⬆️(dependencies) update python dependencies

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dev/bandit (source, changelog)	`==1.7.7` -> `==1.7.8`
dev/ipython	`==8.22.1` -> `==8.22.2`
dev/pytest (changelog)	`==8.1.0` -> `==8.1.1`
sandbox/dockerflow	`==2024.2.0` -> `==2024.3.0`
sandbox/sentry-sdk (changelog)	`==1.40.6` -> `==1.41.0`

Release Notes

PyCQA/bandit (dev/bandit)

### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://togithub.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://togithub.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://togithub.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://togithub.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://togithub.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://togithub.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8

ipython/ipython (dev/ipython)

### [`v8.22.2`](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2) [Compare Source](https://togithub.com/ipython/ipython/compare/8.22.1...8.22.2)

pytest-dev/pytest (dev/pytest)

### [`v8.1.1`](https://togithub.com/pytest-dev/pytest/releases/tag/8.1.1) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/8.1.0...8.1.1) # pytest 8.1.1 (2024-03-08) ::: {.note} ::: {.title} Note ::: This release is not a usual bug fix release -- it contains features and improvements, being a follow up to `8.1.0`, which has been yanked from PyPI. ::: ## Features - [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): Added the new `consider_namespace_packages`{.interpreted-text role="confval"} configuration option, defaulting to `False`. If set to `True`, pytest will attempt to identify modules that are part of [namespace packages](https://packaging.python.org/en/latest/guides/packaging-namespace-packages) when importing modules. - [#11653](https://togithub.com/pytest-dev/pytest/issues/11653): Added the new `verbosity_test_cases`{.interpreted-text role="confval"} configuration option for fine-grained control of test execution verbosity. See `Fine-grained verbosity `{.interpreted-text role="ref"} for more details. ## Improvements - [#10865](https://togithub.com/pytest-dev/pytest/issues/10865): `pytest.warns`{.interpreted-text role="func"} now validates that `warnings.warn`{.interpreted-text role="func"} was called with a \[str]{.title-ref} or a \[Warning]{.title-ref}. Currently in Python it is possible to use other types, however this causes an exception when `warnings.filterwarnings`{.interpreted-text role="func"} is used to filter those warnings (see [CPython #103577](https://togithub.com/python/cpython/issues/103577) for a discussion). While this can be considered a bug in CPython, we decided to put guards in pytest as the error message produced without this check in place is confusing. - [#11311](https://togithub.com/pytest-dev/pytest/issues/11311): When using `--override-ini` for paths in invocations without a configuration file defined, the current working directory is used as the relative directory. Previoulsy this would raise an `AssertionError`{.interpreted-text role="class"}. - [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): `--import-mode=importlib `{.interpreted-text role="ref"} now tries to import modules using the standard import mechanism (but still without changing :py`sys.path`{.interpreted-text role="data"}), falling back to importing modules directly only if that fails. This means that installed packages will be imported under their canonical name if possible first, for example `app.core.models`, instead of having the module name always be derived from their path (for example `.env310.lib.site_packages.app.core.models`). - [#11801](https://togithub.com/pytest-dev/pytest/issues/11801): Added the `iter_parents() <_pytest.nodes.Node.iter_parents>`{.interpreted-text role="func"} helper method on nodes. It is similar to `listchain <_pytest.nodes.Node.listchain>`{.interpreted-text role="func"}, but goes from bottom to top, and returns an iterator, not a list. - [#11850](https://togithub.com/pytest-dev/pytest/issues/11850): Added support for `sys.last_exc`{.interpreted-text role="data"} for post-mortem debugging on Python>=3.12. - [#11962](https://togithub.com/pytest-dev/pytest/issues/11962): In case no other suitable candidates for configuration file are found, a `pyproject.toml` (even without a `[tool.pytest.ini_options]` table) will be considered as the configuration file and define the `rootdir`. - [#11978](https://togithub.com/pytest-dev/pytest/issues/11978): Add `--log-file-mode` option to the logging plugin, enabling appending to log-files. This option accepts either `"w"` or `"a"` and defaults to `"w"`. Previously, the mode was hard-coded to be `"w"` which truncates the file before logging. - [#12047](https://togithub.com/pytest-dev/pytest/issues/12047): When multiple finalizers of a fixture raise an exception, now all exceptions are reported as an exception group. Previously, only the first exception was reported. ## Bug Fixes - [#11475](https://togithub.com/pytest-dev/pytest/issues/11475): Fixed regression where `--importmode=importlib` would import non-test modules more than once. - [#11904](https://togithub.com/pytest-dev/pytest/issues/11904): Fixed a regression in pytest 8.0.0 that would cause test collection to fail due to permission errors when using `--pyargs`. This change improves the collection tree for tests specified using `--pyargs`, see `12043`{.interpreted-text role="pull"} for a comparison with pytest 8.0 and <8. - [#12011](https://togithub.com/pytest-dev/pytest/issues/12011): Fixed a regression in 8.0.1 whereby `setup_module` xunit-style fixtures are not executed when `--doctest-modules` is passed. - [#12014](https://togithub.com/pytest-dev/pytest/issues/12014): Fix the `stacklevel` used when warning about marks used on fixtures. - [#12039](https://togithub.com/pytest-dev/pytest/issues/12039): Fixed a regression in `8.0.2` where tests created using `tmp_path`{.interpreted-text role="fixture"} have been collected multiple times in CI under Windows. ## Improved Documentation - [#11790](https://togithub.com/pytest-dev/pytest/issues/11790): Documented the retention of temporary directories created using the `tmp_path` fixture in more detail. ## Trivial/Internal Changes - [#11785](https://togithub.com/pytest-dev/pytest/issues/11785): Some changes were made to private functions which may affect plugins which access them: - `FixtureManager._getautousenames()` now takes a `Node` itself instead of the nodeid. - `FixtureManager.getfixturedefs()` now takes the `Node` itself instead of the nodeid. - The `_pytest.nodes.iterparentnodeids()` function is removed without replacement. Prefer to traverse the node hierarchy itself instead. If you really need to, copy the function from the previous pytest release. - [#12069](https://togithub.com/pytest-dev/pytest/issues/12069): Delayed the deprecation of the following features to `9.0.0`: - `node-ctor-fspath-deprecation`{.interpreted-text role="ref"}. - `legacy-path-hooks-deprecated`{.interpreted-text role="ref"}. It was discovered after `8.1.0` was released that the warnings about the impeding removal were not being displayed, so the team decided to revert the removal. This is the reason for `8.1.0` being yanked. # pytest 8.1.0 (YANKED) ::: {.note} ::: {.title} Note ::: This release has been **yanked**: it broke some plugins without the proper warning period, due to some warnings not showing up as expected. See [#12069](https://togithub.com/pytest-dev/pytest/issues/12069). :::

