From 9480fe7bbd50adba4bfd085ddb3fc097f7f022ff Mon Sep 17 00:00:00 2001 From: CloudQuery Bot <102256036+cq-bot@users.noreply.github.com> Date: Thu, 12 Mar 2026 22:53:21 +0000 Subject: [PATCH 1/2] fix(deps): Update dependency black to v26.3.1 [SECURITY] (#213) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://redirect.github.com/psf/black) ([changelog](https://redirect.github.com/psf/black/blob/main/CHANGES.md)) | `==26.1.0` → `==26.3.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.3.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/26.1.0/26.3.1?slim=true) | ### GitHub Vulnerability Alerts #### [CVE-2026-32274](https://redirect.github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m) ### Impact Black writes a cache file, the name of which is computed from various formatting options. The value of the `--python-cell-magics` option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. ### Patches Fixed in Black 26.3.1. ### Workarounds Do not allow untrusted user input into the value of the `--python-cell-magics` option. --- ### Release Notes
psf/black (black) ### [`v26.3.1`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2631) [Compare Source](https://redirect.github.com/psf/black/compare/26.3.0...26.3.1) ##### Stable style - Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely ([#​5038](https://redirect.github.com/psf/black/issues/5038)) ##### Configuration - Always hash cache filename components derived from `--python-cell-magics` so custom magic names cannot affect cache paths ([#​5038](https://redirect.github.com/psf/black/issues/5038)) ##### *Blackd* - Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure ([#​5039](https://redirect.github.com/psf/black/issues/5039)) ### [`v26.3.0`](https://redirect.github.com/psf/black/blob/HEAD/CHANGES.md#2630) [Compare Source](https://redirect.github.com/psf/black/compare/26.1.0...26.3.0) ##### Stable style - Don't double-decode input, causing non-UTF-8 files to be corrupted ([#​4964](https://redirect.github.com/psf/black/issues/4964)) - Fix crash on standalone comment in lambda default arguments ([#​4993](https://redirect.github.com/psf/black/issues/4993)) - Preserve parentheses when `# type: ignore` comments would be merged with other comments on the same line, preventing AST equivalence failures ([#​4888](https://redirect.github.com/psf/black/issues/4888)) ##### Preview style - Fix bug where `if` guards in `case` blocks were incorrectly split when the pattern had a trailing comma ([#​4884](https://redirect.github.com/psf/black/issues/4884)) - Fix `string_processing` crashing on unassigned long string literals with trailing commas (one-item tuples) ([#​4929](https://redirect.github.com/psf/black/issues/4929)) - Simplify implementation of the power operator "hugging" logic ([#​4918](https://redirect.github.com/psf/black/issues/4918)) ##### Packaging - Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments ([#​4930](https://redirect.github.com/psf/black/issues/4930)) ##### Performance - Introduce winloop for windows as an alternative to uvloop ([#​4996](https://redirect.github.com/psf/black/issues/4996)) - Remove deprecated function `uvloop.install()` in favor of `uvloop.new_event_loop()` ([#​4996](https://redirect.github.com/psf/black/issues/4996)) - Rename `maybe_install_uvloop` function to `maybe_use_uvloop` to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop ([#​4996](https://redirect.github.com/psf/black/issues/4996)) ##### Output - Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch ([#​4983](https://redirect.github.com/psf/black/issues/4983)) ##### *Blackd* - Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. ([#​4996](https://redirect.github.com/psf/black/issues/4996)) ##### Integrations - Remove unused gallery script ([#​5030](https://redirect.github.com/psf/black/issues/5030)) - Harden parsing of `black` requirements in the GitHub Action when `use_pyproject` is enabled so that only version specifiers are accepted and direct references such as `black @​ https://...` are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using `psf/black@stable`, and is independent of the version of Black installed by the action. ([#​5031](https://redirect.github.com/psf/black/issues/5031)) ##### Documentation - Expand preview style documentation with detailed examples for `wrap_comprehension_in`, `simplify_power_operator_hugging`, and `wrap_long_dict_values_in_parens` features ([#​4987](https://redirect.github.com/psf/black/issues/4987)) - Add detailed documentation for formatting Jupyter Notebooks ([#​5009](https://redirect.github.com/psf/black/issues/5009))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ae73322..4aa0944 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -black==26.1.0 +black==26.3.1 grpcio-tools==1.78.0 grpcio==1.78.0 protobuf>=6.30.0 From d3a43bd862f2d981603e0dee1a9f4abba115fff3 Mon Sep 17 00:00:00 2001 From: CloudQuery Bot <102256036+cq-bot@users.noreply.github.com> Date: Fri, 13 Mar 2026 09:57:05 +0000 Subject: [PATCH 2/2] chore(main): Release v0.0.54 (#214) :robot: I have created a release *beep* *boop* --- ## [0.0.54](https://github.com/cloudquery/plugin-pb-python/compare/v0.0.53...v0.0.54) (2026-03-12) ### Bug Fixes * **deps:** Update dependency black to v26.3.1 [SECURITY] ([#213](https://github.com/cloudquery/plugin-pb-python/issues/213)) ([9480fe7](https://github.com/cloudquery/plugin-pb-python/commit/9480fe7bbd50adba4bfd085ddb3fc097f7f022ff)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --- .release-please-manifest.json | 2 +- CHANGELOG.md | 7 +++++++ setup.py | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index c0f8cc3..5164b40 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.0.53" + ".": "0.0.54" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 4459bd7..a1f24a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [0.0.54](https://github.com/cloudquery/plugin-pb-python/compare/v0.0.53...v0.0.54) (2026-03-12) + + +### Bug Fixes + +* **deps:** Update dependency black to v26.3.1 [SECURITY] ([#213](https://github.com/cloudquery/plugin-pb-python/issues/213)) ([9480fe7](https://github.com/cloudquery/plugin-pb-python/commit/9480fe7bbd50adba4bfd085ddb3fc097f7f022ff)) + ## [0.0.53](https://github.com/cloudquery/plugin-pb-python/compare/v0.0.52...v0.0.53) (2026-03-01) diff --git a/setup.py b/setup.py index 965cf16..13afa0f 100644 --- a/setup.py +++ b/setup.py @@ -37,7 +37,7 @@ ] setuptools.setup( name=name, - version="0.0.53", + version="0.0.54", description=description, long_description=long_description, author="CloudQuery LTD",