search

Kinto / kinto

A generic JSON document store with sharing and synchronisation capabilities.
http://docs.kinto-storage.org/
Other
4.33k stars 421 forks source link

Bump the minor-patch group with 7 updates #3394

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 7 months ago

Bumps the minor-patch group with 7 updates:

Package From To
sqlalchemy 2.0.25 2.0.28
build 1.0.3 1.1.1
dockerflow 2024.1.0 2024.3.0
newrelic 9.6.0 9.7.0
python-dateutil 2.8.2 2.9.0.post0
python-rapidjson 1.14 1.16
ruff 0.2.2 0.3.0

Updates sqlalchemy from 2.0.25 to 2.0.28

Release notes

Sourced from sqlalchemy's releases.

2.0.28

Released: March 4, 2024

orm

  • [orm] [performance] [bug] [regression] Adjusted the fix made in #10570, released in 2.0.23, where new logic was added to reconcile possibly changing bound parameter values across cache key generations used within the _orm.with_expression() construct. The new logic changes the approach by which the new bound parameter values are associated with the statement, avoiding the need to deep-copy the statement which can result in a significant performance penalty for very deep / complex SQL constructs. The new approach no longer requires this deep-copy step.

    References: #11085

  • [orm] [bug] [regression] Fixed regression caused by #9779 where using the "secondary" table in a relationship and_() expression would fail to be aliased to match how the "secondary" table normally renders within a _sql.Select.join() expression, leading to an invalid query.

    References: #11010

engine

  • [engine] [usecase] Added new core execution option _engine.Connection.execution_options.preserve_rowcount. When set, the cursor.rowcount attribute from the DBAPI cursor will be unconditionally memoized at statement execution time, so that whatever value the DBAPI offers for any kind of statement will be available using the _engine.CursorResult.rowcount attribute from the _engine.CursorResult. This allows the rowcount to be accessed for statments such as INSERT and SELECT, to the degree supported by the DBAPI in use. The engine_insertmanyvalues also supports this option and will ensure _engine.CursorResult.rowcount is correctly set for a bulk INSERT of rows when set.

    References: #10974

asyncio

  • [asyncio] [bug] An error is raised if a QueuePool or other non-asyncio pool class is passed to _asyncio.create_async_engine(). This engine only accepts asyncio-compatible pool classes including AsyncAdaptedQueuePool. Other pool classes such as NullPool are compatible with both synchronous and asynchronous

... (truncated)

Commits


Updates build from 1.0.3 to 1.1.1

Release notes

Sourced from build's releases.

Version 1.1.1

What's Changed

  • Fixed invoking outer pip from user site packages (PR #746, fixes issue #745)
  • Corrected the minimum pip version required to use an outer pip (PR #746, fixes issue #745)

Full Changelog: https://github.com/pypa/build/compare/v1.1.0...1.1.1

Version 1.1.0

What's Changed

  • Use external pip if available instead of installing, speeds up environment setup with virtualenv slightly and venv significantly. (PR #736)
  • Stopped injecting wheel as a build dependency automatically, in the case of missing pyproject.toml -- by @​webknjaz. (PR #716)
  • Use importlib_metadata on Python <3.10.2 for bugfixes not present in those CPython standard libraries (not required when bootstrapping) -- by @​GianlucaFicarelli. (PR #693, fixes issue #692)

New Contributors

Full Changelog: https://github.com/pypa/build/compare/1.0.3...v1.1.0

Changelog

Sourced from build's changelog.

1.1.1 (2024-02-29)

  • Fixed invoking outer pip from user site packages (PR :pr:746, fixes issue :issue:745)
  • Corrected the minimum pip version required to use an outer pip (PR :pr:746, fixes issue :issue:745)

1.1.0 (2024-02-29)

  • Use external pip if available instead of installing, speeds up environment setup with virtualenv slightly and venv significantly. (PR :pr:736)
  • Stopped injecting wheel as a build dependency automatically, in the case of missing pyproject.toml -- by :user:webknjaz. (PR :pr:716)
  • Use importlib_metadata on Python <3.10.2 for bugfixes not present in those CPython standard libraries (not required when bootstrapping) -- by :user:GianlucaFicarelli. (PR :pr:693, fixes issue :issue:692)
Commits


Updates dockerflow from 2024.1.0 to 2024.3.0

Release notes

Sourced from dockerflow's releases.

2024.3.0

What's Changed

New features

Internal Changes

Full Changelog: https://github.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0

2024.2.0

What's Changed

Full Changelog: https://github.com/mozilla-services/python-dockerflow/compare/2024.1.0...2024.2.0

Changelog

Sourced from dockerflow's changelog.

2024.3.0


- Add request correlation ID support ([#101](https://github.com/mozilla-services/python-dockerflow/issues/101)).
  In order to add a ``rid`` field to all log messages, add the ``dockerflow.logging.RequestIdLogFilter`` filter to your logging handlers.
  See: :ref:`Django <django-logging>`, :ref:`FastAPI <fastapi-logging>`, :ref:`Flask <flask-logging>`, :ref:`Sanic <sanic-logging>` for details.

