Skip to content

chore(deps): bump black from 24.2.0 to 24.3.0 #2472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 21, 2024
Merged

chore(deps): bump black from 24.2.0 to 24.3.0 #2472

merged 1 commit into from
Mar 21, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2024

Bumps black from 24.2.0 to 24.3.0.

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)
Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump black from 24.2.0 to 24.3.0
74467ba 
Bumps [black](https://github.com/psf/black) from 24.2.0 to 24.3.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.2.0...24.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Issues or Pull requests relate to dependency files python Pull requests that update Python code labels Mar 20, 2024
@idoocs
Copy link
Member

idoocs commented Mar 20, 2024

🤭 感谢你的提交,请检查你的改动是否符合以下项目规范。

1. 格式化

我们项目中各种编程语言代码(包括文档)所采用的格式化工具不同,提交 pr 之前必须确保代码、文档正确格式化。

  • .{md,js,ts,php,sql,rs} 采用 prettier
  • .{c,cpp,java} 采用 clang-format
  • .{py} 采用 black
  • .{go} 采用 gofmt
  • 其它待完善

2. Git 提交信息

我们项目遵循 AngularJS Git Commit Message Conventions 规范,我们希望你的提交信息尽可能与项目保持一致。

  • 新增或修改题解:feat: add/update solution(s) to lc problem(s): No.xxxx
  • 修复错误:fix: xxxx
  • 日常维护:chore: xxx

3. 其它补充

新增题解及代码时,需要创建 Solution.xxx 源代码文件(如果已存在,请确认算法是否更优,是则覆盖已有算法代码),同时,需要在 README.md 以及 README_EN.md 中添加对应的代码片段(英文文件中不要出现中文注释)
另外,编码风格(比如变量、函数的命名),尽量跟项目已有代码保持一致。

🤭 Thank you for your contribution. Please check if your changes comply with the following project specifications.

1. Formatting

We use different formatting tools for various programming languages (including documentation) in our project. You must ensure that the code and documentation are correctly formatted before submitting a pr.

  • .{md,js,ts,php,sql,rs} use prettier
  • .{c,cpp,java} use clang-format
  • .{py} use black
  • .{go} use gofmt
  • Others to be improved

2. Git Commit Message

Our project follows the AngularJS Git Commit Message Conventions. We hope that your submission information is as consistent as possible with the project.

  • Add or modify solutions: feat: add/update solution(s) to lc problem(s): No.xxxx
  • Fix errors: fix: xxxx
  • Routine maintenance: chore: xxx

3. Other notes

When adding solutions and code, you need to create a Solution.xxx source code file (if it already exists, please confirm whether the algorithm is better, if yes, overwrite the existing algorithm code), and at the same time, you need to add the corresponding code snippets in README.md and README_EN.md (do not have Chinese comments in the English file)
In addition, the coding style (such as the naming of variables and functions) should be as consistent as possible with the existing code in the project.

@idoocs idoocs added the txt label Mar 20, 2024
@thinkasany thinkasany merged commit f66cce2 into main Mar 21, 2024
@thinkasany thinkasany deleted the dependabot/pip/black-24.3.0 branch March 21, 2024 01:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thinkasany thinkasany thinkasany approved these changes

Assignees
No one assigned
Labels
dependencies Issues or Pull requests relate to dependency files python Pull requests that update Python code txt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@idoocs @thinkasany