Bump the pip group across 2 directories with 4 updates

Updates the requirements on aiohttp, ecdsa, requests and starlette to permit the latest version. Updates aiohttp from 3.9.4 to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

Related issues and pull requests on GitHub: #8253.

Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

Related issues and pull requests on GitHub: #8332.

Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8335.

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

Related issues and pull requests on GitHub: :issue:8253.

Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

Related issues and pull requests on GitHub: :issue:8332.

Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8335.

Commits

b844d42 Release v3.9.5 (#8340)
0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
01df7ec Bump version
7917ae2 Merge 3.1
See full diff in compare view

Updates ecdsa from 0.17.0 to 0.19.0

Release notes

Sourced from ecdsa's releases.

ecdsa 0.19.0

New API:

to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

Support for twisted Brainpool curves

Doc fix:

Fix curve equation in glossary

Documentation for signature encoding and signature decoding functions

Maintenance:

Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)

Fixes around hypothesis parameters

Officially support Python 3.11 and 3.12

Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies

Dropped the internal _rwlock module as it's unused

Added mutation testing to CI, lots of speed-ups to the test suite to make it happen

Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

ecdsa 0.18.0

New features:

Support for EdDSA (Ed25519, Ed448) signature creation and verification.

Support for Ed25519 and Ed448 in PKCS#8 and public key files.

Support for point precomputation for EdDSA.

New API:

CurveEdTw class to represent the Twisted Edwards curve parameters.

PointEdwards class to represent points on Twisted Edwards curve and provide point arithmetic on it.

curve_by_name in curves module to get a Curve object by providing curve name.

... (truncated)

Changelog

Sourced from ecdsa's changelog.

Release 0.19.0 (08 Apr 2024)

New API:

to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

Support for twisted Brainpool curves

Doc fix:

Fix curve equation in glossary

Documentation for signature encoding and signature decoding functions

Maintenance:

Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)

Fixes aroung hypothesis parameters

Officially support Python 3.11 and 3.12

Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies

Dropped the internal _rwlock module as it's unused

Added mutation testing to CI, lots of speed-ups to the test suite to make it happen

Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

Release 0.18.0 (09 Jul 2022)

New API:

curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.

Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.

Make object names more consistent, make them into hyperlinks on the readthedocs documentation.

Make security note more explicit (Ian Rodney)

... (truncated)

Commits

be70016 Merge pull request #337 from tlsfuzzer/release-0.19
217735b allow early exit from worker processes when running mutation testing
6e7adff don't check rate if no tests executed
c56030e make coveralls submission work with py2.6 again
66d0d74 add release notes for 0.19.0 release
0d5a38c Merge pull request #156 from tomato42/cosmic-ray
02c8350 be more permissive for the PR mutation test coverage
4845e8f better is_prime()
09f0d10 add hard timeout for test mutation test suite
e16173b two digit precision for the mutation score badge
Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.0

Release notes

Sourced from requests's releases.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

Requests has officially added support for CPython 3.12 (#6503)

Requests has officially added support for PyPy 3.9 and 3.10 (#6641)

Requests has officially dropped support for CPython 3.7 (#6642)

Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

Various typo fixes and doc improvements.

Packaging

Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)

Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

New Contributors

@matthewarmand made their first contribution in psf/requests#6258

@cpzt made their first contribution in psf/requests#6456

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.0 (2024-05-20)

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

Requests has officially added support for CPython 3.12 (#6503)

Requests has officially added support for PyPy 3.9 and 3.10 (#6641)

Requests has officially dropped support for CPython 3.7 (#6642)

Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

Various typo fixes and doc improvements.

Packaging

Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)

Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

Commits

d6ebc4a v2.32.0
9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
555b870 Allow character detection dependencies to be optional in post-packaging steps
d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
bf24b7d Use an invalid URI that will not cause httpbin to throw 500
2d5f547 Pin 3.8 and 3.9 runners back to macos-13 (#6688)
f1bb07d Merge pull request #6687 from psf/dependabot/github_actions/github/codeql-act...
60047ad Bump github/codeql-action from 3.24.0 to 3.25.0
31ebb81 Merge pull request #6682 from frenzymadness/pytest8
Additional commits viewable in compare view

Updates starlette from 0.36.2 to 0.37.2

Release notes

Sourced from starlette's releases.

Version 0.37.2

Added

Add bytes to _RequestData type #2510.

Fixed

Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.

Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

Full Changelog: https://github.com/encode/starlette/compare/0.37.1...0.37.2

Version 0.37.1

Fixed

Warn instead of raise for missing env file on Config #2485.

Full Changelog: https://github.com/encode/starlette/compare/0.37.0...0.37.1

Version 0.37.0

Added

Support the WebSocket Denial Response ASGI extension #2041.

Full Changelog: https://github.com/encode/starlette/compare/0.36.3...0.37.0

Version 0.36.3

Fixed

Create anyio.Event on async context #2459.

Full Changelog: https://github.com/encode/starlette/compare/0.36.2...0.36.3

Changelog

Sourced from starlette's changelog.

0.37.2

March 5, 2024

Added

Add bytes to _RequestData type #2510.

Fixed

Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.

Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

0.37.1

February 9, 2024

Fixed

Warn instead of raise for missing env file on Config #2485.

0.37.0

February 5, 2024

Added

Support the WebSocket Denial Response ASGI extension #2041.

0.36.3

February 4, 2024

Fixed

Create anyio.Event on async context #2459.

