⬆️(dependencies) update python dependencies

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dev/black (changelog)	`==24.4.0` -> `==24.4.2`
dev/ipython	`==8.23.0` -> `==8.24.0`
dev/pytest (changelog)	`==8.1.1` -> `==8.2.0`
sandbox/dockerflow	`==2024.4.1` -> `==2024.4.2`
sandbox/gunicorn (changelog)	`==21.2.0` -> `==22.0.0`
sandbox/sentry-sdk (changelog)	`==1.45.0` -> `==2.0.1`

Release Notes

psf/black (dev/black)

### [`v24.4.2`](https://togithub.com/psf/black/blob/HEAD/CHANGES.md#2442) [Compare Source](https://togithub.com/psf/black/compare/24.4.1...24.4.2) This is a bugfix release to fix two regressions in the new f-string parser introduced in 24.4.1. ##### Parser - Fix regression where certain complex f-strings failed to parse ([#4332](https://togithub.com/psf/black/issues/4332)) ##### Performance - Fix bad performance on certain complex string literals ([#4331](https://togithub.com/psf/black/issues/4331)) ### [`v24.4.1`](https://togithub.com/psf/black/blob/HEAD/CHANGES.md#2441) [Compare Source](https://togithub.com/psf/black/compare/24.4.0...24.4.1) ##### Highlights - Add support for the new Python 3.12 f-string syntax introduced by PEP 701 ([#3822](https://togithub.com/psf/black/issues/3822)) ##### Stable style - Fix crash involving indented dummy functions containing newlines ([#4318](https://togithub.com/psf/black/issues/4318)) ##### Parser - Add support for type parameter defaults, a new syntactic feature added to Python 3.13 by PEP 696 ([#4327](https://togithub.com/psf/black/issues/4327)) ##### Integrations - Github Action now works even when `git archive` is skipped ([#4313](https://togithub.com/psf/black/issues/4313))

ipython/ipython (dev/ipython)

### [`v8.24.0`](https://togithub.com/ipython/ipython/compare/8.23.0...8.24.0) [Compare Source](https://togithub.com/ipython/ipython/compare/8.23.0...8.24.0)

pytest-dev/pytest (dev/pytest)

