search

gregsadetsky / nycnoise

https://nyc-noise.com
15 stars 0 forks source link

Bump the python-packages group across 1 directory with 19 updates #275

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the python-packages group with 19 updates in the / directory:

Package From To
asgiref 3.7.2 3.8.1
django 4.2.10 4.2.11
django-tinymce 3.7.1 4.0.0
filelock 3.13.1 3.13.4
gunicorn 21.2.0 22.0.0
icalendar 5.0.11 5.0.12
idna 3.6 3.7
lxml 5.1.0 5.2.1
mypy 1.8.0 1.9.0
packaging 23.2 24.0
platformdirs 4.2.0 4.2.1
pluggy 1.4.0 1.5.0
pytest 8.0.2 8.1.1
python-dateutil 2.9.0 2.9.0.post0
sqlparse 0.4.4 0.5.0
types-pytz 2024.1.0.20240203 2024.1.0.20240417
types-pyyaml 6.0.12.12 6.0.12.20240311
typing-extensions 4.10.0 4.11.0
virtualenv 20.25.1 20.26.0

Updates asgiref from 3.7.2 to 3.8.1

Changelog

Sourced from asgiref's changelog.

3.8.1 (2024-03-22)

  • Fixes a regression in 3.8.0 affecting nested task cancellation inside sync_to_async.

3.8.0 (2024-03-20)

  • Adds support for Python 3.12.

  • Drops support for (end-of-life) Python 3.7.

  • Fixes task cancellation propagation to subtasks when using synchronous Django middleware.

  • Allows nesting sync_to_async via asyncio.wait_for.

  • Corrects WSGI adapter handling of root path.

  • Handles case where "client" is None in WsgiToAsgi adapter.

Commits
  • e38d3c3 Releasing 3.8.1
  • 8769434 Raise exception if exec_coro is done.
  • 852344e Add tox.ini to MANIFEST.in
  • f710647 Fix a rST problem in the pathsend extension documentation
  • 4c28385 Releasing 3.8.0
  • 4209b6c Correct WSGI adapter handling of root path.
  • 8cf847a Update error-on-send text in main spec
  • 8108512 Move variable initialization in AsyncToSync from init to call (#440)
  • 6f02daa Clarify send error behaviour more clearly
  • 0503c2c Fix task cancellation propagation to subtasks when using sync middleware (#435)
  • Additional commits viewable in compare view


Updates django from 4.2.10 to 4.2.11

Commits
  • 61a986f [4.2.x] Bumped version for 4.2.11 release.
  • 3c9a277 [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().
  • 7973951 [4.2.x] Added release date for 4.2.11 and 3.2.25.
  • 86d8034 [4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unle...
  • cb173bb [4.2.x] Fixed #35172 -- Fixed intcomma for string floats.
  • 227ef29 [4.2.x] Added CVE-2024-24680 to security archive.
  • e2f1907 [4.2.x] Post release version bump.
  • See full diff in compare view


Updates django-tinymce from 3.7.1 to 4.0.0

Release notes

Sourced from django-tinymce's releases.

4.0.0

  • Upgrade embedded TinyMCE from 5.10.7 to 6.8.3

The spellchecker plugin is gone (including USE_SPELLCHECKER setting). Use the browser_spellcheck TinyMCE option (activated by default) to enable browser-based spellchecking.

Changelog

Sourced from django-tinymce's changelog.

4.0.0 (2024-03-27)

  • Upgrade embedded TinyMCE from 5.10.7 to 6.8.3

The spellchecker plugin is gone (including USE_SPELLCHECKER setting). Use the browser_spellcheck TinyMCE option (activated by default) to enable browser-based spellchecking.

Commits
  • eac5cc3 Upgrade version in pyproject.toml
  • dc270e1 Prepare release 4.0.0
  • 54d64ba Fixes #460 - Remove sourceMappingURL lines from tinymce static files
  • f04e1c8 Migrate from TinyMCE 5 to TinyMCE 6
  • See full diff in compare view


Updates filelock from 3.13.1 to 3.13.4

Release notes

Sourced from filelock's releases.

