search

simonw / simonwillisonblog

The source code behind my blog
https://simonwillison.net/
Apache License 2.0
202 stars 18 forks source link

Bump the python-packages group across 1 directory with 4 updates #425

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the python-packages group with 4 updates in the / directory: cloudflare, django, gunicorn and pytest.

Updates cloudflare from 2.19.0 to 2.19.4

Release notes

Sourced from cloudflare's releases.

2.19.4

 - 2024-04-29 19:15:50 +0100 [34bcb1b](https://github.com/cloudflare/python-cloudflare/commit/34bcb1b3f504b4ddfd8040e6972ddd2c71bc673c) HTTPError can show up when you plan with the URL value
 - 2024-04-29 18:38:57 +0100 [7535d9a](https://github.com/cloudflare/python-cloudflare/commit/7535d9a7e00bb3e2623ee11ff466f4bcb75f3161) CHANGELOG.md pushed to github
 - 2024-04-29 18:38:21 +0100 [1bda322](https://github.com/cloudflare/python-cloudflare/commit/1bda322ccb2093c262cb65777327b1d1133d2a5a) 2.19.4
 - 2024-04-29 18:36:37 +0100 [a3cda63](https://github.com/cloudflare/python-cloudflare/commit/a3cda63d40e9bf25cbd90bef76b28ad16285c2ba) [#186](https://github.com/cloudflare/python-cloudflare/issues/186) - explain how to maps arguments
 - 2024-04-29 18:28:56 +0100 [389029a](https://github.com/cloudflare/python-cloudflare/commit/389029a6c8c20cd125333c81f758ffb718169ab9) [#188](https://github.com/cloudflare/python-cloudflare/issues/188) - url now uses strings - as it should!
 - 2024-04-29 18:07:15 +0100 [4bd76db](https://github.com/cloudflare/python-cloudflare/commit/4bd76dbd42a84a851719b7a5a3f47176db3a189f) [#190](https://github.com/cloudflare/python-cloudflare/issues/190) - remove Python 3.5 support because of f-string
 - 2024-04-29 18:04:12 +0100 [02e513f](https://github.com/cloudflare/python-cloudflare/commit/02e513f1607be04f031ee9387872d6666cabeb1a) 2.19.3
 - 2024-04-29 18:02:44 +0100 [8f2e7ad](https://github.com/cloudflare/python-cloudflare/commit/8f2e7ad974c71a4b507eb90ddc8d0210f318ab4e) Add version 3.0 code and pinning info to README
 - 2024-04-29 18:01:58 +0100 [b4dbc6e](https://github.com/cloudflare/python-cloudflare/commit/b4dbc6e8ee954ae264f72e2ac38d4f9c47201e19) more api endpoints
 - 2024-04-29 18:01:25 +0100 [63f1839](https://github.com/cloudflare/python-cloudflare/commit/63f18392d3346924f81e59e681a877a940cbd656) now that AI methods are in library - no need for CLOUDFLARE_API_EXTRAS code
 - 2024-04-18 16:35:32 -0700 [0c1fb92](https://github.com/cloudflare/python-cloudflare/commit/0c1fb926b0bf0595b025272b9e80bc77ed7c5ad3) more api endpoints
 - 2024-03-19 15:02:14 -0700 [839ac32](https://github.com/cloudflare/python-cloudflare/commit/839ac3206320206178fd67438a52e0f4357f3903) remove f-string for Python <3.6 compatibility
 - 2024-03-11 22:25:20 -0300 [ab8a1aa](https://github.com/cloudflare/python-cloudflare/commit/ab8a1aaa189ac5afdab20f966ef44fd675e1437b) added documentation urls, etc for pypi
 - 2024-03-11 22:21:01 -0300 [fc0e111](https://github.com/cloudflare/python-cloudflare/commit/fc0e1111e1824ea8c78cda43530b51343fb0a348) finally removed the VOID calls, added /ai/run endpoints
 - 2024-03-04 19:50:56 -0500 [56ffcfc](https://github.com/cloudflare/python-cloudflare/commit/56ffcfc1557610ae4d18eb305fbeb418966f038e) still testing docs
 - 2024-03-04 19:46:21 -0500 [82d2dcb](https://github.com/cloudflare/python-cloudflare/commit/82d2dcb2f8dc51bc72e3bca455bba38c55e66f8b) added more download stats
 - 2024-03-04 19:32:03 -0500 [1ae9c2a](https://github.com/cloudflare/python-cloudflare/commit/1ae9c2aa7a67f8f15bce6cdabc3a2b71a8744c11) still testing docs
 - 2024-03-04 19:29:14 -0500 [f9b565a](https://github.com/cloudflare/python-cloudflare/commit/f9b565a772c1ff06b2ed8a432734fa67ae2b24bc) added download stats
 - 2024-03-04 00:02:19 -0500 [984284f](https://github.com/cloudflare/python-cloudflare/commit/984284f563e90c91e296a0c5d5d2f65dad9f8a4e) still testing docs
 - 2024-03-04 00:01:25 -0500 [cf2b3d7](https://github.com/cloudflare/python-cloudflare/commit/cf2b3d7b6630f677e9224ed91ea4b8d462fbdd92) still testing docs
 - 2024-03-01 12:05:09 -0800 [26f6af8](https://github.com/cloudflare/python-cloudflare/commit/26f6af8bc79ab6c3c8c0c8526a73012d46350c0d) still testing docs
 - 2024-03-01 11:39:45 -0800 [35c0e06](https://github.com/cloudflare/python-cloudflare/commit/35c0e068df3459f6cfcb4c39cadd15f526386e4c) start of longstanding need for documentation, update of copyright string
 - 2024-03-01 10:15:38 -0800 [4fe03ee](https://github.com/cloudflare/python-cloudflare/commit/4fe03eed3c7bcc2130846b1be6ea4c9427a1bb99) readthedocs initial setup - long overdue
 - 2024-02-26 23:33:35 -0800 [77fee2e](https://github.com/cloudflare/python-cloudflare/commit/77fee2e5fcf9e3246f6f2d9f194dbb65e54cdcf4) pylint fixes
 - 2024-02-26 23:30:57 -0800 [e7cc964](https://github.com/cloudflare/python-cloudflare/commit/e7cc96452fb84338525ed1537e3523157ba634de) moved all requests code/exceptions into network where it belongs, import cleanup, exception handling cleanup
 - 2024-02-26 23:20:06 -0800 [dbaf7d6](https://github.com/cloudflare/python-cloudflare/commit/dbaf7d67c53e0baaf7a1ab6f33ee860c50672686) handle python < 3.10 to get utc time correctly
 - 2024-02-23 16:47:01 -0800 [036c5ed](https://github.com/cloudflare/python-cloudflare/commit/036c5edeac4d40e8bd9584541ce4a84f2e686d20) document cli4 having --header flag
 - 2024-02-23 16:39:32 -0800 [6eed220](https://github.com/cloudflare/python-cloudflare/commit/6eed2201254769b9bbcea69252fdad51bae62aa2) cli4 has --header flag, plus http_headers needed some more syntax checking
 - 2024-02-22 19:03:24 -0800 [dec9835](https://github.com/cloudflare/python-cloudflare/commit/dec98352d027e205bed762bebdbc8ea0eecbd7c5) added Python 3.5 note
 - 2024-02-22 15:10:24 -0800 [b3cf637](https://github.com/cloudflare/python-cloudflare/commit/b3cf637c2318e6aa09150a3f5f55e5a8a90221f3) remove excessive import statements
 - 2024-02-22 15:09:41 -0800 [c5a5587](https://github.com/cloudflare/python-cloudflare/commit/c5a5587abff4213ffc9fdeac515390a0982f73ee) improved date/time rfc/iso code, lint fixes

