You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations.
Patches
Fixed in Black 26.3.1.
Workarounds
Do not allow untrusted user input into the value of the --python-cell-magics option.
Prevent Jupyter notebook magic masking collisions from corrupting cells by using
exact-length placeholders for short magics and aborting if a placeholder can no longer
be unmasked safely (#5038)
Configuration
Always hash cache filename components derived from --python-cell-magics so custom
magic names cannot affect cache paths (#5038)
Blackd
Disable browser-originated requests by default, add configurable origin allowlisting
and request body limits, and bound executor submissions to improve backpressure
(#5039)
Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
Fix crash on standalone comment in lambda default arguments (#4993)
Preserve parentheses when # type: ignore comments would be merged with other
comments on the same line, preventing AST equivalence failures (#4888)
Preview style
Fix bug where if guards in case blocks were incorrectly split when the pattern had
a trailing comma (#4884)
Fix string_processing crashing on unassigned long string literals with trailing
commas (one-item tuples) (#4929)
Simplify implementation of the power operator "hugging" logic (#4918)
Packaging
Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in
frozen environments (#4930)
Performance
Introduce winloop for windows as an alternative to uvloop (#4996)
Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop()
(#4996)
Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop
installation and creation of either a uvloop/winloop evenloop or default eventloop
(#4996)
Output
Emit a clear warning when the target Python version is newer than the running Python
version, since AST safety checks cannot parse newer syntax. Also replace the
misleading "INTERNAL ERROR" message with an actionable error explaining the version
mismatch (#4983)
Blackd
Introduce winloop to be used when windows in use which enables blackd to run faster on
windows when winloop is installed. (#4996)
Harden parsing of black requirements in the GitHub Action when use_pyproject is
enabled so that only version specifiers are accepted and direct references such as black @​ https://... are rejected. Users should upgrade to the latest version of the
action as soon as possible. This update is received automatically when using psf/black@stable, and is independent of the version of Black installed by the
action. (#5031)
Documentation
Expand preview style documentation with detailed examples for wrap_comprehension_in, simplify_power_operator_hugging, and wrap_long_dict_values_in_parens features
(#4987)
Add detailed documentation for formatting Jupyter Notebooks (#5009)
Introduces the 2026 stable style (#4892), stabilizing the following changes:
always_one_newline_after_import: Always force one blank line after import
statements, except when the line after the import is a comment or an import statement
(#4489)
fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations,
such as def foo(): return "mock" # fmt: skip, where previously the declaration would
have been incorrectly collapsed (#4800)
fix_module_docstring_detection: Fix module docstrings being treated as normal
strings if preceded by comments (#4764)
fix_type_expansion_split: Fix type expansions split in generic functions (#4777)
multiline_string_handling: Make expressions involving multiline strings more compact
(#1879)
normalize_cr_newlines: Add \r style newlines to the potential newlines to
normalize file newlines both from and to (#4710)
remove_parens_around_except_types: Remove parentheses around multiple exception
types in except and except* without as (#4720)
remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand
side of assignments while preserving magic trailing commas and intentional multiline
formatting (#4865)
standardize_type_comments: Format type comments which have zero or more spaces
between # and type: or between type: and value to # type: (value) (#4645)
The following change was not in any previous stable release:
Regenerated the _width_table.py and added tests for the Khmer language (#4253)
This release alo bumps pathspec to v1 and fixes inconsistencies with Git's .gitignore logic (#4958). Now, files will be ignored if a pattern matches them, even
if the parent directory is directly unignored. For example, Black would previously
format exclude/not_this/foo.py with this .gitignore:
exclude/
!exclude/not_this/
Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and
all of it's children are included in formatting (and in Git), use this .gitignore:
*/exclude/*
!*/exclude/not_this/
This new behavior matches Git. The leading */ are only necessary if you wish to ignore
matching subdirectories (like the previous behavior did), and not just matching root
directories.
