renovate[bot]
commented
3 months ago Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠ Warning: custom changes will be lost.
This PR contains the following updates:
==1.7.7->==1.7.8==1.34.54->==1.34.59==23.5->==24.1==2024.2.0->==2024.3.0==8.22.1->==8.22.2==1.41.2->==1.42.0==1.40.6->==1.41.0==0.27.1->==0.28.0Release Notes
PyCQA/bandit (bandit)
### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://togithub.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://togithub.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://togithub.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://togithub.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8boto/boto3 (boto3)
### [`v1.34.59`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13459) [Compare Source](https://togithub.com/boto/boto3/compare/1.34.58...1.34.59) \======= - api-change:`batch`: \[`botocore`] This release adds JobStateTimeLimitActions setting to the Job Queue API. It allows you to configure an action Batch can take for a blocking job in front of the queue after the defined period of time. The new parameter applies for ECS, EKS, and FARGATE Job Queues. - api-change:`bedrock-agent-runtime`: \[`botocore`] Documentation update for Bedrock Runtime Agent - api-change:`cloudtrail`: \[`botocore`] Added exceptions to CreateTrail, DescribeTrails, and ListImportFailures APIs. - api-change:`codebuild`: \[`botocore`] This release adds support for a new webhook event: PULL_REQUEST_CLOSED. - api-change:`cognito-idp`: \[`botocore`] Add ConcurrentModificationException to SetUserPoolMfaConfig - api-change:`guardduty`: \[`botocore`] Add RDS Provisioned and Serverless Usage types - api-change:`transfer`: \[`botocore`] Added DES_EDE3\_CBC to the list of supported encryption algorithms for messages sent with an AS2 connector. ### [`v1.34.58`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13458) [Compare Source](https://togithub.com/boto/boto3/compare/1.34.57...1.34.58) \======= - api-change:`appconfig`: \[`botocore`] AWS AppConfig now supports dynamic parameters, which enhance the functionality of AppConfig Extensions by allowing you to provide parameter values to your Extensions at the time you deploy your configuration. - api-change:`ec2`: \[`botocore`] This release adds an optional parameter to RegisterImage and CopyImage APIs to support tagging AMIs at the time of creation. - api-change:`grafana`: \[`botocore`] Adds support for the new GrafanaToken as part of the Amazon Managed Grafana Enterprise plugins upgrade to associate your AWS account with a Grafana Labs account. - api-change:`lambda`: \[`botocore`] Documentation updates for AWS Lambda - api-change:`payment-cryptography-data`: \[`botocore`] AWS Payment Cryptography EMV Decrypt Feature Release - api-change:`rds`: \[`botocore`] Updates Amazon RDS documentation for io2 storage for Multi-AZ DB clusters - api-change:`snowball`: \[`botocore`] Doc-only update for change to EKS-Anywhere ordering. - api-change:`wafv2`: \[`botocore`] You can increase the max request body inspection size for some regional resources. The size setting is in the web ACL association config. Also, the AWSManagedRulesBotControlRuleSet EnableMachineLearning setting now takes a Boolean instead of a primitive boolean type, for languages like Java. - api-change:`workspaces`: \[`botocore`] Added note for user decoupling ### [`v1.34.57`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13457) [Compare Source](https://togithub.com/boto/boto3/compare/1.34.56...1.34.57) \======= - api-change:`dynamodb`: \[`botocore`] Doc only updates for DynamoDB documentation - api-change:`imagebuilder`: \[`botocore`] Add PENDING status to Lifecycle Execution resource status. Add StartTime and EndTime to ListLifecycleExecutionResource API response. - api-change:`mwaa`: \[`botocore`] Amazon MWAA adds support for Apache Airflow v2.8.1. - api-change:`rds`: \[`botocore`] Updated the input of CreateDBCluster and ModifyDBCluster to support setting CA certificates. Updated the output of DescribeDBCluster to show current CA certificate setting value. - api-change:`redshift`: \[`botocore`] Update for documentation only. Covers port ranges, definition updates for data sharing, and definition updates to cluster-snapshot documentation. - api-change:`verifiedpermissions`: \[`botocore`] Deprecating details in favor of configuration for GetIdentitySource