search

containerbuildsystem / cachi2

Cachi2 is a CLI tool that pre-fetches your project's dependencies to aid in making your build process network-isolated.
GNU General Public License v3.0
7 stars 25 forks source link

build(deps): bump the dep-patch-updates group with 11 updates #474

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the dep-patch-updates group with 11 updates:

Package From To
aiohttp 3.9.2 3.9.3
bandit 1.7.6 1.7.7
beautifulsoup4 4.12.2 4.12.3
coverage[toml] 7.4.0 7.4.3
gitpython 3.1.41 3.1.42
multidict 6.0.4 6.0.5
pydantic 2.6.1 2.6.2
pydantic-core 2.16.2 2.16.3
pytest-asyncio 0.23.3 0.23.5
urllib3 2.2.0 2.2.1
setuptools 69.1.0 69.1.1

Updates aiohttp from 3.9.2 to 3.9.3

Release notes

Sourced from aiohttp's releases.

3.9.3

Bug fixes

  • Fixed backwards compatibility breakage (in 3.9.2) of ssl parameter when set outside of ClientSession (e.g. directly in TCPConnector) -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: #8097, #8098.

Miscellaneous internal changes

  • Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.

    Related issues and pull requests on GitHub: #3957.

Changelog

Sourced from aiohttp's changelog.

3.9.3 (2024-01-29)

Bug fixes

  • Fixed backwards compatibility breakage (in 3.9.2) of ssl parameter when set outside of ClientSession (e.g. directly in TCPConnector) -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:8097, :issue:8098.

Miscellaneous internal changes

  • Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.

    Related issues and pull requests on GitHub: :issue:3957.

Commits


Updates bandit from 1.7.6 to 1.7.7

Release notes

Sourced from bandit's releases.

1.7.7

What's Changed

New Contributors

Full Changelog: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7

Commits


Updates beautifulsoup4 from 4.12.2 to 4.12.3

Updates coverage[toml] from 7.4.0 to 7.4.3

Release notes

Sourced from coverage[toml]'s releases.

7.4.3

  • Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733.

:arrow_right:  PyPI page: coverage 7.4.3. :arrow_right:  To install: python3 -m pip install coverage==7.4.3

7.4.2

  • Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

:arrow_right:  PyPI page: coverage 7.4.2. :arrow_right:  To install: python3 -m pip install coverage==7.4.2

7.4.1

  • Python 3.13.0a3 is supported.
  • Fix: the JSON report now includes an explicit format version number, closing issue 1732.

:arrow_right:  PyPI page: coverage 7.4.1. :arrow_right:  To install: python3 -m pip install coverage==7.4.1

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.4.3 — 2024-02-23

  • Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733_.

.. _issue 1733: nedbat/coveragepy#1733

.. _changes_7-4-2:

Version 7.4.2 — 2024-02-20

  • Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade <pull 1747_>_. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: nedbat/coveragepy#1747

.. _changes_7-4-1:

Version 7.4.1 — 2024-01-26

  • Python 3.13.0a3 is supported.

  • Fix: the JSON report now includes an explicit format version number, closing issue 1732_.

.. _issue 1732: nedbat/coveragepy#1732

.. _changes_7-4-0:

Commits
  • 1af3624 docs: sample HTML for 7.4.3
  • f06c5e4 docs: prep for 7.4.3
  • 08fc997 fix: get atomic copies of iterables when flushing data. #1733
  • 4e34571 build: put a time limit on the Python nightly tests
  • a1d8d29 build: make targets should use underscores not dashes
  • f7d40a0 build: tweak the release instructions
  • 0f19b82 build: bump version
  • 5d69334 test: if a test fails randomly, let it retry with @​flaky
  • 65d686c docs: sample HTML for 7.4.2
  • 026dca7 docs: prep for 7.4.2
  • Additional commits viewable in compare view


Updates gitpython from 3.1.41 to 3.1.42

Release notes

Sourced from gitpython's releases.

3.1.42

What's Changed

New Contributors

Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.41...3.1.42

Commits
  • 1f37b48 prepare the next release
  • 9caf3ae Merge pull request #1825 from EliahKagan/tree-test
  • 2613421 Merge pull request #1823 from marcm-ml/master
  • b780a8c Tweak @with_rw_directory and go back to using it
  • 0114a99 Use more ligtweight approach to guarantee deletion
  • 90cf4d7 Fix new PermissionError in Windows with Python 3.7
  • dd42e38 Keep temp files out of project dir and improve cleanup
  • 2671167 Remove deprecated section in README.md
  • 7ba3fd2 Bump Vampire/setup-wsl from 2.0.2 to 3.0.0
  • e75ea98 Bump pre-commit/action from 3.0.0 to 3.0.1
  • Additional commits viewable in compare view


Updates multidict from 6.0.4 to 6.0.5

Release notes

Sourced from multidict's releases.

