search

simonw / simonwillisonblog

The source code behind my blog
https://simonwillison.net/
Apache License 2.0
202 stars 18 forks source link

Bump the python-packages group across 1 directory with 4 updates #420

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the python-packages group with 4 updates in the / directory: cloudflare, django, gunicorn and pytest.

Updates cloudflare from 2.19.0 to 2.19.2

Release notes

Sourced from cloudflare's releases.

2.19.2

 - 2024-02-22 13:49:22 +0900 [9dca32b](https://github.com/cloudflare/python-cloudflare/commit/9dca32b2eb2511ce7b5ae3585ffec17b0eab8278) CHANGELOG.md pushed to github
 - 2024-02-22 13:49:15 +0900 [28b768a](https://github.com/cloudflare/python-cloudflare/commit/28b768a0d02309cef9f150bfc41cb9c3d9c2eecd) 2.19.2
 - 2024-02-22 13:48:52 +0900 [11d1270](https://github.com/cloudflare/python-cloudflare/commit/11d1270b65ce089b87b029483f517c56d288bff5) typo
 - 2024-02-22 13:37:13 +0900 [287c8a7](https://github.com/cloudflare/python-cloudflare/commit/287c8a790b3adf80352972d9ca63c14eab2f8c3a) CHANGELOG.md pushed to github
 - 2024-02-22 13:36:59 +0900 [6f9e5cf](https://github.com/cloudflare/python-cloudflare/commit/6f9e5cf637fb743e6e9a231ac2b3e37211d492d4) 2.19.1
 - 2024-02-22 13:34:05 +0900 [08123c1](https://github.com/cloudflare/python-cloudflare/commit/08123c1cb1fd49c5727c89d5bfdac95f36f01624) http_headers documentation
 - 2024-02-22 13:14:37 +0900 [44751a0](https://github.com/cloudflare/python-cloudflare/commit/44751a003c33d75d73d51889728e75be4bafb7f5) fix tag name creation
 - 2024-02-22 11:25:20 +0900 [10d8af3](https://github.com/cloudflare/python-cloudflare/commit/10d8af3dce16af13127cb3e7fe2688acbdca9ad0) CHANGELOG.md pushed to github
 - 2024-02-22 11:23:43 +0900 [32d1461](https://github.com/cloudflare/python-cloudflare/commit/32d1461896e7a11242ac51c619b1f38ada0867c7) 2.18.1.rc1
 - 2024-02-22 11:23:09 +0900 [a71dd35](https://github.com/cloudflare/python-cloudflare/commit/a71dd354fe44b8802e205767f16b92f8b0b533ab) added http_headers
 - 2024-02-22 09:32:55 +0900 [c2c4adf](https://github.com/cloudflare/python-cloudflare/commit/c2c4adf2d4f75ee76bb25d82ac8628945644bd98) solidfied the Python3 only mindset
 - 2024-02-19 16:45:40 +0900 [64f3a01](https://github.com/cloudflare/python-cloudflare/commit/64f3a011bb68812493c926b87a7c7b777199e5c6) brought man page up to date
 - 2024-02-18 18:48:47 +0900 [618d02e](https://github.com/cloudflare/python-cloudflare/commit/618d02e546a82f1c26f483cd46bc14c808d44508) create dummy loa document on-the-fly with very-basic pdf content
Changelog

Sourced from cloudflare's changelog.

