Sourced from pytest's releases.

7.1.3

pytest 7.1.3 (2022-08-31)

Bug Fixes

• #10060: When running with --pdb, TestCase.tearDown is no longer called for tests when the class has been skipped via unittest.skip or pytest.mark.skip.
• #10190: Invalid XML characters in setup or teardown error messages are now properly escaped for JUnit XML reports.
• #10230: Ignore .py files created by pyproject.toml-based editable builds introduced in pip 21.3.
• #3396: Doctests now respect the --import-mode flag.
• #9514: Type-annotate FixtureRequest.param as Any as a stop gap measure until 8073{.interpreted-text role="issue"} is fixed.
• #9791: Fixed a path handling code in rewrite.py that seems to work fine, but was incorrect and fails in some systems.
• #9917: Fixed string representation for pytest.approx{.interpreted-text role="func"} when used to compare tuples.

Improved Documentation

• #9937: Explicit note that tmpdir{.interpreted-text role="fixture"} fixture is discouraged in favour of tmp_path{.interpreted-text role="fixture"}.

Trivial/Internal Changes

• #10114: Replace atomicwrites dependency on windows with [os.replace]{.title-ref}.

7.1.2

pytest 7.1.2 (2022-04-23)

Bug Fixes

• #9726: An unnecessary numpy import inside pytest.approx{.interpreted-text role="func"} was removed.
• #9820: Fix comparison of dataclasses with InitVar.
• #9869: Increase stacklevel for the NODE_CTOR_FSPATH_ARG deprecation to point to the user's code, not pytest.
• #9871: Fix a bizarre (and fortunately rare) bug where the [temp_path]{.title-ref} fixture could raise an internal error while attempting to get the current user's username.

7.1.1

pytest 7.1.1 (2022-03-17)

Bug Fixes

• #9767: Fixed a regression in pytest 7.1.0 where some conftest.py files outside of the source tree (e.g. in the [site-packages]{.title-ref} directory) were not picked up.

7.1.0

pytest 7.1.0 (2022-03-13)

... (truncated)

• 4645bcd Remove incorrect output in how-to/fixtures.rst
• fadfb4f Prepare release version 7.1.3
• ab96ea8 Merge pull request #10258 from pytest-dev/backport-10252-to-7.1.x
• fc0e024 [7.1.x] Fix regendoc
• 8f5088f Merge pull request #10249 from pytest-dev/backport-10231-to-7.1.x
• aae93d6 Ignore type-errors related to attr.asdict
• 71b79fc [7.1.x] Ignore editable installation modules
• 89f7518 Merge pull request #10222 from pytest-dev/backport-10171-to-7.1.x
• 88fc45b [7.1.x] Update fixtures.rst w/ finalizer order
• d0b53d6 Merge pull request #10221 from pytest-dev/backport-10217-to-7.1.x
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 6027577 Release 5.0.4
• 213e006 Merge pull request #1653 from asottile/lower-bound-importlib-metadata
• e94ee2b require sufficiently new importlib-metadata
• 318a86a Merge pull request #1646 from televi/main
• 7b8b374 Clarify entry point naming
• 7160561 Merge pull request #1649 from PyCQA/pre-commit-ci-update-config
• 84d56a8 [pre-commit.ci] pre-commit autoupdate
• ff6569b Release 5.0.3
• e76b59a Merge pull request #1648 from PyCQA/invalid-syntax-partial-parse
• 25e8ff1 ignore config files that partially parse as flake8 configs
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• ff6569b Release 5.0.3
• e76b59a Merge pull request #1648 from PyCQA/invalid-syntax-partial-parse
• 25e8ff1 ignore config files that partially parse as flake8 configs
• 70c0b3d Release 5.0.2
• 5e69ba9 Merge pull request #1642 from PyCQA/no-home
• 8b51ee4 skip skipping home if home does not exist
• 446b18d Merge pull request #1641 from PyCQA/entry-points-not-pickleable
• b70d7a2 work around un-pickleabiliy of EntryPoint in 3.8.0
• 91a7fa9 fix order of release notes
• 405cfe0 Release 5.0.1
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 70c0b3d Release 5.0.2
• 5e69ba9 Merge pull request #1642 from PyCQA/no-home
• 8b51ee4 skip skipping home if home does not exist
• 446b18d Merge pull request #1641 from PyCQA/entry-points-not-pickleable
• b70d7a2 work around un-pickleabiliy of EntryPoint in 3.8.0
• 91a7fa9 fix order of release notes
• 405cfe0 Release 5.0.1
• d20bb97 Merge pull request #1631 from PyCQA/dupe-sys-path
• fce93b9 prevent duplicate plugin discovery on misconfigured pythons
• 3f4872a Merge pull request #1628 from mxr/patch-1
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from twine's releases.