6.0.5

Bug fixes

  • Upgraded the C-API macros that have been deprecated in Python 3.9 and later removed in 3.13 -- by @​iemelyanov💰.

    Related issues and pull requests on GitHub: #862, #864, #868, #898.

  • Reverted to using the public argument parsing API PyArg_ParseTupleAndKeywords() under Python 3.12 -- by @​charles-dyfis-net💰 and @​webknjaz💰.

    The effect is that this change prevents build failures with clang 16.9.6 and gcc-14 reported in #926. It also fixes a segmentation fault crash caused by passing keyword arguments to MultiDict.getall() discovered by @​jonaslb💰 and @​hroncok💰 while examining the problem.

    Related issues and pull requests on GitHub: #862, #909, #926, #929.

  • Fixed a SystemError: null argument to internal routine error on a MultiDict.items().isdisjoint() call when using C Extensions.

    Related issues and pull requests on GitHub: #927.

Improved documentation

  • On the Contributing docs age, a link to the Towncrier philosophy has been fixed.

    Related issues and pull requests on GitHub: #911.

Packaging updates and notes for downstreams

  • Stopped marking all files as installable package data -- by @​webknjaz💰.

    This change helps setuptools understand that C-headers are not to be installed under lib/python3.{x}/site-packages/.

    Related commits on GitHub: 31e1170.

... (truncated)

Changelog

Sourced from multidict's changelog.

6.0.5 (2024-02-01)

Bug fixes

  • Upgraded the C-API macros that have been deprecated in Python 3.9 and later removed in 3.13 -- by :user:iemelyanov.

    Related issues and pull requests on GitHub: :issue:862, :issue:864, :issue:868, :issue:898.

  • Reverted to using the public argument parsing API :c:func:PyArg_ParseTupleAndKeywords under Python 3.12 -- by :user:charles-dyfis-net and :user:webknjaz.

    The effect is that this change prevents build failures with clang 16.9.6 and gcc-14 reported in :issue:926. It also fixes a segmentation fault crash caused by passing keyword arguments to :py:meth:MultiDict.getall() <multidict.MultiDict.getall> discovered by :user:jonaslb and :user:hroncok while examining the problem.

    Related issues and pull requests on GitHub: :issue:862, :issue:909, :issue:926, :issue:929.

  • Fixed a SystemError: null argument to internal routine error on a MultiDict.items().isdisjoint() call when using C Extensions.

    Related issues and pull requests on GitHub: :issue:927.

Improved documentation

  • On the Contributing docs <https://github.com/aio-libs/multidict/blob/master/CHANGES/README.rst>_ page, a link to the Towncrier philosophy has been fixed.

    Related issues and pull requests on GitHub:

... (truncated)

Commits
  • a9b281b ⇪ 📦 Release v6.0.5
  • ed825c8 🧪 Download artifacts to dist/ @ release job
  • 7b04a64 🧪 Normalize issue refs @ release action
  • 74840e8 🧪 Pass Codecov token to reusable linters job
  • 41c133e 🧪 Bump Codecov action to v4
  • adb1976 📝 Fix return type @ Sphinx config
  • 99e435f 📝 Mention bylines in the changelog guidelines
  • 736169e 📝 Clarify need to only ref PR @ change note name
  • 887846f 📝 Highlight the RST term @ changelog guide
  • 8f57f8a 📝 Add a missing comma @ changelog guide
  • Additional commits viewable in compare view


Updates pydantic from 2.6.1 to 2.6.2

Release notes

Sourced from pydantic's releases.

v2.6.2 2024-02-23

v2.6.2 (2024-02-23)

What's Changed

Packaging

Fixes

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.6.1...v2.6.2/

Changelog

Sourced from pydantic's changelog.

v2.6.2 (2024-02-23)

GitHub release

What's Changed

Packaging

Fixes

Commits


Updates pydantic-core from 2.16.2 to 2.16.3

Release notes

Sourced from pydantic-core's releases.

v2.16.3 2024-02-23

What's Changed

Full Changelog: https://github.com/pydantic/pydantic-core/compare/v2.16.2...v2.16.3

Commits


Updates pytest-asyncio from 0.23.3 to 0.23.5

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 0.23.5

0.23.5 (2024-02-09)

  • Declare compatibility with pytest 8 #737
  • Fix typing errors with recent versions of mypy #769
  • Prevent DeprecationWarning about internal use of asyncio.get_event_loop() from affecting test cases #757

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

pytest-asyncio 0.23.5a0

0.23.5 (UNRELEASED)

  • Declare compatibility with pytest 8 #737
  • Fix typing errors with recent versions of mypy #769

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

pytest-asyncio 0.23.4

0.23.4 (2024-01-28)

  • pytest-asyncio no longer imports additional, unrelated packages during test collection #729
  • Addresses further issues that caused an internal pytest error during test collection
  • Declares incompatibility with pytest 8 #737

pytest-asyncio 0.23.4a2

0.23.4 (UNRELEASED)

  • pytest-asyncio no longer imports additional, unrelated packages during test collection #729
  • Addresses further issues that caused an internal pytest error during test collection

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

pytest-asyncio 0.23.4a1

0.23.4 (UNRELEASED)

  • pytest-asyncio no longer imports additional, unrelated packages during test collection #729

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

pytest-asyncio 0.23.4a0

0.23.4 (UNRELEASED)

  • pytest-asyncio no longer imports additional, unrelated packages during test collection #729

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

Commits
  • 3aef605 [build] Update actions/upload-artifact and actions/download-artifact to v4.
  • 4b1908d [fix] Prevent DeprecationWarning from bubbling to user code.
  • fc6d6cf Fix typing and update to mypy 1.8.0 (#769)
  • 6008cf1 Build(deps): Bump pluggy from 1.3.0 to 1.4.0 in /dependencies/default
  • 712c51b Build(deps): Bump coverage from 7.4.0 to 7.4.1 in /dependencies/default
  • 42fd304 Build(deps): Bump hypothesis in /dependencies/default
  • a40b4f6 Build(deps): Bump urllib3 from 2.1.0 to 2.2.0 in /dependencies/docs
  • 9d90f8e Build(deps): Bump certifi in /dependencies/docs
  • fe5da07 Build(deps): Bump markupsafe from 2.1.4 to 2.1.5 in /dependencies/docs
  • 42b140d fix compatibility with pytest ^8 (#776)
  • Additional commits viewable in compare view


Updates urllib3 from 2.2.0 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
  • Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
  • Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
  • Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)
Changelog

Sourced from urllib3's changelog.

2.2.1 (2024-02-16)

  • Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>__)
  • Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>__)
  • Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>__)
  • Changed ProtocolError to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>__)
Commits
  • 54d6edf Release 2.2.1
  • 49b2dda Stop casting request headers to HTTPHeaderDict (#3344)
  • e22f651 Fix docstring of retries parameter
  • fa54179 Distinguish between truncated and excess content in response (#3273)
  • cfe52f9 Fix InsecureRequestWarning for HTTPS Emscripten requests (#3333)
  • 25155d7 Ensure no remote connections during testing (#3328)
  • 12f9233 Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (#3340)
  • 9929d3c Add nox session to start local Pyodide console
  • aa8d3dd Fix ssl_version tests for upcoming migration to pytest 8
  • 23f2287 Remove TODO about informational responses (#3319)
  • Additional commits viewable in compare view


Updates setuptools from 69.1.0 to 69.1.1

Changelog

Sourced from setuptools's changelog.

v69.1.1

Bugfixes

Misc

Commits
  • 8c45d6e Bump version: 69.1.0 → 69.1.1
  • 367559f Cleanup withespace in Github issue template
  • 5a54d5b Append arbitrary args instead of prepending (#4217)
  • 1719601 Append arbitrary args instead of prepending.
  • a9e7b72 Bump test dependency on packaging to 23.2 (#4231)
  • 86a2899 Use setup.cfg to specify test dependency on packaging
  • adc8999 PR number to newsfragment
  • 73466de Bump packaging in tests to 23.2
  • 569fd7b Add comments about Python version to bug-report.yml
  • e4cca0e Remove arbitrary equality operator from bug report template.
  • Additional commits viewable in compare view


Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | pydantic-core | [>= 2.11.a, < 2.12] |

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions