search

gregsadetsky / nycnoise

https://nyc-noise.com
15 stars 0 forks source link

Bump the python-packages group across 1 directory with 28 updates #291

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the python-packages group with 28 updates in the / directory:

Package From To
asgiref 3.7.2 3.8.1
astroid 3.1.0 3.2.2
dj-database-url 2.1.0 2.2.0
django 4.2.10 4.2.13
django-admin-sortable2 2.1.10 2.2.1
django-debug-toolbar 4.3.0 4.4.2
django-stubs 4.2.7 5.0.2
django-stubs-ext 4.2.7 5.0.2
django-tinymce 3.7.1 4.0.0
filelock 3.13.1 3.14.0
gunicorn 21.2.0 22.0.0
icalendar 5.0.11 5.0.12
idna 3.6 3.7
lxml 5.1.0 5.2.2
mypy 1.8.0 1.10.0
packaging 23.2 24.0
platformdirs 4.2.0 4.2.2
pluggy 1.4.0 1.5.0
pylint 3.1.0 3.2.2
pytest 8.0.2 8.2.1
python-dateutil 2.9.0 2.9.0.post0
requests 2.31.0 2.32.2
sqlparse 0.4.4 0.5.0
tomlkit 0.12.4 0.12.5
types-pytz 2024.1.0.20240203 2024.1.0.20240417
types-pyyaml 6.0.12.12 6.0.12.20240311
typing-extensions 4.10.0 4.12.0
virtualenv 20.25.1 20.26.2

Updates asgiref from 3.7.2 to 3.8.1

Changelog

Sourced from asgiref's changelog.

3.8.1 (2024-03-22)

  • Fixes a regression in 3.8.0 affecting nested task cancellation inside sync_to_async.

3.8.0 (2024-03-20)

  • Adds support for Python 3.12.

  • Drops support for (end-of-life) Python 3.7.

  • Fixes task cancellation propagation to subtasks when using synchronous Django middleware.

  • Allows nesting sync_to_async via asyncio.wait_for.

  • Corrects WSGI adapter handling of root path.

  • Handles case where "client" is None in WsgiToAsgi adapter.

Commits
  • e38d3c3 Releasing 3.8.1
  • 8769434 Raise exception if exec_coro is done.
  • 852344e Add tox.ini to MANIFEST.in
  • f710647 Fix a rST problem in the pathsend extension documentation
  • 4c28385 Releasing 3.8.0
  • 4209b6c Correct WSGI adapter handling of root path.
  • 8cf847a Update error-on-send text in main spec
  • 8108512 Move variable initialization in AsyncToSync from init to call (#440)
  • 6f02daa Clarify send error behaviour more clearly
  • 0503c2c Fix task cancellation propagation to subtasks when using sync middleware (#435)
  • Additional commits viewable in compare view


Updates astroid from 3.1.0 to 3.2.2

Changelog

Sourced from astroid's changelog.

What's New in astroid 3.2.2?

Release date: 2024-05-20

What's New in astroid 3.2.1?

Release date: 2024-05-16

What's New in astroid 3.2.0?

Release date: 2024-05-07

  • .pyi stub files are now preferred over .py files when resolving imports, (except for numpy).

    Closes pylint-dev/#9185

  • igetattr() returns the last same-named function in a class (instead of the first). This avoids false positives in pylint with @overload.

    Closes #1015 Refs pylint-dev/pylint#4696

  • Adds module_denylist to AstroidManager for modules to be skipped during AST generation. Modules in this list will cause an AstroidImportError to be raised when an AST for them is requested.

    Refs pylint-dev/pylint#9442

  • Make astroid.interpreter._import.util.is_namespace only consider modules using a loader set to NamespaceLoader or None as namespaces. This fixes a problem that six.moves brain was not effective if six.moves was already imported.

    Closes #1107

Commits


Updates dj-database-url from 2.1.0 to 2.2.0

Release notes

Sourced from dj-database-url's releases.

v2.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/jazzband/dj-database-url/compare/v2.1.0...v2.2.0

Changelog

Sourced from dj-database-url's changelog.