4.0.1

https://pypi.org/project/twine/4.0.1/

Changelog

4.0.0

https://pypi.org/project/twine/4.0.0/

Changelog

3.8.0

https://pypi.org/project/twine/3.8.0/

Changelog

3.7.1

https://pypi.org/project/twine/3.7.1/

Changelog

3.7.0

https://pypi.org/project/twine/3.7.0/

Changelog

3.6.0

https://pypi.org/project/twine/3.6.0/

Changelog

3.5.0

https://pypi.org/project/twine/3.5.0/

Changelog

3.4.2

https://pypi.org/project/twine/3.4.2/

Changelog

Sourced from twine's changelog.

Twine 4.0.1 (2022-06-01)

Bugfixes ^^^^^^^^

• Improve logging when keyring fails. ([#890](https://github.com/pypa/twine/issues/890) <https://github.com/pypa/twine/issues/890>_)
• Reconfgure root logger to show all log messages. ([#896](https://github.com/pypa/twine/issues/896) <https://github.com/pypa/twine/issues/896>_)

Twine 4.0.0 (2022-03-31)

Features ^^^^^^^^

• Drop support for Python 3.6. ([#869](https://github.com/pypa/twine/issues/869) <https://github.com/pypa/twine/issues/869>_)
• Use Rich to add color to upload output. ([#851](https://github.com/pypa/twine/issues/851) <https://github.com/pypa/twine/issues/851>_)
• Use Rich to add color to check output. ([#874](https://github.com/pypa/twine/issues/874) <https://github.com/pypa/twine/issues/874>_)
• Use Rich instead of tqdm for upload progress bar. ([#877](https://github.com/pypa/twine/issues/877) <https://github.com/pypa/twine/issues/877>_)

Bugfixes ^^^^^^^^

• Remove Twine's dependencies from the User-Agent header when uploading. ([#871](https://github.com/pypa/twine/issues/871) <https://github.com/pypa/twine/issues/871>_)
• Improve detection of disabled BLAKE2 hashing due to FIPS mode. ([#879](https://github.com/pypa/twine/issues/879) <https://github.com/pypa/twine/issues/879>_)
• Restore warning for missing long_description. ([#887](https://github.com/pypa/twine/issues/887) <https://github.com/pypa/twine/issues/887>_)

Twine 3.8.0 (2022-02-02)

Features ^^^^^^^^

• Add --verbose logging for querying keyring credentials. ([#849](https://github.com/pypa/twine/issues/849) <https://github.com/pypa/twine/issues/849>_)
• Log all upload responses with --verbose. ([#859](https://github.com/pypa/twine/issues/859) <https://github.com/pypa/twine/issues/859>_)
• Show more helpful error message for invalid metadata. ([#861](https://github.com/pypa/twine/issues/861) <https://github.com/pypa/twine/issues/861>_)

Bugfixes ^^^^^^^^

• Require a recent version of urllib3. ([#858](https://github.com/pypa/twine/issues/858) <https://github.com/pypa/twine/issues/858>_)

Twine 3.7.1 (2021-12-07)

... (truncated)

• 8f5e5d6 Update changelog for 4.0.1 (#904)
• 62f3c67 Log keyring tracebacks (#890)
• d30df70 Update links to requests docs (#899)
• 5525a2a Restore missing __main__ logs (#896)
• b0b932f Fix typos in tests (#898)
• 4223ee1 Require latest version of readme_renderer (#892)
• 36695ab Update changelog for 4.0.0 (#888)
• 4931a2a Make missing long_description check more flexible (#887)
• 7cd0b23 Subclass StringIO for _WarningStream. (#886)
• aa7c047 Update sampleproject fixture (#885)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pytest's releases.

7.1.2

pytest 7.1.2 (2022-04-23)

Bug Fixes

• #9726: An unnecessary numpy import inside pytest.approx{.interpreted-text role="func"} was removed.
• #9820: Fix comparison of dataclasses with InitVar.
• #9869: Increase stacklevel for the NODE_CTOR_FSPATH_ARG deprecation to point to the user's code, not pytest.
• #9871: Fix a bizarre (and fortunately rare) bug where the [temp_path]{.title-ref} fixture could raise an internal error while attempting to get the current user's username.

7.1.1

pytest 7.1.1 (2022-03-17)

Bug Fixes

• #9767: Fixed a regression in pytest 7.1.0 where some conftest.py files outside of the source tree (e.g. in the [site-packages]{.title-ref} directory) were not picked up.

7.1.0

pytest 7.1.0 (2022-03-13)

Breaking Changes

• #8838: As per our policy, the following features have been deprecated in the 6.X series and are now removed:

  • pytest._fillfuncargs function.
  • pytest_warning_captured hook - use pytest_warning_recorded instead.
  • -k -foobar syntax - use -k 'not foobar' instead.
  • -k foobar: syntax.
  • pytest.collect module - import from pytest directly.

