chore: update pre-commit

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
asottile/pyupgrade	repository	patch	v3.15.1 -> v3.15.2
astral-sh/ruff-pre-commit	repository	minor	v0.2.2 -> v0.3.4
myint/autoflake	repository	patch	v2.3.0 -> v2.3.1
psf/black	repository	minor	24.2.0 -> 24.3.0
python-poetry/poetry	repository	minor	1.7.1 -> 1.8.2

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

asottile/pyupgrade (asottile/pyupgrade)

v3.15.2

Compare Source

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.3.4

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/v0.3.4

v0.3.3

Compare Source

v0.3.2

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/v0.3.2

v0.3.1

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/v0.3.1

v0.3.0

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/v0.3.0

myint/autoflake (myint/autoflake)

v2.3.1

Compare Source

What's Changed

• Update pre-commit config by @​fsouza in https://github.com/PyCQA/autoflake/pull/295
• github/workflows/main: use pre-commit/action by @​fsouza in https://github.com/PyCQA/autoflake/pull/297
• Always set encoding when reading setup.cfg by @​fsouza in https://github.com/PyCQA/autoflake/pull/296
• Bump to v2.3.1 by @​fsouza in https://github.com/PyCQA/autoflake/pull/298

Full Changelog: PyCQA/autoflake@v2.3.0...v2.3.1

psf/black (psf/black)

v24.3.0

Compare Source

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#​4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
  of Black would incorrectly format the contents of certain unusual f-strings containing
  nested strings with the same quote type. Now, Black will crash on such strings until
  support for the new f-string syntax is implemented. (#​4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected
  (#​4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab
  characters. This fixes
  CVE-2024-21503.
  (#​4278)

Documentation

• Note what happens when --check is used with --quiet (#​4236)

python-poetry/poetry (python-poetry/poetry)

v1.8.2

Compare Source

Fixed

• Harden lazy-wheel error handling if the index server is behaving badly in an unexpected way (#​9051).
• Improve lazy-wheel error handling if the index server does not handle HTTP range requests correctly (#​9082).
• Improve lazy-wheel error handling if the index server pretends to support HTTP range requests but does not respect them (#​9084).
• Improve lazy-wheel to allow redirects for HEAD requests (#​9087).
• Improve debug logging for lazy-wheel errors (#​9059).
• Fix an issue where the hash of a metadata file could not be calculated correctly due to an encoding issue (#​9048).
• Fix an issue where poetry add failed in non-package mode if no project name was set (#​9046).
• Fix an issue where a hint to non-package mode was not compliant with the final name of the setting (#​9073).

v1.8.1

Compare Source

Fixed

• Update the minimum required version of packaging (#​9031).
• Handle unexpected responses from servers that do not support HTTP range requests with negative offsets more robust (#​9030).

Docs

• Rename master branch to main (#​9022).

v1.8.0

Compare Source

Added

• Add a non-package mode for use cases where Poetry is only used for dependency management (#​8650).
• Add support for PEP 658 to fetch metadata without having to download wheels (#​5509).
• Add a lazy-wheel config option (default: true) to reduce wheel downloads during dependency resolution (#​8815,
  #​8941).
• Improve performance of dependency resolution by using shallow copies instead of deep copies (#​8671).
• poetry check validates that no unknown sources are referenced in dependencies (#​8709).
• Add archive validation during installation for further hash algorithms (#​8851).
• Add a to key in tool.poetry.packages to allow custom subpackage names (#​8791).
• Add a config option to disable keyring (#​8910).
• Add a --sync option to poetry update (#​8931).
• Add an --output option to poetry build (#​8828).
• Add a --dist-dir option to poetry publish (#​8828).