Change Log

  • 2024-02-22 13:49:15 +0900 28b768a 2.19.2
  • 2024-02-22 13:48:52 +0900 11d1270 typo
  • 2024-02-22 13:37:13 +0900 287c8a7 CHANGELOG.md pushed to github
  • 2024-02-22 13:36:59 +0900 6f9e5cf 2.19.1
  • 2024-02-22 13:34:05 +0900 08123c1 http_headers documentation
  • 2024-02-22 13:14:37 +0900 44751a0 fix tag name creation
  • 2024-02-22 11:25:20 +0900 10d8af3 CHANGELOG.md pushed to github
  • 2024-02-22 11:23:43 +0900 32d1461 2.18.1.rc1
  • 2024-02-22 11:23:09 +0900 a71dd35 added http_headers
  • 2024-02-22 09:32:55 +0900 c2c4adf solidfied the Python3 only mindset
  • 2024-02-19 16:45:40 +0900 64f3a01 brought man page up to date
  • 2024-02-18 18:48:47 +0900 618d02e create dummy loa document on-the-fly with very-basic pdf content
  • 2024-02-17 08:13:17 +0900 4b2ec55 CHANGELOG.md pushed to github
  • 2024-02-17 08:12:56 +0900 c7d9ae3 2.19.0
  • 2024-02-17 08:10:02 +0900 9135f17 typo introduced before 2.18.x - now fixed
  • 2024-02-17 08:09:18 +0900 3901158 purge_cache test - was chasing a different bug
  • 2024-02-14 13:42:44 -0800 ba42673 typo
  • 2024-02-12 14:24:48 -0800 c5b035a CHANGELOG.md pushed to github
  • 2024-02-12 14:24:13 -0800 b2ec8f7 2.18.2
  • 2024-02-12 13:18:19 -0800 6245faf coverage should only be CloudFlare/*.py files
  • 2024-02-12 11:10:29 -0800 6c309ec when more than one Content-Type is recommended try to make a good choice
  • 2024-02-12 10:03:18 -0800 bf93a19 one more %r needed
  • 2024-02-12 10:02:49 -0800 664c992 add error print for error chain - to test that code
  • 2024-02-11 12:03:50 -0800 212c080 more api calls
  • 2024-02-10 22:43:29 -0800 eeb1355 Issue182 triggered some rethink of the exception code plus some longstanding cleanup
  • 2024-02-10 22:26:12 -0800 9f8fe7a cleanup error message
  • 2024-02-10 18:33:24 -0800 60c67b6 print error before assert
  • 2024-02-10 15:21:38 -0800 1acba51 typo
  • 2024-02-10 15:21:04 -0800 5a314b1 CloudFlare/tests/test_find.py
  • 2024-02-10 15:12:38 -0800 4a8c255 cleaner AI examples using find() call
  • 2024-02-10 15:11:05 -0800 6f38180 cleaner AI exampled using the find() call and/or sanitized calls without at-symbols
  • 2024-02-10 15:00:34 -0800 e588f6b cleaner sanitize code for keywords, dashes, at-symbols. Cleaner API Exception returns. Added unified find() call to reduce code
  • 2024-02-10 12:37:38 -0800 abcdcee improved error message - minor
  • 2024-02-09 16:32:14 -0800 0e7bbec cleanup of _content_type value - not needed if None, which is the default
  • 2024-02-09 13:25:10 -0800 07348fe CHANGELOG.md pushed to github
  • 2024-02-09 13:24:46 -0800 742c156 2.18.1
  • 2024-02-09 13:20:06 -0800 2a3e059 add data and files to be present - which is not normall legal, convert code from dict to set for files data to improve requests() handling
  • 2024-02-09 13:19:08 -0800 10455f3 handle --form with set() - was missing
  • 2024-02-09 12:14:25 -0800 719c1f9 cleanup of version checking code for readability
  • 2024-02-09 11:32:08 -0800 299ef93 CHANGELOG.md pushed to github
  • 2024-02-09 11:31:47 -0800 5de022e start using mypy for a checking source code
  • 2024-02-09 11:30:55 -0800 61e8108 2.18.0
  • 2024-02-08 17:17:07 -0800 99d4228 now prints correct --form data in all cases
  • 2024-02-08 17:07:29 -0800 a7e1b77 handle versions 2.14.2 or below or 2.17.0 or any version above that
  • 2024-02-08 16:44:05 -0800 4bd5e3f example for /accounts/:id/images/v2/direct_upload
  • 2024-02-08 14:19:04 -0800 0a9cc41 passing params as files for multipart/form-data type APIs needed some work
  • 2024-02-08 14:11:49 -0800 cd078fb improve debug prints. handle all the files debug formats
  • 2024-02-08 14:08:37 -0800 cec7f5a added comment to remind how data/json/files behaves

... (truncated)

Commits


Updates django from 5.0.2 to 5.0.4

Commits
  • 476d7c5 [5.0.x] Bumped version for 5.0.4 release.
  • e4a0644 [5.0.x] Added release date for 5.0.4.
  • fead2dd [5.0.x] Fixed #35336 -- Addressed crash when adding a GeneratedField with % l...
  • 14ab15d [5.0.x] Fixed #35344, Refs #34838 -- Corrected output_field of resolved colum...
  • 7b144e7 [5.0.x] Restored django.db.models.F import in final code snippet added at the...
  • 3264e88 [5.0.x] Fixed typo in docs/topics/signals.txt.
  • 345e3cf [5.0.x] Fixed #35329 -- Fixed migrations crash when adding partial unique con...
  • 71368b6 [5.0.x] Added RowNumber() link in Rank() docs.
  • 8fd953f [5.0.x] Fixed #35273 -- Fixed rendering AdminFileWidget's attributes.
  • 710ca57 [5.0.x] Fixed #25595 -- Doc'd that URLValidator rejects file:// URIs without ...
  • Additional commits viewable in compare view


Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/
Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view


Updates pytest from 8.0.1 to 8.2.0

Release notes

Sourced from pytest's releases.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

  • #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

    • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
    • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
    • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
    • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
    • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

    The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

    See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

  • #11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.

    See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

  • #11523: pytest.importorskip{.interpreted-text role="func"} will now issue a warning if the module could be found, but raised ImportError{.interpreted-text role="class"} instead of ModuleNotFoundError{.interpreted-text role="class"}.

    The warning can be suppressed by passing exc_type=ImportError to pytest.importorskip{.interpreted-text role="func"}.

    See import-or-skip-import-error{.interpreted-text role="ref"} for details.

  • #11728: For unittest-based tests, exceptions during class cleanup (as raised by functions registered with TestCase.addClassCleanup <unittest.TestCase.addClassCleanup>{.interpreted-text role="meth"}) are now reported instead of silently failing.

  • #11777: Text is no longer truncated in the short test summary info section when -vv is given.

  • #12112: Improved namespace packages detection when consider_namespace_packages{.interpreted-text role="confval"} is enabled, covering more situations (like editable installs).

  • #9502: Added PYTEST_VERSION{.interpreted-text role="envvar"} environment variable which is defined at the start of the pytest session and undefined afterwards. It contains the value of pytest.__version__, and among other things can be used to easily check if code is running from within a pytest run.

Bug Fixes

  • #12065: Fixed a regression in pytest 8.0.0 where test classes containing setup_method and tests using @staticmethod or @classmethod would crash with AttributeError: 'NoneType' object has no attribute 'setup_method'.

    Now the request.instance <pytest.FixtureRequest.instance>{.interpreted-text role="attr"} attribute of tests using @staticmethod and @classmethod is no longer None, but a fresh instance of the class, like in non-static methods.

... (truncated)

Commits
  • 6bd3f31 Tweak changelog for 8.2.0
  • 9b6219b Prepare release version 8.2.0
  • 835765c Merge pull request #12130 from bluetech/fixtures-inline
  • 7e7503c unittest: report class cleanup exceptions (#12250)
  • 882c4da fixtures: inline fail_fixturefunc
  • 2e8fb9f fixtures: extract a _check_fixturedef method
  • acf2971 fixtures: inline _getnextfixturedef into _get_active_fixturedef
  • 3c77aec fixtures: move "request" check early
  • d217d68 fixtures: inline _compute_fixture_value
  • 530be28 fixtures: use early return in _get_active_fixturedef
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 6 months ago

Superseded by #422.