🔖 Promote 1.1.21: test → prod#125
Conversation
…templates [patch candidate]
Updates the requirements on [pytest](https://github.com/pytest-dev/pytest) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e"><code>a7d58d7</code></a> Prepare release version 9.0.3</li> <li><a href="https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22"><code>089d981</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14366">#14366</a> from bluetech/revert-14193-backport</li> <li><a href="https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac"><code>8127eaf</code></a> Revert "Fix: assertrepr_compare respects dict insertion order (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14050">#14050</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14193">#14193</a>)"</li> <li><a href="https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241"><code>99a7e60</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14363">#14363</a> from pytest-dev/patchback/backports/9.0.x/95d8423bd...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95"><code>ddee02a</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a> from bluetech/cve-2025-71176-simple</li> <li><a href="https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619"><code>74eac69</code></a> doc: Update training info (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14298">#14298</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14301">#14301</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869"><code>f92dee7</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14267">#14267</a> from pytest-dev/patchback/backports/9.0.x/d6fa26c62...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439"><code>7ee58ac</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/12378">#12378</a> from Pierre-Sassoulas/fix-implicit-str-concat-and-d...</li> <li><a href="https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8"><code>37da870</code></a> Merge pull request <a href="https://redirect.github.com/pytest-dev/pytest/issues/14259">#14259</a> from mitre88/patch-4 (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14268">#14268</a>)</li> <li><a href="https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed"><code>c34bfa3</code></a> Add explanation for string context diffs (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14257">#14257</a>) (<a href="https://redirect.github.com/pytest-dev/pytest/issues/14266">#14266</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pytest-dev/pytest/compare/8.3.1...9.0.3">compare view</a></li> </ul> </details> <br /> You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Updates the requirements on [bump2version](https://github.com/c4urself/bump2version) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/c4urself/bump2version/blob/master/CHANGELOG.md">bump2version's changelog</a>.</em></p> <blockquote> <p><strong>unreleased</strong> <strong>v1.0.2-dev</strong></p> <ul> <li>Declare <code>bump2version</code> as unmaintained</li> <li>Housekeeping: migrated from travis+appveyor to GitHub Actions for CI, thanks <a href="https://github.com/clbarnes"><code>@clbarnes</code></a></li> </ul> <p><strong>v1.0.1</strong></p> <ul> <li>Added: enable special characters in search/replace, thanks <a href="https://github.com/mckelvin"><code>@mckelvin</code></a></li> <li>Added: allow globbing a pattern to match multiple files, thanks <a href="https://github.com/balrok"><code>@balrok</code></a></li> <li>Added: way to only bump a specified file via --no-configured-files, thanks <a href="https://github.com/balrok"><code>@balrok</code></a></li> <li>Fixed: dry-run now correctly outputs, thanks <a href="https://github.com/fmigneault"><code>@fmigneault</code></a></li> <li>Housekeeping: documentation for lightweight tags improved, thanks <a href="https://github.com/GreatBahram"><code>@GreatBahram</code></a></li> <li>Housekeeping: added related tools document, thanks <a href="https://github.com/florisla"><code>@florisla</code></a></li> <li>Fixed: no more falling back to default search, thanks <a href="https://github.com/florisla"><code>@florisla</code></a></li> </ul> <p><strong>v1.0.0</strong></p> <ul> <li>Fix the spurious newline that bump2version adds when writing to bumpversion.cfg, thanks <a href="https://github.com/kyluca"><code>@kyluca</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/58">#58</a></li> <li>Add Python3.8 support, thanks <a href="https://github.com/florisla"><code>@florisla</code></a></li> <li>Drop Python2 support, thanks <a href="https://github.com/hugovk"><code>@hugovk</code></a></li> <li>Allow additional arguments to the commit call, thanks <a href="https://github.com/lubomir"><code>@lubomir</code></a></li> <li>Various documentation improvements, thanks <a href="https://github.com/lubomir"><code>@lubomir</code></a> <a href="https://github.com/florisla"><code>@florisla</code></a> <a href="https://github.com/padamstx"><code>@padamstx</code></a> <a href="https://github.com/glotis"><code>@glotis</code></a></li> <li>Housekeeping, move changelog into own file</li> </ul> <p><strong>v0.5.11</strong></p> <ul> <li>Housekeeping, also publish an sdist</li> <li>Housekeeping, fix appveyor builds</li> <li>Housekeeping, <code>make lint</code> now lints with pylint</li> <li>Drop support for Python3.4, thanks <a href="https://github.com/hugovk"><code>@hugovk</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/79">#79</a></li> <li>Enhance missing VCS command detection (errno 13), thanks <a href="https://github.com/lowell80"><code>@lowell80</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/75">#75</a></li> <li>Add environment variables for other scripts to use, thanks <a href="https://github.com/mauvilsa"><code>@mauvilsa</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/70">#70</a></li> <li>Refactor, cli.main is now much more readable, thanks <a href="https://github.com/florisla"><code>@florisla</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/68">#68</a></li> <li>Fix, retain file newlines for Windows, thanks <a href="https://github.com/hesstobi"><code>@hesstobi</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/59">#59</a></li> <li>Add support (tests) for Pythno3.7, thanks <a href="https://github.com/florisla"><code>@florisla</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/49">#49</a></li> <li>Allow any part to be configured in configurable strings such as tag_name etc., thanks <a href="https://github.com/florisla"><code>@florisla</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/41">#41</a></li> </ul> <p><strong>v0.5.10</strong></p> <ul> <li>Housekeeping, use twine</li> </ul> <p><strong>v0.5.9</strong></p> <ul> <li>Fixed windows appveyor-based testing, thanks: <a href="https://github.com/jeremycarroll"><code>@jeremycarroll</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/33">#33</a> and <a href="https://redirect.github.com/c4urself/bump2version/issues/34">#34</a></li> <li>Fixed interpolating correctly when using setup.cfg for config, thanks: <a href="https://github.com/SethMMorton"><code>@SethMMorton</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/32">#32</a></li> <li>Improve tox/travis testing, thanks: <a href="https://github.com/ekohl"><code>@ekohl</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/27">#27</a></li> <li>Fixed markdown formatting in setup.py for pypi.org documentation, thanks: <a href="https://github.com/florisla"><code>@florisla</code></a>, <a href="https://github.com/Mattwmaster58"><code>@Mattwmaster58</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/26">#26</a></li> </ul> <p><strong>v0.5.8</strong></p> <ul> <li>Updated the readme to markdown for easier maintainability</li> <li>Fixed travis testing, thanks: <a href="https://github.com/sharksforarms"><code>@sharksforarms</code></a> <a href="https://redirect.github.com/c4urself/bump2version/issues/15">#15</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/c4urself/bump2version/commit/14fa60386d05b7971bcf2b76878da9e3c87760b5"><code>14fa603</code></a> Bump version: 1.0.1-dev → 1.0.1</li> <li><a href="https://github.com/c4urself/bump2version/commit/2051c96f888466e0ffa12bbe57339d92f0f65427"><code>2051c96</code></a> update changelog</li> <li><a href="https://github.com/c4urself/bump2version/commit/8e6db2370a683f17a4188d8b4cc8968bac881c56"><code>8e6db23</code></a> Merge pull request <a href="https://redirect.github.com/c4urself/bump2version/issues/135">#135</a> from mckelvin/handle-special-char</li> <li><a href="https://github.com/c4urself/bump2version/commit/78c4f4bf706baa7656654507e94c579ef5a4e67e"><code>78c4f4b</code></a> Merge pull request <a href="https://redirect.github.com/c4urself/bump2version/issues/149">#149</a> from balrok/cli-option-no-configured-files</li> <li><a href="https://github.com/c4urself/bump2version/commit/4fe92774d6dfec259017a941d03551ab2caed843"><code>4fe9277</code></a> Merge pull request <a href="https://redirect.github.com/c4urself/bump2version/issues/158">#158</a> from mbarkhau/patch-1</li> <li><a href="https://github.com/c4urself/bump2version/commit/c6847476e12839cbd90d19a2a672e2e971f0fdd5"><code>c684747</code></a> Add PyCalVer to RELATED.md</li> <li><a href="https://github.com/c4urself/bump2version/commit/0a38097b1c0944d19ba996650c0b8188f5a6b837"><code>0a38097</code></a> Merge pull request <a href="https://redirect.github.com/c4urself/bump2version/issues/150">#150</a> from balrok/glob-keyword-in-configfile</li> <li><a href="https://github.com/c4urself/bump2version/commit/dc7cead00f86864276a619fec8fd048ef0a89214"><code>dc7cead</code></a> DOC: Update note about bumpversion</li> <li><a href="https://github.com/c4urself/bump2version/commit/0bd8d8373b8b9bd383dcef4d54c59e8044e2edc6"><code>0bd8d83</code></a> also allow recursive glob with **</li> <li><a href="https://github.com/c4urself/bump2version/commit/a96ebf4ca55d97eab1a7ff9dd4169232875d229d"><code>a96ebf4</code></a> support glob keyword in configfile</li> <li>Additional commits viewable in <a href="https://github.com/c4urself/bump2version/compare/v1.0.0...v1.0.1">compare view</a></li> </ul> </details> <br /> You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on [requests](https://github.com/psf/requests) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.34.2</h2> <h2>2.34.2 (2026-05-14)</h2> <ul> <li>Moved <code>headers</code> input