  For more information consult Deprecations and Removals in the docs.

• #9437: Dropped support for Python 3.6, which reached end-of-life at 2021-12-23.

Improvements

• #5192: Fixed test output for some data types where -v would show less information.

  Also, when showing diffs for sequences, -q would produce full diffs instead of the expected diff.

... (truncated)

• 2f2f1a6 Prepare release version 7.1.2
• 5c04f3a [7.1.x] Fix wrong log_file docs (#9879)
• 078733c Merge pull request #9872 from pytest-dev/backport-9871-to-7.1.x
• 3a7ead6 [7.1.x] fix: move 'import getpass' statement to try-clause
• 6d75333 [7.1.x] Increase stacklevel to point at user's code (#9870)
• ddbb998 [7.1.x] Increase stacklevel to point at user's code
• 0ec5886 Merge pull request #9855 from pytest-dev/backport-9854-to-7.1.x
• f2469fc [7.1.x] Docs: link to easy issues in contributing guide
• 94ec0f8 Merge pull request #9846 from pytest-dev/backport-9842-to-7.1.x
• 5ef96fd [7.1.x] fix comparison of dataclasses with InitVar
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from twine's releases.

3.8.0

https://pypi.org/project/twine/3.8.0/

Changelog

3.7.1

https://pypi.org/project/twine/3.7.1/

Changelog

3.7.0

https://pypi.org/project/twine/3.7.0/

Changelog

3.6.0

https://pypi.org/project/twine/3.6.0/

Changelog

3.5.0

https://pypi.org/project/twine/3.5.0/

Changelog

3.4.2

https://pypi.org/project/twine/3.4.2/

Changelog

Sourced from twine's changelog.

Twine 4.0.0 (2022-03-31)

Features ^^^^^^^^

• Drop support for Python 3.6. ([#869](https://github.com/pypa/twine/issues/869) <https://github.com/pypa/twine/issues/869>_)
• Use Rich to add color to upload output. ([#851](https://github.com/pypa/twine/issues/851) <https://github.com/pypa/twine/issues/851>_)
• Use Rich to add color to check output. ([#874](https://github.com/pypa/twine/issues/874) <https://github.com/pypa/twine/issues/874>_)
• Use Rich instead of tqdm for upload progress bar. ([#877](https://github.com/pypa/twine/issues/877) <https://github.com/pypa/twine/issues/877>_)

Bugfixes ^^^^^^^^

• Remove Twine's dependencies from the User-Agent header when uploading. ([#871](https://github.com/pypa/twine/issues/871) <https://github.com/pypa/twine/issues/871>_)
• Improve detection of disabled BLAKE2 hashing due to FIPS mode. ([#879](https://github.com/pypa/twine/issues/879) <https://github.com/pypa/twine/issues/879>_)
• Restore warning for missing long_description. ([#887](https://github.com/pypa/twine/issues/887) <https://github.com/pypa/twine/issues/887>_)

Twine 3.8.0 (2022-02-02)

Features ^^^^^^^^

• Add --verbose logging for querying keyring credentials. ([#849](https://github.com/pypa/twine/issues/849) <https://github.com/pypa/twine/issues/849>_)
• Log all upload responses with --verbose. ([#859](https://github.com/pypa/twine/issues/859) <https://github.com/pypa/twine/issues/859>_)
• Show more helpful error message for invalid metadata. ([#861](https://github.com/pypa/twine/issues/861) <https://github.com/pypa/twine/issues/861>_)

Bugfixes ^^^^^^^^

• Require a recent version of urllib3. ([#858](https://github.com/pypa/twine/issues/858) <https://github.com/pypa/twine/issues/858>_)

Twine 3.7.1 (2021-12-07)

Improved Documentation ^^^^^^^^^^^^^^^^^^^^^^

• Fix broken link to packaging tutorial. ([#844](https://github.com/pypa/twine/issues/844) <https://github.com/pypa/twine/issues/844>_)

Twine 3.7.0 (2021-12-01)

Features

... (truncated)

• 36695ab Update changelog for 4.0.0 (#888)
• 4931a2a Make missing long_description check more flexible (#887)
• 7cd0b23 Subclass StringIO for _WarningStream. (#886)
• aa7c047 Update sampleproject fixture (#885)
• a6dd69c Adopt Python 3.7+ syntax (#882)
• a0ba32d Drop support for Python 3.6 (#869)
• 55652f0 Replace tqdm with Rich for progress bar (#877)
• c506b22 Filter unnecessary deps from User-Agent string (#871)
• a9e9cd6 Fix detection of FIPS mode for blake2b (#879)
• f69d4b7 Use Rich for print() output (#878)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pytest's releases.

