search

Debakel / Dumpstermap

Backend for Dumpstermap.org, a collaborative world wide map to share dumpster locations for others to find.
http://dumpstermap.org
11 stars 2 forks source link

chore(deps): Bump the dependencies group across 1 directory with 11 updates #239

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the dependencies group with 10 updates in the / directory:

Package From To
django-cors-headers 4.3.1 4.4.0
djangorestframework 3.15.1 3.15.2
djangorestframework-gis 1.0 1.1
gunicorn 22.0.0 23.0.0
pytest 8.2.2 8.3.2
factory-boy 3.3.0 3.3.1
sentry-sdk 2.5.1 2.13.0
whitenoise 6.6.0 6.7.0
geopandas 0.14.4 1.0.1
pre-commit 3.7.1 3.8.0

Updates django-cors-headers from 4.3.1 to 4.4.0

Changelog

Sourced from django-cors-headers's changelog.

4.4.0 (2024-06-19)

  • Support Django 5.1.
Commits


Updates djangorestframework from 3.15.1 to 3.15.2

Commits
  • c7a7eae Version 3.15.2 (#9439)
  • 3b41f01 Fix potential XSS vulnerability in break_long_headers template filter (#9435)
  • fe92f0d Add __hash__ method for permissions.OperandHolder class (#9417)
  • fbdab09 docs: Correct some evaluation results and a httpie option in Tutorial1 (#9421)
  • 36d5c0e tests: Check urlpatterns after cleanups (#9400)
  • 9d4ed05 Don't use Windows line endings
  • b34bde4 Fix typo in setup.cfg setting
  • ab681f2 Update requirements in docs
  • 2237724 bump pygments (security hygiene)
  • d58b8da Update deprecation hints
  • Additional commits viewable in compare view


Updates djangorestframework-gis from 1.0 to 1.1

Release notes

Sourced from djangorestframework-gis's releases.

1.1.0 [2024-08-17]

Features

  • Allowed GeoFeatureModelSerializer to support models without geometry field.

Changes

Dependencies:

  • Bumped django-filters~=23.5.

  • Added Django 4.2, 5.0, 5.1 to automated testing build.

  • Dropped several EOL dependencies from automated testing build:

    • Python 3.6 and 3.7.
    • Django 2.2, 3.0, 3.1 and 4.0.
    • djangorestframework < 3.12.

    The library may continue working with the dependencies listed above, but it's not guaranteed.

Changelog

Sourced from djangorestframework-gis's changelog.

Version 0.11.1 [2017-05-05]

  • [#119](https://github.com/openwisp/django-rest-framework-gis/issues/119) <https://github.com/openwisp/django-rest-framework-gis/issues/119>_: Added support to "all" fields in serializer
  • [#130](https://github.com/openwisp/django-rest-framework-gis/issues/130) <https://github.com/openwisp/django-rest-framework-gis/pull/130>_: Added compatibility with DRF 3.6
Commits
  • 927c9ee 1.1.0 release
  • 533567a [deps] Allow djangorestframework up to 3.15.x
  • 3449785 [deps] Update psycopg2 requirement from ~=2.8.0 to ~=2.9.9
  • 00096c0 [deps] Update django-filter requirement from ~=23.5 to >=23.5,<25.0
  • 2f6df04 [deps/ci] QA reformat, updated CI, updated deps
  • 110abaa [docs] Added Issue Template, PR Template
  • 01e43df [deps] Update openwisp-utils[qa] requirement from ~=1.0.0 to ~=1.0.5
  • 33df16c [deps] Enabled dependabot
  • 4e661aa [docs] Fixed build status badge
  • 4f244d5 [feature] Allow geometry-less models #282
  • Additional commits viewable in compare view


Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT_NAME=/subfolder
  • Additional commits viewable in compare view


Updates django from 5.0.6 to 5.1

Commits
  • 373cb30 [5.1.x] Bumped version for 5.1 release.
  • 8baab82 [5.1.x] Finalized release notes for Django 5.1.
  • d5ad743 [5.1.x] Fixed i18n.tests.TranslationTests.test_plural to use correct French t...
  • 380c6e6 [5.1.x] Updated translations from Transifex.
  • d787e44 [5.1.x] Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42...
  • e2583fb [5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection att...
  • bd807c0 [5.1.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.htm...
  • 0c1a890 [5.1.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizet...
  • 0504af6 [5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in flo...
  • 2ba4f4b [5.1.x] Fixed #35657 -- Made FileField handle db_default values.
  • Additional commits viewable in compare view


Updates pytest from 8.2.2 to 8.3.2

Release notes

Sourced from pytest's releases.

