Commit 30c2d96
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
chore(deps): update dependency black to v26.3.1 [security] (#965)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [black](https://redirect.github.com/psf/black)
([changelog](https://redirect.github.com/psf/black/blob/main/CHANGES.md))
| `==26.1.0` → `==26.3.1` |
|
|
### GitHub Vulnerability Alerts
####
[CVE-2026-32274](https://redirect.github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m)
### Impact
Black writes a cache file, the name of which is computed from various
formatting options. The value of the `--python-cell-magics` option was
placed in the filename without sanitization, which allowed an attacker
who controls the value of this argument to write cache files to
arbitrary file system locations.
### Patches
Fixed in Black 26.3.1.
### Workarounds
Do not allow untrusted user input into the value of the
`--python-cell-magics` option.
---
### Release Notes
<details>
<summary>psf/black (black)</summary>
###
[`v26.3.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2631)
[Compare
Source](https://redirect.github.com/psf/black/compare/26.3.0...26.3.1)
##### Stable style
- Prevent Jupyter notebook magic masking collisions from corrupting
cells by using
exact-length placeholders for short magics and aborting if a placeholder
can no longer
be unmasked safely
([#​5038](https://redirect.github.com/psf/black/issues/5038))
##### Configuration
- Always hash cache filename components derived from
`--python-cell-magics` so custom
magic names cannot affect cache paths
([#​5038](https://redirect.github.com/psf/black/issues/5038))
##### *Blackd*
- Disable browser-originated requests by default, add configurable
origin allowlisting
and request body limits, and bound executor submissions to improve
backpressure
([#​5039](https://redirect.github.com/psf/black/issues/5039))
###
[`v26.3.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2630)
[Compare
Source](https://redirect.github.com/psf/black/compare/26.1.0...26.3.0)
##### Stable style
- Don't double-decode input, causing non-UTF-8 files to be corrupted
([#​4964](https://redirect.github.com/psf/black/issues/4964))
- Fix crash on standalone comment in lambda default arguments
([#​4993](https://redirect.github.com/psf/black/issues/4993))
- Preserve parentheses when `# type: ignore` comments would be merged
with other
comments on the same line, preventing AST equivalence failures
([#​4888](https://redirect.github.com/psf/black/issues/4888))
##### Preview style
- Fix bug where `if` guards in `case` blocks were incorrectly split when
the pattern had
a trailing comma
([#​4884](https://redirect.github.com/psf/black/issues/4884))
- Fix `string_processing` crashing on unassigned long string literals
with trailing
commas (one-item tuples)
([#​4929](https://redirect.github.com/psf/black/issues/4929))
- Simplify implementation of the power operator "hugging" logic
([#​4918](https://redirect.github.com/psf/black/issues/4918))
##### Packaging
- Fix shutdown errors in PyInstaller builds on macOS by disabling
multiprocessing in
frozen environments
([#​4930](https://redirect.github.com/psf/black/issues/4930))
##### Performance
- Introduce winloop for windows as an alternative to uvloop
([#​4996](https://redirect.github.com/psf/black/issues/4996))
- Remove deprecated function `uvloop.install()` in favor of
`uvloop.new_event_loop()`
([#​4996](https://redirect.github.com/psf/black/issues/4996))
- Rename `maybe_install_uvloop` function to `maybe_use_uvloop` to
simplify loop
installation and creation of either a uvloop/winloop evenloop or default
eventloop
([#​4996](https://redirect.github.com/psf/black/issues/4996))
##### Output
- Emit a clear warning when the target Python version is newer than the
running Python
version, since AST safety checks cannot parse newer syntax. Also replace
the
misleading "INTERNAL ERROR" message with an actionable error explaining
the version
mismatch
([#​4983](https://redirect.github.com/psf/black/issues/4983))
##### *Blackd*
- Introduce winloop to be used when windows in use which enables blackd
to run faster on
windows when winloop is installed.
([#​4996](https://redirect.github.com/psf/black/issues/4996))
##### Integrations
- Remove unused gallery script
([#​5030](https://redirect.github.com/psf/black/issues/5030))
- Harden parsing of `black` requirements in the GitHub Action when
`use_pyproject` is
enabled so that only version specifiers are accepted and direct
references such as
`black @​ https://...` are rejected. Users should upgrade to the
latest version of the
action as soon as possible. This update is received automatically when
using
`psf/black@stable`, and is independent of the version of Black installed
by the
action.
([#​5031](https://redirect.github.com/psf/black/issues/5031))
##### Documentation
- Expand preview style documentation with detailed examples for
`wrap_comprehension_in`,
`simplify_power_operator_hugging`, and `wrap_long_dict_values_in_parens`
features
([#​4987](https://redirect.github.com/psf/black/issues/4987))
- Add detailed documentation for formatting Jupyter Notebooks
([#​5009](https://redirect.github.com/psf/black/issues/5009))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Asia/Tokyo, Automerge -
At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/line/line-bot-sdk-python).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmN5IHVwZ3JhZGUiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 2246731 commit 30c2d96
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
0 commit comments