chore(deps): update development dependencies (non-major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dev/coverage	==7.4.3 -> ==7.4.4
dev/types-pyyaml (changelog)	==6.0.12.12 -> ==6.0.12.20240311
dev/types-setuptools (changelog)	==69.1.0.20240310 -> ==69.2.0.20240317
lint/black (changelog)	==24.2.0 -> ==24.3.0
types/pyright	==1.1.353 -> ==1.1.354

---

Release Notes

nedbat/coveragepy (dev/coverage)

v7.4.4

Compare Source

• Fix: in some cases, even with [run] relative_files=True, a data file
  could be created with absolute path names. When combined with other relative
  data files, it was random whether the absolute file names would be made
  relative or not. If they weren't, then a file would be listed twice in
  reports, as detailed in issue 1752_. This is now fixed: absolute file
  names are always made relative when combining. Thanks to Bruno Rodrigues dos
  Santos for support.

• Fix: the last case of a match/case statement had an incorrect message if the
  branch was missed. It said the pattern never matched, when actually the
  branch is missed if the last case always matched.

• Fix: clicking a line number in the HTML report now positions more accurately.

• Fix: the report:format setting was defined as a boolean, but should be a
  string. Thanks, Tanaydin Sirin <pull 1754_>_. It is also now documented
  on the :ref:configuration page <config_report_format>.

.. _issue 1752:https://github.com/nedbat/coveragepy/issues/17522
.. _pull 1754https://github.com/nedbat/coveragepy/pull/175454

.. _changes_7-4-3:

psf/black (lint/black)

v24.3.0

Compare Source

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#​4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
  of Black would incorrectly format the contents of certain unusual f-strings containing
  nested strings with the same quote type. Now, Black will crash on such strings until
  support for the new f-string syntax is implemented. (#​4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected
  (#​4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab
  characters. This fixes
  CVE-2024-21503.
  (#​4278)

Documentation

• Note what happens when --check is used with --quiet (#​4236)

RobertCraigie/pyright-python (types/pyright)

v1.1.354

Compare Source

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone Etc/UTC, Automerge - "every weekend" in timezone Etc/UTC.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.