2020.7.15
Overview of Changes
Here is an overview of the main changes brought by this release:
-
Track pre-commit hooks as Poetry dependencies
Python-language pre-commit hooks are now managed as development dependencies in Poetry. Their dependencies are installed into the Nox session for pre-commit, making Nox the single entry point for all checks again. Python-language hooks receive automatic upgrades from Dependabot.
-
Upgrade to GitHub Dependabot (thanks @staticdev)
Dependabot was migrated from
dependabot-previewto native GitHub Dependabot. While GitHub Dependabot has a much smoother experience, there are still a few gotchas:- When migrating an existing project from
dependabot-preview, make sure to opt in to Dependabot security updates. You can do so at Security > Dependabot alerts > Dependabot security updates. - When importing a generated project for the first time, Dependabot should start working automatically. You can check its status at Insights > Dependency graph > Dependabot (Beta). Please see #445 and the upstream issue dependabot/dependabot-core#2306, should Dependabot show up as "not configured".
- When migrating an existing project from
Changes
This section lists changes affecting generated projects.
🚀 Features
- Track pre-commit hooks as Poetry dependencies (#397) @cjolowicz
- Upgrade to GitHub Dependabot (#402) @staticdev
📚 Documentation
- Organize badges in multiple rows (#404) @staticdev
- Remove Dependabot badge (#455) @cjolowicz
📦 Dependencies
- Bump actions/checkout from v2.2.0 to v2.3.1 (#443) @cjolowicz
- Bump certifi from 2020.4.5.2 to 2020.6.20 (#416) @cjolowicz
- Bump codecov/codecov-action from v1.0.7 to v1.0.10 (#444) @cjolowicz
- Bump coverage from 5.1 to 5.2 (#437) @cjolowicz
- Bump darglint from 1.4.1 to 1.5.1 (#451) @cjolowicz
- Bump distlib from 0.3.0 to 0.3.1 (#426) @cjolowicz
- Bump identify from 1.4.19 to 1.4.20 (#415) @cjolowicz
- Bump identify from 1.4.20 to 1.4.21 (#423) @cjolowicz
- Bump idna from 2.9 to 2.10 (#424) @cjolowicz
- Bump importlib-metadata from 1.6.1 to 1.7.0 (#425) @cjolowicz
- Bump importlib-resources from 1.5.0 to 2.0.1 (#420) @cjolowicz
- Bump importlib-resources from 2.0.1 to 3.0.0 (#422) @cjolowicz
- Bump more-itertools from 8.3.0 to 8.4.0 (#418) @cjolowicz
- Bump mypy from 0.780 to 0.782 (#414) @cjolowicz
- Bump pep8-naming from 0.10.0 to 0.11.1 (#452) @cjolowicz
- Bump pre-commit from 2.5.1 to 2.6.0 (#430) @cjolowicz
- Bump py from 1.8.1 to 1.9.0 (#411) @cjolowicz
- Bump pypa/gh-action-pypi-publish from v1.2.2 to v1.3.1 (#442) @cjolowicz
- Bump requests from 2.23.0 to 2.24.0 (#417) @cjolowicz
- Bump salsify/action-detect-and-tag-new-version from v1.0.3 to v2.0.1 (#447) @cjolowicz
- Bump sphinx from 3.1.0 to 3.1.1 (#419) @cjolowicz
- Bump sphinx from 3.1.0 to 3.1.1 in /docs (#421) @cjolowicz
- Bump sphinx from 3.1.1 to 3.1.2 (#438) @cjolowicz
- Bump sphinx from 3.1.1 to 3.1.2 in /docs (#439) @cjolowicz
- Bump virtualenv from 20.0.21 to 20.0.25 (#412) @cjolowicz
- Bump virtualenv from 20.0.21 to 20.0.26 in /.github/workflows (#441) @cjolowicz
- Bump virtualenv from 20.0.25 to 20.0.26 (#436) @cjolowicz
- Bump watchdog from 0.10.2 to 0.10.3 (#410) @cjolowicz
- Bump wcwidth from 0.2.4 to 0.2.5 (#413) @cjolowicz
- Bump xdoctest from 0.12.0 to 0.13.0 (#448) @cjolowicz
Changes to the Cookiecutter
This section lists changes to the Cookiecutter that don't affect generated projects.
🚀 Features
- Upgrade to GitHub Dependabot (#431) @dependabot-preview
📚 Documentation
- Fix stale version in Sphinx documentation (#407) @cjolowicz
- Update documentation for Python 3.8.4 (#449) @cjolowicz
- Update documentation for Python 3.7.8 and 3.6.11 (#427) @cjolowicz
📦 Dependencies
- Bump actions/checkout from v2.2.0 to v2.3.1 (#434) @dependabot
- Bump sphinx from 3.1.0 to 3.1.1 in /docs (#399) @dependabot-preview
- Bump sphinx from 3.1.1 to 3.1.2 in /docs (#432) @dependabot-preview
- Bump virtualenv from 20.0.21 to 20.0.26 in /.github/workflows (#435) @dependabot