and ListIdentitySources APIs. ### [`v1.34.56`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13456) [Compare Source](https://togithub.com/boto/boto3/compare/1.34.55...1.34.56) \======= - api-change:`apigateway`: \[`botocore`] Documentation updates for Amazon API Gateway - api-change:`chatbot`: \[`botocore`] Minor update to documentation. - api-change:`organizations`: \[`botocore`] This release contains an endpoint addition - api-change:`sesv2`: \[`botocore`] Adds support for providing custom headers within SendEmail and SendBulkEmail for SESv2. ### [`v1.34.55`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13455) [Compare Source](https://togithub.com/boto/boto3/compare/1.34.54...1.34.55) \======= - api-change:`cloudformation`: \[`botocore`] Add DetailedStatus field to DescribeStackEvents and DescribeStacks APIs - api-change:`fsx`: \[`botocore`] Added support for creating FSx for NetApp ONTAP file systems with up to 12 HA pairs, delivering up to 72 GB/s of read throughput and 12 GB/s of write throughput. - api-change:`organizations`: \[`botocore`] Documentation update for AWS Organizationscarltongibson/django-filter (django-filter)
### [`v24.1`](https://togithub.com/carltongibson/django-filter/blob/HEAD/CHANGES.rst#Version-241-2024-03-08) [Compare Source](https://togithub.com/carltongibson/django-filter/compare/23.5...24.1) - Updated supported Python and Django versions, and resolved upcoming Django deprecations. Required versions are now at least Python 3.8 and Django 4.2. Thanks to Michael Manganiello. - Allowed passing a FilterSet class to the filterset_factory(). Thanks to Birger Schacht. - Set empty default value of filterset data to MultiValueDict. Thanks to Shlomo Gordon. - Preserve list values passed to the data dict in CSV widgets. Thanks to Bryan Brancotte. - Updates French and Ukrainian localisations. Thanks to Weblate.mozilla-services/python-dockerflow (dockerflow)
### [`v2024.3.0`](https://togithub.com/mozilla-services/python-dockerflow/releases/tag/2024.3.0) [Compare Source](https://togithub.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0) #### What's Changed **New features** - Add optional querystring logging to MozLog `"request.summary"` by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/97](https://togithub.com/mozilla-services/python-dockerflow/pull/97) - Configurable status for failed heartbeat by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/98](https://togithub.com/mozilla-services/python-dockerflow/pull/98) - Support of request correlation id [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/100](https://togithub.com/mozilla-services/python-dockerflow/pull/100) and [https://github.com/mozilla-services/python-dockerflow/pull/101](https://togithub.com/mozilla-services/python-dockerflow/pull/101) - Fix docs about heartbeat status on warnings (200, not 5XX) by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/99](https://togithub.com/mozilla-services/python-dockerflow/pull/99) **Internal Changes** - Use `ruff` instead of flake8 and black by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/96](https://togithub.com/mozilla-services/python-dockerflow/pull/96) - Github Action status for each tox combination by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/102](https://togithub.com/mozilla-services/python-dockerflow/pull/102) **Full Changelog**: https://github.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0ipython/ipython (ipython)
### [`v8.22.2`](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2) [Compare Source](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2)Microsoft/playwright-python (playwright)
### [`v1.42.0`](https://togithub.com/microsoft/playwright-python/releases/tag/v1.42.0) [Compare Source](https://togithub.com/Microsoft/playwright-python/compare/v1.41.2...v1.42.0) #### New Locator Handler New method [page.add_locator_handler(locator, handler)](https://playwright.dev/python/docs/api/class-page#page-add-locator-handler) registers a callback that will be invoked when specified element becomes visible and may block Playwright actions. The callback can get rid of the overlay. Here is an example that closes a cookie dialog when it appears. ```python ### Setup the handler. page.add_locator_handler( page.get_by_role("heading", name="Hej! You are in control of your cookies."), lambda: page.get_by_role("button", name="Accept all").click(), ) ### Write the test as usual. page.goto("https://www.ikea.com/") page.get_by_role("link", name="Collection of blue and white").click() expect(page.get_by_role("heading", name="Light and easy")).to_be_visible() ``` #### New APIs - [page.pdf(\[options\])](https://playwright.dev/python/docs/api/class-page#page-pdf) accepts two new options `tagged` and `outline`. #### Announcements - ⚠️ Ubuntu 18 is not supported anymore. #### Browser Versions - Chromium 123.0.6312.4 - Mozilla Firefox 123.0 - WebKit 17.4 This version was also tested against the following stable channels: - Google Chrome 122 - Microsoft Edge 123getsentry/sentry-python (sentry-sdk)
### [`v1.41.0`](https://togithub.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#1410) [Compare Source](https://togithub.com/getsentry/sentry-python/compare/1.40.6...1.41.0) ##### Various fixes & improvements - Add recursive scrubbing to `EventScrubber` ([#2755](https://togithub.com/getsentry/sentry-python/issues/2755)) by [@Cheapshot003](https://togithub.com/Cheapshot003) By default, the `EventScrubber` will not search your events for potential PII recursively. With this release, you can enable this behavior with: ```python import sentry_sdk from sentry_sdk.scrubber import EventScrubber sentry_sdk.init( ``` ### ...your usual settings... event_scrubber=EventScrubber(recursive=True), ) ```` - Expose `socket_options` (#2786) by @sentrivana If the SDK is experiencing connection issues (connection resets, server closing connection without response, etc.) while sending events to Sentry, tweaking the default `urllib3` socket options to the following can help: ```python import socket from urllib3.connection import HTTPConnection import sentry_sdk sentry_sdk.init( ### ...your usual settings... socket_options=HTTPConnection.default_socket_options + [ (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1), ### note: skip the following line if you're on MacOS since TCP_KEEPIDLE doesn't exist there (socket.SOL_TCP, socket.TCP_KEEPIDLE, 45), (socket.SOL_TCP, socket.TCP_KEEPINTVL, 10), (socket.SOL_TCP, socket.TCP_KEEPCNT, 6), ], ) ```` - Allow to configure merge target for releases ([#2777](https://togithub.com/getsentry/sentry-python/issues/2777)) by [@sentrivana](https://togithub.com/sentrivana) - Allow empty character in metric tags values ([#2775](https://togithub.com/getsentry/sentry-python/issues/2775)) by [@viglia](https://togithub.com/viglia) - Replace invalid tag values with an empty string instead of \_ ([#2773](https://togithub.com/getsentry/sentry-python/issues/2773)) by [@markushi](https://togithub.com/markushi) - Add documentation comment to `scrub_list` ([#2769](https://togithub.com/getsentry/sentry-python/issues/2769)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - Fixed regex to parse version in lambda package file ([#2767](https://togithub.com/getsentry/sentry-python/issues/2767)) by [@antonpirker](https://togithub.com/antonpirker) - xfail broken AWS Lambda tests for now ([#2794](https://togithub.com/getsentry/sentry-python/issues/2794)) by [@sentrivana](https://togithub.com/sentrivana) - Removed print statements because it messes with the tests ([#2789](https://togithub.com/getsentry/sentry-python/issues/2789)) by [@antonpirker](https://togithub.com/antonpirker) - Bump `types-protobuf` from 4.24.0.20240129 to 4.24.0.20240302 ([#2782](https://togithub.com/getsentry/sentry-python/issues/2782)) by [@dependabot](https://togithub.com/dependabot) - Bump `checkouts/data-schemas` from `eb941c2` to `ed078ed` ([#2781](https://togithub.com/getsentry/sentry-python/issues/2781)) by [@dependabot](https://togithub.com/dependabot)encode/uvicorn (uvicorn)
### [`v0.28.0`](https://togithub.com/encode/uvicorn/blob/HEAD/CHANGELOG.md#0280---2024-03-09) [Compare Source](https://togithub.com/encode/uvicorn/compare/0.27.1...0.28.0) ##### Added - Raise `ClientDisconnected` on `send()` when client disconnected ([#2220](https://togithub.com/encode/uvicorn/issues/2220)) 12/02/24 ##### Fixed - Except `AttributeError` on `sys.stdin.fileno()` for Windows IIS10 ([#1947](https://togithub.com/encode/uvicorn/issues/1947)) 29/02/24 - Use `X-Forwarded-Proto` for WebSockets scheme when the proxy provides it ([#2258](https://togithub.com/encode/uvicorn/issues/2258)) 01/03/24Configuration
📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.