### [`v8.2.0`](https://togithub.com/pytest-dev/pytest/releases/tag/8.2.0) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/8.1.2...8.2.0) # pytest 8.2.0 (2024-04-27) ## Deprecations - [#12069](https://togithub.com/pytest-dev/pytest/issues/12069): A deprecation warning is now raised when implementations of one of the following hooks request a deprecated `py.path.local` parameter instead of the `pathlib.Path` parameter which replaced it: - `pytest_ignore_collect`{.interpreted-text role="hook"} - the `path` parameter - use `collection_path` instead. - `pytest_collect_file`{.interpreted-text role="hook"} - the `path` parameter - use `file_path` instead. - `pytest_pycollect_makemodule`{.interpreted-text role="hook"} - the `path` parameter - use `module_path` instead. - `pytest_report_header`{.interpreted-text role="hook"} - the `startdir` parameter - use `start_path` instead. - `pytest_report_collectionfinish`{.interpreted-text role="hook"} - the `startdir` parameter - use `start_path` instead. The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0. See `legacy-path-hooks-deprecated`{.interpreted-text role="ref"} for more details. ## Features - [#11871](https://togithub.com/pytest-dev/pytest/issues/11871): Added support for reading command line arguments from a file using the prefix character `@`, like e.g.: `pytest @tests.txt`. The file must have one argument per line. See `Read arguments from file `{.interpreted-text role="ref"} for details. ## Improvements - [#11523](https://togithub.com/pytest-dev/pytest/issues/11523): `pytest.importorskip`{.interpreted-text role="func"} will now issue a warning if the module could be found, but raised `ImportError`{.interpreted-text role="class"} instead of `ModuleNotFoundError`{.interpreted-text role="class"}. The warning can be suppressed by passing `exc_type=ImportError` to `pytest.importorskip`{.interpreted-text role="func"}. See `import-or-skip-import-error`{.interpreted-text role="ref"} for details. - [#11728](https://togithub.com/pytest-dev/pytest/issues/11728): For `unittest`-based tests, exceptions during class cleanup (as raised by functions registered with `TestCase.addClassCleanup `{.interpreted-text role="meth"}) are now reported instead of silently failing. - [#11777](https://togithub.com/pytest-dev/pytest/issues/11777): Text is no longer truncated in the `short test summary info` section when `-vv` is given. - [#12112](https://togithub.com/pytest-dev/pytest/issues/12112): Improved namespace packages detection when `consider_namespace_packages`{.interpreted-text role="confval"} is enabled, covering more situations (like editable installs). - [#9502](https://togithub.com/pytest-dev/pytest/issues/9502): Added `PYTEST_VERSION`{.interpreted-text role="envvar"} environment variable which is defined at the start of the pytest session and undefined afterwards. It contains the value of `pytest.__version__`, and among other things can be used to easily check if code is running from within a pytest run. ## Bug Fixes - [#12065](https://togithub.com/pytest-dev/pytest/issues/12065): Fixed a regression in pytest 8.0.0 where test classes containing `setup_method` and tests using `@staticmethod` or `@classmethod` would crash with `AttributeError: 'NoneType' object has no attribute 'setup_method'`. Now the `request.instance `{.interpreted-text role="attr"} attribute of tests using `@staticmethod` and `@classmethod` is no longer `None`, but a fresh instance of the class, like in non-static methods. Previously it was `None`, and all fixtures of such tests would share a single `self`. - [#12135](https://togithub.com/pytest-dev/pytest/issues/12135): Fixed issue where fixtures adding their finalizer multiple times to fixtures they request would cause unreliable and non-intuitive teardown ordering in some instances. - [#12194](https://togithub.com/pytest-dev/pytest/issues/12194): Fixed a bug with `--importmode=importlib` and `--doctest-modules` where child modules did not appear as attributes in parent modules. - [#1489](https://togithub.com/pytest-dev/pytest/issues/1489): Fixed some instances where teardown of higher-scoped fixtures was not happening in the reverse order they were initialized in. ## Trivial/Internal Changes - [#12069](https://togithub.com/pytest-dev/pytest/issues/12069): `pluggy>=1.5.0` is now required. - [#12167](https://togithub.com/pytest-dev/pytest/issues/12167): `cache `{.interpreted-text role="ref"}: create supporting files (`CACHEDIR.TAG`, `.gitignore`, etc.) in a temporary directory to provide atomic semantics. ### [`v8.1.2`](https://togithub.com/pytest-dev/pytest/releases/tag/8.1.2) [Compare Source](https://togithub.com/pytest-dev/pytest/compare/8.1.1...8.1.2) # pytest 8.1.2 (2024-04-26) ## Bug Fixes - [#12114](https://togithub.com/pytest-dev/pytest/issues/12114): Fixed error in `pytest.approx`{.interpreted-text role="func"} when used with \[numpy]{.title-ref} arrays and comparing with other types.

mozilla-services/python-dockerflow (sandbox/dockerflow)

### [`v2024.4.2`](https://togithub.com/mozilla-services/python-dockerflow/compare/2024.4.1...2024.04.2) [Compare Source](https://togithub.com/mozilla-services/python-dockerflow/compare/2024.4.1...2024.04.2)

benoitc/gunicorn (sandbox/gunicorn)

### [`v22.0.0`](https://togithub.com/benoitc/gunicorn/releases/tag/22.0.0): Gunicorn 22.0 has been released [Compare Source](https://togithub.com/benoitc/gunicorn/compare/21.2.0...22.0.0) **Gunicorn 22.0.0 has been released.** This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation. Changes: 22.0.0 - 2024-04-17 =================== - use `utime` to notify workers liveness - migrate setup to pyproject.toml - fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors) - parsing additional requests is no longer attempted past unsupported request framing - on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits) - requests conflicting configured or passed SCRIPT_NAME now produce a verbose error - Trailer fields are no longer inspected for headers indicating secure scheme - support Python 3.12 ** Breaking changes ** - minimum version is Python 3.7 - the limitations on valid characters in the HTTP method have been bounded to Internet Standards - requests specifying unsupported transfer coding (order) are refused by default (rare) - HTTP methods are no longer casefolded by default (IANA method registry contains none affected) - HTTP methods containing the number sign (#) are no longer accepted by default (rare) - HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported) - HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted - HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software - HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits) - requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling) - empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies) ** SECURITY ** - fix CVE-2024-1135 1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html 2. Packages: https://pypi.org/project/gunicorn/

getsentry/sentry-python (sandbox/sentry-sdk)

