Bump black to 26.3.1#71
Merged
Merged
Conversation
Pins black==26.3.1 (was ==25.1.0) to pick up the upstream fix for CVE-2024-21503 (ReDoS in lines_with_leading_tabs_expanded affecting strings with many leading tab characters). Black 26.x changes a few formatting rules; the two source-file edits in this PR re-flow lines that black 25.1.0 left in place and that black 26.3.1 wants reformatted: - gprofiler/metadata/application_identifiers_java.py: collapse a multi-line _logger.warning call back to a single statement. - gprofiler/metadata/py_module_version.py: blank line after the module docstring before the import block. Running 'black --check .' against the repo with 26.3.1 produces no further diffs after these two edits. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Pins
black==26.3.1(was==25.1.0) to pick up the upstream fix forCVE-2024-21503 (ReDoS in
lines_with_leading_tabs_expandedtriggeredby inputs with many leading tab characters).
Why source-file edits are bundled
Black 26.x tightens a couple of formatting rules. Two existing files on
master fail
black --checkunder 26.3.1 even though they pass under25.1.0. They're re-flowed in this PR so the bump lands without leaving
the repo in a
--check-failing state:gprofiler/metadata/application_identifiers_java.py— a multi-line_logger.warning(...)call collapses back to a single statement.gprofiler/metadata/py_module_version.py— adds a blank line betweenthe module docstring and the first import.
No behavior changes; whitespace / line-arrangement only.
Test plan
pip install -r dev-requirements.txtresolves cleanly.black --check .passes under 26.3.1 after these edits.flake8/mypybaselines are unaffected (no new failuresintroduced; pre-existing failures, if any, remain pre-existing).
CVE
black<24.3.0 had a ReDoS in tab-expansion logic. Bumping to 26.3.1also tracks several intermediate releases.
Related
Independent of (but contemporaneous with) the
requests==2.33.0bump inmarc-queiroz/cve/gprofiler-requests-2.33.0.This PR is not Draft — it has no submodule/upstream blocker.