• 181bb46 Release 3.8.3
• 3d68da9 Merge branch 'doctests-flag-desc' into 'master'
• e817c63 Help clarify the option behaviour
• b6d3fca Merge branch 'issues/665' into 'master'
• 9b8f908 fix JobsArgument --help output
• 94304de Merge branch 'issue-662' into 'master'
• a68d4d0 processor: Catch SyntaxError also when generating tokens for a file
• 4071645 Release 3.8.2
• b9fe4d6 Merge branch 'extend_exclude_is_files' into 'master'
• 31c2f9f treat --extend-exclude as a file list
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from flake8-comprehensions's changelog.

3.2.3 (2020-06-06)

• Made C408 only apply when no arguments are passed to dict/list/tuple.

• 37d2357 Version 3.2.3
• 0fe98a5 Made C408 only apply when no arguments are passed (#250)
• e5536fe Upgrade requirements (#248)
• 48a307d Test with Python 3.9 (#246)
• 35e975e Add Twitter link to project_urls (#245)
• 8a40194 Stop including changelog in PyPI description (#244)
• a55f1f8 Make GitHub Actions run on every PR (#243)
• acb34ce Make version test use regex (#242)
• bb3902c Improve version test (#241)
• 03c1dcf Upgrade requirements (#240)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from typeguard's changelog.

Version history

This library adheres to Semantic Versioning 2.0.

UNRELEASED

• Added support for nested Literal
• An appropriate TypeError is now raised when encountering an illegal Literal value
• Fixed checking NoReturn on Python < 3.8 when typing_extensions was not installed

2.9.1 (2020-06-07)

• Fixed ImportError on Python < 3.8 when typing_extensions was not installed

2.9.0 (2020-06-06)

• Upped the minimum Python version from 3.5.2 to 3.5.3
• Added support for typing.NoReturn
• Added full support for typing_extensions (now equivalent to support of the typing module)
• Added the option of supplying check_type() with globals/locals for correct resolution of forward references
• Fixed erroneous TypeError when trying to check against non-runtime typing.Protocol (skips the check for now until a proper compatibility check has been implemented)
• Fixed forward references in TypedDict not being resolved
• Fixed checking against recursive types

2.8.0 (2020-06-02)

• Added support for the Mock and MagicMock types (PR by prescod)
• Added support for typing_extensions.Literal (PR by Ryan Rowe)
• Fixed unintended wrapping of untyped generators (PR by prescod)
• Fixed checking against bound type variables with check_type() without a call memo
• Fixed error message when checking against a Union containing a Literal

2.7.1 (2019-12-27)

• Fixed @typechecked returning None when called with always=True and Python runs in optimized mode
• Fixed performance regression introduced in v2.7.0 (the getattr_static() call was causing a 3x slowdown)

2.7.0 (2019-12-10)

• Added support for typing.Protocol subclasses
• Added support for typing.AbstractSet
• Fixed the handling of total=False in TypedDict
• Fixed no error reported on unknown keys with TypedDict
• Removed support of default values in TypedDict, as they are not supported in the spec

2.6.1 (2019-11-17)

• Fixed import errors when using the import hook and trying to import a module that has both a module docstring and __future__ imports in it
• Fixed AttributeError when using @typechecked on a metaclass

... (truncated)

• 0c7d1e7 Fixed ImportError on py3.7 and lower
• 0cdef35 Added release date
• 1b6edbd Fixed coverage calculation
• 068e7b3 Enabled coveralls parallel build reporting
• d644257 Don't test against PyPy3 on Travis
• ffe26f1 Bumped the minimum Python version to 3.5.3
• 4131c4e Added the globals and locals arguments to check_type()
• 71f0950 Added function annotation for isinstance() in the user guide
• c6fa51c Improved support for typing_extensions
• 04707f7 Removed conditional import of typing.Type
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from eslint-plugin-import's changelog.

[2.21.1] - 2020-06-07

Fixed

• TypeScript: [import/named]: avoid requiring typescript when not using TS (#1805, thanks [@ljharb])

[2.21.0] - 2020-06-07

Added

• [import/default]: support default export in TSExportAssignment (#1528, thanks [@joaovieira])
• [no-cycle]: add ignoreExternal option (#1681, thanks [@sveyret])
• [order]: Add support for TypeScript's "import equals"-expressions (#1785, thanks [@manuth])
• [import/default]: support default export in TSExportAssignment (#1689, thanks [@Maxim-Mazurok])
• [no-restricted-paths]: add custom message support (#1802, thanks [@malykhinvi])

