Merge pull request #193 from arduino/dependabot/pip/black-23.10.0

build(deps-dev): bump black from 23.9.1 to 23.10.0

Author: per1234

.github/workflows/test-python-poetry-task.yml

@@ -104,8 +104,23 @@ jobs:
             coverage xml \
               -o "${{ github.workspace }}/${{ env.COVERAGE_DATA_FILENAME }}"
 
+      # A token is used to avoid intermittent spurious job failures caused by rate limiting.
+      - name: Set up Codecov upload token
+        run: |
+          if [[ "${{ github.repository }}" == "arduino/compile-sketches" ]]; then
+            # In order to avoid uploads of data from forks, only use the token for runs in the parent repo.
+            # Token is intentionally exposed.
+            # See: https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954
+            CODECOV_TOKEN="0c2a8127-e253-4812-8b83-6dcc586c2bf7"
+          else
+            # codecov/codecov-action does unauthenticated upload if empty string is passed via the `token` input.
+            CODECOV_TOKEN=""
+          fi
+          echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> "$GITHUB_ENV"
+
       - name: Upload coverage report to Codecov
         uses: codecov/codecov-action@v3
         with:
           fail_ci_if_error: true
           file: ${{ env.COVERAGE_DATA_FILENAME }}
+          token: ${{ env.CODECOV_TOKEN }}

poetry.lock

@@ -15,7 +15,7 @@ PyYAML = "6.0.1"
 semver = "3.0.2"
 
 [tool.poetry.group.dev.dependencies]
-black = "23.9.1"
+black = "23.10.0"
 codespell = "2.2.6"
 coverage = "7.3.2"
 pytest = "7.4.2"