exasol · ckunki · Mar 17, 2026 · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -1,3 +1,7 @@
 # Unreleased
 
 ## Summary
+
+## Security Issues
+
+* #748: Updated dependency to `black`
diff --git a/exasol/toolbox/metrics.py b/exasol/toolbox/metrics.py
@@ -307,13 +307,11 @@ def _key(name: str) -> str:
         for name, entry in entries.items()
     )
 
-    return cleandoc(
-        """
+    return cleandoc("""
     {heading}
     {seperator}
     {entries}
-    """
-    ).format(
+    """).format(
         heading=row.format("Category", "Status"),
         seperator=row.format("-" * col1_width, "-" * col2_width),
         entries="\n".join(rows),

diff --git a/exasol/toolbox/tools/lint.py b/exasol/toolbox/tools/lint.py
@@ -58,11 +58,9 @@ def _rows(findings: Iterable[Finding]) -> str:
             rows += f"|{finding.message}|\n"
         return rows
 
-    template = cleandoc(
-        """
+    template = cleandoc("""
         {header}{rows}
-        """
-    )
+        """)
     lint_issues = sorted(lint_issues, key=lambda i: (i.path, i.message_id, i.line))
     return template.format(header=_header(), rows=_rows(lint_issues))
 

diff --git a/exasol/toolbox/tools/security.py b/exasol/toolbox/tools/security.py
@@ -200,11 +200,9 @@ def from_json(report_str: str, prefix: Path) -> Iterable[SecurityIssue]:
 
 
 def issues_to_markdown(issues: Iterable[SecurityIssue]) -> str:
-    template = cleandoc(
-        """
+    template = cleandoc("""
         {header}{rows}
-    """
-    )
+    """)
 
     def _header():
         header = "# Security\n\n"
@@ -233,8 +231,7 @@ def security_issue_body(issue: Issue) -> str:
     def as_markdown_listing(elements: Iterable[str]):
         return "\n".join(f"- {element}" for element in elements)
 
-    body = cleandoc(
-        """
+    body = cleandoc("""
         ## Summary
         {description}
 
@@ -243,8 +240,7 @@ def as_markdown_listing(elements: Iterable[str]):
 
         ## References
         {references}
-        """
-    )
+        """)
     return body.format(
         cve=issue.cve,
         cwe=issue.cwe,

diff --git a/exasol/toolbox/util/dependencies/licenses.py b/exasol/toolbox/util/dependencies/licenses.py
@@ -131,12 +131,10 @@ class PackageLicenseReport:
 
     @staticmethod
     def _format_group_table_header(group: str) -> str:
-        return cleandoc(
-            f"""## `{group}` Dependencies
+        return cleandoc(f"""## `{group}` Dependencies
             |Package|Version|License|
             |---|---|---|
-            """
-        )
+            """)
 
     def _format_group_table(
         self, group: str, group_package_names: set[NormalizedPackageStr]

diff --git a/exasol/toolbox/util/release/changelog.py b/exasol/toolbox/util/release/changelog.py
@@ -13,16 +13,11 @@
 from exasol.toolbox.util.dependencies.track_changes import DependencyChanges
 from exasol.toolbox.util.version import Version
 
-UNRELEASED_INITIAL_CONTENT = (
-    cleandoc(
-        """
+UNRELEASED_INITIAL_CONTENT = cleandoc("""
     # Unreleased
 
     ## Summary
-    """
-    )
-    + "\n"
-)
+    """) + "\n"
 
 
 class Changelogs:

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -28,7 +28,7 @@ classifiers = [
 ]
 dependencies = [
     "bandit[toml]>=1.7.9,<2",
-    "black>=24.1.0,<26",
+    "black>=26.3.1,<27",
     "coverage>=6.4.4,<8.0.0",
     "furo>=2022.9.15",
     "importlib-resources>=5.12.0",
@@ -38,7 +38,7 @@ dependencies = [
     "mypy>=0.971",
     "myst-parser>=2.0.0,<4",
     "nox>=2022.8.7",
-    "pip-audit>=2.7.3,<3",
+    "pip-audit>=2.7.3,<2.10.0", # see issue https://github.com/exasol/python-toolbox/issues/750
     "pip-licenses>=5.0.0,<6",
     "pluggy>=1.5.0,<2",
     "pre-commit>=4,<5",

diff --git a/test/integration/util/dependencies/audit_integration_test.py b/test/integration/util/dependencies/audit_integration_test.py
@@ -23,12 +23,10 @@ def create_poetry_project(tmp_path, sample_vulnerability, poetry_path):
         env={},
     )
 