Fixed

• [group-exports]: Flow type export awareness (#1702, thanks [@ernestostifano])
• [order]: Recognize pathGroup config for first group (#1719, #1724, thanks [@forivall], [@xpl])
• [no-unused-modules]: Fix re-export not counting as usage when used in combination with import (#1722, thanks [@Ephem])
• [no-duplicates]: Handle TS import type (#1676, thanks [@kmui2])
• [newline-after-import]: recognize decorators (#1139, thanks [@atos1990])
• [no-unused-modules]: Revert "[flow] no-unused-modules: add flow type support" (#1770, thanks [@Hypnosphi])
• TypeScript: Add nested namespace handling (#1763, thanks [@julien1619])
• [namespace]/ExportMap: Fix interface declarations for TypeScript (#1764, thanks [@julien1619])
• [no-unused-modules]: avoid order-dependence (#1744, thanks [@darkartur])
• [no-internal-modules]: also check export from syntax (#1691, thanks [@adjerbetian])
• TypeScript: [export]: avoid a crash with export = (#1801, thanks [@ljharb])

Changed

• [Refactor] no-extraneous-dependencies: use moduleVisitor (#1735, thanks [@adamborowski])
• TypeScript config: Disable [named][] (#1726, thanks [@astorije])
• [readme] Remove duplicate no-unused-modules from docs (#1690, thanks [@arvigeus])
• [Docs] order: fix bad inline config (#1788, thanks [@nickofthyme])
• [Tests] Add fix for Windows Subsystem for Linux (#1786, thanks [@manuth])
• [Docs] no-unused-rules: Fix docs for unused exports (#1776, thanks [@barbogast])
• [eslint] bump minimum v7 version to v7.2.0

[2.20.2] - 2020-03-28

Fixed

• [order]: fix isExternalModule detect on windows (#1651, thanks [@fisker])
• [order]: recognize ".." as a "parent" path (#1658, thanks [@golopot])
• [no-duplicates]: fix fixer on cases with default import (#1666, thanks [@golopot])
• [no-unused-modules]: Handle export { default } from syntax (#1631, thanks [@richardxia])
• [first]: Add a way to disable absolute-first explicitly (#1664, thanks [@TheCrueltySage])
• [Docs] no-webpack-loader-syntax: Updates webpack URLs (#1751, thanks [@MikeyBeLike])

• 63d2a3f Bump to v2.21.1
• 381b2b5 [Fix] TypeScript: named: avoid requiring typescript when not using TS
• 2699251 Bump to v2.21.0
• d84062e [eslint] bump minimum v7 version to v7.2.0
• 199143c [Deps] update array-includes, array.prototype.flat, `eslint-import-resolv...
• 4ff9b92 [Fix] TypeScript: export: avoid a crash with export =
• 0d6d12e [Tests] add test for export * from a d.ts file
• 0b81052 [New] no-restricted-paths: Add custom message support
• 0b585a1 [New] import/default: support default export in TSExportAssignment
• 0547c7e [Tests] add test case for #1645
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from pytest-randomly's changelog.

3.3.1 (2020-04-15)

• Fix to work when pytest-xdist is not installed or active (PluginValidationError: unknown hook 'pytest_configure_node').

3.3.0 (2020-04-15)

• Add pytest-xdist support. Previously it only worked reliably when setting --randomly-seed explicitly. When not provided, the default seed generated in workers could differ and collection would fail. Now when it is not provided, all xdist worker processes shared the same default seed generated in the master process.

• f7e377b Version 3.3.1
• a4debd6 Fix when xdist not installed or active (#248)
• 98339d3 Note pytest-xdist support in README
• 889c53a Version 3.3.0
• e494af8 Add pytest-xdist support (#245)
• fc8eb59 Upgrade requirements (#244)
• c3022b7 Remove Python 3.9 classifier from setup.cfg (#243)
• f422719 Tidy README badges
• 1023e12 Move CI to GitHub Actions (#241)
• a8f95d1 Upgrade requirements (#240)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from coverage's changelog.

Version 5.1 --- 2020-04-12

• The JSON report now includes counts of covered and missing branches. Thanks, Salvatore Zagaria.
• On Python 3.8, try-finally-return reported wrong branch coverage with decorated async functions (issue 964). This is now fixed. Thanks, Kjell Braden.
• The ~coverage.Coverage.get_option and ~coverage.Coverage.set_option methods can now manipulate the [paths] configuration setting. Thanks to Bernát Gábor for the fix for issue 967.

Version 5.0.4 --- 2020-03-16

• If using the [run] relative_files setting, the XML report will use relative files in the <source> elements indicating the location of source code. Closes issue 948.
• The textual summary report could report missing lines with negative line numbers on PyPy3 7.1 (issue 943). This is now fixed.
• Windows wheels for Python 3.8 were incorrectly built, but are now fixed. (issue 949)
• Updated Python 3.9 support to 3.9a4.
• HTML reports couldn't be sorted if localStorage wasn't available. This is now fixed: sorting works even though the sorting setting isn't retained. (issue 944 and pull request 945). Thanks, Abdeali Kothari.