CHANGELOG

Commits


Updates django from 4.2.10 to 4.2.13

Commits
  • 3bf46e2 [4.2.x] Bumped version for 4.2.13 release.
  • b46b94e [4.2.x] Added release notes for 4.2.13.
  • 1536833 [4.2.x] Post-release version bump.
  • 6193c72 [4.2.x] Bumped version for 4.2.12 release.
  • 3f9c8fc [4.2.x] Added release date for 4.2.12.
  • 256f719 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS clas...
  • 0fc8326 [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class uncondit...
  • 1d85b41 [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12.
  • 27c32cc [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bc...
  • 0d3ddca [4.2.x] Refs #34900, Refs #35361 -- Fixed SafeMIMEText.set_payload() crash on...
  • Additional commits viewable in compare view


Updates django-admin-sortable2 from 2.1.10 to 2.2.1

Release notes

Sourced from django-admin-sortable2's releases.

2.2.1

No release notes provided.

2.2

No release notes provided.

2.2.0

This is identical to 2.2, however PyPI doesn't offer it.

2.1.11

No release notes provided.

Changelog

Sourced from django-admin-sortable2's changelog.

2.2.1

  • Fix: With setting DEBUG = True, loading the unminimized JavaScript files failed. They now are added during build time.

2.2

  • Add support for Django-5.0
  • Add support for Python-3.12
  • Drop support for Django-4.1 and lower.
  • Drop support for Python-3.8

2.1.11

  • Upgrade all external dependencies to their latest versions.
  • Adopt E2E tests to use Playwright's locator.
Commits
  • feba6e7 Merge branch 'master' of github.com:jrief/django-admin-sortable2
  • 2f8a649 Bump to version 2.2.1
  • 5ea4352 Fix: loading the unminimized JavaScript files failed with DEBUG=True
  • ab6e48b Merge pull request #392 from mgrdcm/undrop-python312-changelog
  • 91b201e Update CHANGELOG for 2.2 to reflect actual Python and Django support changes
  • be76b2f Update CLASSIFIERS to reflect updated Django and Python support
  • 21ece8a Merge branch 'master' of github.com:jrief/django-admin-sortable2
  • 387d5d1 Merge pull request #391 from jrief/django-5-support
  • 1b7fabd exclude Django-5.0 for Python-3.9
  • cb4c77e fix failing unit test for Django-5.0
  • Additional commits viewable in compare view


Updates django-debug-toolbar from 4.3.0 to 4.4.2

Release notes

Sourced from django-debug-toolbar's releases.

4.4.2

What's Changed

Full Changelog: https://github.com/jazzband/django-debug-toolbar/compare/4.4.1...4.4.2

4.4.1

What's changed

See changelog for 4.4.1

PRs merged

Full Changelog: https://github.com/jazzband/django-debug-toolbar/compare/4.4...4.4.1

4.4

Note: Version 4.4 (4.4.0) was not released to PyPI due to a metadata version incompatibility. Version 4.4.1 fixes that.

What's changed

See changelog for 4.4

PRs merged

New Contributors

... (truncated)

Changelog

Sourced from django-debug-toolbar's changelog.

4.4.2 (2024-05-27)

  • Removed some CSS which wasn't carefully limited to the toolbar's elements.
  • Stopped assuming that INTERNAL_IPS is a list.
  • Added a section to the installation docs about running tests in projects where the toolbar is being used.

4.4.1 (2024-05-26)

  • Pin metadata version to 2.2 to be compatible with Jazzband release process.