Output
Explicitly shutdown the multiprocessing manager when run in diff mode too (#4952)
Integrations
Upgraded PyPI upload workflow to use Trusted Publishing (#4611)
Black no longer supports running with Python 3.9 (#4842)
Stable style
Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly
removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on
string literals, or on dictionary entries with long lines (#4872)
Fix possible crash when fmt: directives aren't on the top level (#4856)
Preview style
Fix fmt: skip skipping the line after instead of the line it's on (#4855)
Remove unnecessary parentheses from the left-hand side of assignments while preserving
magic trailing commas and intentional multiline formatting (#4865)
Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
Fix new lines being added after imports with # fmt: skip on them (#4894)
Packaging
Releases now include arm64 Windows binaries and wheels (#4814)
Integrations
Add output-file input to GitHub Action psf/black to write formatter output to a
file for artifact capture and log cleanliness (#4824)
This release introduces the new 2025 stable style (#4558), stabilizing the following
changes:
Normalize casing of Unicode escape characters in strings to lowercase (#2916)
Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
Consistently add trailing commas to typed function parameters (#4164)
Remove redundant parentheses in if guards for case blocks (#4214)
Add parentheses to if clauses in case blocks when the line is too long (#4269)
Whitespace before # fmt: skip comments is no longer normalized (#4146)
Fix line length computation for certain expressions that involve the power operator
(#4154)
Check if there is a newline before the terminating quotes of a docstring (#4185)
Fix type annotation spacing between * and more complex type variable tuple (#4440)
The following changes were not in any previous release:
Remove parentheses around sole list items (#4312)
Generic function definitions are now formatted more elegantly: parameters are split
over multiple lines first instead of type parameter definitions (#4553)
Stable style
Fix formatting cells in IPython notebooks with magic methods and starting or trailing
empty lines (#4484)
Fix crash when formatting with statements containing tuple generators/unpacking
(#4538)
Preview style
Fix/remove string merging changing f-string quotes on f-strings with internal quotes
(#4498)
Collapse multiple empty lines after an import into one (#4489)
Prevent string_processing and wrap_long_dict_values_in_parens from removing
parentheses around long dictionary values (#4377)
Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)
Packaging
Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)
Performance
Speed up the is_fstring_start function in Black's tokenizer (#4541)
Integrations
If using stdin with --stdin-filename set to a force excluded path, stdin won't be
formatted. (#4539)
Black is now officially tested with Python 3.13 and provides Python 3.13
mypyc-compiled wheels. (#4436) (#4449)
Black will issue an error when used with Python 3.12.5, due to an upstream memory
safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please
use Python 3.12.6 or Python 3.12.4 instead. (#4447)
Black no longer supports running with Python 3.8 (#4452)
Stable style
Fix crashes involving comments in parenthesised return types or X | Y style unions.
(#4453)
Fix skipping Jupyter cells with unknown %% magic (#4462)
Preview style
Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)
Caching
Fix bug where the cache was shared between runs with and without --unstable (#4466)
Packaging
Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
blackd now requires a newer version of aiohttp. (#4451)
Output
Added Python target version information on parse error (#4378)
Add information about Black version to internal error messages (#4457)
This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.
This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.
Stable style
Don't move comments along with delimiters, which could cause crashes (#4248)
Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (#4270)
Fix a bug where line-ranges exceeding the last code line would not work as expected
(#4273)
Performance
Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes CVE-2024-21503.
(#4278)
Documentation
Note what happens when --check is used with --quiet (#4236)
Fixed a bug where comments where mistakenly removed along with redundant parentheses
(#4218)
Preview style
Move the hug_parens_with_braces_and_square_brackets feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (#4198)
Fixed a bug where base expressions caused inconsistent formatting of ** in tenary
expression (#4154)
Checking for newline before adding one on docstring that is almost at the line limit
(#4185)
Remove redundant parentheses in case statement if guards (#4214).
Configuration
Fix issue where Black would ignore input files in the presence of symlinks (#4222)
Black now ignores pyproject.toml that is missing a tool.black section when
discovering project root and configuration. Since Black continues to use version
control as an indicator of project root, this is expected to primarily change behavior
for users in a monorepo setup (desirably). If you wish to preserve previous behavior,
simply add an empty [tool.black] to the previously discovered pyproject.toml
(#4204)
Output
Black will swallow any SyntaxWarnings or DeprecationWarnings produced by the ast
module when performing equivalence checks (#4189)
Integrations
Add a JSONSchema and provide a validate-pyproject entry-point (#4181)
Stop removing spaces from walrus operators within subscripts (#3823)
Fix incorrect formatting of certain async statements (#3609)
Allow combining # fmt: skip with other comments (#3959)
There are already a few improvements in the --preview style, which are slated for the
2025 stable style. Try them out and share your feedback. In the past, the preview
style has included some features that we were not able to stabilize. This year, we're
adding a separate --unstable style for features with known problems. Now, the --preview style only includes features that we actually expect to make it into next
year's stable style.
Stable style
Several bug fixes were made in features that are moved to the stable style in this
release:
Fix comment handling when parenthesising conditional expressions (#4134)
Fix bug where spaces were not added around parenthesized walruses in subscripts,
unlike other binary operators (#4109)
Remove empty lines before docstrings in async functions (#4132)
Address a missing case in the change to allow empty lines at the beginning of all
blocks, except immediately before a docstring (#4130)
For stubs, fix logic to enforce empty line after nested classes with bodies (#4141)
Preview style
Add --unstable style, covering preview features that have known problems that would
block them from going into the stable style. Also add the --enable-unstable-feature
flag; for example, use --enable-unstable-feature hug_parens_with_braces_and_square_brackets to apply this
preview feature throughout 2024, even if a later Black release downgrades the feature
to unstable (#4096)
Format module docstrings the same as class and function docstrings (#4095)
Fix crash when using a walrus in a dictionary (#4155)
Fix unnecessary parentheses when wrapping long dicts (#4135)
Stop normalizing spaces before # fmt: skip comments (#4146)
Configuration
Print warning when configuration in pyproject.toml contains an invalid key (#4165)
Fix symlink handling, properly ignoring symlinks that point outside of root (#4161)
Fix cache mtime logic that resulted in false positive cache hits (#4128)
Remove the long-deprecated --experimental-string-processing flag. This feature can
currently be enabled with --preview --enable-unstable-feature string_processing.
(#4096)
Integrations
Revert the change to run Black's pre-commit integration only on specific git hooks
(#3940) for better compatibility with older versions of pre-commit (#4137)
It's almost 2024, which means it's time for a new edition of Black's stable style!
Together with this release, we'll put out an alpha release 24.1a1 showcasing the draft
2024 stable style, which we'll finalize in the January release. Please try it out and share your feedback.
This release (23.12.0) will still produce the 2023 style. Most but not all of the
changes in --preview mode will be in the 2024 stable style.
Stable style
Fix bug where # fmt: off automatically dedents when used with the --line-ranges
option, even when it is not within the specified line range. (#4084)
Fix feature detection for parenthesized context managers (#4104)
Preview style
Prefer more equal signs before a break when splitting chained assignments (#4010)
Standalone form feed characters at the module level are no longer removed (#4021)
Additional cases of immediately nested tuples, lists, and dictionaries are now
indented less (#4012)
Allow empty lines at the beginning of all blocks, except immediately before a
docstring (#4060)
Fix crash in preview mode when using a short --line-length (#4086)
Keep suites consisting of only an ellipsis on their own lines if they are not
functions or class definitions (#4066) (#4103)
Configuration
--line-ranges now skips Black's internal stability check in --safe mode. This
avoids a crash on rare inputs that have many unformatted same-content lines. (#4034)
Due to various issues, the previous release (23.9.0) did not include compiled mypyc
wheels, which make Black significantly faster. These issues have now been fixed, and
this release should come with compiled wheels once again.
There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.
More concise formatting for dummy implementations (#3796)
In stub files, add a blank line between a statement with a body (e.g an if sys.version_info > (3, x):) and a function definition on the same level (#3862)
Fix a bug whereby spaces were removed from walrus operators within subscript(#3823)
Configuration
Black now applies exclusion and ignore logic before resolving symlinks (#3846)
Performance
Avoid importing IPython if notebook cells do not contain magics (#3782)
Improve caching by comparing file hashes as fallback for mtime and size (#3821)
Blackd
Fix an issue in blackd with single character input (#3558)
Integrations
Black now has an official pre-commit mirror. Swapping https://github.com/psf/black to https://github.com/psf/black-pre-commit-mirror in
your .pre-commit-config.yaml will make Black about 2x faster (#3828)
The .black.env folder specified by ENV_PATH will now be removed on the completion
of the GitHub Action (#3759)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
If you want to rebase/retry this PR, check this box
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
renovate
bot
force-pushed
the
renovate/pypi-black-vulnerability
branch
from
This PR contains the following updates:
23.7.0→26.3.1==23.7.0→==26.3.1GitHub Vulnerability Alerts
CVE-2024-21503
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.
Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
CVE-2026-32274
Impact
Black writes a cache file, the name of which is computed from various formatting options. The value of the
--python-cell-magicsoption was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations.Patches
Fixed in Black 26.3.1.