• b854e61 Remove a no-longer needed wheel pin
• dd11976 Prep for v5.1
• b79005b New JSON info should be reported on individual files also.
• b1194fb Merge pull request #966 from SZVector/json_dump_all_attributes
• 42344f3 Beef up the test for get_option(paths)
• fd43e35 Finish up #967. Thanks, Bernát Gábor
• 97997d2 Merge pull request #969 from gaborbernat/967
• f5eb5f2 Extending jsonreport.py to also include all branch attributes
• 1720459 One clarification
• b890a3d Make the questions heading so they can be linked to
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from sphinx's changelog.

Release 3.0.1 (released Apr 11, 2020)

Incompatible changes

• #7418: std domain: :rst:dir:term role becomes case sensitive

Bugs fixed

• #7428: py domain: a reference to class None emits a nitpicky warning
• #7445: py domain: a return annotation None in the function signature is not converted to a hyperlink when using intersphinx
• #7418: std domain: duplication warning for glossary terms is case insensitive
• #7438: C++, fix merging overloaded functions in parallel builds.
• #7422: autodoc: fails with ValueError when using autodoc_mock_imports
• #7435: autodoc: autodoc_typehints='description' doesn't suppress typehints in signature for classes/methods
• #7451: autodoc: fails with AttributeError when an object returns non-string object as a __doc__ member
• #7423: crashed when giving a non-string object to logger
• #7479: html theme: Do not include xmlns attribute with HTML 5 doctype
• #7426: html theme: Escape some links in HTML templates

Release 3.0.0 (released Apr 06, 2020)

Dependencies

3.0.0b1

• LaTeX: drop dependency on :program:extractbb for image inclusion in Japanese documents as .xbb files are unneeded by :program:dvipdfmx since TeXLive2015 (refs: #6189)
• babel-2.0 or above is available (Unpinned)

Incompatible changes

3.0.0b1

• Drop features and APIs deprecated in 1.8.x
• #247: autosummary: stub files are overwritten automatically by default. see :confval:autosummary_generate_overwrite to change the behavior
• #5923: autodoc: the members of object class are not documented by default when :inherited-members: and :special-members: are given.
• #6830: py domain: meta fields in info-field-list becomes reserved. They are not displayed on output document now

... (truncated)

• 474f9d4 Bump to 3.0.1 final
• 273ece4 Merge pull request #7452 from tk0miya/7451_error_for_non_string_docstring
• 7b902e8 Fix #7451: autodoc: failed with non-string doc member
• ebf2571 Merge pull request #7454 from tk0miya/7445_rtype_annotation_None
• d9d381d Fix #7445: a return annotation None is not converted to a hyperlink
• aca3f82 Merge pull request #7442 from tk0miya/7435_typehints_not_suppressed_for_class
• e9e4aa8 Update CHANGES for PR #7426
• 9add576 Update CHANGES for PR #7449
• d9033a4 Merge pull request #7426 from mgeier/escape-links
• 9ff5b21 Merge pull request #7449 from mitya57/no-xmlns
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from sphinx's changelog.

Release 3.0.0 (released Apr 06, 2020)

Dependencies

3.0.0b1

• LaTeX: drop dependency on :program:extractbb for image inclusion in Japanese documents as .xbb files are unneeded by :program:dvipdfmx since TeXLive2015 (refs: #6189)
• babel-2.0 or above is available (Unpinned)

Incompatible changes

3.0.0b1

• Drop features and APIs deprecated in 1.8.x
• #247: autosummary: stub files are overwritten automatically by default. see :confval:autosummary_generate_overwrite to change the behavior
• #5923: autodoc: the members of object class are not documented by default when :inherited-members: and :special-members: are given.
• #6830: py domain: meta fields in info-field-list becomes reserved. They are not displayed on output document now
• #6417: py domain: doctree of desc_parameterlist has been changed. The argument names, annotations and default values are wrapped with inline node
• The structure of sphinx.events.EventManager.listeners has changed
• Due to the scoping changes for :rst:dir:productionlist some uses of :rst:role:token must be modified to include the scope which was previously ignored.
• #6903: Internal data structure of Python, reST and standard domains have changed. The node_id is added to the index of objects and modules. Now they contains a pair of docname and node_id for cross reference.
• #7276: C++ domain: Non intended behavior is removed such as say_hello_ links to .. cpp:function:: say_hello()
• #7210: js domain: Non intended behavior is removed such as parseInt_ links to .. js:function:: parseInt
• #7229: rst domain: Non intended behavior is removed such as numref_ links to .. rst:role:: numref
• #6903: py domain: Non intended behavior is removed such as say_hello_ links to .. py:function:: say_hello()
• #7246: py domain: Drop special cross reference helper for exceptions, functions and methods
• The C domain has been rewritten, with additional directives and roles. The existing ones are now more strict, resulting in new warnings.
• The attribute sphinx_cpp_tagname in the desc_signature_line node has been renamed to sphinx_line_type.
• #6462: double backslashes in domain directives are no longer replaced by single backslashes as default. A new configuration value