7.1.1

pytest 7.1.1 (2022-03-17)

Bug Fixes

• #9767: Fixed a regression in pytest 7.1.0 where some conftest.py files outside of the source tree (e.g. in the [site-packages]{.title-ref} directory) were not picked up.

7.1.0

pytest 7.1.0 (2022-03-13)

Breaking Changes

• #8838: As per our policy, the following features have been deprecated in the 6.X series and are now removed:

  • pytest._fillfuncargs function.
  • pytest_warning_captured hook - use pytest_warning_recorded instead.
  • -k -foobar syntax - use -k 'not foobar' instead.
  • -k foobar: syntax.
  • pytest.collect module - import from pytest directly.

  For more information consult Deprecations and Removals in the docs.

• #9437: Dropped support for Python 3.6, which reached end-of-life at 2021-12-23.

Improvements

• #5192: Fixed test output for some data types where -v would show less information.

  Also, when showing diffs for sequences, -q would produce full diffs instead of the expected diff.

• #9362: pytest now avoids specialized assert formatting when it is detected that the default __eq__ is overridden in attrs or dataclasses.

• #9536: When -vv is given on command line, show skipping and xfail reasons in full instead of truncating them to fit the terminal width.

• #9644: More information about the location of resources that led Python to raise ResourceWarning{.interpreted-text role="class"} can now be obtained by enabling tracemalloc{.interpreted-text role="mod"}.

  See resource-warnings{.interpreted-text role="ref"} for more information.

• #9678: More types are now accepted in the ids argument to @pytest.mark.parametrize. Previously only [str]{.title-ref}, [float]{.title-ref}, [int]{.title-ref} and [bool]{.title-ref} were accepted; now [bytes]{.title-ref}, [complex]{.title-ref}, [re.Pattern]{.title-ref}, [Enum]{.title-ref} and anything with a [__name__]{.title-ref} are also accepted.

• #9692: pytest.approx{.interpreted-text role="func"} now raises a TypeError{.interpreted-text role="class"} when given an unordered sequence (such as set{.interpreted-text role="class"}).

  Note that this implies that custom classes which only implement __iter__ and __len__ are no longer supported as they don't guarantee order.

... (truncated)

• 0ffe9e0 Prepare release version 7.1.1
• 6f2c1ec Merge pull request #9784 from pytest-dev/backport-9768-to-7.1.x
• a65c47a Merge pull request #9783 from pytest-dev/backport-9780-to-7.1.x
• 30d995e [pre-commit.ci] auto fixes from pre-commit.com hooks
• 10a14d1 [7.1.x] testing: fix tests when run under -v or -vv
• f4cfc59 [pre-commit.ci] auto fixes from pre-commit.com hooks
• f1df807 [7.1.x] config: restore pre-pytest 7.1.0 confcutdir exclusion behavior
• 7d4d1ec Merge pull request #9758 from pytest-dev/release-7.1.0
• 1dbffcc [pre-commit.ci] auto fixes from pre-commit.com hooks
• d53a5fb Prepare release version 7.1.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pytest's releases.

7.1.0

pytest 7.1.0 (2022-03-13)

Breaking Changes

• #8838: As per our policy, the following features have been deprecated in the 6.X series and are now removed:

  • pytest._fillfuncargs function.
  • pytest_warning_captured hook - use pytest_warning_recorded instead.
  • -k -foobar syntax - use -k 'not foobar' instead.
  • -k foobar: syntax.
  • pytest.collect module - import from pytest directly.

  For more information consult Deprecations and Removals in the docs.

• #9437: Dropped support for Python 3.6, which reached end-of-life at 2021-12-23.

Improvements

• #5192: Fixed test output for some data types where -v would show less information.

  Also, when showing diffs for sequences, -q would produce full diffs instead of the expected diff.

• #9362: pytest now avoids specialized assert formatting when it is detected that the default __eq__ is overridden in attrs or dataclasses.

• #9536: When -vv is given on command line, show skipping and xfail reasons in full instead of truncating them to fit the terminal width.

• #9644: More information about the location of resources that led Python to raise ResourceWarning{.interpreted-text role="class"} can now be obtained by enabling tracemalloc{.interpreted-text role="mod"}.

  See resource-warnings{.interpreted-text role="ref"} for more information.

• #9678: More types are now accepted in the ids argument to @pytest.mark.parametrize. Previously only [str]{.title-ref}, [float]{.title-ref}, [int]{.title-ref} and [bool]{.title-ref} were accepted; now [bytes]{.title-ref}, [complex]{.title-ref}, [re.Pattern]{.title-ref}, [Enum]{.title-ref} and anything with a [__name__]{.title-ref} are also accepted.

• #9692: pytest.approx{.interpreted-text role="func"} now raises a TypeError{.interpreted-text role="class"} when given an unordered sequence (such as set{.interpreted-text role="class"}).