Workarounds
Do not allow untrusted user input into the value of the
--python-cell-magicsoption.Release Notes
psf/black (black)
v26.3.1Compare Source
Stable style
exact-length placeholders for short magics and aborting if a placeholder can no longer
be unmasked safely (#5038)
Configuration
--python-cell-magicsso custommagic names cannot affect cache paths (#5038)
Blackd
and request body limits, and bound executor submissions to improve backpressure
(#5039)
v26.3.0Compare Source
Stable style
# type: ignorecomments would be merged with othercomments on the same line, preventing AST equivalence failures (#4888)
Preview style
ifguards incaseblocks were incorrectly split when the pattern hada trailing comma (#4884)
string_processingcrashing on unassigned long string literals with trailingcommas (one-item tuples) (#4929)
Packaging
frozen environments (#4930)
Performance
uvloop.install()in favor ofuvloop.new_event_loop()(#4996)
maybe_install_uvloopfunction tomaybe_use_uvloopto simplify loopinstallation and creation of either a uvloop/winloop evenloop or default eventloop
(#4996)
Output
version, since AST safety checks cannot parse newer syntax. Also replace the
misleading "INTERNAL ERROR" message with an actionable error explaining the version
mismatch (#4983)
Blackd
windows when winloop is installed. (#4996)
Integrations
blackrequirements in the GitHub Action whenuse_pyprojectisenabled so that only version specifiers are accepted and direct references such as
black @​ https://...are rejected. Users should upgrade to the latest version of theaction as soon as possible. This update is received automatically when using
psf/black@stable, and is independent of the version of Black installed by theaction. (#5031)
Documentation
wrap_comprehension_in,simplify_power_operator_hugging, andwrap_long_dict_values_in_parensfeatures(#4987)
v26.1.0Compare Source
Highlights
Introduces the 2026 stable style (#4892), stabilizing the following changes:
always_one_newline_after_import: Always force one blank line after importstatements, except when the line after the import is a comment or an import statement
(#4489)
fix_fmt_skip_in_one_liners: Fix# fmt: skipbehavior on one-liner declarations,such as
def foo(): return "mock" # fmt: skip, where previously the declaration wouldhave been incorrectly collapsed (#4800)
fix_module_docstring_detection: Fix module docstrings being treated as normalstrings if preceded by comments (#4764)
fix_type_expansion_split: Fix type expansions split in generic functions (#4777)multiline_string_handling: Make expressions involving multiline strings more compact(#1879)
normalize_cr_newlines: Add\rstyle newlines to the potential newlines tonormalize file newlines both from and to (#4710)
remove_parens_around_except_types: Remove parentheses around multiple exceptiontypes in
exceptandexcept*withoutas(#4720)remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-handside of assignments while preserving magic trailing commas and intentional multiline
formatting (#4865)
standardize_type_comments: Format type comments which have zero or more spacesbetween
#andtype:or betweentype:and value to# type: (value)(#4645)The following change was not in any previous stable release:
_width_table.pyand added tests for the Khmer language (#4253)This release alo bumps
pathspecto v1 and fixes inconsistencies with Git's.gitignorelogic (#4958). Now, files will be ignored if a pattern matches them, evenif the parent directory is directly unignored. For example, Black would previously
format
exclude/not_this/foo.pywith this.gitignore:Now,
exclude/not_this/foo.pywill remain ignored. To ensureexclude/not_this/andall of it's children are included in formatting (and in Git), use this
.gitignore:This new behavior matches Git. The leading
*/are only necessary if you wish to ignorematching subdirectories (like the previous behavior did), and not just matching root
directories.
Output
Integrations
v25.12.0Compare Source
Highlights
Stable style
# fmt: off/# fmt: onblocks were incorrectlyremoved, particularly affecting Jupytext's
# %% [markdown]comments (#4845)# fmt: skipcomments are used in a multi-part if-clause, onstring literals, or on dictionary entries with long lines (#4872)
fmt:directives aren't on the top level (#4856)Preview style
fmt: skipskipping the line after instead of the line it's on (#4855)magic trailing commas and intentional multiline formatting (#4865)
fix_fmt_skip_in_one_linerscrashing onwithstatements (#4853)fix_fmt_skip_in_one_linerscrashing on annotated parameters (#4854)# fmt: skipon them (#4894)Packaging
Integrations
output-fileinput to GitHub Actionpsf/blackto write formatter output to afile for artifact capture and log cleanliness (#4824)
v25.11.0Compare Source
Highlights
Stable style
# fmt: offand# fmt: onwere reformatted (#4811)being normalized (#4811)
Preview style
multiline_string_handlingfrom--unstableto--preview(#4760)comments (#4764)
# type: <value>(#4645)fix_fmt_skip_in_one_linerspreview feature to respect# fmt: skipfor compoundstatements with semicolon-separated bodies (#4800)
Configuration
no_cacheoption to control caching behavior. (#4803)Packaging
Output
(#4610)
Blackd
requests to blackd (#4774)
Integrations
psf/blackto support therequired-versionmajor-version-only"stability" format when using pyproject.toml (#4770)
v25.9.0Compare Source
Highlights
await/asyncas soft keywords/variable names(#4676)
Stable style
delstatement containing tuples (#4628)withstatements (#4630)
# fmt: skipfollowed by a comment at the end of file (#4635)asclause of awithstatement (#4634)withstatement (#4646)\followed by a\rfollowed by a comment (#4663)\\r\n(#4673)await ...(where...is a literalEllipsis) (#4676)(#4670)
Preview style
# fmt: skipwould stillbe formatted (#4552)
multiline_string_handlingwith ternaries and dictionaries (#4657)string_processingwould not split f-strings directly afterexpressions (#4680)
inclause of comprehensions across lines if necessary (#4699)exceptandexcept*withoutas. (#4720)\rstyle newlines to the potential newlines to normalize file newlines both fromand to (#4710)
Parser
parameter bounds and defaults. (#4602)
Performance
Integrations
psf/blackto read Black version from an additional section inpyproject.toml:
[project.dependency-groups](#4606)Documentation
v25.1.0Compare Source
Highlights
This release introduces the new 2025 stable style (#4558), stabilizing the following
changes:
# fmt: skipcomments is no longer normalized (#4146)(#4154)
*and more complex type variable tuple (#4440)The following changes were not in any previous release:
over multiple lines first instead of type parameter definitions (#4553)
Stable style
empty lines (#4484)
withstatements containing tuple generators/unpacking(#4538)
Preview style
(#4498)
string_processingandwrap_long_dict_values_in_parensfrom removingparentheses around long dictionary values (#4377)
wrap_long_dict_values_in_parensfrom the unstable to preview style (#4561)Packaging
License-Expressionmetadata field, seePEP 639. (#4479)
Performance
is_fstring_startfunction in Black's tokenizer (#4541)Integrations
--stdin-filenameset to a force excluded path, stdin won't beformatted. (#4539)
v24.10.0Compare Source
Highlights
mypyc-compiled wheels. (#4436) (#4449)
safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please
use Python 3.12.6 or Python 3.12.4 instead. (#4447)
Stable style
X | Ystyle unions.(#4453)
%%magic (#4462)Preview style
def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)Caching
--unstable(#4466)Packaging
blackdnow requires a newer version of aiohttp. (#4451)Output
v24.8.0Compare Source
Stable style
# fmt: offis used before a closing parenthesis or bracket. (#4363)Packaging
linked. This improves the PyPI listing for Black. (#4345)
Parser
multiline string (#4339)
(#4401)
\{inside f-strings very well (#4422)(#4423)
Performance
.gitignore(#4415)Blackd
v24.4.2Compare Source
This is a bugfix release to fix two regressions in the new f-string parser introduced in
24.4.1.
Parser
Performance
v24.4.1Compare Source
Highlights
Stable style
Parser
by PEP 696 (#4327)
Integrations
git archiveis skipped (#4313)v24.4.0Compare Source
Stable style
Preview style
ifguards incaseblocks are now wrapped in parentheses when the line is too long.(#4269)
Integrations
use_pyprojectto the GitHub Actionpsf/black. This will read theBlack version from
pyproject.toml. (#4294)v24.3.0Compare Source
Highlights
This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
CVE-2024-21503.
This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.
Stable style
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (#4270)
(#4273)
Performance
characters. This fixes
CVE-2024-21503.
(#4278)
Documentation
--checkis used with--quiet(#4236)v24.2.0Compare Source
Stable style
(#4218)
Preview style
hug_parens_with_braces_and_square_bracketsfeature to the unstable styledue to an outstanding crash and proposed formatting tweaks (#4198)
expression (#4154)
(#4185)
casestatementifguards (#4214).Configuration
pyproject.tomlthat is missing atool.blacksection whendiscovering project root and configuration. Since Black continues to use version
control as an indicator of project root, this is expected to primarily change behavior
for users in a monorepo setup (desirably). If you wish to preserve previous behavior,
simply add an empty
[tool.black]to the previously discoveredpyproject.toml(#4204)
Output
SyntaxWarnings orDeprecationWarnings produced by theastmodule when performing equivalence checks (#4189)
Integrations
v24.1.1Compare Source
Bugfix release to fix a bug that made Black unusable on certain file systems with strict
limits on path length.