3.13.4

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.3...3.13.4

3.13.3

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.2...3.13.3

3.13.2

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.1...3.13.2

Commits
  • 000a3fa Raise error on incompatible singleton timeout and mode args (#320)
  • 312fb4e [pre-commit.ci] pre-commit autoupdate (#321)
  • f50a337 [pre-commit.ci] pre-commit autoupdate (#319)
  • 3f6df70 Make singleton class instance dict unique per subclass (#318)
  • 9a64375 [BugFix] fix permission denied error when lock file is placed in /tmp (#317)
  • e2f121b Update index.rst to improve the demo usage (#314)
  • a46ea71 [pre-commit.ci] pre-commit autoupdate (#312)
  • 766e12d [pre-commit.ci] pre-commit autoupdate (#311)
  • f641eb6 Bump pypa/gh-action-pypi-publish from 1.8.12 to 1.8.14 (#310)
  • 9048580 Bump pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12 (#308)
  • Additional commits viewable in compare view


Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/
Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view


Updates icalendar from 5.0.11 to 5.0.12

Changelog

Sourced from icalendar's changelog.

5.0.12 (2024-03-19)

Minor changes:

  • Analyse code coverage of test files
  • Added corpus to fuzzing directory
  • Added exclusion of fuzzing corpus in MANIFEST.in
  • Augmented fuzzer to optionally convert multiple calendars from a source string
  • Add script to convert OSS FUZZ test cases to Python/pytest test cases
  • Added additional exception handling of defined errors to fuzzer, to allow fuzzer to explore deeper
  • Added more instrumentation to fuzz-harness
  • Rename "contributor" to "collaborator" in documentation
  • Correct the outdated "icalendar view myfile.ics" command in documentation. #588
  • Update GitHub Actions steps versions
  • Keep GitHub Actions up to date with GitHub's Dependabot

Breaking changes:

  • ...

New features:

  • ...

Bug fixes:

  • ...
  • Fixed index error in cal.py when attempting to pop from an empty stack
  • Fixed type error in prop.py when attempting to join strings into a byte-string
  • Caught Wrong Date Format in ical_fuzzer to resolve fuzzing coverage blocker
Commits
  • 72966e7 try to set a body text of the release
  • 38fcd16 modify release
  • 679ecab use different release action
  • 216452c use github.token
  • 72c0d6d try other tag release method
  • 5551ad9 version 5.0.12
  • f417720 Merge pull request #602 from niccokunzmann/refactor-test-6
  • b51fef6 Merge pull request #599 from niccokunzmann/refactor-test-3
  • fb0baf4 Merge pull request #598 from niccokunzmann/refactor-test-2
  • 00a2d56 Merge pull request #597 from niccokunzmann/refactor-test-1
  • Additional commits viewable in compare view


Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view


Updates lxml from 5.1.0 to 5.2.1

Changelog

Sourced from lxml's changelog.

5.2.1 (2024-04-02)

Bugs fixed

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", but with SSE 4.2 enabled.

  • LP#2059977: Element.iterfind("//absolute_path") failed with a SyntaxError where it should have issued a warning.

  • GH#416: The documentation build was using the non-standard which command. Patch by Michał Górny.

5.2.0 (2024-03-30)

Other changes

  • LP#1958539: The lxml.html.clean implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library:

    https://github.com/fedora-python/lxml_html_clean

    Projects that use lxml without "lxml.html.clean" will not notice any difference, except that they won't have potentially vulnerable code installed. The module is available as an "extra" setuptools dependency "lxml[html_clean]", so that Projects that need "lxml.html.clean" will need to switch their requirements from "lxml" to "lxml[html_clean]", or install the new library themselves.

  • The minimum CPU architecture for the Linux x86 binary wheels was upgraded to "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.

  • Built with Cython 3.0.10.

5.1.2 (2024-??-??)

Bugs fixed

  • LP#2059977: Element.iterfind("//absolute_path") failed with a SyntaxError where it should have issued a warning.

5.1.1 (2024-03-28)

... (truncated)

Commits
  • 47f94ff Update changelog.
  • 932a41e Update macOS build isntructions.
  • 888153a Merge branch 'lxml-5.1'
  • fcf00fb Update changelog.
  • 76fd4f9 Fix SyntaxError in Element.iterfind() that should have been a warning.
  • 4faebe3 Fix test.
  • 9b8e36d Fix SyntaxError in Element.iterfind() that should have been a warning.
  • 175c66a Build: Reduce the number of build jobs by disabling some old targets.
  • 06ad31c Prepare release of 5.2.1.
  • 24dafd3 Build: Fix Makefile to work on systems without which(1) (GH-416)
  • Additional commits viewable in compare view


Updates mypy from 1.8.0 to 1.9.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.10

We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support TypeIs (PEP 742)

Mypy now supports TypeIs (PEP 742), which allows functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard, TypeIs can narrow in both the if and else branches of an if statement:

from typing_extensions import TypeIs

def is_str(s: object) -> TypeIs[str]:
return isinstance(s, str)


def f(o: str | int) -> None:
if is_str(o):
# Type of o is 'str'
...
else:
# Type of o is 'int'
...