Changed

• The implicit PyPI source is disabled if at least one primary source is configured (#​8771).
• Deprecate source priority default (#​8771).
• Upgrade the warning about an inconsistent lockfile to an error (#​8737).
• Deprecate setting installer.modern-installation to false (#​8988).
• Drop support for pip<19 (#​8894).
• Require requests-toolbelt>=1 (#​8680).
• Allow platformdirs 4.x (#​8668).
• Allow and require xattr 1.x on macOS (#​8801).
• Improve venv shell activation in fish (#​8804).
• Rename system to base in output of poetry env info (#​8832).
• Use pretty name in output of poetry version (#​8849).
• Improve error handling for invalid entries in tool.poetry.scripts (#​8898).
• Improve verbose output for dependencies with extras during dependency resolution (#​8834).
• Improve message about an outdated lockfile (#​8962).

Fixed

• Fix an issue where poetry shell failed when Python has been installed with MSYS2 (#​8644).
• Fix an issue where Poetry commands failed in a terminal with a non-UTF-8 encoding (#​8608).
• Fix an issue where a missing project name caused an incomprehensible error message (#​8691).
• Fix an issue where Poetry failed to install an sdist path dependency (#​8682).
• Fix an issue where poetry install failed because an unused extra was not available (#​8548).
• Fix an issue where poetry install --sync did not remove an unrequested extra (#​8621).
• Fix an issue where poetry init did not allow specific characters in the author field (#​8779).
• Fix an issue where Poetry could not download sdists from misconfigured servers (#​8701).
• Fix an issue where metadata of sdists that call CLI tools of their build requirements could not be determined (#​8827).
• Fix an issue where Poetry failed to use the currently activated environment (#​8831).
• Fix an issue where poetry shell failed in zsh if a space was in the venv path (#​7245).
• Fix an issue where scripts with extras could not be installed (#​8900).
• Fix an issue where explicit sources where not propagated correctly (#​8835).
• Fix an issue where debug prints where swallowed when using a build script (#​8760).
• Fix an issue where explicit sources of locked dependencies where not propagated correctly (#​8948).
• Fix an issue where Poetry's own environment was falsely identified as system environment (#​8970).
• Fix an issue where dependencies from a setup.py were ignored silently (#​9000).
• Fix an issue where environment variables for virtualenv.options were ignored (#​9015).
• Fix an issue where virtualenvs.options.no-pip and virtualenvs.options.no-setuptools were not normalized (#​9015).

Docs

• Replace deprecated --no-dev with --without dev in the FAQ (#​8659).
• Recommend poetry-check instead of the deprecated poetry-lock pre-commit hook (#​8675).
• Clarify the names of the environment variables to provide credentials for repositories (#​8782).
• Add note how to install several version of Poetry in parallel (#​8814).
• Improve description of poetry show --why (#​8817).
• Improve documentation of poetry update (#​8706).
• Add a warning about passing variables that may start with a hyphen via command line (#​8850).
• Mention that the virtual environment in which Poetry itself is installed should not be activated (#​8833).
• Add note about poetry run and externally managed environments (#​8748).
• Update FAQ entry about tox for tox 4.x (#​8658).
• Fix documentation for default format option for include and exclude value (#​8852).
• Add note about tox and configured credentials (#​8888).
• Add note and link how to install pipx (#​8878).
• Fix examples for poetry add with git dependencies over ssh (#​8911).
• Remove reference to deprecated scripts extras feature (#​8903).
• Change examples to prefer --only main instead of --without dev (#​8921).
• Mention that the develop attribute is a Poetry-specific feature and not propagated to other tools (#​8971).
• Fix examples for adding supplemental and secondary sources (#​8953).
• Add PyTorch example for explicit sources (#​9006).

poetry-core (1.9.0)

• Deprecate scripts that depend on extras (#​690).
• Add support for path dependencies that do not define a build system (#​675).
• Update list of supported licenses (#​659,
  #​669,
  #​678,
  #​694).
• Rework list of files included in build artifacts (#​666).
• Fix an issue where insignificant errors were printed if the working directory is not inside a git repository (#​684).
• Fix an issue where the project's directory was not recognized as git repository on Windows due to an encoding issue (#​685).

---

Configuration

📅 Schedule: Branch creation - "on the 1st day of the month" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.