Bump the dependencies group across 1 directory with 43 updates

[dependabot[bot]]

Bumps the dependencies group with 43 updates in the /.config directory:

Package	From	To
babel	2.14.0	2.15.0
build	1.1.1	1.2.1
cairocffi	1.6.1	1.7.0
certifi	2024.2.2	2024.6.2
coverage	7.4.3	7.5.3
cryptography	42.0.5	42.0.8
docutils	0.20.1	0.21.2
exceptiongroup	1.2.0	1.2.1
filelock	3.13.1	3.14.0
gitpython	3.1.42	3.1.43
idna	3.6	3.7
importlib-metadata	7.0.2	7.1.0
jaraco-classes	3.3.1	3.4.0
jinja2	3.1.3	3.1.4
keyring	24.3.1	25.2.1
markdown	3.5.2	3.6
markdown-exec	1.8.0	1.8.3
mkdocs	1.5.3	1.6.0
mkdocs-htmlproofer-plugin	1.2.0	1.2.1
mkdocs-material	9.5.13	9.5.26
nh3	0.2.15	0.2.17
packaging	23.2	24.0
pillow	10.2.0	10.3.0
pipdeptree	2.16.1	2.22.0
pkginfo	1.10.0	1.11.1
platformdirs	4.2.0	4.2.2
pluggy	1.4.0	1.5.0
pycparser	2.21	2.22
pygments	2.17.2	2.18.0
pymdown-extensions	10.7.1	10.8.1
pyproject-hooks	1.0.0	1.1.0
pytest	8.1.1	8.2.2
pytest-plus	0.6.1	0.7.0
regex	2023.12.25	2024.5.15
requests	2.31.0	2.32.3
tinycss2	1.2.1	1.3.0
tox	4.14.1	4.15.1
twine	5.0.0	5.1.0
typer	0.9.0	0.12.3
typing-extensions	4.10.0	4.12.2
virtualenv	20.25.1	20.26.2
watchdog	4.0.0	4.0.1
zipp	3.17.0	3.19.2

Updates babel from 2.14.0 to 2.15.0

Release notes

Sourced from babel's releases.

v2.15.0

The changelog below is auto-generated by GitHub.

The binary artifacts attached to this GitHub release were generated by the GitHub Actions workflow.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Drop support for Python 3.7 (EOL since June 2023) by @​akx in python-babel/babel#1048
• Upgrade GitHub Actions by @​cclauss in python-babel/babel#1054
• Improve .po IO by @​akx in python-babel/babel#1068
• Use CLDR 44 by @​akx in python-babel/babel#1071
• Allow alternative space characters as group separator when parsing numbers by @​ronnix in python-babel/babel#1007
• Include Unicode license in locale-data and in documentation by @​akx in python-babel/babel#1074
• Encode support for the "fall back to short format" logic for time delta formatting by @​akx in python-babel/babel#1075
• Prepare for 2.15.0 release by @​akx in python-babel/babel#1079

New Contributors

• @​cclauss made their first contribution in python-babel/babel#1054
• @​ronnix made their first contribution in python-babel/babel#1007

Full Changelog: https://github.com/python-babel/babel/compare/v2.14.0...v2.15.0

Changelog

Sourced from babel's changelog.

Version 2.15.0

Python version support

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)
Features

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)

Infrastructure


Upgrade GitHub Actions (:gh:1054) (@​cclauss's first contribution)
The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@​akx)

Commits

• 40b194f Prepare for 2.15.0 release (#1079)
• c2e6c6e Encode support for the "fall back to short format" logic for time delta forma...
• 1a03526 Include Unicode license in locale-data and in documentation (#1074)
• c0fb56e Allow alternative space characters as group separator when parsing numbers (#...
• fe82fbc Use CLDR 44 and adjust tests to match new data (#1071)
• e0d1018 Improve .po IO (#1068)
• 40e60a1 Upgrade GitHub Actions (#1054)
• 2a1709a Drop support for Python 3.7 (EOL since June 2023) (#1048)
• See full diff in compare view

Updates build from 1.1.1 to 1.2.1

Release notes

Sourced from build's releases.