Commits

554f368 Version 0.37.2 (#2533)
85d3573 Bump the python-packages group with 7 updates (#2532)
39dccd9 Revert "Turn scope["client"] to None on TestClient (#2377)" (#2525)
bd77d7d Enforce __future__.annotations (#2483)
a4cd0b5 Remove deprecated app argument passed to httpx.Client on the TestClient...
7533b61 Add bytes to _RequestData type (#2510)
74ccb96 Version 0.37.1 (#2498)
f724827 Remove mypy skip flags (#2497)
ac7e643 Add type hints to test_responses.py (#2488)
3f38038 Add type hints to test_testclient.py (#2493)
Additional commits viewable in compare view

Updates aiohttp to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

Related issues and pull requests on GitHub: #8253.

Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

Related issues and pull requests on GitHub: #8332.

Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8335.

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

Related issues and pull requests on GitHub: :issue:8253.

Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

Related issues and pull requests on GitHub: :issue:8332.

Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8335.

Commits

b844d42 Release v3.9.5 (#8340)
0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
01df7ec Bump version
7917ae2 Merge 3.1
See full diff in compare view

Updates requests from 2.31.0 to 2.32.0

Release notes

Sourced from requests's releases.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

Requests has officially added support for CPython 3.12 (#6503)

Requests has officially added support for PyPy 3.9 and 3.10 (#6641)

Requests has officially dropped support for CPython 3.7 (#6642)

Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

Various typo fixes and doc improvements.

Packaging

Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)

Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

New Contributors

@matthewarmand made their first contribution in psf/requests#6258

@cpzt made their first contribution in psf/requests#6456

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.0 (2024-05-20)

Security

Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

Improvements

verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)

Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)

Fixed deserialization bug in JSONDecodeError. (#6629)

Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

Requests has officially added support for CPython 3.12 (#6503)

Requests has officially added support for PyPy 3.9 and 3.10 (#6641)

Requests has officially dropped support for CPython 3.7 (#6642)

Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

Various typo fixes and doc improvements.

Packaging

Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)

Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

Commits

d6ebc4a v2.32.0
9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
555b870 Allow character detection dependencies to be optional in post-packaging steps
d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
bf24b7d Use an invalid URI that will not cause httpbin to throw 500
2d5f547 Pin 3.8 and 3.9 runners back to macos-13 (#6688)
f1bb07d Merge pull request #6687 from psf/dependabot/github_actions/github/codeql-act...
60047ad Bump github/codeql-action from 3.24.0 to 3.25.0
31ebb81 Merge pull request #6682 from frenzymadness/pytest8
Additional commits viewable in compare view

Updates starlette from 0.35.1 to 0.36.2

Release notes

Sourced from starlette's releases.

Version 0.37.2

Added

Add bytes to _RequestData type #2510.

Fixed

Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.

Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

Full Changelog: https://github.com/encode/starlette/compare/0.37.1...0.37.2

Version 0.37.1

Fixed

Warn instead of raise for missing env file on Config #2485.

Full Changelog: https://github.com/encode/starlette/compare/0.37.0...0.37.1

Version 0.37.0

Added

Support the WebSocket Denial Response ASGI extension #2041.

Full Changelog: https://github.com/encode/starlette/compare/0.36.3...0.37.0

Version 0.36.3

Fixed

Create anyio.Event on async context #2459.

Full Changelog: https://github.com/encode/starlette/compare/0.36.2...0.36.3

Changelog

Sourced from starlette's changelog.

0.37.2

March 5, 2024

Added

Add bytes to _RequestData type #2510.

Fixed

Revert "Turn scope["client"] to None on TestClient (#2377)" #2525.

Remove deprecated app argument passed to httpx.Client on the TestClient #2526.

0.37.1

February 9, 2024

Fixed

Warn instead of raise for missing env file on Config #2485.

0.37.0

February 5, 2024

Added

Support the WebSocket Denial Response ASGI extension #2041.

0.36.3

February 4, 2024

Fixed

Create anyio.Event on async context #2459.

Commits

554f368 Version 0.37.2 (#2533)
85d3573 Bump the python-packages group with 7 updates (#2532)
39dccd9 Revert "Turn scope["client"] to None on TestClient (#2377)" (#2525)
bd77d7d Enforce __future__.annotations (#2483)
a4cd0b5 Remove deprecated app argument passed to httpx.Client on the TestClient...
7533b61 Add bytes to _RequestData type (#2510)
74ccb96 Version 0.37.1 (#2498)
f724827 Remove mypy skip flags (#2497)
ac7e643 Add type hints to test_responses.py (#2488)
3f38038 Add type hints to test_testclient.py (#2493)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/aries-endorser-service/network/alerts).

openwallet-foundation / acapy-endorser-service

Bump the pip group across 2 directories with 4 updates #85

3.9.5

Bug fixes

3.9.5 (2024-04-16)

Bug fixes

ecdsa 0.19.0

New API:

New features:

Doc fix:

Maintenance:

Deprecations:

ecdsa 0.18.0

New features:

New API:

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

New Contributors

2.32.0 (2024-05-20)

Version 0.37.2

Added

Fixed

Version 0.37.1

Fixed

Version 0.37.0

Added

Version 0.36.3

Fixed

0.37.2

Added

Fixed

0.37.1

Fixed

0.37.0

Added

0.36.3

Fixed

3.9.5

Bug fixes

3.9.5 (2024-04-16)

Bug fixes

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

New Contributors

2.32.0 (2024-05-20)

Version 0.37.2

Added

Fixed

Version 0.37.1

Fixed

Version 0.37.0

Added

Version 0.36.3

Fixed

0.37.2

Added

Fixed

0.37.1

Fixed

0.37.0

Added

0.36.3

Fixed