mozilla-services/python-dockerflow (sandbox/dockerflow)

### [`v2024.3.0`](https://togithub.com/mozilla-services/python-dockerflow/releases/tag/2024.3.0) [Compare Source](https://togithub.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0) #### What's Changed **New features** - Add optional querystring logging to MozLog `"request.summary"` by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/97](https://togithub.com/mozilla-services/python-dockerflow/pull/97) - Configurable status for failed heartbeat by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/98](https://togithub.com/mozilla-services/python-dockerflow/pull/98) - Support of request correlation id [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/100](https://togithub.com/mozilla-services/python-dockerflow/pull/100) and [https://github.com/mozilla-services/python-dockerflow/pull/101](https://togithub.com/mozilla-services/python-dockerflow/pull/101) - Fix docs about heartbeat status on warnings (200, not 5XX) by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/99](https://togithub.com/mozilla-services/python-dockerflow/pull/99) **Internal Changes** - Use `ruff` instead of flake8 and black by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/96](https://togithub.com/mozilla-services/python-dockerflow/pull/96) - Github Action status for each tox combination by [@leplatrem](https://togithub.com/leplatrem) in [https://github.com/mozilla-services/python-dockerflow/pull/102](https://togithub.com/mozilla-services/python-dockerflow/pull/102) **Full Changelog**: https://github.com/mozilla-services/python-dockerflow/compare/2024.2.0...2024.3.0

getsentry/sentry-python (sandbox/sentry-sdk)

### [`v1.41.0`](https://togithub.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#1410) [Compare Source](https://togithub.com/getsentry/sentry-python/compare/1.40.6...1.41.0) ##### Various fixes & improvements - Add recursive scrubbing to `EventScrubber` ([#2755](https://togithub.com/getsentry/sentry-python/issues/2755)) by [@Cheapshot003](https://togithub.com/Cheapshot003) By default, the `EventScrubber` will not search your events for potential PII recursively. With this release, you can enable this behavior with: ```python import sentry_sdk from sentry_sdk.scrubber import EventScrubber sentry_sdk.init( ``` ### ...your usual settings... event_scrubber=EventScrubber(recursive=True), ) ```` - Expose `socket_options` (#2786) by @sentrivana If the SDK is experiencing connection issues (connection resets, server closing connection without response, etc.) while sending events to Sentry, tweaking the default `urllib3` socket options to the following can help: ```python import socket from urllib3.connection import HTTPConnection import sentry_sdk sentry_sdk.init( ### ...your usual settings... socket_options=HTTPConnection.default_socket_options + [ (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1), ### note: skip the following line if you're on MacOS since TCP_KEEPIDLE doesn't exist there (socket.SOL_TCP, socket.TCP_KEEPIDLE, 45), (socket.SOL_TCP, socket.TCP_KEEPINTVL, 10), (socket.SOL_TCP, socket.TCP_KEEPCNT, 6), ], ) ```` - Allow to configure merge target for releases ([#2777](https://togithub.com/getsentry/sentry-python/issues/2777)) by [@sentrivana](https://togithub.com/sentrivana) - Allow empty character in metric tags values ([#2775](https://togithub.com/getsentry/sentry-python/issues/2775)) by [@viglia](https://togithub.com/viglia) - Replace invalid tag values with an empty string instead of \_ ([#2773](https://togithub.com/getsentry/sentry-python/issues/2773)) by [@markushi](https://togithub.com/markushi) - Add documentation comment to `scrub_list` ([#2769](https://togithub.com/getsentry/sentry-python/issues/2769)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - Fixed regex to parse version in lambda package file ([#2767](https://togithub.com/getsentry/sentry-python/issues/2767)) by [@antonpirker](https://togithub.com/antonpirker) - xfail broken AWS Lambda tests for now ([#2794](https://togithub.com/getsentry/sentry-python/issues/2794)) by [@sentrivana](https://togithub.com/sentrivana) - Removed print statements because it messes with the tests ([#2789](https://togithub.com/getsentry/sentry-python/issues/2789)) by [@antonpirker](https://togithub.com/antonpirker) - Bump `types-protobuf` from 4.24.0.20240129 to 4.24.0.20240302 ([#2782](https://togithub.com/getsentry/sentry-python/issues/2782)) by [@dependabot](https://togithub.com/dependabot) - Bump `checkouts/data-schemas` from `eb941c2` to `ed078ed` ([#2781](https://togithub.com/getsentry/sentry-python/issues/2781)) by [@dependabot](https://togithub.com/dependabot)

Configuration

📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

openfun / richie

⬆️(dependencies) update python dependencies #2325

Release Notes

Configuration