Skip to content

chore(deps): update pre-commit hook psf/black to v26.3.0 #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
github-actions merged 1 commit into from
Mar 6, 2026
Merged

chore(deps): update pre-commit hook psf/black to v26.3.0 #31

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
exclude: "doc|research|demos"
repos:
- repo: https://github.com/psf/black
rev: 26.1.0
rev: 26.3.0
Copy link

@coderabbitai coderabbitai bot Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify Black 26.3.0 exists and check for security issues

# Check PyPI for Black version availability
echo "Checking if Black 26.3.0 exists on PyPI..."
curl -s https://pypi.org/pypi/black/26.3.0/json | jq -r '.info.version // "Version not found"'

# Check for security advisories
echo -e "\nChecking for security advisories..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: PIP, package: "black") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: RedHatInsights/ccx-upgrades-data-eng

Length of output: 327

🌐 Web query:

Black 26.3.0 security vulnerabilities CVE

💡 Result:

  • There is no black (Python formatter) release 26.3.0 on PyPI. The latest available release shown on PyPI is 26.1.0 (uploaded Jan 18, 2026). [1]
  • Known CVE affecting Black: CVE-2024-21503 (ReDoS / improper validation), reported as affecting versions prior to 24.3.0 and fixed in 24.3.0—so 26.1.0 is not in the affected range. [2][4]
  • The upstream psf/black GitHub repo currently shows no published GitHub Security Advisories. [3]

If you meant “Black 24.3.0” (not 26.3.0): that’s the version commonly referenced as the fix version for CVE-2024-21503. [2][4]

Sources: [1] PyPI black project page, [2] SentinelOne CVE-2024-21503 entry, [3] psf/black GitHub security page, [4] Safety/ResolvedSecurity CVE-2024-21503 package impact pages.

Use Black 26.1.0 instead of 26.3.0—the latter does not exist on PyPI.

Black 26.3.0 is not published on PyPI; the latest available version is 26.1.0 (released Jan 18, 2026). The pre-commit configuration will fail when attempting to install this non-existent version. Update the revision to 26.1.0, which has no known security vulnerabilities.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.pre-commit-config.yaml at line 4, Update the Black hook revision in
.pre-commit-config.yaml from the non-existent "26.3.0" to the published
"26.1.0": locate the line containing the rev value for the Black hook (currently
"26.3.0") and change it to "26.1.0" so pre-commit can install the correct
package version.

hooks:
- id: black
args: [--safe, --quiet, --line-length, "100"]
Expand Down