Version 1.2.1

What's Changed

• Avoid error when terminal width is undetectable on Python < 3.11 (PR #761)

Full Changelog: https://github.com/pypa/build/compare/1.2.0...1.2.1

Version 1.2.0

What's Changed

• Add --installer option, supporting pip and uv. Added uv extra. (PR #751)
• Improve console output and provide -v for dependency installation (PR #749)
• Avoid compiling unused bytecode when using pip (PR #752)
• Dropped support for Python 3.7 (PR #743)

Full Changelog: https://github.com/pypa/build/compare/1.1.1...1.2.0

Changelog

Sourced from build's changelog.

1.2.1 (2024-03-28)

• Avoid error when terminal width is undetectable on Python < 3.11 (PR :pr:761)

1.2.0 (2024-03-27)

• Add --installer option, supporting pip and uv. Added uv extra. (PR :pr:751)
• Improve console output and provide -v for dependency installation (PR :pr:749)
• Avoid compiling unused bytecode when using pip (PR :pr:752)
• Dropped support for Python 3.7 (PR :pr:743)

Commits

• 1e67c06 chore: bump version number to 1.2.1
• e5072e3 fix: support min width not detectable (#761)
• d5fb6fb chore: prepare for 1.2.0 (#758)
• 1ae6eb1 pre-commit: bump repositories (#757)
• a1f005d pre-commit: bump repositories (#756)
• 5076a56 uv: support double verbosity flag
• 5662669 chore: bump mypy
• 24c513d chore: reformat using Black 2024 style
• 08cdb76 ruff: bump version and update config
• 97ea57b perf: avoid compiling unused bytecode (#752)
• Additional commits viewable in compare view

Updates cairocffi from 1.6.1 to 1.7.0

Changelog

Sourced from cairocffi's changelog.

cairocffi changelog

Version 1.7.0 .............

Released on 2024-04-27

• Drop Python 3.7 support, add Python 3.12 support
• [#221](https://github.com/Kozea/cairocffi/issues/221) <https://github.com/Kozea/cairocffi/pull/225>_: Add environment variable to set folder where DLLs are installed on Windows
• [#225](https://github.com/Kozea/cairocffi/issues/225) <https://github.com/Kozea/cairocffi/pull/225>_: Use Ruff instead of Flake8 and isort

Version 1.6.1 .............

Released on 2023-07-24

• [#217](https://github.com/Kozea/cairocffi/issues/217) <https://github.com/Kozea/cairocffi/issues/217>_: Repair installation with PyInstaller

Version 1.6.0 .............

Released on 2023-06-12

This version uses a new CFFI mode that may break your program.

CairoCFFI now uses Flit for packaging and is also distributed as a Python wheel.

Please test carefully and don’t hesitate to report issues before using it in production.

• [#216](https://github.com/Kozea/cairocffi/issues/216) <https://github.com/Kozea/cairocffi/pull/216>_: Use ABI-level in-line CFFI mode

Version 1.5.1 .............

Released on 2023-04-15

• [#212](https://github.com/Kozea/cairocffi/issues/212) <https://github.com/Kozea/cairocffi/issues/212>_: Bring back XCB support during wheel generation

... (truncated)

Commits

• 4bafdd7 Version 1.7.0
• a535d50 Merge pull request #225 from Kozea/ruff
• aa240d3 Use ruff instead of flake8 and isort
• 33501f0 Fix CI tests on macOS
• ee7186b Drop Python 3.7, support Python 3.12
• dbb62b0 Clean and fix tests
• 8a8d35a Update tests on GitHub Actions
• 290b5db Merge pull request #221 from Li-Xiang-Ideal/patch-1
• 3e3dafd Add missing import
• f4ebc6e Add documentation about CAIROCFFI_DLL_DIRECTORIES
• Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.6.2

Commits

• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
• 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
• 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
• 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
• Additional commits viewable in compare view

Updates coverage from 7.4.3 to 7.5.3

Changelog

Sourced from coverage's changelog.

Version 7.5.3 — 2024-05-28

• Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

• Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: nedbat/coveragepy#1791

.. _changes_7-5-2:

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Version 7.5.1 — 2024-05-04

... (truncated)

Commits

• f310d7e docs: sample HTML for 7.5.3
• a51d52f docs: prep for 7.5.3
• b666f3a perf: it's faster in all versions if we don't cache tokenize #1791
• a2b4929 docs: changelog entry for combine performance improvements
• b9aff50 perf: don't read full line_bits table each time
• c45ebac perf: cache alias mapping
• 390cb97 perf: avoid quadratic behavior when combining line coverage
• d3caf53 docs(build): tweaks to howto
• 909e887 build: bump version
• 242adea build: don't claim pre-alpha-1 in classifiers
• Additional commits viewable in compare view

Updates cryptography from 42.0.5 to 42.0.8

Changelog

Sourced from cryptography's changelog.

