build(deps): bump the deps group with 3 updates

[dependabot]

Bumps the deps group with 3 updates: pyhanko, pytest and ruff.

Updates pyhanko from 0.21.0 to 0.23.2

Release notes

Sourced from pyhanko's releases.

pyHanko 0.23.2 beta

The release artifacts have been published to PyPI. Documentation is available on ReadTheDocs.

Change log

The release notes for the 0.23.2 release are available on the Release History page

pyHanko 0.23.1 beta

The release artifacts have been published to PyPI. Documentation is available on ReadTheDocs.

Change log

The release notes for the 0.23.1 release are available on the Release History page

pyHanko 0.23.0 beta

The release artifacts have been published to PyPI. Documentation is available on ReadTheDocs.

Change log

The release notes for the 0.23.0 release are available on the Release History page

pyHanko 0.22.0 beta

The release artifacts have been published to PyPI. Documentation is available on ReadTheDocs.

Change log

The release notes for the 0.22.0 release are available on the Release History page

Changelog

Sourced from pyhanko's changelog.

---

Release history

---

.. _release-0.23.2:

Release date: 2024-03-25

Dependency changes

• Upgraded certomancer dependency for tests to 0.12.0.
• Upgraded pytest-asyncio tot 0.23.6.

Bugs fixed

• Fix handling of "OAEP preferred" flag when encrypting documents with a public key.
• Fix endianness issue when reading & writing permissions in documents encrypted with a public key.
• Tolerate AcroForms without a Fields entry.
• Increase resilience against issues with oscrypto.

.. _release-0.23.1:

Release date: 2024-03-14

Bugs fixed

• Fix a regression in the way PKCS#11 objects are loaded.

.. _release-0.23.0:

Release date: 2024-03-10

Breaking changes

• The BeID signer implementation and CLI command was moved into a separate package; see pyhanko-beid-plugin <https://github.com/MatthiasValvekens/pyhanko-beid-plugin>_. While this integration was so far preserved in the core tree for historical reasons, pyHanko has matured beyond this kind of vendor/country-specific

... (truncated)

Commits

• d91fa4c 0.23.2 release
• 0c14dfe Fix endianness issue in pubkey perms handling
• 3308911 Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
• 7976c9d Bump GeekyEggo/delete-artifact from 4 to 5
• f86278a Increase resilience against oscrypto issues
• 8e870e6 Tolerate AcroForms without a Fields entry
• 4fce74d Correct OAEP snafu for pubkey encryption handler
• 9d1ef1a Bump pytest-asyncio from 0.23.5.post1 to 0.23.6
• 5a9d8eb Upgrade certomancer
• 671c1cc Upgrade codecov action
• Additional commits viewable in compare view

Updates pytest from 8.0.2 to 8.1.1

Release notes

Sourced from pytest's releases.

8.1.1

pytest 8.1.1 (2024-03-08)

::: {.note} ::: {.title} Note :::

This release is not a usual bug fix release -- it contains features and improvements, being a follow up to 8.1.0, which has been yanked from PyPI. :::

Features

• #11475: Added the new consider_namespace_packages{.interpreted-text role="confval"} configuration option, defaulting to False.

  If set to True, pytest will attempt to identify modules that are part of namespace packages when importing modules.

• #11653: Added the new verbosity_test_cases{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity. See Fine-grained verbosity <pytest.fine_grained_verbosity>{.interpreted-text role="ref"} for more details.

Improvements

• #10865: pytest.warns{.interpreted-text role="func"} now validates that warnings.warn{.interpreted-text role="func"} was called with a [str]{.title-ref} or a [Warning]{.title-ref}. Currently in Python it is possible to use other types, however this causes an exception when warnings.filterwarnings{.interpreted-text role="func"} is used to filter those warnings (see [CPython #103577](python/cpython#103577) for a discussion). While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.

• #11311: When using --override-ini for paths in invocations without a configuration file defined, the current working directory is used as the relative directory.

  Previoulsy this would raise an AssertionError{.interpreted-text role="class"}.