type back to <code>Mapping</code> to avoid invariance issues with <code>MutableMapping</code> and inferred dict types. Users calling <code>Request.headers.update()</code> may need to narrow typing in their code. (<a href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14">https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.34.2 (2026-05-14)</h2> <ul> <li>Moved <code>headers</code> input type back to <code>Mapping</code> to avoid invariance issues with <code>MutableMapping</code> and inferred dict types. Users calling <code>Request.headers.update()</code> may need to narrow typing in their code. (<a href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li> </ul> <h2>2.34.1 (2026-05-13)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Widened <code>json</code> input type from <code>dict</code> and <code>list</code> to <code>Mapping</code> and <code>Sequence</code>. (<a href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li> <li>Changed <code>headers</code> input type to MutableMapping and removed <code>None</code> from <code>Request.headers</code> typing to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li> <li><code>Response.reason</code> moved from <code>str | None</code> to <code>str</code> to improve handling for users. (<a href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li> <li>Fixed a bug where some bodies with custom <code>__getattr__</code> implementations weren't being properly detected as Iterables. (<a href="https://redirect.github.com/psf/requests/issues/7433">#7433</a>)</li> </ul> <h2>2.34.0 (2026-05-11)</h2> <p><strong>Announcements</strong></p> <ul> <li> <p>Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.</p> <p>Special thanks to <a href="https://github.com/bastimeyer"><code>@bastimeyer</code></a>, <a href="https://github.com/cthoyt"><code>@cthoyt</code></a>, <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a>, and <a href="https://github.com/srittau"><code>@srittau</code></a> for helping review and test the types ahead of the release. (<a href="https://redirect.github.com/psf/requests/issues/7272">#7272</a>)</p> </li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Digest Auth hashing algorithms have added <code>usedforsecurity=False</code> to clarify security considerations. (<a href="https://redirect.github.com/psf/requests/issues/7310">#7310</a>)</li> <li>Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (<a href="https://redirect.github.com/psf/requests/issues/7422">#7422</a>)</li> <li>Requests added support for Python 3.14t. (<a href="https://redirect.github.com/psf/requests/issues/7419">#7419</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li><code>Response.history</code> no longer contains a reference to itself, preventing accidental looping when traversing the history list. (<a href="https://redirect.github.com/psf/requests/issues/7328">#7328</a>)</li> <li>Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (<a href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li> <li>Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (<a href="https://redirect.github.com/psf/requests/issues/7315">#7315</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3"><code>6e83187</code></a> v2.34.2</li> <li><a href="https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b"><code>84d10f0</code></a> Move Request.headers back to Mapping (<a href="https://redirect.github.com/psf/requests/issues/7441">#7441</a>)</li> <li><a href="https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224"><code>b7b549b</code></a> v2.34.1</li> <li><a href="https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe"><code>e511bc7</code></a> Fix mutability issues with headers input types (<a href="https://redirect.github.com/psf/requests/issues/7431">#7431</a>)</li> <li><a href="https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61"><code>5691f59</code></a> Update JsonType containers to read-based collections (<a href="https://redirect.github.com/psf/requests/issues/7436">#7436</a>)</li> <li><a href="https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035"><code>2144213</code></a> Constrain Response.reason to str (<a href="https://redirect.github.com/psf/requests/issues/7437">#7437</a>)</li> <li><a href="https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232"><code>6404f34</code></a> Fix <code>prepare_body</code> stream detection for <code>__getattr__</code>-based file wrappers (<a href="https://redirect.github.com/psf/requests/issues/7">#7</a>...</li> <li><a href="https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca"><code>0b401c7</code></a> v2.34.0</li> <li><a href="https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4"><code>86b378d</code></a> Align Session.get parameters with requests.get (<a href="https://redirect.github.com/psf/requests/issues/7429">#7429</a>)</li> <li><a href="https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f"><code>a4f9a59</code></a> Port bpo-39057 to Requests (<a href="https://redirect.github.com/psf/requests/issues/7427">#7427</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.4...v2.34.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v82.0.1</h1> <h2>Bugfixes</h2> <ul> <li>Fix the loading of <code>launcher manifest.xml</code> file. (<a href="https://redirect.github.com/pypa/setuptools/issues/5047">#5047</a>)</li> <li>Replaced deprecated <code>json.__version__</code> with fixture in tests. (<a href="https://redirect.github.com/pypa/setuptools/issues/5186">#5186</a>)</li> </ul> <h2>Improved Documentation</h2> <ul> <li>Add advice about how to improve predictability when installing sdists. (<a href="https://redirect.github.com/pypa/setuptools/issues/5168">#5168</a>)</li> </ul> <h2>Misc</h2> <ul> <li><a href="https://redirect.github.com/pypa/setuptools/issues/4941">#4941</a>, <a href="https://redirect.github.com/pypa/setuptools/issues/5157">#5157</a>, <a href="https://redirect.github.com/pypa/setuptools/issues/5169">#5169</a>, <a href="https://redirect.github.com/pypa/setuptools/issues/5175">#5175</a></li> </ul> <h1>v82.0.0</h1> <h2>Deprecations and Removals</h2> <ul> <li><code>pkg_resources</code> has been removed from Setuptools. Most common uses of <code>pkg_resources</code> have been superseded by the <code>importlib.resources <https://docs.python.org/3/library/importlib.resources.html></code>_ and <code>importlib.metadata <https://docs.python.org/3/library/importlib.metadata.html></code>_ projects. Projects and environments relying on <code>pkg_resources</code> for namespace packages or other behavior should depend on older versions of <code>setuptools</code>. (<a href="https://redirect.github.com/pypa/setuptools/issues/3085">#3085</a>)</li> </ul> <h1>v81.0.0</h1> <h2>Deprecations and Removals</h2> <ul> <li>Removed support for the --dry-run parameter to setup.py. This one feature by its nature threads through lots of core and ancillary functionality, adding complexity and friction. Removal of this parameter will help decouple the compiler functionality from distutils and thus the eventual full integration of distutils. These changes do affect some class and function signatures, so any derivative functionality may require some compatibility shims to support their expected interface. Please report any issues to the Setuptools project for investigation. (<a href="https://redirect.github.com/pypa/setuptools/issues/4872">#4872</a>)</li> </ul> <h1>v80.10.2</h1> <h2>Bugfixes</h2> <ul> <li>Update vendored dependencies. (<a href="https://redirect.github.com/pypa/setuptools/issues/5159">#5159</a>)</li> </ul> <p>Misc</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/5a13876673a41e3cd21d4d6e587f53d0fb4fd8e5"><code>5a13876</code></a> Bump version: 82.0.0 → 82.0.1</li> <li><a href="https://github.com/pypa/setuptools/commit/51ab8f183f1c4112675d8d6ec6b004406d518ee8"><code>51ab8f1</code></a> Avoid using (deprecated) 'json.<strong>version</strong>' in tests (<a href="https://redirect.github.com/pypa/setuptools/issues/5194">#5194</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/f9c37b20bb0ed11203f676f9683452a4c3ace6f6"><code>f9c37b2</code></a> Docs/CI: Fix intersphinx references (<a href="https://redirect.github.com/pypa/setuptools/issues/5195">#5195</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/8173db2a4fc0f6cb28926b3dba59116b79f435c8"><code>8173db2</code></a> Docs: Fix intersphinx references</li> <li><a href="https://github.com/pypa/setuptools/commit/09bafbc74923f2a3591b5b098be75d6af6ca5141"><code>09bafbc</code></a> Fix past tense on newsfragment</li> <li><a href="https://github.com/pypa/setuptools/commit/461ea56c8e629819a23920f44d9298d4f041abde"><code>461ea56</code></a> Add news fragment</li> <li><a href="https://github.com/pypa/setuptools/commit/c4ffe535b58235ff9f9ebe90d24a2cffb57e70ae"><code>c4ffe53</code></a> Avoid using (deprecated) 'json.<strong>version</strong>' in tests</li> <li><a href="https://github.com/pypa/setuptools/commit/749258b1a96c7accc05ea7d842fb19fc378866fe"><code>749258b</code></a> Cleanup <code>pkg_resources</code> dependencies and configuration (<a href="https://redirect.github.com/pypa/setuptools/issues/5175">#5175</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/2019c16701667db1010c62ec11c6ef78c2e58206"><code>2019c16</code></a> Parse <code>ext-module.define-macros</code> from <code>pyproject.toml</code> as list of tuples (<a href="https://redirect.github.com/pypa/setuptools/issues/5169">#5169</a>)</li> <li><a href="https://github.com/pypa/setuptools/commit/b809c86a37d97fcce290d5f51d4c293ab40bc685"><code>b809c86</code></a> Sync setuptools schema with validate-pyproject (<a href="https://redirect.github.com/pypa/setuptools/issues/5157">#5157</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v82.0.0...v82.0.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Automatically created pull request for release v1.1.20-dev into test branch. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Juan Villa <juan.villa@quipux.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…enforce 96 coverage gate
…s [patch candidate]
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8a29ff706d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if history: | ||
| commits_dict, tag_dates = build_from_history(history) |
There was a problem hiding this comment.
Preserve versions absent from squash history
When a release is promoted as a squash commit, any earlier bump history makes this branch run even if the current version's bump commit is absent. That is the case for this commit: pyproject.toml is 1.1.21, but its ancestry ends with the 1.1.19 bump. Consequently, the next generate-changelog pre-commit hook regenerates CHANGELOG.md only through 1.1.19, deleting the committed 1.1.20 and 1.1.21 entries and omitting all changes after that bump.
Useful? React with 👍 / 👎.
| if os.path.isdir(cert_location): | ||
| for fname in os.listdir(cert_location): | ||
| match = re.match(r"^Crypto-Key-Pair-(\d{4})-(\d{4})\.kp$", fname) |
There was a problem hiding this comment.
Continue recognizing legacy key-pair filenames
Existing installations created by the previous default use Crypto-Key-Pair-<YEAR>.kp, but this regex recognizes only the new two-year-range format. After upgrading, a vault containing (for example) Crypto-Key-Pair-2026.kp is ignored and the CLI selects a new Crypto-Key-Pair-2026-2027 name, causing default status, encrypt, and decrypt operations to fail verification and init to create a different key pair instead of reusing the existing keys.
Useful? React with 👍 / 👎.
| logger.warning( | ||
| f"Amend attempt {attempt} aborted by pre-commit hooks modifying files; " | ||
| "re-staging tracked changes and retrying." | ||
| ) | ||
| except subprocess.CalledProcessError as e: | ||
| logger.error(f"Failed to amend the commit: {e}") | ||
| sys.exit(1) | ||
| subprocess.run(["git", "add", "-u"], check=True, encoding="utf-8") |
There was a problem hiding this comment.
Avoid staging unrelated tracked work during amend retries
If the first amend fails because a hook rewrites CHANGELOG.md, git add -u stages every tracked modification in the user's worktree, not just files changed by that hook. Because this runs from the pre-push hook, any unrelated tracked work made after the original commit is silently folded into the amended version-bump commit on the retry; capture the pre-amend state or explicitly stage only the hook outputs instead.
Useful? React with 👍 / 👎.
| "--key-pair-name", | ||
| default=f"Crypto-Key-Pair-{datetime.now().year}", | ||
| default=_resolve_key_pair_name(os.path.join(os.getcwd(), "certs")), | ||
| help="Name of the key pair. Defaults to 'Crypto-Key-Pair-<YEAR>'.", |
There was a problem hiding this comment.
Resolve the default key name from the selected vault
When callers pass --cert-location without also passing --key-pair-name, this default is computed from the hard-coded current-directory certs path before argparse knows the selected location. An active ranged key in the requested vault is therefore ignored, and a similarly named key in the default vault may even determine the name used against the wrong directory; derive the default after parsing args.cert_location.
Useful? React with 👍 / 👎.
| - name: Push Tag | ||
| id: push_tag | ||
| if: steps.check_arrow.outputs.contains_arrow == 'true' | ||
| if: steps.check_arrow.outputs.contains_arrow == 'true' && steps.create_tag.outputs.tag_name != '' | ||
| run: | | ||
| git push origin "${{ steps.create_tag.outputs.tag_name }}" | ||
| git push origin "${{ steps.create_tag.outputs.tag_name }}" || echo "Tag already on remote — skipping" |
There was a problem hiding this comment.
Propagate non-duplicate tag push failures
The || echo converts every failed tag push—including authentication, permission, network, and remote-hook failures—into a successful workflow step, after which the workflow still creates the promotion PR. Checked git push -h, whose documented invocation is git push [<options>] [<repository> [<refspec>...]]; nothing here restricts the fallback to an already-existing ref. Detect that specific condition explicitly and let all other failures stop the workflow.
Useful? React with 👍 / 👎.
Promote version 1.1.21 (deps split, changelog generator fix) from test to prod.