### [`v2.0.1`](https://togithub.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#201) [Compare Source](https://togithub.com/getsentry/sentry-python/compare/2.0.0...2.0.1) ##### Various fixes & improvements - Fix: Do not use convenience decorator ([#3022](https://togithub.com/getsentry/sentry-python/issues/3022)) by [@sentrivana](https://togithub.com/sentrivana) - Refactoring propagation context ([#2970](https://togithub.com/getsentry/sentry-python/issues/2970)) by [@antonpirker](https://togithub.com/antonpirker) - Use `pid` for test database name in Django tests ([#2998](https://togithub.com/getsentry/sentry-python/issues/2998)) by [@antonpirker](https://togithub.com/antonpirker) - Remove outdated RC mention in docs ([#3018](https://togithub.com/getsentry/sentry-python/issues/3018)) by [@sentrivana](https://togithub.com/sentrivana) - Delete inaccurate comment from docs ([#3002](https://togithub.com/getsentry/sentry-python/issues/3002)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - Add Lambda function that deletes test Lambda functions ([#2960](https://togithub.com/getsentry/sentry-python/issues/2960)) by [@antonpirker](https://togithub.com/antonpirker) - Correct discarded transaction debug message ([#3002](https://togithub.com/getsentry/sentry-python/issues/3002)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - Add tests for discarded transaction debug messages ([#3002](https://togithub.com/getsentry/sentry-python/issues/3002)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - Fix comment typo in metrics ([#2992](https://togithub.com/getsentry/sentry-python/issues/2992)) by [@szokeasaurusrex](https://togithub.com/szokeasaurusrex) - build(deps): bump actions/checkout from 4.1.1 to 4.1.4 ([#3011](https://togithub.com/getsentry/sentry-python/issues/3011)) by [@dependabot](https://togithub.com/dependabot) - build(deps): bump checkouts/data-schemas from `1e17eb5` to `4aa14a7` ([#2997](https://togithub.com/getsentry/sentry-python/issues/2997)) by [@dependabot](https://togithub.com/dependabot) ### [`v2.0.0`](https://togithub.com/getsentry/sentry-python/blob/HEAD/CHANGELOG.md#200) [Compare Source](https://togithub.com/getsentry/sentry-python/compare/1.45.0...2.0.0) This is the first major update in a *long* time! We dropped support for some ancient languages and frameworks (Yes, Python 2.7 is no longer supported). Additionally we refactored a big part of the foundation of the SDK (how data inside the SDK is handled). We hope you like it! For a shorter version of what you need to do, to upgrade to Sentry SDK 2.0 see: https://docs.sentry.io/platforms/python/migration/1.x-to-2.x ##### New Features - Additional integrations will now be activated automatically if the SDK detects the respective package is installed: Ariadne, ARQ, asyncpg, Chalice, clickhouse-driver, GQL, Graphene, huey, Loguru, PyMongo, Quart, Starlite, Strawberry. - Added new API for custom instrumentation: `new_scope`, `isolation_scope`. See the [Deprecated](#deprecated) section to see how they map to the existing APIs. ##### Changed (These changes are all backwards-incompatible. **Breaking Change** (if you are just skimming for that phrase)) - The Pyramid integration will not capture errors that might happen in `authenticated_userid()` in a custom `AuthenticationPolicy` class. - The method `need_code_loation` of the `MetricsAggregator` was renamed to `need_code_location`. - The `BackgroundWorker` thread used to process events was renamed from `raven-sentry.BackgroundWorker` to `sentry-sdk.BackgroundWorker`. - The `reraise` function was moved from `sentry_sdk._compat` to `sentry_sdk.utils`. - The `_ScopeManager` was moved from `sentry_sdk.hub` to `sentry_sdk.scope`. - Moved the contents of `tracing_utils_py3.py` to `tracing_utils.py`. The `start_child_span_decorator` is now in `sentry_sdk.tracing_utils`. - The actual implementation of `get_current_span` was moved to `sentry_sdk.tracing_utils`. `sentry_sdk.get_current_span` is still accessible as part of the top-level API. - `sentry_sdk.tracing_utils.add_query_source()`: Removed the `hub` parameter. It is not necessary anymore. - `sentry_sdk.tracing_utils.record_sql_queries()`: Removed the `hub` parameter. It is not necessary anymore. - `sentry_sdk.tracing_utils.get_current_span()` does now take a `scope` instead of a `hub` as parameter. - `sentry_sdk.tracing_utils.should_propagate_trace()` now takes a `Client` instead of a `Hub` as first parameter. - `sentry_sdk.utils.is_sentry_url()` now takes a `Client` instead of a `Hub` as first parameter. - `sentry_sdk.utils._get_contextvars` does not return a tuple with three values, but a tuple with two values. The `copy_context` was removed. - If you create a transaction manually and later mutate the transaction in a `configure_scope` block this does not work anymore. Here is a recipe on how to change your code to make it work: Your existing implementation: ```python transaction = sentry_sdk.transaction(...) ``` ### later in the code execution: with sentry_sdk.configure_scope() as scope: scope.set_transaction_name("new-transaction-name") ``` needs to be changed to this: ```python transaction = sentry_sdk.transaction(...) ### later in the code execution: scope = sentry_sdk.Scope.get_current_scope() scope.set_transaction_name("new-transaction-name") ``` - The classes listed in the table below are now abstract base classes. Therefore, they can no longer be instantiated. Subclasses can only be instantiated if they implement all of the abstract methods.

Show table

| Class | Abstract methods | | ------------------------------------- | -------------------------------------- | | `sentry_sdk.integrations.Integration` | `setup_once` | | `sentry_sdk.metrics.Metric` | `add`, `serialize_value`, and `weight` | | `sentry_sdk.profiler.Scheduler` | `setup` and `teardown` | | `sentry_sdk.transport.Transport` | `capture_envelope` |

##### Removed (These changes are all backwards-incompatible. **Breaking Change** (if you are just skimming for that phrase)) - Removed support for Python 2 and Python 3.5. The SDK now requires at least Python 3.6. - Removed support for Celery 3.\*. - Removed support for Django 1.8, 1.9, 1.10. - Removed support for Flask 0.\*. - Removed support for gRPC < 1.39. - Removed support for Tornado < 6. - Removed `last_event_id()` top level API. The last event ID is still returned by `capture_event()`, `capture_exception()` and `capture_message()` but the top level API `sentry_sdk.last_event_id()` has been removed. - Removed support for sending events to the `/store` endpoint. Everything is now sent to the `/envelope` endpoint. If you're on SaaS you don't have to worry about this, but if you're running Sentry yourself you'll need version `20.6.0` or higher of self-hosted Sentry. - The deprecated `with_locals` configuration option was removed. Use `include_local_variables` instead. See https://docs.sentry.io/platforms/python/configuration/options/#include-local-variables. - The deprecated `request_bodies` configuration option was removed. Use `max_request_body_size`. See https://docs.sentry.io/platforms/python/configuration/options/#max-request-body-size. - Removed support for `user.segment`. It was also removed from the trace header as well as from the dynamic sampling context. - Removed support for the `install` method for custom integrations. Please use `setup_once` instead. - Removed `sentry_sdk.tracing.Span.new_span`. Use `sentry_sdk.tracing.Span.start_child` instead. - Removed `sentry_sdk.tracing.Transaction.new_span`. Use `sentry_sdk.tracing.Transaction.start_child` instead. - Removed support for creating transactions via `sentry_sdk.tracing.Span(transaction=...)`. To create a transaction, please use `sentry_sdk.tracing.Transaction(name=...)`. - Removed `sentry_sdk.utils.Auth.store_api_url`. - `sentry_sdk.utils.Auth.get_api_url`'s now accepts a `sentry_sdk.consts.EndpointType` enum instead of a string as its only parameter. We recommend omitting this argument when calling the function, since the parameter's default value is the only possible `sentry_sdk.consts.EndpointType` value. The parameter exists for future compatibility. - Removed `tracing_utils_py2.py`. The `start_child_span_decorator` is now in `sentry_sdk.tracing_utils`. - Removed the `sentry_sdk.profiler.Scheduler.stop_profiling` method. Any calls to this method can simply be removed, since this was a no-op method. ##### Deprecated - Using the `Hub` directly as well as using hub-based APIs has been deprecated. Where available, use [the top-level API instead](sentry_sdk/api.py); otherwise use the [scope API](sentry_sdk/scope.py) or the [client API](sentry_sdk/client.py). Before: ```python with hub.start_span(...): ``` ### do something ```` After: ```python import sentry_sdk with sentry_sdk.start_span(...): ### do something ```` - Hub cloning is deprecated. Before: ```python with Hub(Hub.current) as hub: ``` ### do something with the cloned hub ```` After: ```python import sentry_sdk with sentry_sdk.isolation_scope() as scope: ### do something with the forked scope ```` - `configure_scope` is deprecated. Use the new isolation scope directly via `Scope.get_isolation_scope()` instead. Before: ```python with configure_scope() as scope: ``` ### do something with `scope` ```` After: ```python from sentry_sdk.scope import Scope scope = Scope.get_isolation_scope() ````

Configuration

📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

openfun / richie

⬆️(dependencies) update python dependencies #2384

Release Notes

Configuration

Edited/Blocked Notification