42.0.8 - 2024-06-04

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2.
.. _v42-0-7:
42.0.7 - 2024-05-06

• Restored Windows 7 compatibility for our pre-built wheels. Note that we do not test on Windows 7 and wheels for our next release will not support it. Microsoft no longer provides support for Windows 7 and users are encouraged to upgrade.

.. _v42-0-6:

42.0.6 - 2024-05-04

* Fixed compilation when using LibreSSL 3.9.1.
.. _v42-0-5:

Commits

• 761ef4b bump for 42.0.8 release (#11072)
• 0cc7fc3 Prepare for 42.0.7 release (#10949)
• cfad004 Prepare backports for 42.0.6 release (#10929)
• See full diff in compare view

Updates docutils from 0.20.1 to 0.21.2

Updates exceptiongroup from 1.2.0 to 1.2.1

Release notes

Sourced from exceptiongroup's releases.

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

• Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
• Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
• Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except* handler

1.1.3

• catch() now raises a TypeError if passed an async exception handler instead of just giving a RuntimeWarning about the coroutine never being awaited. (#66, PR by John Litborn)
• Fixed plain raise statement in an exception handler callback to work like a raise in an except* block
• Fixed new exception group not being chained to the original exception when raising an exception group from exceptions raised in handler callbacks
• Fixed type annotations of the derive(), subgroup() and split() methods to match the ones in typeshed

1.1.2

• Changed handling of exceptions in exception group handler callbacks to not wrap a single exception in an exception group, as per CPython issue 103590 <https://github.com/python/cpython/issues/103590>_

1.1.1

• Worked around CPython issue [#98778](https://github.com/agronholm/exceptiongroup/issues/98778) <https://github.com/python/cpython/issues/98778>_, urllib.error.HTTPError(..., fp=None) raises KeyError on unknown attribute access, on affected Python versions. (PR by Zac Hatfield-Dodds)

1.1.0

... (truncated)

Commits

• b91b7a3 Added the release version
• 521f02f Fixed type errors, added type tests (#118)
• 4639b1e Fixed test failure on Python 3.12.3
• 684b79a Have tox install the package in editable mode
• 9ebe9f5 Updated GitHub actions
• e57b07f [pre-commit.ci] pre-commit autoupdate (#115)
• 8d2f627 [pre-commit.ci] pre-commit autoupdate (#113)
• ee53e9f BaseExceptionGroup.derive should not copy notes (#112)
• 2f23259 Corrected the type annotation for the exception handler callback (#109)
• 0c89199 [pre-commit.ci] pre-commit autoupdate (#110)
• Additional commits viewable in compare view

Updates filelock from 3.13.1 to 3.14.0

Release notes

Sourced from filelock's releases.

3.14.0

What's Changed

• feat: blocking parameter on lock constructor with tests and docs by @​iamkhav in tox-dev/filelock#325

New Contributors

• @​iamkhav made their first contribution in tox-dev/filelock#325

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.4...3.14.0

3.13.4

What's Changed

• Raise error on incompatible singleton timeout and mode args by @​nefrob in tox-dev/filelock#320

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.3...3.13.4

3.13.3

What's Changed

• Make singleton class instance dict unique per subclass by @​nefrob in tox-dev/filelock#318

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.2...3.13.3

3.13.2

What's Changed

• Fixed small typo in _unix.py by @​snemes in tox-dev/filelock#302
• Update SECURITY.md to reflect Python 3.7 support dropoff by @​kemzeb in tox-dev/filelock#304
• Update index.rst to improve the demo usage by @​youkaichao in tox-dev/filelock#314
• [BugFix] fix permission denied error when lock file is placed in /tmp by @​kota-iizuka in tox-dev/filelock#317

New Contributors

• @​snemes made their first contribution in tox-dev/filelock#302
• @​kemzeb made their first contribution in tox-dev/filelock#304
• @​youkaichao made their first contribution in tox-dev/filelock#314
• @​kota-iizuka made their first contribution in tox-dev/filelock#317