TypeIs will be added to the typing module in Python 3.13, but it can be used on earlier Python versions by importing it from typing_extensions.

This feature was contributed by Jelle Zijlstra (PR 16898).

Support TypeVar Defaults (PEP 696)

PEP 696 adds support for type parameter defaults. Example:

from typing import Generic
from typing_extensions import TypeVar

</tr></table>

... (truncated)

Commits


Updates packaging from 23.2 to 24.0

Release notes

Sourced from packaging's releases.

24.0

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/packaging/compare/23.2...24.0

Changelog

Sourced from packaging's changelog.

24.0 - 2024-03-10


* Do specifier matching correctly when the specifier contains an epoch number
  and has more components than the version (:issue:`683`)
* Support the experimental ``--disable-gil`` builds in packaging.tags
  (:issue:`727`)
* BREAKING: Make optional ``metadata.Metadata`` attributes default to ``None`` (:issue:`733`)
* Fix errors when trying to access the ``description_content_type``, ``keywords``,
  and ``requires_python`` attributes on ``metadata.Metadata`` when those values
  have not been provided (:issue:`733`)
* Fix a bug preventing the use of the built in ``ExceptionGroup`` on versions of
  Python that support it (:issue:`725`)
Commits


Updates platformdirs from 4.2.0 to 4.2.1

Release notes

Sourced from platformdirs's releases.

4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/platformdirs/platformdirs/compare/4.2.0...4.2.1

Commits


Updates pluggy from 1.4.0 to 1.5.0

Changelog

Sourced from pluggy's changelog.

pluggy 1.5.0 (2024-04-19)

Features

  • [#178](https://github.com/pytest-dev/pluggy/issues/178) <https://github.com/pytest-dev/pluggy/issues/178>_: Add support for deprecating specific hook parameters, or more generally, for issuing a warning whenever a hook implementation requests certain parameters.

    See :ref:warn_on_impl for details.

Bug Fixes

  • [#481](https://github.com/pytest-dev/pluggy/issues/481) <https://github.com/pytest-dev/pluggy/issues/481>_: PluginManager.get_plugins() no longer returns None for blocked plugins.
Commits
  • f8aa4a0 Preparing release 1.5.0
  • b4a8c92 Merge pull request #495 from bluetech/warn-on-impl-args
  • 6f6ea68 Add support deprecating hook parameters
  • 91f88d2 Merge pull request #496 from bluetech/codecov-action
  • 89ce829 ci: replace upload-coverage script with codecov github action
  • 29f104d Lift pluggy (#493)
  • c2b36b4 Merge pull request #491 from pytest-dev/pre-commit-ci-update-config
  • 2b533c9 [pre-commit.ci] pre-commit autoupdate
  • 04d1bcd [pre-commit.ci] pre-commit autoupdate (#490)
  • f74e94b [pre-commit.ci] pre-commit autoupdate (#489)
  • Additional commits viewable in compare view


Updates pytest from 8.0.2 to 8.1.1

Release notes

Sourced from pytest's releases.

8.1.1

pytest 8.1.1 (2024-03-08)

::: {.note} ::: {.title} Note :::

This release is not a usual bug fix release -- it contains features and improvements, being a follow up to 8.1.0, which has been yanked from PyPI. :::

Features

  • #11475: Added the new consider_namespace_packages{.interpreted-text role="confval"} configuration option, defaulting to False.

    If set to True, pytest will attempt to identify modules that are part of namespace packages when importing modules.

  • #11653: Added the new verbosity_test_cases{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity. See Fine-grained verbosity <pytest.fine_grained_verbosity>{.interpreted-text role="ref"} for more details.

Improvements

  • #10865: pytest.warns{.interpreted-text role="func"} now validates that warnings.warn{.interpreted-text role="func"} was called with a [str]{.title-ref} or a [Warning]{.title-ref}. Currently in Python it is possible to use other types, however this causes an exception when warnings.filterwarnings{.interpreted-text role="func"} is used to filter those warnings (see [CPython #103577](python/cpython#103577) for a discussion). While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing.

  • #11311: When using --override-ini for paths in invocations without a configuration file defined, the current working directory is used as the relative directory.

    Previoulsy this would raise an AssertionError{.interpreted-text role="class"}.

  • #11475: --import-mode=importlib <import-mode-importlib>{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :pysys.path{.interpreted-text role="data"}), falling back to importing modules directly only if that fails.

    This means that installed packages will be imported under their canonical name if possible first, for example app.core.models, instead of having the module name always be derived from their path (for example .env310.lib.site_packages.app.core.models).

  • #11801: Added the iter_parents() <_pytest.nodes.Node.iter_parents>{.interpreted-text role="func"} helper method on nodes. It is similar to listchain <_pytest.nodes.Node.listchain>{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list.

  • #11850: Added support for sys.last_exc{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12.

  • #11962: In case no other suitable candidates for configuration file are found, a pyproject.toml (even without a [tool.pytest.ini_options] table) will be considered as the configuration file and define the rootdir.

  • #11978: Add --log-file-mode option to the logging plugin, enabling appending to log-files. This option accepts either "w" or "a" and defaults to "w".

    Previously, the mode was hard-coded to be "w" which truncates the file before logging.

... (truncated)

Commits
  • 81653ee Adjust changelog manually for 8.1.1
  • e60b4b9 Prepare release version 8.1.1
  • 15fbe57 [8.1.x] Revert legacy path removals (#12093)
  • 86c3aab [8.1.x] Do not import duplicated modules with --importmode=importlib (#12077)
  • 5b82b0c [8.1.x] Yank version 8.1.0 (#12076)
  • 0a53681 Merge pull request #12054 from pytest-dev/release-8.1.0
  • b9a167f Prepare release version 8.1.0
  • 00043f7 Merge pull request #12038 from bluetech/fixtures-rm-arg2index
  • f4e1025 Merge pull request #12048 from bluetech/fixture-teardown-excgroup
  • 43492f5 Merge pull request #12051 from jakkdl/test_debugging_pythonbreakpoint
  • Additional commits viewable in compare view


Updates python-dateutil from 2.9.0 to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.
Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

  • Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.
Commits


Updates sqlparse from 0.4.4 to 0.5.0

Changelog

Sourced from sqlparse's changelog.

Release 0.5.0 (Apr 13, 2024)

Notable Changes

Enhancements:

  • Splitting statements now allows to remove the semicolon at the end. Some database backends love statements without semicolon (issue742).
  • Support TypedLiterals in get_parameters (pr749, by Khrol).
  • Improve splitting of Transact SQL when using GO keyword (issue762).
  • Support for some JSON operators (issue682).
  • Improve formatting of statements containing JSON operators (issue542).
  • Support for BigQuery and Snowflake keywords (pr699, by griffatrasgo).
  • Support parsing of OVER clause (issue701, pr768 by r33s3n6).

Bug Fixes

  • Ignore dunder attributes when creating Tokens (issue672).
  • Allow operators to precede dollar-quoted strings (issue763).
  • Fix parsing of nested order clauses (issue745, pr746 by john-bodley).
  • Thread-safe initialization of Lexer class (issue730).
  • Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on pr719 by josuc1, thanks for bringing this up!).
  • Fix parsing of PRIMARY KEY (issue740).

Other

  • Optimize performance of matching function (pr799, by admachainz).
Commits
  • ddbd0ec Bump version.
  • 29f2e0a Raise recursion limit for tests.
  • b4a39d9 Raise SQLParseError instead of RecursionError.
  • f1bcf2f Update AUHTORS and Changelog.
  • e03b74e Fix Function.get_parameters(), add Funtion.get_window()
  • 617b8f6 Add OVER clause, and group it into Function (fixes #701)
  • d8f8147 Update AUHTORS and Changelog.
  • 012c9f1 Optimize sqlparse.utils.imt().
  • 46971e5 Fix parsing of PRIMARY KEY (fixes #740).
  • fc4b0be Code cleanup.
  • Additional commits viewable in compare view


Updates types-pytz from 2024.1.0.20240203 to 2024.1.0.20240417

Commits


Updates types-pyyaml from 6.0.12.12 to 6.0.12.20240311

Commits


Updates typing-extensions from 4.10.0 to 4.11.0

Release notes

Sourced from typing-extensions's releases.

4.11.0

Release 4.11.0 (April 5, 2024)

This feature release provides improvements to various recently added features, most importantly type parameter defaults (PEP 696).

There are no changes since 4.11.0rc1.

Changes since 4.10.0:

  • Fix tests on Python 3.13.0a5. Patch by Jelle Zijlstra.
  • Fix the ... _Description has been truncated_
dependabot[bot] commented 2 months ago

Superseded by #276.