8.3.2

pytest 8.3.2 (2024-07-24)

Bug fixes

  • #12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.

    -- by RonnyPfannschmidt{.interpreted-text role="user"}

8.3.1

pytest 8.3.1 (2024-07-20)

The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.

8.3.0

pytest 8.3.0 (2024-07-20)

New features

  • #12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.

    • If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
    • The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
    • Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.

    Some history:

    With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.

    This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.

  • #12281: Added support for keyword matching in marker expressions.

    Now tests can be selected by marker keyword arguments. Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.

    See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.

    -- by lovetheguitar{.interpreted-text role="user"}

  • #12567: Added --no-fold-skipped command line option.

    If this option is set, then skipped tests in short summary are no longer grouped by reason but all tests are printed individually with their nodeid in the same way as other statuses.

    -- by pbrezina{.interpreted-text role="user"}

... (truncated)

Commits
  • bbcec9c Prepare release version 8.3.2
  • 78fe8b6 Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...
  • 238bad2 Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-env
  • ae6034a Merge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...
  • 31337ab Merge pull request #12640 from pytest-dev/update-user
  • ca3070b Merge pull request #12637 from pytest-dev/release-8.3.1
  • de98446 Prepare release version 8.3.1
  • bd0a042 Merge pull request #12636 from pytest-dev/update-release-notes
  • 664325b doc/changelog: update 8.3.0 notes
  • 19d225d Merge pull request #12635 from pytest-dev/release-8.3.0
  • Additional commits viewable in compare view


Updates factory-boy from 3.3.0 to 3.3.1

Changelog

Sourced from factory-boy's changelog.

3.3.1 (2024-08-18)

New:

  • Add support for Django 4.2
  • Add support for Django 5.1
  • Add support for Python 3.12
  • :issue:903: Add basic typing annotations
  • Run the test suite against mongomock instead of an actual MongoDB server

Bugfix:

  • :issue:1031: Do not require :attr:~factory.alchemy.SQLAlchemyOptions.sqlalchemy_session when :attr:~factory.alchemy.SQLAlchemyOptions.sqlalchemy_session_factory is provided.

Removed:

  • Stop advertising and verifying support for Django 3.2, 4.0, 4.1
Commits
  • c38732f Preparing release 3.3.1
  • 0ee3c9d Enable "nitpicky" mode on Sphinx
  • a7d06b9 Target Django 5.x tests at version 5.1
  • ce39114 Stop testing for Django 3.2
  • c2188f7 Stop testing against PostgreSQL
  • 819acce Run the test suite against Mongomock
  • f8456f5 Remove various (obsolete) warning exemption flags
  • 8aaa29b Improve readability of alchemy checker
  • d6349de Call evaluate_pre() instead of evaluate() on Maybe decider
  • 01c0a73 test: add regression test for #965
  • Additional commits viewable in compare view


Updates sentry-sdk from 2.5.1 to 2.13.0

Release notes

Sourced from sentry-sdk's releases.

2.13.0

Various fixes & improvements

  • New integration: Ray (#2400) (#2444) by @​glowskir

    Usage: (add the RayIntegration to your sentry_sdk.init() call and make sure it is called in the worker processes)

    import ray

    import sentry_sdk
from sentry_sdk.integrations.ray import RayIntegration
    

    def init_sentry():
sentry_sdk.init(
dsn="...",
traces_sample_rate=1.0,
integrations=[RayIntegration()],
)
    

    init_sentry()
    

    ray.init(
runtime_env=dict(worker_process_setup_hook=init_sentry),
)

    For more information, see the documentation for the Ray integration.

  • New integration: Litestar (#2413) (#3358) by @​KellyWalker

    Usage: (add the LitestarIntegration to your sentry_sdk.init())

    from litestar import Litestar, get

    import sentry_sdk
from sentry_sdk.integrations.litestar import LitestarIntegration
    

    sentry_sdk.init(
dsn="...",
traces_sample_rate=1.0,
integrations=[LitestarIntegration()],
)
    

    @​get("/")
async def index() -> str:
return "Hello, world!"
    

    app = Litestar(...)

    For more information, see the documentation for the Litestar integration.

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.13.0

Various fixes & improvements

  • New integration: Ray (#2400) (#2444) by @​glowskir

    Usage: (add the RayIntegration to your sentry_sdk.init() call and make sure it is called in the worker processes)

    import ray

    import sentry_sdk
from sentry_sdk.integrations.ray import RayIntegration
    

    def init_sentry():
sentry_sdk.init(
dsn="...",
traces_sample_rate=1.0,
integrations=[RayIntegration()],
)
    

    init_sentry()
    

    ray.init(
runtime_env=dict(worker_process_setup_hook=init_sentry),
)

    For more information, see the documentation for the Ray integration.

  • New integration: Litestar (#2413) (#3358) by @​KellyWalker

    Usage: (add the LitestarIntegration to your sentry_sdk.init())

    from litestar import Litestar, get

    import sentry_sdk
from sentry_sdk.integrations.litestar import LitestarIntegration
    

    sentry_sdk.init(
dsn="...",
traces_sample_rate=1.0,
integrations=[LitestarIntegration()],
)
    

    @​get("/")
async def index() -> str:
return "Hello, world!"
    

    app = Litestar(...)

    For more information, see the documentation for the Litestar integration.

... (truncated)

Commits


Updates whitenoise from 6.6.0 to 6.7.0

Changelog

Sourced from whitenoise's changelog.

6.7.0 (2024-06-19)

  • Support Django 5.1.
Commits


Updates geopandas from 0.14.4 to 1.0.1

Release notes

Sourced from geopandas's releases.

v1.0.1

A small bug fix release fixing a regression caused by 1.0.0.

Bug fixes:

  • Support a named datetime or object dtype index in explore() (#3360, #3364).
  • Fix a regression preventing a Series as an argument for geometric methods (#3363)

Full Changelog: https://github.com/geopandas/geopandas/compare/v1.0.0...v1.0.1

v1.0.0

Notes on dependencies:

  • GeoPandas 1.0 drops support for shapely<2 and PyGEOS. The only geometry engine that is currently supported is shapely >= 2. As a consequence, spatial indexing based on the rtree package has also been removed (#3035).
  • The I/O engine now defaults to Pyogrio which is now installed with GeoPandas instead of Fiona (#3223).

New methods:

  • Added count_geometries method from shapely to GeoSeries/GeoDataframe (#3154).
  • Added count_interior_rings method from shapely to GeoSeries/GeoDataframe (#3154)
  • Added relate_pattern method from shapely to GeoSeries/GeoDataframe (#3211).
  • Added intersection_all method from shapely to GeoSeries/GeoDataframe (#3228).
  • Added line_merge method from shapely to GeoSeries/GeoDataframe (#3214).
  • Added set_precision and get_precision methods from shapely to GeoSeries/GeoDataframe (#3175).
  • Added count_coordinates method from shapely to GeoSeries/GeoDataframe (#3026).
  • Added minimum_clearance method from shapely to GeoSeries/GeoDataframe (#2989).
  • Added shared_paths method from shapely to GeoSeries/GeoDataframe (#3215).
  • Added is_ccw method from shapely to GeoSeries/GeoDataframe (#3027).
  • Added is_closed attribute from shapely to GeoSeries/GeoDataframe (#3092).
  • Added force_2d and force_3d methods from shapely to GeoSeries/GeoDataframe (#3090).
  • Added voronoi_polygons method from shapely to GeoSeries/GeoDataframe (#3177).
  • Added contains_properly method from shapely to GeoSeries/GeoDataframe (#3105).
  • Added build_area method exposing build_area shapely to GeoSeries/GeoDataframe (#3202).
  • Added snap method from shapely to GeoSeries/GeoDataframe (#3086).
  • Added transform method from shapely to GeoSeries/GeoDataFrame (#3075).
  • Added get_geometry method from shapely to GeoSeries/GeoDataframe (#3287).
  • Added dwithin method to check for a "distance within" predicate on GeoSeries/GeoDataFrame (#3153).
  • Added to_geo_dict method to generate GeoJSON-like dictionary from a GeoDataFrame (#3132).
  • Added polygonize method exposing both polygonize and polygonize_full from shapely to GeoSeries/GeoDataframe (#2963).
  • Added is_valid_reason method from shapely to GeoSeries/GeoDataframe (#3176).
  • Added to_arrow method and from_arrow class method to GeoSeries/GeoDataFrame to export and import to/from Arrow data with GeoArrow extension types (#3219, #3301).

New features and improvements:

... (truncated)

Changelog

Sourced from geopandas's changelog.

Version 1.0.1 (July 2, 2024)

Bug fixes:

  • Support a named datetime or object dtype index in explore() (#3360, #3364).
  • Fix a regression preventing a Series as an argument for geometric methods (#3363)

Version 1.0.0 (June 24, 2024)

Notes on dependencies:

  • GeoPandas 1.0 drops support for shapely<2 and PyGEOS. The only geometry engine that is currently supported is shapely >= 2. As a consequence, spatial indexing based on the rtree package has also been removed (#3035).
  • The I/O engine now defaults to Pyogrio which is now installed with GeoPandas instead of Fiona (#3223).

New methods:

  • Added count_geometries method from shapely to GeoSeries/GeoDataframe (#3154).
  • Added count_interior_rings method from shapely to GeoSeries/GeoDataframe (#3154)
  • Added relate_pattern method from shapely to GeoSeries/GeoDataframe (#3211).
  • Added intersection_all method from shapely to GeoSeries/GeoDataframe (#3228).
  • Added line_merge method from shapely to GeoSeries/GeoDataframe (#3214).
  • Added set_precision and get_precision methods from shapely to GeoSeries/GeoDataframe (#3175).
  • Added count_coordinates method from shapely to GeoSeries/GeoDataframe (#3026).
  • Added minimum_clearance method from shapely to GeoSeries/GeoDataframe (#2989).
  • Added shared_paths method from shapely to GeoSeries/GeoDataframe (#3215).
  • Added is_ccw method from shapely to GeoSeries/GeoDataframe (#3027).
  • Added is_closed attribute from shapely to GeoSeries/GeoDataframe (#3092).
  • Added force_2d and force_3d methods from shapely to GeoSeries/GeoDataframe (#3090).
  • Added voronoi_polygons method from shapely to GeoSeries/GeoDataframe (#3177).
  • Added contains_properly method from shapely to GeoSeries/GeoDataframe (#3105).
  • Added build_area method exposing build_area shapely to GeoSeries/GeoDataframe (#3202).
  • Added snap method from shapely to GeoSeries/GeoDataframe (#3086).
  • Added transform method from shapely to GeoSeries/GeoDataFrame (#3075).
  • Added get_geometry method from shapely to GeoSeries/GeoDataframe (#3287).
  • Added dwithin method to check for a "distance within" predicate on GeoSeries/GeoDataFrame (#3153).
  • Added to_geo_dict method to generate GeoJSON-like dictionary from a GeoDataFrame (#3132).
  • Added polygonize method exposing both polygonize and polygonize_full from shapely to GeoSeries/GeoDataframe (#2963).
  • Added is_valid_reason method from shapely to GeoSeries/GeoDataframe (#3176).
  • Added to_arrow method and from_arrow class method to GeoSeries/GeoDataFrame to export and import to/from Arrow data with GeoArrow extension types (#3219, #3301).

New features and improvements:

  • Added predicate="dwithin" option and distance argument to the sindex.query() method

... (truncated)

Commits
  • 747d66e BUG: Explore json non serialisable index fix (#3364)
  • 16d4571 REGR: fix regression preventing a Series as an arg for geo methods (#3363)
  • 7d460d9 BUG: support datetime in named index in explore() (#3360)
  • d88e60f DOC: Fix small typos in io.file (#3356)
  • 15a7fc6 DOC: Add arrow IO methods to API docs (#3352)
  • d8e14e1 RLS: v1.0.0
  • c6f66ad TST: Add test covering passing geojson string to read file (#3347)
  • 217772b ENH: add attribute requirement with spatial join (#3231)
  • 7c621fe DOC: Documentation tidy up (#3348)
  • 0618b22 Avoid read_feather to decode metadata twice + fix _arrow_to_geopandas for das...
  • Additional commits viewable in compare view


Updates pre-commit from 3.7.1 to 3.8.0

Release notes

Sourced from pre-commit's releases.

pre-commit v3.8.0

Features

Changelog

Sourced from pre-commit's changelog.

3.8.0 - 2024-07-28

Features

Commits
  • d46423f v3.8.0
  • 8133abd Merge pull request #3265 from lorenzwalthert/issue-3206
  • da0c1d0 implement health check for language:r
  • f641f6a Merge pull request #3264 from pre-commit/pre-commit-ci-update-config
  • a68a19d fixes for mypy 1.11
  • 88317dd [pre-commit.ci] pre-commit autoupdate
  • faa6f8c Merge pull request #3244 from pre-commit/pre-commit-ci-update-config
  • f632459 [pre-commit.ci] pre-commit autoupdate
  • 0252908 Merge pull request #3240 from pre-commit/pre-commit-ci-update-config
  • 69b5dce [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 1 month ago

Looks like these dependencies are updatable in another way, so this is no longer needed.