  Note that this implies that custom classes which only implement __iter__ and __len__ are no longer supported as they don't guarantee order.

Bug Fixes

• #8242: The deprecation of raising unittest.SkipTest{.interpreted-text role="class"} to skip collection of tests during the pytest collection phase is reverted - this is now a supported feature again.
• #9493: Symbolic link components are no longer resolved in conftest paths. This means that if a conftest appears twice in collection tree, using symlinks, it will be executed twice.

... (truncated)

• 1dbffcc [pre-commit.ci] auto fixes from pre-commit.com hooks
• d53a5fb Prepare release version 7.1.0
• d306ec0 Update upcoming trainings (#9744)
• 3e4c14b Merge pull request #9751 from fabianegli/main
• 7f924b1 Fix typo in deprecation documentation
• 4a8f8ad build(deps): Bump django from 4.0.2 to 4.0.3 in /testing/plugins_integration ...
• c0fd2d8 build(deps): Bump pytest-asyncio from 0.18.1 to 0.18.2 in /testing/plugins_in...
• 843e018 Merge pull request #9732 from nicoddemus/9730-toml-failure
• bc43d66 [automated] Update plugin list (#9733)
• e38d1ca Improve error message for malformed pyproject.toml files
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from twine's releases.

4.0.2

https://pypi.org/project/twine/4.0.2/

Changelog

4.0.1

https://pypi.org/project/twine/4.0.1/

Changelog

4.0.0

https://pypi.org/project/twine/4.0.0/

Changelog

3.8.0

https://pypi.org/project/twine/3.8.0/

Changelog

3.7.1

https://pypi.org/project/twine/3.7.1/

Changelog

3.7.0

https://pypi.org/project/twine/3.7.0/

Changelog

3.6.0

https://pypi.org/project/twine/3.6.0/

Changelog

3.5.0

https://pypi.org/project/twine/3.5.0/

Changelog

3.4.2

https://pypi.org/project/twine/3.4.2/

Changelog

Sourced from twine's changelog.

Twine 4.0.2 (2022-11-30)

Bugfixes ^^^^^^^^

• Remove deprecated function to fix twine check with pkginfo 1.9.0. ([#941](https://github.com/pypa/twine/issues/941) <https://github.com/pypa/twine/issues/941>_)

Twine 4.0.1 (2022-06-01)

Bugfixes ^^^^^^^^

• Improve logging when keyring fails. ([#890](https://github.com/pypa/twine/issues/890) <https://github.com/pypa/twine/issues/890>_)
• Reconfgure root logger to show all log messages. ([#896](https://github.com/pypa/twine/issues/896) <https://github.com/pypa/twine/issues/896>_)

Twine 4.0.0 (2022-03-31)

Features ^^^^^^^^

• Drop support for Python 3.6. ([#869](https://github.com/pypa/twine/issues/869) <https://github.com/pypa/twine/issues/869>_)
• Use Rich to add color to upload output. ([#851](https://github.com/pypa/twine/issues/851) <https://github.com/pypa/twine/issues/851>_)
• Use Rich to add color to check output. ([#874](https://github.com/pypa/twine/issues/874) <https://github.com/pypa/twine/issues/874>_)
• Use Rich instead of tqdm for upload progress bar. ([#877](https://github.com/pypa/twine/issues/877) <https://github.com/pypa/twine/issues/877>_)

Bugfixes ^^^^^^^^

• Remove Twine's dependencies from the User-Agent header when uploading. ([#871](https://github.com/pypa/twine/issues/871) <https://github.com/pypa/twine/issues/871>_)
• Improve detection of disabled BLAKE2 hashing due to FIPS mode. ([#879](https://github.com/pypa/twine/issues/879) <https://github.com/pypa/twine/issues/879>_)
• Restore warning for missing long_description. ([#887](https://github.com/pypa/twine/issues/887) <https://github.com/pypa/twine/issues/887>_)

Twine 3.8.0 (2022-02-02)

Features ^^^^^^^^

• Add --verbose logging for querying keyring credentials. ([#849](https://github.com/pypa/twine/issues/849) <https://github.com/pypa/twine/issues/849>_)
• Log all upload responses with --verbose. ([#859](https://github.com/pypa/twine/issues/859) <https://github.com/pypa/twine/issues/859>_)
• Show more helpful error message for invalid metadata. ([#861](https://github.com/pypa/twine/issues/861) <https://github.com/pypa/twine/issues/861>_)

... (truncated)

