Merge tag '8.1.8'

release version 8.1.8

Author: smurfix

.devcontainer/devcontainer.json

@@ -0,0 +1,17 @@
+{
+  "name": "pallets/click",
+  "image": "mcr.microsoft.com/devcontainers/python:3",
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "python.defaultInterpreterPath": "${workspaceFolder}/.venv",
+        "python.terminal.activateEnvInCurrentTerminal": true,
+        "python.terminal.launchArgs": [
+          "-X",
+          "dev"
+        ]
+      }
+    }
+  },
+  "onCreateCommand": ".devcontainer/on-create-command.sh"
+}

.devcontainer/on-create-command.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+python3 -m venv --upgrade-deps .venv
+. .venv/bin/activate
+pip install -r requirements/dev.txt
+pip install -e .
+pre-commit install --install-hooks

.editorconfig

@@ -9,5 +9,5 @@ end_of_line = lf
 charset = utf-8
 max_line_length = 88
 
-[*.{yml,yaml,json,js,css,html}]
+[*.{css,html,js,json,jsx,scss,ts,tsx,yaml,yml}]
 indent_size = 2

.github/ISSUE_TEMPLATE/bug-report.md

@@ -5,7 +5,7 @@ about: Report a bug in Click (not other projects which depend on Click)
 
 <!--
 This issue tracker is a tool to address bugs in Click itself. Please use
-Pallets Discord or Stack Overflow for questions about your own code.
+GitHub Discussions or the Pallets Discord for questions about your own code.
 
 Replace this comment with a clear outline of what the bug is.
 -->

.github/ISSUE_TEMPLATE/config.yml

@@ -1,11 +1,8 @@
 blank_issues_enabled: false
 contact_links:
-  - name: Security issue
-    url: [email protected]
-    about: Do not report security issues publicly. Email our security contact.
-  - name: Questions
-    url: https://stackoverflow.com/questions/tagged/python-click?tab=Frequent
-    about: Search for and ask questions about your code on Stack Overflow.
-  - name: Questions and discussions
+  - name: Questions on Discussions
+    url: https://github.com/pallets/click/discussions/
+    about: Ask questions about your own code on the Discussions tab.
+  - name: Questions on Chat
     url: https://discord.gg/pallets
-    about: Discuss questions about your code on our Discord chat.
+    about: Ask questions about your own code on our Discord chat.

.github/ISSUE_TEMPLATE/feature-request.md

@@ -5,11 +5,11 @@ about: Suggest a new feature for Click
 
 <!--
 Replace this comment with a description of what the feature should do.
-Include details such as links relevant specs or previous discussions.
+Include details such as links to relevant specs or previous discussions.
 -->
 
 <!--
 Replace this comment with an example of the problem which this feature
-would resolve. Is this problem solvable without changes to Click,
-such as by subclassing or using an extension?
+would resolve. Is this problem solvable without changes to Click, such
+as by subclassing or using an extension?
 -->

.github/dependabot.yml

@@ -1,6 +1,7 @@
 <!--
 Before opening a PR, open a ticket describing the issue or feature the
-PR will address. Follow the steps in CONTRIBUTING.rst.
+PR will address. An issue is not required for fixing typos in
+documentation, or other simple non-code changes.
 
 Replace this comment with a description of the change. Describe how it
 addresses the linked ticket.
@@ -9,22 +10,16 @@ addresses the linked ticket.
 <!--
 Link to relevant issues or previous PRs, one per line. Use "fixes" to
 automatically close an issue.
--->
 
-- fixes #<issue number>
+fixes #<issue number>
+-->
 
 <!--
-Ensure each step in CONTRIBUTING.rst is complete by adding an "x" to
-each box below.
+Ensure each step in CONTRIBUTING.rst is complete, especially the following:
 
-If only docs were changed, these aren't relevant and can be removed.
+- Add tests that demonstrate the correct behavior of the change. Tests
+  should fail without the change.
+- Add or update relevant docs, in the docs folder and in code.
+- Add an entry in CHANGES.rst summarizing the change and linking to the issue.
+- Add `.. versionchanged::` entries in any relevant code docs.
 -->
-
-Checklist:
-
-- [ ] Add tests that demonstrate the correct behavior of the change. Tests should fail without the change.
-- [ ] Add or update relevant docs, in the docs folder and in code.
-- [ ] Add an entry in `CHANGES.rst` summarizing the change and linking to the issue.
-- [ ] Add `.. versionchanged::` entries in any relevant code docs.
-- [ ] Run `pre-commit` hooks and fix any issues.
-- [ ] Run `pytest` and `tox`, no tests failed.

.github/pull_request_template.md

@@ -1,25 +1,23 @@
-name: 'Lock threads'
-# Lock closed issues that have not received any further activity for
-# two weeks. This does not close open issues, only humans may do that.
-# We find that it is easier to respond to new issues with fresh examples
-# rather than continuing discussions on old issues.
+name: Lock inactive closed issues
+# Lock closed issues that have not received any further activity for two weeks.
+# This does not close open issues, only humans may do that. It is easier to
+# respond to new issues with fresh examples rather than continuing discussions
+# on old issues.
 
 on:
   schedule:
     - cron: '0 0 * * *'
-
 permissions:
   issues: write
   pull-requests: write
-
 concurrency:
   group: lock
-
 jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@c1b35aecc5cdb1a34539d14196df55838bb2f836
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
         with:
           issue-inactive-days: 14
           pr-inactive-days: 14
+          discussion-inactive-days: 14

.github/workflows/lock.yaml

@@ -9,12 +9,12 @@ jobs:
     outputs:
       hash: ${{ steps.hash.outputs.hash }}
     steps:
-      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: '3.x'
-          cache: 'pip'
-          cache-dependency-path: 'requirements/*.txt'
+          cache: pip
+          cache-dependency-path: requirements*/*.txt
       - run: pip install -r requirements/build.txt
       # Use the commit date instead of the current date during the build.
       - run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
@@ -23,28 +23,28 @@ jobs:
       - name: generate hash
         id: hash
         run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           path: ./dist
   provenance:
-    needs: ['build']
+    needs: [build]
     permissions:
       actions: read
       id-token: write
       contents: write
     # Can't pin with hash due to how this workflow works.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: ${{ needs.build.outputs.hash }}
   create-release:
     # Upload the sdist, wheels, and provenance to a GitHub release. They remain
     # available as build artifacts for a while as well.
-    needs: ['provenance']
+    needs: [provenance]
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
       - name: create release
         run: >
           gh release create --draft --repo ${{ github.repository }}
@@ -53,20 +53,17 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
   publish-pypi:
-    needs: ['provenance']
+    needs: [provenance]
     # Wait for approval before attempting to upload to PyPI. This allows reviewing the
     # files in the draft release.
-    environment: 'publish'
+    environment:
+      name: publish
+      url: https://pypi.org/project/click/${{ github.ref_name }}
     runs-on: ubuntu-latest
     permissions:
       id-token: write
     steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
-      # Try uploading to Test PyPI first, in case something fails.
-      - uses: pypa/gh-action-pypi-publish@29930c9cf57955dc1b98162d0d8bc3ec80d9e75c
-        with:
-          repository-url: https://test.pypi.org/legacy/
-          packages-dir: artifact/
-      - uses: pypa/gh-action-pypi-publish@29930c9cf57955dc1b98162d0d8bc3ec80d9e75c
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
         with:
           packages-dir: artifact/