Bump the pip group across 2 directories with 3 updates

[dependabot[bot]]

Updates the requirements on aiohttp, ecdsa and starlette to permit the latest version. Updates aiohttp from 3.9.4 to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: #8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: #8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8335.

---

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: :issue:8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: :issue:8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8335.

---

Commits

• b844d42 Release v3.9.5 (#8340)
• 0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
• f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
• 7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
• 82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
• 01df7ec Bump version
• 7917ae2 Merge 3.1
• See full diff in compare view

Updates ecdsa from 0.17.0 to 0.19.0

Release notes

Sourced from ecdsa's releases.

ecdsa 0.19.0

New API:

• to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

• Support for twisted Brainpool curves

Doc fix:

• Fix curve equation in glossary
• Documentation for signature encoding and signature decoding functions

Maintenance:

• Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
• Fixes around hypothesis parameters
• Officially support Python 3.11 and 3.12
• Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
• Dropped the internal _rwlock module as it's unused
• Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
• Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

• int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

ecdsa 0.18.0

New features:

• Support for EdDSA (Ed25519, Ed448) signature creation and verification.
• Support for Ed25519 and Ed448 in PKCS#8 and public key files.
• Support for point precomputation for EdDSA.

New API:

• CurveEdTw class to represent the Twisted Edwards curve parameters.
• PointEdwards class to represent points on Twisted Edwards curve and provide point arithmetic on it.
• curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

... (truncated)

Changelog

Sourced from ecdsa's changelog.

• Release 0.19.0 (08 Apr 2024)

New API:

• to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

• Support for twisted Brainpool curves

Doc fix:

• Fix curve equation in glossary
• Documentation for signature encoding and signature decoding functions

Maintenance:

• Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
• Fixes aroung hypothesis parameters
• Officially support Python 3.11 and 3.12
• Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
• Dropped the internal _rwlock module as it's unused
• Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
• Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

• int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

• Release 0.18.0 (09 Jul 2022)

New API:

• curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

• Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.
• Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

• Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.
• Make object names more consistent, make them into hyperlinks on the readthedocs documentation.
• Make security note more explicit (Ian Rodney)

... (truncated)

Commits

• be70016 Merge pull request #337 from tlsfuzzer/release-0.19
• 217735b allow early exit from worker processes when running mutation testing
• 6e7adff don't check rate if no tests executed
• c56030e make coveralls submission work with py2.6 again
• 66d0d74 add release notes for 0.19.0 release
• 0d5a38c Merge pull request #156 from tomato42/cosmic-ray
• 02c8350 be more permissive for the PR mutation test coverage
• 4845e8f better is_prime()
• 09f0d10 add hard timeout for test mutation test suite
• e16173b two digit precision for the mutation score badge
• Additional commits viewable in compare view

Updates starlette from 0.36.2 to 0.37.2

Release notes

Sourced from starlette's releases.

Version 0.37.2

Added

• Add bytes to _RequestData type #2510.

Fixed

• Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.
• Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

---

Full Changelog: https://github.com/encode/starlette/compare/0.37.1...0.37.2

Version 0.37.1

Fixed

• Warn instead of raise for missing env file on Config #2485.

---

Full Changelog: https://github.com/encode/starlette/compare/0.37.0...0.37.1

Version 0.37.0

Added

• Support the WebSocket Denial Response ASGI extension #2041.

---

Full Changelog: https://github.com/encode/starlette/compare/0.36.3...0.37.0

Version 0.36.3

Fixed

• Create anyio.Event on async context #2459.

---

Full Changelog: https://github.com/encode/starlette/compare/0.36.2...0.36.3

Changelog

Sourced from starlette's changelog.

0.37.2

March 5, 2024

Added

• Add bytes to _RequestData type #2510.

Fixed

• Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.
• Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

0.37.1

February 9, 2024

Fixed

• Warn instead of raise for missing env file on Config #2485.

0.37.0

February 5, 2024

Added

• Support the WebSocket Denial Response ASGI extension #2041.

0.36.3

February 4, 2024

Fixed

• Create anyio.Event on async context #2459.

Commits

• 554f368 Version 0.37.2 (#2533)
• 85d3573 Bump the python-packages group with 7 updates (#2532)
• 39dccd9 Revert "Turn scope["client"] to None on TestClient (#2377)" (#2525)
• bd77d7d Enforce __future__.annotations (#2483)
• a4cd0b5 Remove deprecated app argument passed to httpx.Client on the TestClient...
• 7533b61 Add bytes to _RequestData type (#2510)
• 74ccb96 Version 0.37.1 (#2498)
• f724827 Remove mypy skip flags (#2497)
• ac7e643 Add type hints to test_responses.py (#2488)
• 3f38038 Add type hints to test_testclient.py (#2493)
• Additional commits viewable in compare view

Updates aiohttp to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: #8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: #8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8335.

---

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: :issue:8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: :issue:8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8335.

---

Commits

• b844d42 Release v3.9.5 (#8340)
• 0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
• f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
• 7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
• 82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
• 01df7ec Bump version
• 7917ae2 Merge 3.1
• See full diff in compare view

Updates starlette from 0.35.1 to 0.36.2

Release notes

Sourced from starlette's releases.

Version 0.37.2

Added

• Add bytes to _RequestData type #2510.

Fixed

• Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.
• Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

---

Full Changelog: https://github.com/encode/starlette/compare/0.37.1...0.37.2

Version 0.37.1

Fixed

• Warn instead of raise for missing env file on Config #2485.

---

Full Changelog: https://github.com/encode/starlette/compare/0.37.0...0.37.1

Version 0.37.0

Added

• Support the WebSocket Denial Response ASGI extension #2041.

---

Full Changelog: https://github.com/encode/starlette/compare/0.36.3...0.37.0

Version 0.36.3

Fixed

• Create anyio.Event on async context #2459.

---

Full Changelog: https://github.com/encode/starlette/compare/0.36.2...0.36.3

Changelog

Sourced from starlette's changelog.

0.37.2

March 5, 2024

Added

• Add bytes to _RequestData type #2510.

Fixed

• Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.
• Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

0.37.1

February 9, 2024

Fixed

• Warn instead of raise for missing env file on Config #2485.

0.37.0

February 5, 2024

Added

• Support the WebSocket Denial Response ASGI extension #2041.

0.36.3

February 4, 2024

Fixed

• Create anyio.Event on async context #2459.

Commits

• 554f368 Version 0.37.2 (#2533)
• 85d3573 Bump the python-packages group with 7 updates (#2532)
• 39dccd9 Revert "Turn scope["client"] to None on TestClient (#2377)" (#2525)
• bd77d7d Enforce __future__.annotations (#2483)
• a4cd0b5 Remove deprecated app argument passed to httpx.Client on the TestClient...
• 7533b61 Add bytes to _RequestData type (#2510)
• 74ccb96 Version 0.37.1 (#2498)
• f724827 Remove mypy skip flags (#2497)
• ac7e643 Add type hints to test_responses.py (#2488)
• 3f38038 Add type hints to test_testclient.py (#2493)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/aries-endorser-service/network/alerts).

[dependabot[bot]]

Superseded by #85.