Preview style
Configuration
do not support long paths (#4176)
v24.1.0Compare Source
Highlights
This release introduces the new 2024 stable style (#4106), stabilizing the following
changes:
if-elseexpressions (#2278)...are formatted morecompactly (#3796)
(#3368)
withstatement(#3489)
entry (#3393)
--skip-magic-trailing-commaor-C, trailing commas are stripped fromsubscript expressions with more than 1 element (#3209)
# fmt: skipwith other comments (#3959)There are already a few improvements in the
--previewstyle, which are slated for the2025 stable style. Try them out and
share your feedback. In the past, the preview
style has included some features that we were not able to stabilize. This year, we're
adding a separate
--unstablestyle for features with known problems. Now, the--previewstyle only includes features that we actually expect to make it into nextyear's stable style.
Stable style
Several bug fixes were made in features that are moved to the stable style in this
release:
unlike other binary operators (#4109)
blocks, except immediately before a docstring (#4130)
Preview style
--unstablestyle, covering preview features that have known problems that wouldblock them from going into the stable style. Also add the
--enable-unstable-featureflag; for example, use
--enable-unstable-feature hug_parens_with_braces_and_square_bracketsto apply thispreview feature throughout 2024, even if a later Black release downgrades the feature
to unstable (#4096)
# fmt: skipcomments (#4146)Configuration
pyproject.tomlcontains an invalid key (#4165)--experimental-string-processingflag. This feature cancurrently be enabled with
--preview --enable-unstable-feature string_processing.(#4096)
Integrations
(#3940) for better compatibility with older versions of pre-commit (#4137)
v23.12.1Compare Source
Packaging
dextra by default (#4108)v23.12.0Compare Source
Highlights
It's almost 2024, which means it's time for a new edition of Black's stable style!
Together with this release, we'll put out an alpha release 24.1a1 showcasing the draft
2024 stable style, which we'll finalize in the January release. Please try it out and
share your feedback.
This release (23.12.0) will still produce the 2023 style. Most but not all of the
changes in
--previewmode will be in the 2024 stable style.Stable style
# fmt: offautomatically dedents when used with the--line-rangesoption, even when it is not within the specified line range. (#4084)
Preview style
indented less (#4012)
docstring (#4060)
--line-length(#4086)functions or class definitions (#4066) (#4103)
Configuration
--line-rangesnow skips Black's internal stability check in--safemode. Thisavoids a crash on rare inputs that have many unformatted same-content lines. (#4034)
Packaging
Integrations
v23.11.0Compare Source
Highlights
--line-rangescommand-line option(#4020)
Stable style
await (a ** b)(#3994)fixes a crash (#4019)
Preview style
less (#3964)
indented less (#3992)
now preserved (#4005)
caseblocks were not split into multiple lines. Also enablegeneral trailing comma rules on
caseblocks (#4024)class definition (#4028)
Configuration
--include(#3976)Performance
Integrations
formatter (#3940)
v23.10.1Compare Source
Highlights
Preview style
Packaging
Integrations
summaryparameter. (#3958)
Documentation
#3968
v23.10.0Compare Source
Stable style
Preview style
multiple lines (#3899)
Configuration
BLACK_CACHE_DIRis set (#3937)Parser
typewere not accepted insidematchstatements(#3950)
(#3949)
Output
code (#3933)
(#3938)
Integrations
v23.9.1Compare Source
Due to various issues, the previous release (23.9.0) did not include compiled mypyc
wheels, which make Black significantly faster. These issues have now been fixed, and
this release should come with compiled wheels once again.
There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.
Packaging
Performance
decreasing the size of the cache (#3877)
v23.9.0Compare Source
Preview style
if sys.version_info > (3, x):) and a function definition on the same level (#3862)Configuration
Performance
IPythonif notebook cells do not contain magics (#3782)Blackd
blackdwith single character input (#3558)Integrations
official pre-commit mirror. Swapping
https://github.com/psf/blacktohttps://github.com/psf/black-pre-commit-mirrorinyour
.pre-commit-config.yamlwill make Black about 2x faster (#3828).black.envfolder specified byENV_PATHwill now be removed on the completionof the GitHub Action (#3759)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.