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.1...3.13.2

Commits

• 8556141 feat: blocking parameter on lock constructor with tests and docs (#325)
• 26ccad3 [pre-commit.ci] pre-commit autoupdate (#324)
• 853e7d1 [pre-commit.ci] pre-commit autoupdate (#323)
• 000a3fa Raise error on incompatible singleton timeout and mode args (#320)
• 312fb4e [pre-commit.ci] pre-commit autoupdate (#321)
• f50a337 [pre-commit.ci] pre-commit autoupdate (#319)
• 3f6df70 Make singleton class instance dict unique per subclass (#318)
• 9a64375 [BugFix] fix permission denied error when lock file is placed in /tmp (#317)
• e2f121b Update index.rst to improve the demo usage (#314)
• a46ea71 [pre-commit.ci] pre-commit autoupdate (#312)
• Additional commits viewable in compare view

Updates gitpython from 3.1.42 to 3.1.43

Release notes

Sourced from gitpython's releases.

3.1.43

Particularly Important Changes

These are likely to affect you, please do take a careful look.

• Issue and test deprecation warnings by @​EliahKagan in gitpython-developers/GitPython#1886
• Fix version_info cache invalidation, typing, parsing, and serialization by @​EliahKagan in gitpython-developers/GitPython#1838
• Document manual refresh path treatment by @​EliahKagan in gitpython-developers/GitPython#1839
• Improve static typing and docstrings related to git object types by @​EliahKagan in gitpython-developers/GitPython#1859

Other Changes

• Test in Docker with Alpine Linux on CI by @​EliahKagan in gitpython-developers/GitPython#1826
• Build online docs (RTD) with -W and dependencies by @​EliahKagan in gitpython-developers/GitPython#1843
• Suggest full-path refresh() in failure message by @​EliahKagan in gitpython-developers/GitPython#1844
• repo.blame and repo.blame_incremental now accept None as the rev parameter. by @​Gaubbe in gitpython-developers/GitPython#1846
• Make sure diff always uses the default diff driver when create_patch=True by @​can-taslicukur in gitpython-developers/GitPython#1832
• Revise docstrings, comments, and a few messages by @​EliahKagan in gitpython-developers/GitPython#1850
• Expand what is included in the API Reference by @​EliahKagan in gitpython-developers/GitPython#1855
• Restore building of documentation downloads by @​EliahKagan in gitpython-developers/GitPython#1856
• Revise type annotations slightly by @​EliahKagan in gitpython-developers/GitPython#1860
• Updating regex pattern to handle unicode whitespaces. by @​jcole-crowdstrike in gitpython-developers/GitPython#1853
• Use upgraded pip in test fixture virtual environment by @​EliahKagan in gitpython-developers/GitPython#1864
• lint: replace flake8 with ruff check by @​Borda in gitpython-developers/GitPython#1862
• lint: switch Black with ruff-format by @​Borda in gitpython-developers/GitPython#1865
• Update readme and tox.ini for recent tooling changes by @​EliahKagan in gitpython-developers/GitPython#1868
• Split tox lint env into three envs, all safe by @​EliahKagan in gitpython-developers/GitPython#1870
• Slightly broaden Ruff, and update and clarify tool configuration by @​EliahKagan in gitpython-developers/GitPython#1871
• Add a "doc" extra for documentation build dependencies by @​EliahKagan in gitpython-developers/GitPython#1872
• Describe Submodule.__init__ parent_commit parameter by @​EliahKagan in gitpython-developers/GitPython#1877
• Include TagObject in git.types.Tree_ish by @​EliahKagan in gitpython-developers/GitPython#1878
• Improve Sphinx role usage, including linking Git manpages by @​EliahKagan in gitpython-developers/GitPython#1879
• Replace all wildcard imports with explicit imports by @​EliahKagan in gitpython-developers/GitPython#1880
• Clarify how tag objects are usually tree-ish and commit-ish by @​EliahKagan in gitpython-developers/GitPython#1881

New Contributors

• @​Gaubbe made their first contribution in gitpython-developers/GitPython#1846
• @​can-taslicukur made their first contribution in gitpython-developers/GitPython#1832
• @​jcole-crowdstrike made their first contribution in gitpython-developers/GitPython#1853
• @​Borda made their first contribution in gitpython-developers/GitPython#1862

Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.42...3.1.43

Commits

• 5364053 bump version to 3.1.43
• 4e626bd Merge pull request #1886 from EliahKagan/deprecation-warnings
• f6060df Add GitMeta alias
• 8327b45 Test GitMeta alias
• f92f4c3 Clarify security risk in USE_SHELL doc and warnings
• c7675d2 update security policy, to use GitHub instead of email
• cf2576e Make/use test.deprecation.lib; abandon idea to filter by module
• 7cd3aa9 Make test.performance.lib docstring more specific
• b51b080 Explain the approach in test.deprecation to static checking
• bdabb21 Expand USE_SHELL docstring; clarify a test usage
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates importlib-metadata from 7.0.2 to 7.1.0

Changelog

Sourced from importlib-metadata's changelog.

v7.1.0

Features

• python/cpython#114664

Bugfixes

• Make MetadataPathFinder.find_distributions a classmethod for consistency with CPython. Closes #484. (#484)
• Allow MetadataPathFinder.invalidate_caches to be called as a classmethod.

Commits

• f5d6b5f Finalize
• 2ef3b5f Merge commit '1711b2c198'
• 1711b2c Need to include names from test.support for py312 compat.
• 47b14ac Make MetadataPathFinder.find_distributions a classmethod for consistency with...
• adc4b12 Ensure tests do not leak references in sys.modules.
• 07d894d Copy backport of isolated_modules from importlib_resources.
• e30a16d Consolidated test support logic in jaraco.test.cpython.
• 41ca039 Moved compatibility tests to the compat package, as they're not included in C...
• 5950f43 Remove legacy logic for Python 3.7.
• ffa719b Moved compatibility module to compat package.
• Additional commits viewable in compare view

Updates jaraco-classes from 3.3.1 to 3.4.0

Changelog

Sourced from jaraco-classes's changelog.

v3.4.0

Features

• Better type hints for NonDataProperty. (#13)

Commits

• 0b64201 Fix failing docs build.
• d79d074 Merge https://github.com/jaraco/skeleton
• 3fc7a93 Move Python 3.11 out of the test matrix.
• 071a6eb Finalize
• 458db61 Merge https://github.com/jaraco/skeleton
• c43b87f Add news fragment.
• aa9e788 better type hints for NonDataProperty (#13)
• d72c6a0 Fetch unshallow clones in readthedocs. Closes jaraco/skeleton#114.
• c9a7f97 Re-enable ignoring of temporary merge queue branches. Closes jaraco/skeleton#...
• a0d0c4bjaraco/skeleton#111
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates keyring from 24.3.1 to 25.2.1

Changelog

Sourced from keyring's changelog.

v25.2.1

Bugfixes

• Fix typo in CLI creds mode. (#681)

v25.2.0

Features

• Added options for 'keyring get' command to support credential retrieval and emit as JSON. (#678)

v25.1.0

Features

• Replace ExceptionRaisedContext with ExceptionTrap.

v25.0.1

Bugfixes

• When completion is unavailable, exit with non-zero status and emit message to stderr. (#671)

v25.0.0

Deprecations and Removals

• Removed check for config in XDG_DATA_HOME on Linux systems. (#99)
• In platform config support, remove support for Windows XP, now 10 years sunset.

Commits

• c09855e Finalize
• 788c67c Merge https://github.com/jaraco/skeleton
• 1ec750d Fix typo in CLI creds mode.
• 67aab15 Revert "Allow macos on Python 3.8 to fail as GitHub CI has dropped support."
• f98adf3 Finalize
• 63dfe11 Merge pull request #678 from BakerNet/change/add-getcreds-to-cli
• 49e7cf8 Add news fragment.
• 33bae95 Rewrite _check_args using rules for required params. Consolidates logic and r...
• f922be6 Move checks for 'no result' back into do_get.
• 734a17d Re-write do_get to re-use credential objects.
• Additional commits viewable in compare view

Updates markdown from 3.5.2 to 3.6

Release notes

Sourced from markdown's releases.

Release 3.6

Changed

Refactor TOC Sanitation

• All postprocessors a... _Description has been truncated_

[dependabot[bot]]

The following labels could not be found: dependabot-deps-updates.

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.