search

django-discord / bot

A bot for the Django Discord server
MIT License
10 stars 6 forks source link

Bump the all group with 12 updates #453

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the all group with 12 updates:

Package From To
aiohttp 3.9.1 3.9.5
frozenlist 1.4.0 1.4.1
idna 3.6 3.7
multidict 6.0.4 6.0.5
filelock 3.13.4 3.14.0
jinja2 3.1.3 3.1.4
jsonschema 4.21.1 4.22.0
nbconvert 7.16.3 7.16.4
pygments 2.17.2 2.18.0
pyzmq 26.0.2 26.0.3
referencing 0.35.0 0.35.1
virtualenv 20.26.0 20.26.1

Updates aiohttp from 3.9.1 to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

  • Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

    Related issues and pull requests on GitHub: #8253.

  • Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

    Related issues and pull requests on GitHub: #8332.

  • Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: #8335.

3.9.4

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

  • Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

    Related issues and pull requests on GitHub: :issue:8253.

  • Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

    Related issues and pull requests on GitHub: :issue:8332.

  • Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:8335.

3.9.4 (2024-04-11)

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:8089.

... (truncated)

Commits


Updates frozenlist from 1.4.0 to 1.4.1

Release notes

Sourced from frozenlist's releases.

1.4.1

Packaging updates and notes for downstreams

  • Declared Python 3.12 and PyPy 3.8-3.10 supported officially in the distribution package metadata.

    Related issues and pull requests on GitHub: #553.

  • Replaced the packaging is replaced from an old-fashioned :file:setup.py to an in-tree :pep:517 build backend -- by :user:webknjaz.

    Whenever the end-users or downstream packagers need to build frozenlist from source (a Git checkout or an sdist), they may pass a config_settings flag pure-python. If this flag is not set, a C-extension will be built and included into the distribution.

    Here is how this can be done with pip:

    .. code-block:: console

    $ python3 -m pip install . --config-settings=pure-python=

    This will also work with -e | --editable.

    The same can be achieved via pypa/build:

    .. code-block:: console

    $ python3 -m build --config-setting=pure-python=

    Adding -w | --wheel can force pypa/build produce a wheel from source directly, as opposed to building an sdist and then building from it.

    Related issues and pull requests on GitHub: #560.

Contributor-facing changes

  • It is now possible to request line tracing in Cython builds using the with-cython-tracing :pep:517 config setting -- :user:webknjaz.

    This can be used in CI and development environment to measure coverage on Cython modules, but is not normally useful to the end-users or

... (truncated)

Changelog

Sourced from frozenlist's changelog.

1.4.1 (2023-12-15)

Packaging updates and notes for downstreams

  • Declared Python 3.12 and PyPy 3.8-3.10 supported officially in the distribution package metadata.

    Related issues and pull requests on GitHub: :issue:553.

  • Replaced the packaging is replaced from an old-fashioned :file:setup.py to an in-tree :pep:517 build backend -- by :user:webknjaz.

    Whenever the end-users or downstream packagers need to build frozenlist from source (a Git checkout or an sdist), they may pass a config_settings flag pure-python. If this flag is not set, a C-extension will be built and included into the distribution.

    Here is how this can be done with pip:

    .. code-block:: console

    $ python3 -m pip install . --config-settings=pure-python=

    This will also work with -e | --editable.

    The same can be achieved via pypa/build:

    .. code-block:: console

    $ python3 -m build --config-setting=pure-python=

    Adding -w | --wheel can force pypa/build produce a wheel from source directly, as opposed to building an sdist and then building from it.

    Related issues and pull requests on GitHub: :issue:560.

Contributor-facing changes

  • It is now possible to request line tracing in Cython builds using the with-cython-tracing :pep:517 config setting -- :user:webknjaz.

... (truncated)

Commits
  • 457b28e ⇪📦 Bump to v1.4.1
  • 4998859 📝 Mark "dev" as a known word
  • 3d740da ⇪📦 Bump to v1.4.1.dev0
  • d92751c 🧪 Cache pre-commit.com virtualenvs @ CI
  • 7394415 🧪🐛 List explicit MyPy coverage.xml paths @ CI
  • a26ba84 🧪 Update codecov action input to plural files
  • e12ecf6 🧪 Upload MyPy coverage to Codecov
  • 59b9a74 🐛🧪 Fix the operator in test_lt
  • 01720b2 🧪 Keep building macosx_x86_64 wheels for tests
  • d9f5e0c 🧪💅 Add a reusable project name var to CI/CD
  • Additional commits viewable in compare view


Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view


Updates multidict from 6.0.4 to 6.0.5

Release notes

Sourced from multidict's releases.

6.0.5

Bug fixes

  • Upgraded the C-API macros that have been deprecated in Python 3.9 and later removed in 3.13 -- by @​iemelyanov💰.