4.4.0 (2024-05-26)

  • Raised the minimum Django version to 4.2.
  • Automatically support Docker rather than having the developer write a workaround for INTERNAL_IPS.
  • Display a better error message when the toolbar's requests return invalid json.
  • Render forms with as_div to silence Django 5.0 deprecation warnings.
  • Stayed on top of pre-commit hook updates.
  • Added :doc:architecture documentation <architecture> to help on-board new contributors.
  • Removed the static file path validation check in :class:StaticFilesPanel <debug_toolbar.panels.staticfiles.StaticFilesPanel> since that check is made redundant by a similar check in Django 4.0 and later.
  • Deprecated the OBSERVE_REQUEST_CALLBACK setting and added check debug_toolbar.W008 to warn when it is present in DEBUG_TOOLBAR_SETTINGS.
  • Add a note on the profiling panel about using Python 3.12 and later about needing --nothreading
  • Added IS_RUNNING_TESTS setting to allow overriding the debug_toolbar.E001 check to avoid including the toolbar when running tests.
  • Fixed the bug causing 'djdt' is not a registered namespace and updated docs to help in initial configuration while running tests.
  • Added a link in the installation docs to a more complete installation example in the example app.
  • Added check to prevent the toolbar from being installed when tests are running.
  • Added test to example app and command to run the example app's tests.
  • Implemented dark mode theme and button to toggle the theme, introduced the DEFAULT_THEME setting which sets the default theme to use.
Commits
  • d481182 Version 4.4.2
  • f7e83b1 Add a section to the installation docs about running tests (#1921)
  • 782bdd9 INTERNAL_IPS may not be a list
  • 4808add Avoid setting color-scheme on :root, we're only a guest on pages (#1923)
  • e7541ab Ignore UP031 for now
  • 97b49d1 Merge remote-tracking branch 'origin/pre-commit-ci-update-config'
  • 25c860e Version 4.4.1
  • 202c831 Limit metadata version for Jazzband's release process
  • 15dc305 Version 4.4.0
  • de2feca Fix theme selenium integration test.
  • Additional commits viewable in compare view


Updates django-stubs from 4.2.7 to 5.0.2

Commits
  • 5118c5d Bump django-stubs-ext dependency to latest (#2186)
  • d9b47af Prepare for a release 5.0.1 (#2183)
  • 6b31bed Formset get_queryset() returns QuerySet (#2174)
  • b8f1592 Don't crash when inspecting classes loaded from cache (#2185)
  • 95e7d4d Migrate 'test_conf.yml' to 'assert_type' tests (#2182)
  • 1f4efbe AbstractBaseSession: Use model fields for subclassed cases (#2180)
  • e196985 Fix signature of Choices member creation, add assert_type test cases, run `...
  • d03eaf1 Add BaseConstraint.get_violation_error_message() (#2178)
  • 496190e 5.0: Update django.db.models.expressions (#2176)
  • 5218b4f 5.0: Update django.db.models.constraints.UniqueConstraint (#2175)
  • Additional commits viewable in compare view


Updates django-stubs-ext from 4.2.7 to 5.0.2

Commits
  • 5118c5d Bump django-stubs-ext dependency to latest (#2186)
  • d9b47af Prepare for a release 5.0.1 (#2183)
  • 6b31bed Formset get_queryset() returns QuerySet (#2174)
  • b8f1592 Don't crash when inspecting classes loaded from cache (#2185)
  • 95e7d4d Migrate 'test_conf.yml' to 'assert_type' tests (#2182)
  • 1f4efbe AbstractBaseSession: Use model fields for subclassed cases (#2180)
  • e196985 Fix signature of Choices member creation, add assert_type test cases, run `...
  • d03eaf1 Add BaseConstraint.get_violation_error_message() (#2178)
  • 496190e 5.0: Update django.db.models.expressions (#2176)
  • 5218b4f 5.0: Update django.db.models.constraints.UniqueConstraint (#2175)
  • Additional commits viewable in compare view


Updates django-tinymce from 3.7.1 to 4.0.0

Release notes

Sourced from django-tinymce's releases.

4.0.0

  • Upgrade embedded TinyMCE from 5.10.7 to 6.8.3

The spellchecker plugin is gone (including USE_SPELLCHECKER setting). Use the browser_spellcheck TinyMCE option (activated by default) to enable browser-based spellchecking.

Changelog

Sourced from django-tinymce's changelog.

4.0.0 (2024-03-27)

  • Upgrade embedded TinyMCE from 5.10.7 to 6.8.3

The spellchecker plugin is gone (including USE_SPELLCHECKER setting). Use the browser_spellcheck TinyMCE option (activated by default) to enable browser-based spellchecking.