2024.2.0

  • Stop testing Python 3.7 (#94)

  • Add support for Python 3.12 (#93)

  • Add support for FastAPI >= 0.100 (#81)

  • Add developer docs and fix release process (#92)

Commits
  • b98b4ff Update changelog 2024.3.0
  • a953916 Generalize usage of request correlation id to all integrations (#101)
  • 6a6c78a Github Action status for each tox combination (#102)
  • 6b9e191 Use ruff instead of flake8 and black (#96)
  • 4bad625 (fastapi) Log request ID when set in headers (#100)
  • c939637 Fix docs about heartbeat status on warnings (200, not 5XX) (#99)
  • e695de7 Configurable status for failed heartbeat (#98)
  • 39ea4e4 Add querystring to MozLog "request.summary" (#97)
  • 2ba0254 Align upload/download artifacts actions versions
  • 6aaf5c1 Do not restrict FastAPI testing to 0.100 only
  • Additional commits viewable in compare view


Updates newrelic from 9.6.0 to 9.7.0

Release notes

Sourced from newrelic's releases.

v9.7.0

Notes

This release of the Python agent no longer reports attributes with None values and attaches a transaction trace ID to the error traces even when Distributed Tracing is not enabled.

Install the agent using easy_install/pip/distribute via the Python Package Index or download it directly from the New Relic download site.

New features

  • Remove reporting of attributes with None values

    • Previously, the agent recorded attributes with a value of None type as the string "None". Now, the agent no longer records user or agent attributes that have None type values.

Bug fixes

  • Add transaction trace ID to the error traces even when Distributed Tracing is not enabled
    • Previously, certain trace attributes in error traces such as stack traces were only visible in the UI if Distributed Tracing was enabled. Linking the transaction trace to error traces by including the transaction trace id on the error traces allows the user to have access to the transaction trace attributes in the UI.

Support statement

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date.

See the New Relic Python agent EOL policy for information about agent releases and support dates.

Commits
  • 56fbda1 Merge pull request #1064 from newrelic/drop-none-attrs
  • 5bbf0dc Fix loguru test
  • 2755208 Summarize agent spec quote
  • ac17284 Fixup formatting of blank lines
  • ee87f7a Remove log context attr=None tests
  • 0337ab6 Add description of create_agent_attributes
  • 5bb045b Replace create_user_attributes w/create_attributes
  • 62b1bc0 Only add attr if key is not None
  • 22acf04 Remove unused imports
  • a57f789 Drop None type attributes
  • Additional commits viewable in compare view


Updates python-dateutil from 2.8.2 to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

2.9.0

Version 2.9.0 (2024-02-29)

Data updates

  • Updated tzdata version to 2024a. (gh pr #1342)

Features

  • Made all dateutil submodules lazily imported using PEP 562. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

  • Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

  • Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)
Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

Version 2.9.0 (2024-02-29)

Data updates

  • Updated tzdata version to 2024a. (gh pr #1342)

Features

  • Made all dateutil submodules lazily imported using PEP 562 <https://www.python.org/dev/peps/pep-0562/>_. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

  • Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

  • Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)
Commits
  • 1ae8077 Merge pull request #1346 from pganssle/release_2.9.0.post0
  • ee6de9d Update news to prepare for release
  • 9780d32 Pin setuptools_scm to <8
  • db9d018 Merge pull request #1343 from pganssle/release_2.9.0
  • 423ca2f Run updatezinfo before build
  • edd3fd4 Update NEWS file
  • fe02d02 Run towncrier with Python 3.11
  • 9c7524a Fix MANIFEST.in pattern
  • 6de58f5 Update classifiers to include Python 3.12
  • 8fe0cab Merge pull request #1342 from pganssle/update_zoneinfo
  • Additional commits viewable in compare view


Updates python-rapidjson from 1.14 to 1.16

Changelog

Sourced from python-rapidjson's changelog.

1.16 (2024-02-28)


* Produce Python 3.8 wheels again, I deactivated it too eagerly, it's in *security fixes
  only* mode, not yet reached its `end-of-life` state

1.15 (2024-02-28)

Commits
  • 018fe4a Release 1.16
  • 0da1259 Update CHANGES.rst
  • 32df22d Revert "Stop producing binary wheels for Python 3.8"
  • 95f68b3 There's something silly going on GH Action...
  • af3c8c7 Release 1.15
  • 233f928 Update CHANGES.rst
  • 4ca5fed Attempt to turn a crash into a proper exception
  • 65a507f Drop support for Pythons older than 3.5
  • 13c1736 Re-try uploading wheels only on new git tag
  • 0622101 Use cibuildwheel 2.16.5
  • Additional commits viewable in compare view


Updates ruff from 0.2.2 to 0.3.0

Release notes

Sourced from ruff's releases.

v0.3.0

This release introduces the new Ruff formatter 2024.2 style and adds a new lint rule to detect invalid formatter suppression comments.