• 75c3d86 Release 4.0.2 (#946)
• 5b5d081 Fix twine( check) with the newly released pkginfo 1.9. (#941)
• 717ae3d Fix failing CI (#943)
• bb51e46 Remove unused mypy ignores (#927)
• 8f5e5d6 Update changelog for 4.0.1 (#904)
• 62f3c67 Log keyring tracebacks (#890)
• d30df70 Update links to requests docs (#899)
• 5525a2a Restore missing __main__ logs (#896)
• b0b932f Fix typos in tests (#898)
• 4223ee1 Require latest version of readme_renderer (#892)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b9a7794 Release 6.0.0
• b5cac87 Merge pull request #1748 from PyCQA/upgrade-pyflakes
• 489be4d upgrade pyflakes to 3.0.0
• 8c06197 Merge pull request #1746 from PyCQA/bump-pycodestyle
• 047e6f8 upgrade pycodestyle to 2.10
• 647996c Merge pull request #1744 from PyCQA/pre-commit-ci-update-config
• 646ad20 [pre-commit.ci] pre-commit autoupdate
• b87034d Merge pull request #1741 from PyCQA/drop-py37
• aa002ee require python 3.8.1+
• 16c371d Merge pull request #1739 from PyCQA/remove-optparse
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

How often will the code scanning analysis run?

By default, code scanning will trigger a scan with the CodeQL engine on the following events:

• On every pull request — to flag up potential security problems for you to investigate before merging a PR.
• On every push to your default branch and other protected branches — this keeps the analysis results on your repository’s Security tab up to date.
• Once a week at a fixed time — to make sure you benefit from the latest updated security analysis even when no code was committed or PRs were opened.

What will this cost?

Nothing! The CodeQL engine will run inside GitHub Actions, making use of your unlimited free compute minutes for public repositories.

What types of problems does CodeQL find?

The CodeQL engine that powers GitHub code scanning is the exact same engine that powers LGTM.com. The exact set of rules has been tweaked slightly, but you should see almost exactly the same types of alerts as you were used to on LGTM.com: we’ve enabled the security-and-quality query suite for you.

How do I upgrade my CodeQL engine?

No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.

The analysis doesn’t seem to be working

If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, please follow the instructions here to debug the analysis.

How do I disable LGTM.com?

If you have LGTM’s automatic pull request analysis enabled, then you can follow these steps to disable the LGTM pull request analysis. You don’t actually need to remove your repository from LGTM.com; it will automatically be removed in the next few months as part of the deprecation of LGTM.com (more info here).

Which source code hosting platforms does code scanning support?

GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.

How do I know this PR is legitimate?

This PR is filed by the official LGTM.com GitHub App, in line with the deprecation timeline that was announced on the official GitHub Blog. The proposed GitHub Action workflow uses the official open source GitHub CodeQL Action. If you have any other questions or concerns, please join the discussion here in the official GitHub community!

I have another question / how do I get in touch?

Please join the discussion here to ask further questions and send us suggestions!

Sourced from pytest's releases.

7.2.0

pytest 7.2.0 (2022-10-23)

Deprecations

• #10012: Update pytest.PytestUnhandledCoroutineWarning{.interpreted-text role="class"} to a deprecation; it will raise an error in pytest 8.

• #10396: pytest no longer depends on the py library. pytest provides a vendored copy of py.error and py.path modules but will use the py library if it is installed. If you need other py.* modules, continue to install the deprecated py library separately, otherwise it can usually be removed as a dependency.

• #4562: Deprecate configuring hook specs/impls using attributes/marks.

  Instead use :pypytest.hookimpl{.interpreted-text role="func"} and :pypytest.hookspec{.interpreted-text role="func"}. For more details, see the docs <legacy-path-hooks-deprecated>{.interpreted-text role="ref"}.

• #9886: The functionality for running tests written for nose has been officially deprecated.

  This includes:

  • Plain setup and teardown functions and methods: this might catch users by surprise, as setup() and teardown() are not pytest idioms, but part of the nose support.
  • Setup/teardown using the @​with_setup decorator.

  For more details, consult the deprecation docs <nose-deprecation>{.interpreted-text role="ref"}.

Features

• #9897: Added shell-style wildcard support to testpaths.

Improvements

• #10218: @pytest.mark.parametrize() (and similar functions) now accepts any Sequence[str] for the argument names, instead of just list[str] and tuple[str, ...].

  (Note that str, which is itself a Sequence[str], is still treated as a comma-delimited name list, as before).

• #10381: The --no-showlocals flag has been added. This can be passed directly to tests to override --showlocals declared through addopts.

• #3426: Assertion failures with strings in NFC and NFD forms that normalize to the same string now have a dedicated error message detailing the issue, and their utf-8 representation is expresed instead.

• #7337: A warning is now emitted if a test function returns something other than [None]{.title-ref}. This prevents a common mistake among beginners that expect that returning a [bool]{.title-ref} (for example [return foo(a, b) == result]{.title-ref}) would cause a test to pass or fail, instead of using [assert]{.title-ref}.