... (truncated)

• 8178597 Bump to 3.0.0 final
• 9a4ab54 Merge 3.0.0b2 CHANGES entries into 3.0.0
• 901e693 Merge 2.4.5 CHANGES entries into 3.0.0
• becc798 test: Fix indentation
• afdcd73 Fix flake8 error
• 231d75b Merge branch '2.x' into 3.0.x
• 223f92b Merge branch '2.4.x' into 2.x
• 44db2b5 Merge pull request #7415 from tk0miya/7409_priority_for_config-inited_handlers
• 18a14e4 Fix #7409: Convert configuration values on late config-inited event
• aa1f7fb Merge pull request #7402 from tk0miya/7401_broken_env-get-outdated
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from eslint-plugin-import's changelog.

[2.20.2] - 2020-03-28

Fixed

• [order]: fix isExternalModule detect on windows (#1651, thanks [@fisker])
• [order]: recognize ".." as a "parent" path (#1658, thanks [@golopot])
• [no-duplicates]: fix fixer on cases with default import (#1666, thanks [@golopot])
• [no-unused-modules]: Handle export { default } from syntax (#1631, thanks [@richardxia])
• [first]: Add a way to disable absolute-first explicitly (#1664, thanks [@TheCrueltySage])

• 71ca88f Bump to v2.20.2
• a618f88 [Tests] pin esquery, due to breaking change in a minor version
• 9c5899e utils: v2.6.0
• efb5f07 [Tests] use babel instead of NODE_PATH
• 1a3a128 [Fix] first: Add a way to disable absolute-first explicitly
• efd6be1 [Fix] no-unused-modules: handle export { default } from syntax
• adbced7 utils: [New] Print more helpful info if parsing fails
• b6242b0 [fix] no-duplicates: fix fixer on cases with default import
• 41aaa18 resolvers/node: [New] add .node extension
• 12971f5 [Fix] order: recognize ".." as a "parent" path
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects bleach

Impact

A mutation XSS affects users calling bleach.clean with all of:

• the svg or math in the allowed/whitelisted tags
• an RCDATA tag (see below) in the allowed/whitelisted tags
• the keyword argument strip=False

Patches

Users are encouraged to upgrade to bleach v3.1.2 or greater.

Workarounds

• modify bleach.clean calls to use strip=True, or not whitelist math or svg tags and one or more of the following tags:

script
noscript
style
</tr></table> ... (truncated)
Affected versions: < 3.1.2

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects bleach

Impact

A mutation XSS affects users calling bleach.clean with noscript and a raw tag (see below) in the allowed/whitelisted tags option.

Patches

v3.1.1

Workarounds

• modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags:

title
textarea
script
style
noembed
noframes
iframe
</tr></table> ... (truncated)
Affected versions: < 3.1.1

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects bleach

Impact

A mutation XSS affects users calling bleach.clean with noscript and a raw tag (see below) in the allowed/whitelisted tags option.

Patches

v3.1.1

Workarounds

• modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags:

title
textarea
script
style
noembed
noframes
iframe
</tr></table> ... (truncated)
Affected versions: < 3.1.1

Sourced from bleach's changelog.

Version 3.1.4 (March 24th, 2020)

Security fixes

• bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).

  Calls to bleach.clean with an allowed tag with an allowed style attribute were vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

  This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar regular expression and should be considered vulnerable too.

  Anyone using Bleach <=v3.1.3 is encouraged to upgrade.

  https://bugzilla.mozilla.org/show_bug.cgi?id=1623633

Backwards incompatible changes

• Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.

Features

None

Bug fixes

None

Version 3.1.3 (March 17th, 2020)

Security fixes

None

Backwards incompatible changes

None

Features

• Add relative link to code of conduct. (#442)

• Drop deprecated 'setup.py test' support. (#507)

... (truncated)

• 6e74a50 Update for v3.1.4 release
• d6018f2 fix bug 1623633
• fc77027 Merge branch 'v3.1.0-branch'
• e4b1c50 Update for v3.1.3 release
• 59cc502 Update for v3.1.2 release
• 3f39d48 add wheel to requirements-dev
• 175f677 fix bug 1621692
• 78a0672 Update for v3.1.2 release
• 7b625ff add wheel to requirements-dev
• e4e9e21 fix bug 1621692
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.