Commits
  • eac5cc3 Upgrade version in pyproject.toml
  • dc270e1 Prepare release 4.0.0
  • 54d64ba Fixes #460 - Remove sourceMappingURL lines from tinymce static files
  • f04e1c8 Migrate from TinyMCE 5 to TinyMCE 6
  • See full diff in compare view


Updates filelock from 3.13.1 to 3.14.0

Release notes

Sourced from filelock's releases.

3.14.0

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.4...3.14.0

3.13.4

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.3...3.13.4

3.13.3

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.2...3.13.3

3.13.2

What's Changed

New Contributors

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.1...3.13.2

Commits
  • 8556141 feat: blocking parameter on lock constructor with tests and docs (#325)
  • 26ccad3 [pre-commit.ci] pre-commit autoupdate (#324)
  • 853e7d1 [pre-commit.ci] pre-commit autoupdate (#323)
  • 000a3fa Raise error on incompatible singleton timeout and mode args (#320)
  • 312fb4e [pre-commit.ci] pre-commit autoupdate (#321)
  • f50a337 [pre-commit.ci] pre-commit autoupdate (#319)
  • 3f6df70 Make singleton class instance dict unique per subclass (#318)
  • 9a64375 [BugFix] fix permission denied error when lock file is placed in /tmp (#317)
  • e2f121b Update index.rst to improve the demo usage (#314)
  • a46ea71 [pre-commit.ci] pre-commit autoupdate (#312)
  • Additional commits viewable in compare view


Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/
Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view


Updates icalendar from 5.0.11 to 5.0.12

Changelog

Sourced from icalendar's changelog.

5.0.12 (2024-03-19)

Minor changes:

  • Analyse code coverage of test files
  • Added corpus to fuzzing directory
  • Added exclusion of fuzzing corpus in MANIFEST.in
  • Augmented fuzzer to optionally convert multiple calendars from a source string
  • Add script to convert OSS FUZZ test cases to Python/pytest test cases
  • Added additional exception handling of defined errors to fuzzer, to allow fuzzer to explore deeper
  • Added more instrumentation to fuzz-harness
  • Rename "contributor" to "collaborator" in documentation
  • Correct the outdated "icalendar view myfile.ics" command in documentation. #588
  • Update GitHub Actions steps versions
  • Keep GitHub Actions up to date with GitHub's Dependabot

Breaking changes:

  • ...

New features:

  • ...

Bug fixes:

  • ...
  • Fixed index error in cal.py when attempting to pop from an empty stack
  • Fixed type error in prop.py when attempting to join strings into a byte-string
  • Caught Wrong Date Format in ical_fuzzer to resolve fuzzing coverage blocker
Commits
  • 72966e7 try to set a body text of the release
  • 38fcd16 modify release
  • 679ecab use different release action
  • 216452c use github.token
  • 72c0d6d try other tag release method
  • 5551ad9 version 5.0.12
  • f417720 Merge pull request #602 from niccokunzmann/refactor-test-6
  • b51fef6 Merge pull request #599 from niccokunzmann/refactor-test-3
  • fb0baf4 Merge pull request #598 from niccokunzmann/refactor-test-2
  • 00a2d56 Merge pull request #597 from niccokunzmann/refactor-test-1
  • Additional commits viewable in compare view


Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view


Updates lxml from 5.1.0 to 5.2.2

Release notes

Sourced from lxml's releases.

lxml-5.2.2

5.2.2 (2024-05-12)

Bugs fixed

  • GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

  • If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

lxml-5.2.1

No release notes provided.

lxml-5.2.0

No release notes provided.

lxml-5.1.1

No release notes provided.

lxml-5.1.0-2

No release notes provided.

Changelog

Sourced from lxml's changelog.

5.2.2 (2024-05-12)

Bugs fixed

  • GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

  • LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

  • If libxml2 uses iconv, the compile time version is available as etree.ICONV_C... _Description has been truncated_

dependabot[bot] commented 1 month ago

Looks like these dependencies are updatable in another way, so this is no longer needed.