• #8508: Introduce multiline display for warning matching via :pypytest.warns{.interpreted-text role="func"} and enhance match comparison for :py_pytest._code.ExceptionInfo.match{.interpreted-text role="func"} as returned by :pypytest.raises{.interpreted-text role="func"}.

• #8646: Improve :pypytest.raises{.interpreted-text role="func"}. Previously passing an empty tuple would give a confusing error. We now raise immediately with a more helpful message.

• #9741: On Python 3.11, use the standard library's tomllib{.interpreted-text role="mod"} to parse TOML.

  tomli{.interpreted-text role="mod"}` is no longer a dependency on Python 3.11.

• #9742: Display assertion message without escaped newline characters with -vv.

• #9823: Improved error message that is shown when no collector is found for a given file.

... (truncated)

• 3af3f56 Prepare release version 7.2.0
• bc2c3b6 Merge pull request #10408 from NateMeyvis/patch-2
• d84ed48 Merge pull request #10409 from pytest-dev/asottile-patch-1
• ffe49ac Merge pull request #10396 from pytest-dev/pylib-hax
• d352098 allow jobs to pass if codecov.io fails
• c5c562b Fix typos in CONTRIBUTING.rst
• d543a45 add deprecation changelog for py library vendoring
• f341a5c Merge pull request #10407 from NateMeyvis/patch-1
• 1027dc8 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 6b905ee Add note on tags to CONTRIBUTING.rst
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pytest-cov's changelog.

4.0.0 (2022-09-28)

Note that this release drops support for multiprocessing.

• --cov-fail-under no longer causes pytest --collect-only to fail Contributed by Zac Hatfield-Dodds in [#511](https://github.com/pytest-dev/pytest-cov/issues/511) <https://github.com/pytest-dev/pytest-cov/pull/511>_.

• Dropped support for multiprocessing (mostly because issue 82408 <https://github.com/python/cpython/issues/82408>_). This feature was mostly working but very broken in certain scenarios and made the test suite very flaky and slow.

  There is builtin multiprocessing support in coverage and you can migrate to that. All you need is this in your .coveragerc::

  [run] concurrency = multiprocessing parallel = true sigterm = true

• Fixed deprecation in setup.py by trying to import setuptools before distutils. Contributed by Ben Greiner in [#545](https://github.com/pytest-dev/pytest-cov/issues/545) <https://github.com/pytest-dev/pytest-cov/pull/545>_.

• Removed undesirable new lines that were displayed while reporting was disabled. Contributed by Delgan in [#540](https://github.com/pytest-dev/pytest-cov/issues/540) <https://github.com/pytest-dev/pytest-cov/pull/540>_.

• Documentation fixes. Contributed by Andre Brisco in [#543](https://github.com/pytest-dev/pytest-cov/issues/543) <https://github.com/pytest-dev/pytest-cov/pull/543>_ and Colin O'Dell in [#525](https://github.com/pytest-dev/pytest-cov/issues/525) <https://github.com/pytest-dev/pytest-cov/pull/525>_.

• Added support for LCOV output format via --cov-report=lcov. Only works with coverage 6.3+. Contributed by Christian Fetzer in [#536](https://github.com/pytest-dev/pytest-cov/issues/536) <https://github.com/pytest-dev/pytest-cov/issues/536>_.

• Modernized pytest hook implementation. Contributed by Bruno Oliveira in [#549](https://github.com/pytest-dev/pytest-cov/issues/549) <https://github.com/pytest-dev/pytest-cov/pull/549>_ and Ronny Pfannschmidt in [#550](https://github.com/pytest-dev/pytest-cov/issues/550) <https://github.com/pytest-dev/pytest-cov/pull/550>_.

3.0.0 (2021-10-04)

Note that this release drops support for Python 2.7 and Python 3.5.

• Added support for Python 3.10 and updated various test dependencies. Contributed by Hugo van Kemenade in [#500](https://github.com/pytest-dev/pytest-cov/issues/500) <https://github.com/pytest-dev/pytest-cov/pull/500>_.
• Switched from Travis CI to GitHub Actions. Contributed by Hugo van Kemenade in [#494](https://github.com/pytest-dev/pytest-cov/issues/494) <https://github.com/pytest-dev/pytest-cov/pull/494>_ and [#495](https://github.com/pytest-dev/pytest-cov/issues/495) <https://github.com/pytest-dev/pytest-cov/pull/495>_.
• Add a --cov-reset CLI option. Contributed by Danilo Šegan in [#459](https://github.com/pytest-dev/pytest-cov/issues/459) <https://github.com/pytest-dev/pytest-cov/pull/459>_.
• Improved validation of --cov-fail-under CLI option. Contributed by ... Ronny Pfannschmidt's desire for skark in [#480](https://github.com/pytest-dev/pytest-cov/issues/480) <https://github.com/pytest-dev/pytest-cov/pull/480>_.
• Dropped Python 2.7 support.