-    poetry_export = cleandoc(
-        """
+    poetry_export = cleandoc("""
     [tool.poetry.requires-plugins]
     poetry-plugin-export = ">=1.8"
-    """
-    )
+    """)
 
     with (poetry_root_dir / "pyproject.toml").open("a") as f:
         f.write(poetry_export)

diff --git a/test/unit/nox/_artifacts_test.py b/test/unit/nox/_artifacts_test.py
@@ -280,14 +280,12 @@ def test_missing_files(tmp_path, capsys):
             copy_artifacts(session)
         captured = capsys.readouterr()
         assert re.match(
-            cleandoc(
-                """
+            cleandoc("""
                 Could not find any file .*/coverage-python9.9\\*/.coverage
                 File not found .*/lint-python9.9/.lint.txt
                 File not found .*/lint-python9.9/.lint.json
                 File not found .*/security-python9.9/.security.json
-                """
-            ),
+                """),
             captured.err,
         )
 
@@ -313,13 +311,11 @@ def test_all_files(tmp_path, capsys):
             EndsWith("coverage-python9.9-slow/.coverage"),
         )
         assert re.match(
-            cleandoc(
-                """
+            cleandoc("""
                 Copying file .*/lint-python9.9/.lint.txt
                 Copying file .*/lint-python9.9/.lint.json
                 Copying file .*/security-python9.9/.security.json
-                """
-            ),
+                """),
             captured.err,
         )
         for f in [".lint.txt", ".lint.json", ".security.json"]:
@@ -347,9 +343,7 @@ def test_that_bad_coverage_file_still_raises_error(
         monkeypatch.setattr(_artifacts, "COVERAGE_XML", coverage_xml)
         _create_coverage_file(coverage_db, COVERAGE_TABLES)
 
-        with pytest.raises(
-            _SessionQuit, match="doesn't seem to be a coverage data file"
-        ):
+        with pytest.raises(_SessionQuit, match="isn't a coverage data file"):
             _prepare_coverage_xml(nox_session, tmp_path, cwd=tmp_path)
 
         assert coverage_db.exists()

diff --git a/test/unit/nox/_format_test.py b/test/unit/nox/_format_test.py
@@ -167,18 +167,12 @@ def test_fix_format(nox_session, config, file_with_multiple_problems):
             version.return_value = True
             fix_format(nox_session)
 
-    assert (
-        file_with_multiple_problems.read_text()
-        == cleandoc(
-            """
+    assert file_with_multiple_problems.read_text() == cleandoc("""
             import numpy as np
 
             x: int | str = 2
             y: np.ndarray = np.array([1, 2, 3])
-        """
-        )
-        + "\n"
-    )
+        """) + "\n"
 
 
 def test_check_format(nox_session, config, file_with_multiple_problems, caplog, capsys):

diff --git a/test/unit/report_test.py b/test/unit/report_test.py
@@ -76,8 +76,7 @@ def _factory(name, content):
     "content,expected",
     [
         (
-            cleandoc(
-                """
+            cleandoc("""
     ************* Module doc.user_guide.modules.sphinx.multiversion.conf
     doc/user_guide/modules/sphinx/multiversion/conf.py:8:0: W0622: Redefining built-in 'copyright' (redefined-builtin)
     doc/user_guide/modules/sphinx/multiversion/conf.py:4:0: C0103: Constant name "author" doesn't conform to UPPER_CASE naming style (invalid-name)
@@ -95,8 +94,7 @@ def _factory(name, content):
 
     ------------------------------------------------------------------
     Your code has been rated at 7.80/10 (previous run: 7.86/10, -0.05)
-    """
-            ),
+    """),
             Rating.B,
         ),
         (

diff --git a/test/unit/security_test.py b/test/unit/security_test.py
@@ -44,8 +44,7 @@ def test_security_issue_title_template(self, expected, issue):
         "expected,issue",
         [
             (
-                cleandoc(
-                    """
+                cleandoc("""
                     ## Summary
                     Random Multiline
                     Description
@@ -57,8 +56,7 @@ def test_security_issue_title_template(self, expected, issue):
                     ## References
                     - https://www.example.com
                     - https://www.foobar.com
-                    """
-                ),
+                    """),
                 security.Issue(
                     cve="CVE-2023-39410",
                     cwe="CWE-XYZ",

diff --git a/test/unit/util/dependencies/audit_test.py b/test/unit/util/dependencies/audit_test.py
@@ -106,8 +106,7 @@ def test_vulnerability_id(self, sample_vulnerability, aliases: list[str], expect
         assert result.vulnerability_id == expected
 
     def test_subsection_for_changelog_summary(self, sample_vulnerability):
-        expected = cleandoc(
-            """
+        expected = cleandoc("""
             ### CVE-2025-27516 in jinja2:3.1.5
 
             An oversight in how the Jinja sandboxed environment interacts with the
@@ -118,8 +117,7 @@ def test_subsection_for_changelog_summary(self, sample_vulnerability):
 
             * https://github.com/advisories/GHSA-cpwx-vrp4-4pq7
             * https://nvd.nist.gov/vuln/detail/CVE-2025-27516
-            """
-        )
+            """)
         assert (
             sample_vulnerability.vulnerability.subsection_for_changelog_summary
             == expected

diff --git a/test/unit/util/release/changelog_test.py b/test/unit/util/release/changelog_test.py
@@ -13,8 +13,7 @@
 
 
 class SampleContent:
-    changelog = "\n" + cleandoc(
-        """
+    changelog = "\n" + cleandoc("""
         Summary of changes.
 
         ## Added
@@ -25,10 +24,8 @@ class SampleContent:
 
         ## Fixed
         * Fixed nasty bug
-        """
-    )
-    changes = cleandoc(
-        """
+        """)
+    changes = cleandoc("""
         # Changelog
 
         * [unreleased](unreleased.md)
@@ -41,10 +38,8 @@ class SampleContent:
         unreleased
         changes_0.1.0
         ```
-        """
-    )
-    altered_changes = cleandoc(
-        """
+        """)
+    altered_changes = cleandoc("""
         # Changelog
 
         * [unreleased](unreleased.md)
@@ -59,8 +54,7 @@ class SampleContent:
         changes_1.0.0
         changes_0.1.0
         ```
-        """
-    )
+        """)
 
 
 @pytest.fixture(scope="function")
@@ -207,9 +201,7 @@ def test_update_changelogs_for_release(
         # versioned.md
         saved_text = changelogs.versioned_changelog_md.read_text()
         assert (
-            saved_text
-            == cleandoc(
-                f"""# 1.0.0 - {datetime.today().strftime('%Y-%m-%d')}
+            saved_text == cleandoc(f"""# 1.0.0 - {datetime.today().strftime('%Y-%m-%d')}
 
             ## Summary
 
@@ -233,9 +225,7 @@ def test_update_changelogs_for_release(
             ### `dev`
 
             * Added dependency `package2:0.2.0`
-            """
-            )
-            + "\n"
+            """) + "\n"
         )
 
     @staticmethod
@@ -250,10 +240,7 @@ def test_update_changelogs_for_release_with_no_dependencies(
         assert changelogs.unreleased_md.read_text() == UNRELEASED_INITIAL_CONTENT
         # versioned.md
         saved_text = changelogs.versioned_changelog_md.read_text()
-        assert (
-            saved_text
-            == cleandoc(
-                f"""
+        assert saved_text == cleandoc(f"""
                 # 1.0.0 - {datetime.today().strftime('%Y-%m-%d')}
 
                 ## Summary
@@ -268,7 +255,4 @@ def test_update_changelogs_for_release_with_no_dependencies(
 
                 ## Fixed
                 * Fixed nasty bug
-                """
-            )
-            + "\n"
-        )
+                """) + "\n"