• #11475: --import-mode=importlib <import-mode-importlib>{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :pysys.path{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.

  This means that installed packages will be imported under their canonical name if possible first, for example app.core.models, instead of having the module name always be derived from their path (for example .env310.lib.site_packages.app.core.models).

• #11801: Added the iter_parents() <_pytest.nodes.Node.iter_parents>{.interpreted-text role="func"} helper method on nodes. It is similar to listchain <_pytest.nodes.Node.listchain>{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.

• #11850: Added support for sys.last_exc{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.

• #11962: In case no other suitable candidates for configuration file are found, a pyproject.toml (even without a [tool.pytest.ini_options] table) will be considered as the configuration file and define the rootdir.

• #11978: Add --log-file-mode option to the logging plugin, enabling appending to log-files. This option accepts either "w" or "a" and defaults to "w".

  Previously, the mode was hard-coded to be "w" which truncates the file before logging.

... (truncated)

Commits

• 81653ee Adjust changelog manually for 8.1.1
• e60b4b9 Prepare release version 8.1.1
• 15fbe57 [8.1.x] Revert legacy path removals (#12093)
• 86c3aab [8.1.x] Do not import duplicated modules with --importmode=importlib (#12077)
• 5b82b0c [8.1.x] Yank version 8.1.0 (#12076)
• 0a53681 Merge pull request #12054 from pytest-dev/release-8.1.0
• b9a167f Prepare release version 8.1.0
• 00043f7 Merge pull request #12038 from bluetech/fixtures-rm-arg2index
• f4e1025 Merge pull request #12048 from bluetech/fixture-teardown-excgroup
• 43492f5 Merge pull request #12051 from jakkdl/test_debugging_pythonbreakpoint
• Additional commits viewable in compare view

Updates ruff from 0.3.0 to 0.3.5

Release notes

Sourced from ruff's releases.

v0.3.5

Changes

Preview features

• [pylint] Implement modified-iterating-set (E4703) (#10473)
• [refurb] Implement for-loop-set-mutations (FURB142) (#10583)
• [refurb] Implement unnecessary-from-float (FURB164) (#10647)
• [refurb] Implement verbose-decimal-constructor (FURB157) (#10533)

Rule changes

• [flake8-comprehensions] Handled special case for C401 which also matches C416 (#10596)
• [flake8-pyi] Mark unaliased-collections-abc-set-import fix as "safe" for more cases in stub files (PYI025) (#10547)
• [numpy] Add row_stack to NumPy 2.0 migration rule (#10646)
• [pycodestyle] Allow cell magics before an import (E402) (#10545)
• [pycodestyle] Avoid blank line rules for the first logical line in cell (#10291)

Configuration

• Respected nested namespace packages (#10541)
• [flake8-boolean-trap] Add setting for user defined allowed boolean trap (#10531)

Bug fixes

• Correctly handle references in __all__ definitions when renaming symbols in autofixes (#10527)
• Track ranges of names inside __all__ definitions (#10525)
• [flake8-bugbear] Avoid false positive for usage after continue (B031) (#10539)
• [flake8-copyright] Accept commas in default copyright pattern (#9498)
• [flake8-datetimez] Allow f-strings with %z for DTZ007 (#10651)
• [flake8-pytest-style] Fix PT014 autofix for last item in list (#10532)
• [flake8-quotes] Ignore Q000, Q001 when string is inside forward ref (#10585)
• [isort] Always place non-relative imports after relative imports (#10669)
• [isort] Respect Unicode characters in import sorting (#10529)
• [pyflakes] Fix F821 false negatives when from __future__ import annotations is active (attempt 2) (#10524)
• [pyflakes] Make unnecessary-lambda an always-unsafe fix (#10668)
• [pylint] Fixed false-positive on the rule PLW1641 (eq-without-hash) (#10566)
• [ruff] Fix panic in unused # noqa removal with multi-byte space (RUF100) (#10682)

