unhandled-thread-exceptions "error::pytest.PytestUnraisableExceptionWarning", "error::pytest.PytestUnhandledThreadExceptionWarning",