    Related issues and pull requests on GitHub: #862, #864, #868, #898.

  • Reverted to using the public argument parsing API PyArg_ParseTupleAndKeywords() under Python 3.12 -- by @​charles-dyfis-net💰 and @​webknjaz💰.

    The effect is that this change prevents build failures with clang 16.9.6 and gcc-14 reported in #926. It also fixes a segmentation fault crash caused by passing keyword arguments to MultiDict.getall() discovered by @​jonaslb💰 and @​hroncok💰 while examining the problem.

    Related issues and pull requests on GitHub: #862, #909, #926, #929.

  • Fixed a SystemError: null argument to internal routine error on a MultiDict.items().isdisjoint() call when using C Extensions.

    Related issues and pull requests on GitHub: #927.

Improved documentation

  • On the Contributing docs age, a link to the Towncrier philosophy has been fixed.

    Related issues and pull requests on GitHub: #911.

Packaging updates and notes for downstreams

  • Stopped marking all files as installable package data -- by @​webknjaz💰.

    This change helps setuptools understand that C-headers are not to be installed under lib/python3.{x}/site-packages/.

    Related commits on GitHub: 31e1170.

... (truncated)

Changelog

Sourced from multidict's changelog.

6.0.5 (2024-02-01)

Bug fixes

  • Upgraded the C-API macros that have been deprecated in Python 3.9 and later removed in 3.13 -- by :user:iemelyanov.

    Related issues and pull requests on GitHub: :issue:862, :issue:864, :issue:868, :issue:898.

  • Reverted to using the public argument parsing API :c:func:PyArg_ParseTupleAndKeywords under Python 3.12 -- by :user:charles-dyfis-net and :user:webknjaz.

    The effect is that this change prevents build failures with clang 16.9.6 and gcc-14 reported in :issue:926. It also fixes a segmentation fault crash caused by passing keyword arguments to :py:meth:MultiDict.getall() <multidict.MultiDict.getall> discovered by :user:jonaslb and :user:hroncok while examining the problem.

    Related issues and pull requests on GitHub: :issue:862, :issue:909, :issue:926, :issue:929.

  • Fixed a SystemError: null argument to internal routine error on a MultiDict.items().isdisjoint() call when using C Extensions.

    Related issues and pull requests on GitHub: :issue:927.

Improved documentation

  • On the Contributing docs <https://github.com/aio-libs/multidict/blob/master/CHANGES/README.rst>_ page, a link to the Towncrier philosophy has been fixed.

    Related issues and pull requests on GitHub:

... (truncated)

Commits
  • a9b281b ⇪ 📦 Release v6.0.5
  • ed825c8 🧪 Download artifacts to dist/ @ release job
  • 7b04a64 🧪 Normalize issue refs @ release action
  • 74840e8 🧪 Pass Codecov token to reusable linters job
  • 41c133e 🧪 Bump Codecov action to v4
  • adb1976 📝 Fix return type @ Sphinx config
  • 99e435f 📝 Mention bylines in the changelog guidelines
  • 736169e 📝 Clarify need to only ref PR @ change note name
  • 887846f 📝 Highlight the RST term @ changelog guide
  • 8f57f8a 📝 Add a missing comma @ changelog guide
  • Additional commits viewable in compare view


Updates filelock from 3.13.4 to 3.14.0

Release notes

Sourced from filelock's releases.

3.14.0

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.4...3.14.0

Commits


Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj
Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj
Commits


Updates jsonschema from 4.21.1 to 4.22.0

Release notes

Sourced from jsonschema's releases.

v4.22.0

What's Changed

  • Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
  • (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.

New Contributors

Full Changelog: https://github.com/python-jsonschema/jsonschema/compare/v4.21.1...v4.22.0

Changelog

Sourced from jsonschema's changelog.

v4.22.0

  • Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
  • (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.
Commits
  • 9882dbe Add / ignore the new specification test suite property.
  • ebc90bb Merge commit '8fcfc3a674a7188a4fcc822b7a91efb3e0422a20'
  • 8fcfc3a Squashed 'json/' changes from b41167c74..54f3784a8
  • 30b7537 Pin pyenchant to pre from below until pyenchant/pyenchant#302 is released.
  • c3729db Enable doctests for the rest of the referencing page.
  • 70a994c Remove a now-unneeded noqa since apparently this is fixed in new ruff.
  • e6d0ef1 Fix a minor typo in the referencing example docs.
  • bceaf41 Another placeholder benchmark for future optimization.
  • b20234e Consider errors from earlier indices (in instances) to be better matches
  • 41b49c6 Minor improvement to test failure message when a best match test fails.
  • Additional commits viewable in compare view


Updates nbconvert from 7.16.3 to 7.16.4

Release notes

Sourced from nbconvert's releases.

v7.16.4

7.16.4

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​mgeier | @​pre-commit-ci

Changelog

Sourced from nbconvert's changelog.

7.16.4

(Full Changelog)

Bugs fixed

Maintenance and upkeep improvements

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​mgeier | @​pre-commit-ci

Commits


Updates pygments from 2.17.2 to 2.18.0

Release notes

Sourced from pygments's releases.

2.18.0

  • New lexers:

  • Updated lexers:

    • Awk: recognize ternary operator (#2687)
    • Bash: add openrc alias (#2599, #2371)
    • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
    • DNS zone files: Fix comment parsing (#2595)
    • Hy: Support unicode literals (#1126)
    • Inform6: Update to Inform 6.42 (#2644)
    • lean: Fix name handling (#2614)
    • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
    • Macaulay2: Update to 1.23 (#2655)
    • Python: fix highlighting of soft keywords before None/True/False
    • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
    • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
    • Spice: Add keywords (#2621)
    • SQL Explain: allow negative numbers (#2610)
    • Swift: Support multiline strings (#2681)
    • ThingsDB: add constants and new functions; support template strings (#2624)
    • UL4: support nested <?doc?> and <?note?> tags (#2597)
    • VHDL: support multi-line comments of VHDL-2008 (#2622)
    • Wikitext: Remove kk-* in variant_langs (#2647)
    • Xtend: Add val and var (#2602)

  • New styles:

  • Make background colors in the image formatter work with Pillow 10.0 (#2623)

  • Require Python 3.8. As a result, the importlib-metadata package is no longer needed for fast plugin discovery on Python 3.7. The plugins extra (used as, e.g., pip install pygments[plugins])

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.18.0

(released May 4th, 2024)

  • New lexers:

  • Updated lexers:

    • Awk: recognize ternary operator (#2687)
    • Bash: add openrc alias (#2599, #2371)
    • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
    • DNS zone files: Fix comment parsing (#2595)
    • Hy: Support unicode literals (#1126)
    • Inform6: Update to Inform 6.42 (#2644)
    • lean: Fix name handling (#2614)
    • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
    • Macaulay2: Update to 1.23 (#2655)
    • Python: fix highlighting of soft keywords before None/True/False
    • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
    • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
    • Spice: Add keywords (#2621)
    • SQL Explain: allow negative numbers (#2610)
    • Swift: Support multiline strings (#2681)
    • ThingsDB: add constants and new functions; support template strings (#2624)
    • UL4: support nested <?doc?> and <?note?> tags (#2597)
    • VHDL: support multi-line comments of VHDL-2008 (#2622)
    • Wikitext: Remove kk-* in variant_langs (#2647)
    • Xtend: Add val and var (#2602)

  • New styles:

  • Make background colors in the image formatter work with Pillow 10.0 (#2623)

... (truncated)

Commits


Updates pyzmq from 26.0.2 to 26.0.3

Release notes

Sourced from pyzmq's releases.

v26.0.3

See release notes, or pyzmq on PyPI.

Install with:

pip install 'pyzmq==26.0.3'
Commits


Updates referencing from 0.35.0 to 0.35.1

Release notes

Sourced from referencing's releases.

v0.35.1

  • Make Resource.pointer also properly handle empty pointers (which refer to the root document). This fix likely only affects you if you were using that function directly, as Resource.lookup already handles empty fragments.

Full Changelog: https://github.com/python-jsonschema/referencing/compare/v0.35.0...v0.35.1

Changelog

Sourced from referencing's changelog.

v0.35.1

  • Make Resource.pointer also properly handle empty pointers (which refer to the root document). This fix likely only affects you if you were using that function directly, as Resource.lookup already handles empty fragments.
Commits
  • 1863d4a Correct the return type.
  • 1357a73 Handle empty pointers (root pointers) in Resource.pointer.
  • a524132 Merge pull request #149 from python-jsonschema/dependabot/submodules/suite-c4...
  • c0c7b72 Bump suite from 8be5a4b to c49444c
  • edd1006 Merge pull request #147 from python-jsonschema/dependabot/submodules/suite-8b...
  • d485584 Bump suite from 87851a6 to 8be5a4b
  • 217a18d Remove a now-unneeded noqa since apparently this is fixed in new ruff.
  • 2c1a8f5 Pin pyenchant to pre from below until pyenchant/pyenchant#302 is released.
  • See full diff in compare view


Updates virtualenv from 20.26.0 to 20.26.1

Changelog

Sourced from virtualenv's changelog.

v20.26.1 (2024-04-29)

Bugfixes - 20.26.1

- fix PATH-based Python discovery on Windows - by :user:`ofek`. (:issue:`2712`)
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions