fix(deps) Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
Flask (changelog)	2.2.5 -> 2.3.3					dependencies	minor
Flask-SQLAlchemy (changelog)	3.0.5 -> 3.1.1					dev-dependencies	minor
black (changelog)	23.3.0 -> 23.9.1					dev-dependencies	minor
boto3	1.28.62 -> 1.28.63					dev-dependencies	patch
coverage	7.2.7 -> 7.3.2					dev-dependencies	minor
elasticsearch	8.10.0 -> 8.10.1					dev-dependencies	patch
isort (source, changelog)	5.11.5 -> 5.12.0					dev-dependencies	minor
macisamuele/language-formatters-pre-commit-hooks	v2.10.0 -> v2.11.0					repository	minor
mypy (source, changelog)	1.4.1 -> 1.6.0					dev-dependencies	minor
peewee	3.16.3 -> 3.17.0					dev-dependencies	minor
tox (changelog)	4.8.0 -> 4.11.3					dev-dependencies	minor

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

psf/black (black)

v23.9.1

Compare Source

Due to various issues, the previous release (23.9.0) did not include compiled mypyc
wheels, which make Black significantly faster. These issues have now been fixed, and
this release should come with compiled wheels once again.

There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.

Packaging

• Upgrade to mypy 1.5.1 (#​3864)

Performance

• Store raw tuples instead of NamedTuples in Black's cache, improving performance and
  decreasing the size of the cache (#​3877)

v23.9.0

Compare Source

Preview style

• More concise formatting for dummy implementations (#​3796)
• In stub files, add a blank line between a statement with a body (e.g an
  if sys.version_info > (3, x):) and a function definition on the same level (#​3862)
• Fix a bug whereby spaces were removed from walrus operators within subscript(#​3823)

Configuration

• Black now applies exclusion and ignore logic before resolving symlinks (#​3846)

Performance

• Avoid importing IPython if notebook cells do not contain magics (#​3782)
• Improve caching by comparing file hashes as fallback for mtime and size (#​3821)

Blackd

• Fix an issue in blackd with single character input (#​3558)

Integrations

• Black now has an
  official pre-commit mirror. Swapping
  https://github.com/psf/black to https://github.com/psf/black-pre-commit-mirror in
  your .pre-commit-config.yaml will make Black about 2x faster (#​3828)
• The .black.env folder specified by ENV_PATH will now be removed on the completion
  of the GitHub Action (#​3759)

v23.7.0

Compare Source

Highlights

• Runtime support for Python 3.7 has been removed. Formatting 3.7 code will still be
  supported until further notice (#​3765)

Stable style

• Fix a bug where an illegal trailing comma was added to return type annotations using
  PEP 604 unions (#​3735)
• Fix several bugs and crashes where comments in stub files were removed or mishandled
  under some circumstances (#​3745)
• Fix a crash with multi-line magic comments like type: ignore within parentheses
  (#​3740)
• Fix error in AST validation when Black removes trailing whitespace in a type comment
  (#​3773)

Preview style

• Implicitly concatenated strings used as function args are no longer wrapped inside
  parentheses (#​3640)
• Remove blank lines between a class definition and its docstring (#​3692)

Configuration

• The --workers argument to Black can now be specified via the BLACK_NUM_WORKERS
  environment variable (#​3743)
• .pytest_cache, .ruff_cache and .vscode are now excluded by default (#​3691)
• Fix Black not honouring pyproject.toml settings when running --stdin-filename
  and the pyproject.toml found isn't in the current working directory (#​3719)
• Black will now error if exclude and extend-exclude have invalid data types in
  pyproject.toml, instead of silently doing the wrong thing (#​3764)

Packaging

• Upgrade mypyc from 0.991 to 1.3 (#​3697)
• Remove patching of Click that mitigated errors on Python 3.6 with LANG=C (#​3768)

Parser

• Add support for the new PEP 695 syntax in Python 3.12 (#​3703)

Performance

• Speed up Black significantly when the cache is full (#​3751)
• Avoid importing IPython in a case where we wouldn't need it (#​3748)

Output

• Use aware UTC datetimes internally, avoids deprecation warning on Python 3.12 (#​3728)
• Change verbose logging to exactly mirror Black's logic for source discovery (#​3749)

Blackd

• The blackd argument parser now shows the default values for options in their help
  text (#​3712)

Integrations

• Black is now tested with
  PYTHONWARNDEFAULTENCODING = 1
  (#​3763)
• Update GitHub Action to display black output in the job summary (#​3688)

Documentation

• Add a CITATION.cff file to the root of the repository, containing metadata on how to
  cite this software (#​3723)
• Update the classes and exceptions documentation in Developer reference to match
  the latest code base (#​3755)

boto/boto3 (boto3)

v1.28.63

Compare Source

=======

• api-change:auditmanager: [botocore] This release introduces a new limit to the awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS accounts that can be specified in the assessment scope.
• api-change:autoscaling: [botocore] Update the NotificationMetadata field to only allow visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and DescribeLoadBalancerTargetGroups
• api-change:config: [botocore] Add enums for resource types supported by Config
• api-change:controltower: [botocore] Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
• api-change:customer-profiles: [botocore] Adds sensitive trait to various shapes in Customer Profiles Calculated Attribute API model.
• api-change:ec2: [botocore] This release adds Ubuntu Pro as a supported platform for On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance launches from it.
• api-change:elbv2: [botocore] Update elbv2 client to latest version
• api-change:glue: [botocore] Extending version control support to GitLab and Bitbucket from AWSGlue
• api-change:inspector2: [botocore] Add MacOs ec2 platform support
• api-change:ivs-realtime: [botocore] Update GetParticipant to return additional metadata.
• api-change:lambda: [botocore] Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
• api-change:location: [botocore] This release adds endpoint updates for all AWS Location resource operations.
• api-change:machinelearning: [botocore] This release marks Password field as sensitive
• api-change:pricing: [botocore] Documentation updates for Price List
• api-change:rds: [botocore] This release adds support for adding a dedicated log volume to open-source RDS instances.
• api-change:rekognition: [botocore] Amazon Rekognition introduces support for Custom Moderation. This allows the enhancement of accuracy for detect moderation labels operations by creating custom adapters tuned on customer data.
• api-change:sagemaker: [botocore] Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings support for CanvasAppSettings
• api-change:textract: [botocore] This release adds 9 new APIs for adapter and adapter version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for using adapters.
• api-change:transcribe: [botocore] This release is to enable m4a format to customers
• api-change:workspaces: [botocore] Updated the CreateWorkspaces action documentation to clarify that the PCoIP protocol is only available for Windows bundles.

nedbat/coveragepy (coverage)

v7.3.2

Compare Source

• The coverage lcov command ignored the [report] exclude_lines and
  [report] exclude_also settings (issue 1684). This is now fixed,
  thanks Jacqueline Lee <pull 1685_>.

• Sometimes SQLite will create journal files alongside the coverage.py database
  files. These are ephemeral, but could be mistakenly included when combining
  data files. Now they are always ignored, fixing issue 1605_. Thanks to
  Brad Smith for suggesting fixes and providing detailed debugging.

• On Python 3.12+, we now disable SQLite writing journal files, which should be
  a little faster.

• The new 3.12 soft keyword type is properly bolded in HTML reports.

• Removed the "fullcoverage" feature used by CPython to measure the coverage of
  early-imported standard library modules. CPython stopped using it <88054_>_ in 2021, and it stopped working completely in Python 3.13.

.. _issue 1605:https://github.com/nedbat/coveragepy/issues/16055
.. _issue 1684https://github.com/nedbat/coveragepy/issues/168484
.. _pull 168https://github.com/nedbat/coveragepy/pull/1685685
.. _880https://github.com/python/cpython/issues/880548054

.. _changes_7-3-1:

v7.3.1

Compare Source

• The semantics of stars in file patterns has been clarified in the docs. A
  leading or trailing star matches any number of path components, like a double
  star would. This is different than the behavior of a star in the middle of a
  pattern. This discrepancy was identified by Sviatoslav Sydorenko <starbad_>, who provided patient detailed diagnosis <pull 1650_> and
  graciously agreed to a pragmatic resolution.

• The API docs were missing from the last version. They are now restored <apidocs_>_.

.. _apidocs: https://coverage.readthedocs.io/en/latest/api_coverage.html
.. _starbadhttps://github.com/nedbat/coveragepy/issues/1407#issuecomment-163108520909
.. _pull 165https://github.com/nedbat/coveragepy/pull/1650650

.. _changes_7-3-0:

v7.3.0

Compare Source

• Added a :meth:.Coverage.collect context manager to start and stop coverage
  data collection.

• Dropped support for Python 3.7.

• Fix: in unusual circumstances, SQLite cannot be set to asynchronous mode.
  Coverage.py would fail with the error Safety level may not be changed inside a transaction. This is now avoided, closing issue 1646_. Thanks
  to Michael Bell for the detailed bug report.

• Docs: examples of configuration files now include separate examples for the
  different syntaxes: .coveragerc, pyproject.toml, setup.cfg, and tox.ini.

• Fix: added nosemgrep comments to our JavaScript code so that
  semgrep-based SAST security checks won't raise false alarms about security
  problems that aren't problems.

• Added a CITATION.cff file, thanks to Ken Schackart <pull 1641_>_.

.. _pull 1641:https://github.com/nedbat/coveragepy/pull/16411
.. _issue 1646https://github.com/nedbat/coveragepy/issues/164646

.. _changes_7-2-7:

elastic/elasticsearch-py (elasticsearch)

v8.10.1: 8.10.1

Compare Source

• Removed deprecation warnings when using body parameter (#​2302)
• Fixed some type hints to use covariant Sequence instead of invariant List (#​2324, #​2325)

pycqa/isort (isort)

v5.12.0

Compare Source

• Removed support for Python 3.7
  • Fixed incompatiblity with latest poetry version
  • Added support for directory limitations within built in git hook

macisamuele/language-formatters-pre-commit-hooks (macisamuele/language-formatters-pre-commit-hooks)

v2.11.0

Compare Source

python/mypy (mypy)

v1.6.0

Compare Source

v1.5.1

Compare Source

v1.5.0

Compare Source

coleifer/peewee (peewee)

v3.17.0

Compare Source

• Only roll-back in the outermost @db.transaction decorator/ctx manager if
  an unhandled exception occurs. Previously, an unhandled exception that
  occurred in a nested transaction context would trigger a rollback. The use
  of nested transaction has long been discouraged in the documentation: the
  recommendation is to always use db.atomic, which will use savepoints to
  properly handle nested blocks. However, the new behavior should make it
  easier to reason about transaction boundaries - see #​2767 for discussion.
• Cover transaction BEGIN in the reconnect-mixin. Given that no transaction
  has been started, reconnecting when beginning a new transaction ensures that
  a reconnect will occur if it is safe to do so.
• Add support for setting isolation_level in db.atomic() and
  db.transaction() when using Postgres and MySQL/MariaDB, which will apply to
  the wrapped transaction. Note: Sqlite has supported a similar lock_type
  parameter for some time.
• Add support for the Sqlite SQLITE_DETERMINISTIC function flag. This allows
  user-defined Sqlite functions to be used in indexes and may be used by the
  query planner.
• Fix unreported bug in dataset import when inferred field name differs from
  column name.

View commits

tox-dev/tox (tox)

v4.11.3

Compare Source

What's Changed

• docs(plugin): explain plugin registration by @​hashar in https://github.com/tox-dev/tox/pull/3116
• Fix error caused by a bad base_python path by @​Tbruno25 in https://github.com/tox-dev/tox/pull/3122

New Contributors

• @​hashar made their first contribution in https://github.com/tox-dev/tox/pull/3116

Full Changelog: tox-dev/tox@4.11.2...4.11.3

v4.11.2

Compare Source

What's Changed

• Fix typos discovered by codespell by @​cclauss in https://github.com/tox-dev/tox/pull/3113
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/tox-dev/tox/pull/3114
• Providing example to make CLI help more helpful for -x,--override by @​posita in https://github.com/tox-dev/tox/pull/3119
• Remove stray colons in config.rst left over from #​3111 by @​posita in https://github.com/tox-dev/tox/pull/3120

New Contributors

• @​cclauss made their first contribution in https://github.com/tox-dev/tox/pull/3113
• @​posita made their first contribution in https://github.com/tox-dev/tox/pull/3119

Full Changelog: tox-dev/tox@4.11.1...4.11.2

v4.11.1

Compare Source

What's Changed

• Tests: Don't assume Python 3.10 is always installed, use current Python version by @​hroncok in https://github.com/tox-dev/tox/pull/3108
• Set the --parallel default to "auto", not CPU count by @​paravoid in https://github.com/tox-dev/tox/pull/3109
• Fix , being used as value parser for env var configs by @​gaborbernat in https://github.com/tox-dev/tox/pull/3111

Full Changelog: tox-dev/tox@4.11.0...4.11.1

v4.11.0

Compare Source

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/tox-dev/tox/pull/3102
• Fix type checker and bump tools by @​gaborbernat in https://github.com/tox-dev/tox/pull/3107
• Add config_settings support for build backend calls by @​nschloe in https://github.com/tox-dev/tox/pull/3090

New Contributors

• @​nschloe made their first contribution in https://github.com/tox-dev/tox/pull/3090

Full Changelog: tox-dev/tox@4.10.0...4.11.0

v4.10.0

Compare Source

What's Changed

• Set basepython for docs env in alignment to Read the Docs default by @​jugmac00 in https://github.com/tox-dev/tox/pull/3097
• Document release process by @​jugmac00 in https://github.com/tox-dev/tox/pull/3094
• Replace undefined settings with overrides when appending by @​stefanor in https://github.com/tox-dev/tox/pull/3101
• Accept environments with defined factors or of python selector form - suggest closest by @​BeyondEvil in https://github.com/tox-dev/tox/pull/3099

New Contributors

• @​BeyondEvil made their first contribution in https://github.com/tox-dev/tox/pull/3099

Full Changelog: tox-dev/tox@4.9.0...4.10.0

v4.9.0

Compare Source

What's Changed

• Disallow command line environments which are not explicitly specified in the config file by @​tjsmart in https://github.com/tox-dev/tox/pull/3089
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/tox-dev/tox/pull/3091

New Contributors

• @​tjsmart made their first contribution in https://github.com/tox-dev/tox/pull/3089

Full Changelog: tox-dev/tox@4.8.0...4.9.0

---

Configuration

📅 Schedule: Branch creation - "before 10pm on Sunday" in timezone America/Chicago, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov-commenter]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (281f179) 51.51% compared to head (30ca961) 51.51%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##              dev      #93   +/-   ##
=======================================
  Coverage   51.51%   51.51%           
=======================================
  Files           2        2           
  Lines         860      860           
  Branches      141      141           
=======================================
  Hits          443      443           
  Misses        348      348           
  Partials       69       69           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.