... (truncated)

• 28db055 Bump version: 3.0.0 → 4.0.0
• 57e9354 Really update the changelog.
• 56b810b Update chagelog.
• f7fced5 Add support for LCOV output
• 1211d31 Fix flake8 error
• b077753 Use modern approach to specify hook options
• 00713b3 removed incorrect docs on data_file.
• b3dda36 Improve workflow with a collecting status check. (#548)
• 218419f Prevent undesirable new lines to be displayed when report is disabled
• 60b73ec migrate build command from distutils to setuptools
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from bandit's releases.

1.7.4

What's Changed

• Fix traceback in hashlib_insecure_functions by @​ericwb in PyCQA/bandit#834
• Add version 1.7.3 to dropdown by @​ericwb in PyCQA/bandit#833
• core/config: Fix ConfigError missing argument if toml is missing by @​Holzhaus in PyCQA/bandit#845
• Add 1.7.4 in issue template by @​ericwb in PyCQA/bandit#846

New Contributors

• @​Holzhaus made their first contribution in PyCQA/bandit#845

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.3...1.7.4

1.7.3

What's Changed

• Rely on toml conditionally by @​sigmavirus24 in PyCQA/bandit#780
• Update issue template with latest versions by @​ericwb in PyCQA/bandit#783
• Delete release-drafter.yml by @​ericwb in PyCQA/bandit#781
• Use released version of gh-action-pypi-publish by @​ericwb in PyCQA/bandit#784
• Update publish-to-pypi.yml by @​ericwb in PyCQA/bandit#785
• Delete releasenotes directory (more openstack leftovers) by @​ericwb in PyCQA/bandit#786
• [docs] Add Getting Started chapter (migrate from README) by @​bittner in PyCQA/bandit#773
• Including CWE information by @​julianthome in PyCQA/bandit#613
• Removal of the CWEMAP dict by @​ericwb in PyCQA/bandit#789
• Fix up warnings in output of tox by @​ericwb in PyCQA/bandit#793
• Avoid printing metrics as float point numbers by @​ericwb in PyCQA/bandit#794
• Add functional test of snmp_security_check by @​ericwb in PyCQA/bandit#791
• Disable individual tests by @​mikespallino in PyCQA/bandit#597
• Change up how CWE is formatted by @​ericwb in PyCQA/bandit#788
• Check value of usedforsecurity for hashlib by @​ericwb in PyCQA/bandit#798
• Remove redundant Python 3.6 code by @​ericwb in PyCQA/bandit#802
• Add new plugin to check use of pyghmi by @​ericwb in PyCQA/bandit#803
• Check for hardcoded passwords in class attributes by @​noliverio in PyCQA/bandit#766
• Better hashlib check for Python 3.9 by @​ericwb in PyCQA/bandit#805
• Fix references to the default branch name by @​ericwb in PyCQA/bandit#810
• Cleanup the README by @​ericwb in PyCQA/bandit#809
• Show usage with no arguments by @​ericwb in PyCQA/bandit#814
• Respect color environment variables if set by @​ericwb in PyCQA/bandit#813
• Cannot seek stdin on pipe by @​tylerwince in PyCQA/bandit#496
• Test on operating systems we can support by @​ericwb in PyCQA/bandit#804
• Fix up some warnings and errors in docs by @​ericwb in PyCQA/bandit#817
• Fix root doc for readthedocs by @​ericwb in PyCQA/bandit#818
• Use versioned links to docs by @​ericwb in PyCQA/bandit#819
• Use CWE link in HTML formatter by @​ericwb in PyCQA/bandit#825
• Improve performance of linerange by @​Krock21rus in PyCQA/bandit#629
• Inaccurate message in hashlib check by @​ericwb in PyCQA/bandit#827
• Target Python >= 3.7 in pre-commit hooks by @​mkniewallner in PyCQA/bandit#830
• Center the bandit logo in readme by @​ericwb in PyCQA/bandit#823
• Build of artifact fails if raw directive used by @​ericwb in PyCQA/bandit#831

New Contributors

... (truncated)

• 1ed7906 Add 1.7.4 in issue template (#846)
• 71bc67c core/config: Fix ConfigError missing argument if toml is missing (#845)
• fcde9b5 Add version 1.7.3 to dropdown (#833)
• fbaf2ce Fix traceback in hashlib_insecure_functions (#834)
• 20a0510 Build of artifact fails if raw directive used (#831)
• d8c7e3c Center the bandit logo in readme (#823)
• a65ae17 Target Python >= 3.7 in pre-commit hooks (#830)
• 09a6ace Inaccurate message in hashlib check (#827)
• 8bad6fa Improve performance of linerange (#629)
• 528c540 Use CWE link in HTML formatter (#825)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)