Documentation

• Add PR title format to CONTRIBUTING.md (#10665)
• Fix list markup to include blank lines required (#10591)
• Put flake8-logging next to the other flake8 plugins in registry (#10587)
• [flake8-bandit] Update warning message for rule S305 to address insecure block cipher mode use (#10602)
• [flake8-bugbear] Document use of anonymous assignment in useless-expression (#10551)
• [flake8-datetimez] Clarify error messages and docs for DTZ rules (#10621)
• [pycodestyle] Use same before vs. after numbers for space-around-operator (#10640)
• [ruff] Change quadratic-list-summation docs to use iadd consistently (#10666)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.3.5

Preview features

• [pylint] Implement modified-iterating-set (E4703) (#10473)
• [refurb] Implement for-loop-set-mutations (FURB142) (#10583)
• [refurb] Implement unnecessary-from-float (FURB164) (#10647)
• [refurb] Implement verbose-decimal-constructor (FURB157) (#10533)

Rule changes

• [flake8-comprehensions] Handled special case for C401 which also matches C416 (#10596)
• [flake8-pyi] Mark unaliased-collections-abc-set-import fix as "safe" for more cases in stub files (PYI025) (#10547)
• [numpy] Add row_stack to NumPy 2.0 migration rule (#10646)
• [pycodestyle] Allow cell magics before an import (E402) (#10545)
• [pycodestyle] Avoid blank line rules for the first logical line in cell (#10291)

Configuration

• Respected nested namespace packages (#10541)
• [flake8-boolean-trap] Add setting for user defined allowed boolean trap (#10531)

Bug fixes

• Correctly handle references in __all__ definitions when renaming symbols in autofixes (#10527)
• Track ranges of names inside __all__ definitions (#10525)
• [flake8-bugbear] Avoid false positive for usage after continue (B031) (#10539)
• [flake8-copyright] Accept commas in default copyright pattern (#9498)
• [flake8-datetimez] Allow f-strings with %z for DTZ007 (#10651)
• [flake8-pytest-style] Fix PT014 autofix for last item in list (#10532)
• [flake8-quotes] Ignore Q000, Q001 when string is inside forward ref (#10585)
• [isort] Always place non-relative imports after relative imports (#10669)
• [isort] Respect Unicode characters in import sorting (#10529)
• [pyflakes] Fix F821 false negatives when from __future__ import annotations is active (attempt 2) (#10524)
• [pyflakes] Make unnecessary-lambda an always-unsafe fix (#10668)
• [pylint] Fixed false-positive on the rule PLW1641 (eq-without-hash) (#10566)
• [ruff] Fix panic in unused # noqa removal with multi-byte space (RUF100) (#10682)

Documentation

• Add PR title format to CONTRIBUTING.md (#10665)
• Fix list markup to include blank lines required (#10591)
• Put flake8-logging next to the other flake8 plugins in registry (#10587)
• [flake8-bandit] Update warning message for rule S305 to address insecure block cipher mode use (#10602)
• [flake8-bugbear] Document use of anonymous assignment in useless-expression (#10551)
• [flake8-datetimez] Clarify error messages and docs for DTZ rules (#10621)
• [pycodestyle] Use same before vs. after numbers for space-around-operator (#10640)
• [ruff] Change quadratic-list-summation docs to use iadd consistently (#10666)

0.3.4

... (truncated)

Commits

• 200ebee Bump version to v0.3.5 (#10717)
• 23e8279 chore(deps): update npm development dependencies (#10716)
• 221b323 chore(deps): update strum to 0.26.0 (#10715)
• a0e1544 chore(deps): update rust crate pep440_rs to 0.5.0 (#10703)
• 2740fab Renovate: group all strum dependencies together (#10714)
• 7042b9b fix(deps): update rust crate similar to v2.5.0 (#10711)
• 4047d45 chore(deps): update rust crate insta to v1.38.0 (#10701)
• 20d69ea chore(deps): update npm development dependencies (#10697)
• d021cac chore(deps): update rust crate tracing-tree to 0.3.0 (#10709)
• 46369d4 chore(deps): update rust crate uuid to v1.8.0 (#10710)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions