search

gregsadetsky / nycnoise

https://nyc-noise.com
15 stars 0 forks source link

Bump the python-packages group across 1 directory with 23 updates #281

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the python-packages group with 23 updates in the / directory:

Package From To
asgiref 3.7.2 3.8.1
astroid 3.1.0 3.2.0
django 4.2.10 4.2.13
django-stubs 4.2.7 5.0.0
django-stubs-ext 4.2.7 5.0.0
django-tinymce 3.7.1 4.0.0
filelock 3.13.1 3.14.0
gunicorn 21.2.0 22.0.0
icalendar 5.0.11 5.0.12
idna 3.6 3.7
lxml 5.1.0 5.2.1
mypy 1.8.0 1.10.0
packaging 23.2 24.0
platformdirs 4.2.0 4.2.1
pluggy 1.4.0 1.5.0
pytest 8.0.2 8.2.0
python-dateutil 2.9.0 2.9.0.post0
sqlparse 0.4.4 0.5.0
tomlkit 0.12.4 0.12.5
types-pytz 2024.1.0.20240203 2024.1.0.20240417
types-pyyaml 6.0.12.12 6.0.12.20240311
typing-extensions 4.10.0 4.11.0
virtualenv 20.25.1 20.26.1

Updates asgiref from 3.7.2 to 3.8.1

Changelog

Sourced from asgiref's changelog.

3.8.1 (2024-03-22)

  • Fixes a regression in 3.8.0 affecting nested task cancellation inside sync_to_async.

3.8.0 (2024-03-20)

  • Adds support for Python 3.12.

  • Drops support for (end-of-life) Python 3.7.

  • Fixes task cancellation propagation to subtasks when using synchronous Django middleware.

  • Allows nesting sync_to_async via asyncio.wait_for.

  • Corrects WSGI adapter handling of root path.

  • Handles case where "client" is None in WsgiToAsgi adapter.

Commits
  • e38d3c3 Releasing 3.8.1
  • 8769434 Raise exception if exec_coro is done.
  • 852344e Add tox.ini to MANIFEST.in
  • f710647 Fix a rST problem in the pathsend extension documentation
  • 4c28385 Releasing 3.8.0
  • 4209b6c Correct WSGI adapter handling of root path.
  • 8cf847a Update error-on-send text in main spec
  • 8108512 Move variable initialization in AsyncToSync from init to call (#440)
  • 6f02daa Clarify send error behaviour more clearly
  • 0503c2c Fix task cancellation propagation to subtasks when using sync middleware (#435)
  • Additional commits viewable in compare view


Updates astroid from 3.1.0 to 3.2.0

Changelog

Sourced from astroid's changelog.

What's New in astroid 3.2.0?

Release date: 2024-05-07

  • .pyi stub files are now preferred over .py files when resolving imports, (except for numpy).

    Closes pylint-dev/#9185

  • igetattr() returns the last same-named function in a class (instead of the first). This avoids false positives in pylint with @overload.

    Closes #1015 Refs pylint-dev/pylint#4696

  • Adds module_denylist to AstroidManager for modules to be skipped during AST generation. Modules in this list will cause an AstroidImportError to be raised when an AST for them is requested.

    Refs pylint-dev/pylint#9442

  • Make astroid.interpreter._import.util.is_namespace only consider modules using a loader set to NamespaceLoader or None as namespaces. This fixes a problem that six.moves brain was not effective if six.moves was already imported.

    Closes #1107

Commits
  • 7d4d805 Bump astroid to 3.2.0, update changelog
  • 4a1a788 [changelog] Remove placeholder patch release header
  • 8c48d5c [pre-commit.ci] pre-commit autoupdate (#2425)
  • a4a9fcc Bump actions/checkout from 4.1.4 to 4.1.5 (#2423)
  • 0984386 Prefer .pyi stubs (#2375)
  • 2ec0115 Fix mypy warnings and update typing
  • 2592505 Remove AstroidCacheSetupMixin
  • 3ce9af4 Improve performance by caching find_spec
  • 47c0b8f [sphinx] Fix path to source (#2422)
  • 4a8827d Adjust is_namespace() to check ModuleSpec.loader (#2410)
  • Additional commits viewable in compare view


Updates django from 4.2.10 to 4.2.13

Commits
  • 3bf46e2 [4.2.x] Bumped version for 4.2.13 release.
  • b46b94e [4.2.x] Added release notes for 4.2.13.
  • 1536833 [4.2.x] Post-release version bump.
  • 6193c72 [4.2.x] Bumped version for 4.2.12 release.
  • 3f9c8fc [4.2.x] Added release date for 4.2.12.
  • 256f719 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS clas...
  • 0fc8326 [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class uncondit...
  • 1d85b41 [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12.
  • 27c32cc [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bc...
  • 0d3ddca [4.2.x] Refs #34900, Refs #35361 -- Fixed SafeMIMEText.set_payload() crash on...
  • Additional commits viewable in compare view


Updates django-stubs from 4.2.7 to 5.0.0

Commits


Updates django-stubs-ext from 4.2.7 to 5.0.0

Commits


Updates django-tinymce from 3.7.1 to 4.0.0

Release notes

Sourced from django-tinymce's releases.

4.0.0

  • Upgrade embedded TinyMCE from 5.10.7 to 6.8.3

The spellchecker plugin is gone (including USE_SPELLCHECKER setting). Use the browser_spellcheck TinyMCE option (activated by default) to enable browser-based spellchecking.

Changelog

Sourced from django-tinymce's changelog.

4.0.0 (2024-03-27)

  • Upgrade embedded TinyMCE from 5.10.7 to 6.8.3

The spellchecker plugin is gone (including USE_SPELLCHECKER setting). Use the browser_spellcheck TinyMCE option (activated by default) to enable browser-based spellchecking.

Commits
  • eac5cc3 Upgrade version in pyproject.toml
  • dc270e1 Prepare release 4.0.0
  • 54d64ba Fixes #460 - Remove sourceMappingURL lines from tinymce static files
  • f04e1c8 Migrate from TinyMCE 5 to TinyMCE 6
  • See full diff in compare view


Updates filelock from 3.13.1 to 3.14.0

Release notes

Sourced from filelock's releases.

3.14.0

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.4...3.14.0

3.13.4

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.3...3.13.4

3.13.3

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.2...3.13.3

3.13.2

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.1...3.13.2

Commits
  • 8556141 feat: blocking parameter on lock constructor with tests and docs (#325)
  • 26ccad3 [pre-commit.ci] pre-commit autoupdate (#324)
  • 853e7d1 [pre-commit.ci] pre-commit autoupdate (#323)
  • 000a3fa Raise error on incompatible singleton timeout and mode args (#320)
  • 312fb4e [pre-commit.ci] pre-commit autoupdate (#321)
  • f50a337 [pre-commit.ci] pre-commit autoupdate (#319)
  • 3f6df70 Make singleton class instance dict unique per subclass (#318)
  • 9a64375 [BugFix] fix permission denied error when lock file is placed in /tmp (#317)
  • e2f121b Update index.rst to improve the demo usage (#314)
  • a46ea71 [pre-commit.ci] pre-commit autoupdate (#312)
  • Additional commits viewable in compare view


Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/
Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view


Updates icalendar from 5.0.11 to 5.0.12

Changelog

Sourced from icalendar's changelog.

5.0.12 (2024-03-19)

Minor changes:

  • Analyse code coverage of test files
  • Added corpus to fuzzing directory
  • Added exclusion of fuzzing corpus in MANIFEST.in
  • Augmented fuzzer to optionally convert multiple calendars from a source string
  • Add script to convert OSS FUZZ test cases to Python/pytest test cases
  • Added additional exception handling of defined errors to fuzzer, to allow fuzzer to explore deeper
  • Added more instrumentation to fuzz-harness
  • Rename "contributor" to "collaborator" in documentation
  • Correct the outdated "icalendar view myfile.ics" command in documentation. #588
  • Update GitHub Actions steps versions
  • Keep GitHub Actions up to date with GitHub's Dependabot

Breaking changes:

  • ...

New features:

  • ...

Bug fixes:

  • ...
  • Fixed index error in cal.py when attempting to pop from an empty stack
  • Fixed type error in prop.py when attempting to join strings into a byte-string
  • Caught Wrong Date Format in ical_fuzzer to resolve fuzzing coverage blocker
Commits
  • 72966e7 try to set a body text of the release
  • 38fcd16 modify release
  • 679ecab use different release action
  • 216452c use github.token
  • 72c0d6d try other tag release method
  • 5551ad9 version 5.0.12
  • f417720 Merge pull request #602 from niccokunzmann/refactor-test-6
  • b51fef6 Merge pull request #599 from niccokunzmann/refactor-test-3
  • fb0baf4 Merge pull request #598 from niccokunzmann/refactor-test-2
  • 00a2d56 Merge pull request #597 from niccokunzmann/refactor-test-1
  • Additional commits viewable in compare view


Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view


Updates lxml from 5.1.0 to 5.2.1

Changelog

Sourced from lxml's changelog.

5.2.1 (2024-04-02)

Bugs fixed

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", but with SSE 4.2 enabled.

  • LP#2059977: Element.iterfind("//absolute_path") failed with a SyntaxError where it should have issued a warning.

  • GH#416: The documentation build was using the non-standard which command. Patch by Michał Górny.

5.2.0 (2024-03-30)

Other changes

  • LP#1958539: The lxml.html.clean implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library:

    https://github.com/fedora-python/lxml_html_clean

    Projects that use lxml without "lxml.html.clean" will not notice any difference, except that they won't have potentially vulnerable code installed. The module is available as an "extra" setuptools dependency "lxml[html_clean]", so that Projects that need "lxml.html.clean" will need to switch their requirements from "lxml" to "lxml[html_clean]", or install the new library themselves.

  • The minimum CPU architecture for the Linux x86 binary wheels was upgraded to "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.

  • Built with Cython 3.0.10.

5.1.2 (2024-??-??)

Bugs fixed

  • LP#2059977: Element.iterfind("//absolute_path") failed with a SyntaxError where it should have issued a warning.

5.1.1 (2024-03-28)

... (truncated)

Commits
  • 47f94ff Update changelog.
  • 932a41e Update macOS build isntructions.
  • 888153a Merge branch 'lxml-5.1'
  • fcf00fb Update changelog.
  • 76fd4f9 Fix SyntaxError in Element.iterfind() that should have been a warning.
  • 4faebe3 Fix test.
  • 9b8e36d Fix SyntaxError in Element.iterfind() that should have been a warning.
  • 175c66a Build: Reduce the number of build jobs by disabling some old targets.
  • 06ad31c Prepare release of 5.2.1.
  • 24dafd3 Build: Fix Makefile to work on systems without which(1) (GH-416)
  • Additional commits viewable in compare view


Updates mypy from 1.8.0 to 1.10.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.10

We’ve just uploaded mypy 1.10 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support TypeIs (PEP 742)

Mypy now supports TypeIs (PEP 742), which allows functions to narrow the type of a value, similar to isinstance(). Unlike TypeGuard, TypeIs can narrow in both the if and else branches of an if statement:

from typing_extensions import TypeIs

def is_str(s: object) -> TypeIs[str]:
return isinstance(s, str)


def f(o: str | int) -> None:
if is_str(o):
# Type of o is 'str'
...
else:
# Type of o is 'int'
...

TypeIs will be added to the typing module in Python 3.13, but it can be used on earlier Python versions by importing it from typing_extensions.

This feature was contributed by Jelle Zijlstra (PR 16898).

Support TypeVar Defaults (PEP 696)

PEP 696 adds support for type parameter defaults. Example:

from typing import Generic
from typing_extensions import TypeVar

</tr></table>

... (truncated)

Commits


Updates packaging from 23.2 to 24.0

Release notes

Sourced from packaging's releases.

24.0

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/packaging/compare/23.2...24.0

Changelog

Sourced from packaging's changelog.

24.0 - 2024-03-10


* Do specifier matching correctly when the specifier contains an epoch number
  and has more components than the version (:issue:`683`)
* Support the experimental ``--disable-gil`` builds in packaging.tags
  (:issue:`727`)
* BREAKING: Make optional ``metadata.Metadata`` attributes default to ``None`` (:issue:`733`)
* Fix errors when trying to access the ``description_content_type``, ``keywords``,
  and ``requires_python`` attributes on ``metadata.Metadata`` when those values
  have not been provided (:issue:`733`)
* Fix a bug preventing the use of the built in ``ExceptionGroup`` on versions of
  Python that support it (:issue:`725`)
Commits


Updates platformdirs from 4.2.0 to 4.2.1

Release notes

Sourced from platformdirs's releases.

4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/platformdirs/platformdirs/compare/4.2.0...4.2.1

Commits


Updates pluggy from 1.4.0 to 1.5.0

Changelog

Sourced from pluggy's changelog.

pluggy 1.5.0 (2024-04-19)

Features

  • [#178](https://github.com/pytest-dev/pluggy/issues/178) <https://github.com/pytest-dev/pluggy/issues/178>_: Add support for deprecating specific hook parameters, or more generally, for issuing a warning whenever a hook implementation requests certain parameters.

    See :ref:warn_on_impl for details.

Bug Fixes

  • [#481](https://github.com/pytest-dev/pluggy/issues/481) <https://github.com/pytest-dev/pluggy/issues/481>_: PluginManager.get_plugins() no longer returns None for blocked plugins.
Commits
  • f8aa4a0 Preparing release 1.5.0
  • b4a8c92 Merge pull request #495 from bluetech/warn-on-impl-args
  • 6f6ea68 Add support deprecating hook parameters
  • 91f88d2 Merge pull request #496 from bluetech/codecov-action
  • 89ce829 ci: replace upload-coverage script with codecov github action
  • 29f104d Lift pluggy (#493)
  • c2b36b4 Merge pull request #491 from pytest-dev/pre-commit-ci-update-config
  • 2b533c9 [pre-commit.ci] pre-commit autoupdate
  • 04d1bcd [pre-commit.ci] pre-commit autoupdate (#490)
  • f74e94b [pre-commit.ci] pre-commit autoupdate (#489)
  • Additional commits viewable in compare view


Updates pytest from 8.0.2 to 8.2.0

Release notes

Sourced from pytest's releases.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

  • #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

    • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
    • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
    • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
    • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
    • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

    The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

    See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

  • #11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.

    See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

  • #11523: pytest.importorskip{.interpreted-text role="func"} will now issue a warning if the module could be found, but raised ImportError{.interpreted-text role="class"} instead of ModuleNotFou... _Description has been truncated_

dependabot[bot] commented 1 month ago

Superseded by #282.