Changes

Preview features

  • [flake8-bandit] Remove suspicious-lxml-import (S410) (#10154)
  • [pycodestyle] Allow os.environ modifications between imports (E402) (#10066)
  • [pycodestyle] Don't warn about a single whitespace character before a comma in a tuple (E203) (#10094)

Rule changes

  • [eradicate] Detect commented out case statements (ERA001) (#10055)
  • [eradicate] Detect single-line code for try:, except:, etc. (ERA001) (#10057)
  • [flake8-boolean-trap] Allow boolean positionals in __post_init__ (#10027)
  • [flake8-copyright] Allow © in copyright notices (#10065)
  • [isort]: Use one blank line after imports in typing stub files (#9971)
  • [pylint] New Rule dict-iter-missing-items (PLE1141) (#9845)
  • [pylint] Ignore sys.version and sys.platform (PLR1714) (#10054)
  • [pyupgrade] Detect literals with unary operators (UP018) (#10060)
  • [ruff] Expand rule for list(iterable).pop(0) idiom (RUF015) (#10148)

Formatter

This release introduces the Ruff 2024.2 style, stabilizing the following changes:

  • Prefer splitting the assignment's value over the target or type annotation (#8943)
  • Remove blank lines before class docstrings (#9154)
  • Wrap multiple context managers in with parentheses when targeting Python 3.9 or newer (#9222)
  • Add a blank line after nested classes with a dummy body (...) in typing stub files (#9155)
  • Reduce vertical spacing for classes and functions with a dummy (...) body (#7440, #9240)
  • Add a blank line after the module docstring (#8283)
  • Parenthesize long type hints in assignments (#9210)
  • Preserve indent for single multiline-string call-expressions (#9673)
  • Normalize hex escape and unicode escape sequences (#9280)
  • Format module docstrings (#9725)

CLI

  • Explicitly disallow extend as part of a --config flag (#10135)
  • Remove build from the default exclusion list (#10093)
  • Deprecate ruff <path>, ruff --explain, ruff --clean, and ruff --generate-shell-completion in favor of ruff check <path>, ruff rule, ruff clean, and ruff generate-shell-completion (#10169)
  • Remove the deprecated CLI option --format from ruff rule and ruff linter (#10170)

Bug fixes

  • [flake8-bugbear] Avoid adding default initializers to stubs (B006) (#10152)
  • [flake8-type-checking] Respect runtime-required decorators for function signatures (#10091)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.3.0

This release introduces the new Ruff formatter 2024.2 style and adds a new lint rule to detect invalid formatter suppression comments.

Preview features

  • [flake8-bandit] Remove suspicious-lxml-import (S410) (#10154)
  • [pycodestyle] Allow os.environ modifications between imports (E402) (#10066)
  • [pycodestyle] Don't warn about a single whitespace character before a comma in a tuple (E203) (#10094)

Rule changes

  • [eradicate] Detect commented out case statements (ERA001) (#10055)
  • [eradicate] Detect single-line code for try:, except:, etc. (ERA001) (#10057)
  • [flake8-boolean-trap] Allow boolean positionals in __post_init__ (#10027)
  • [flake8-copyright] Allow © in copyright notices (#10065)
  • [isort]: Use one blank line after imports in typing stub files (#9971)
  • [pylint] New Rule dict-iter-missing-items (PLE1141) (#9845)
  • [pylint] Ignore sys.version and sys.platform (PLR1714) (#10054)
  • [pyupgrade] Detect literals with unary operators (UP018) (#10060)
  • [ruff] Expand rule for list(iterable).pop(0) idiom (RUF015) (#10148)

Formatter

This release introduces the Ruff 2024.2 style, stabilizing the following changes:

  • Prefer splitting the assignment's value over the target or type annotation (#8943)
  • Remove blank lines before class docstrings (#9154)
  • Wrap multiple context managers in with parentheses when targeting Python 3.9 or newer (#9222)
  • Add a blank line after nested classes with a dummy body (...) in typing stub files (#9155)
  • Reduce vertical spacing for classes and functions with a dummy (...) body (#7440, #9240)
  • Add a blank line after the module docstring (#8283)
  • Parenthesize long type hints in assignments (#9210)
  • Preserve indent for single multiline-string call-expressions (#9673)
  • Normalize hex escape and unicode escape sequences (#9280)
  • Format module docstrings (#9725)

CLI

  • Explicitly disallow extend as part of a --config flag (#10135)
  • Remove build from the default exclusion list (#10093)
  • Deprecate ruff <path>, ruff --explain, ruff --clean, and ruff --generate-shell-completion in favor of ruff check <path>, ruff rule, ruff clean, and ruff generate-shell-completion (#10169)
  • Remove the deprecated CLI option --format from ruff rule and ruff linter (#10170)

Bug fixes

  • [flake8-bugbear] Avoid adding default initializers to stubs (B006) (#10152)
  • [flake8-type-checking] Respect runtime-required decorators for function signatures (#10091)
  • [pycodestyle] Mark fixes overlapping with a multiline string as unsafe (W293) (#10049)

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 6 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.