2.19.2

 - 2024-02-22 13:49:22 +0900 [9dca32b](https://github.com/cloudflare/python-cloudflare/commit/9dca32b2eb2511ce7b5ae3585ffec17b0eab8278) CHANGELOG.md pushed to github
 - 2024-02-22 13:49:15 +0900 [28b768a](https://github.com/cloudflare/python-cloudflare/commit/28b768a0d02309cef9f150bfc41cb9c3d9c2eecd) 2.19.2
 - 2024-02-22 13:48:52 +0900 [11d1270](https://github.com/cloudflare/python-cloudflare/commit/11d1270b65ce089b87b029483f517c56d288bff5) typo
 - 2024-02-22 13:37:13 +0900 [287c8a7](https://github.com/cloudflare/python-cloudflare/commit/287c8a790b3adf80352972d9ca63c14eab2f8c3a) CHANGELOG.md pushed to github
 - 2024-02-22 13:36:59 +0900 [6f9e5cf](https://github.com/cloudflare/python-cloudflare/commit/6f9e5cf637fb743e6e9a231ac2b3e37211d492d4) 2.19.1
 - 2024-02-22 13:34:05 +0900 [08123c1](https://github.com/cloudflare/python-cloudflare/commit/08123c1cb1fd49c5727c89d5bfdac95f36f01624) http_headers documentation
 - 2024-02-22 13:14:37 +0900 [44751a0](https://github.com/cloudflare/python-cloudflare/commit/44751a003c33d75d73d51889728e75be4bafb7f5) fix tag name creation
 - 2024-02-22 11:25:20 +0900 [10d8af3](https://github.com/cloudflare/python-cloudflare/commit/10d8af3dce16af13127cb3e7fe2688acbdca9ad0) CHANGELOG.md pushed to github
 - 2024-02-22 11:23:43 +0900 [32d1461](https://github.com/cloudflare/python-cloudflare/commit/32d1461896e7a11242ac51c619b1f38ada0867c7) 2.18.1.rc1
 - 2024-02-22 11:23:09 +0900 [a71dd35](https://github.com/cloudflare/python-cloudflare/commit/a71dd354fe44b8802e205767f16b92f8b0b533ab) added http_headers
 - 2024-02-22 09:32:55 +0900 [c2c4adf](https://github.com/cloudflare/python-cloudflare/commit/c2c4adf2d4f75ee76bb25d82ac8628945644bd98) solidfied the Python3 only mindset
 - 2024-02-19 16:45:40 +0900 [64f3a01](https://github.com/cloudflare/python-cloudflare/commit/64f3a011bb68812493c926b87a7c7b777199e5c6) brought man page up to date
</tr></table>

... (truncated)

Changelog

Sourced from cloudflare's changelog.

Change Log

  • 2024-04-29 18:38:21 +0100 1bda322 2.19.4
  • 2024-04-29 18:36:37 +0100 a3cda63 #186 - explain how to maps arguments
  • 2024-04-29 18:28:56 +0100 389029a #188 - url now uses strings - as it should!
  • 2024-04-29 18:07:15 +0100 4bd76db #190 - remove Python 3.5 support because of f-string
  • 2024-04-29 18:04:12 +0100 02e513f 2.19.3
  • 2024-04-29 18:02:44 +0100 8f2e7ad Add version 3.0 code and pinning info to README
  • 2024-04-29 18:01:58 +0100 b4dbc6e more api endpoints
  • 2024-04-29 18:01:25 +0100 63f1839 now that AI methods are in library - no need for CLOUDFLARE_API_EXTRAS code
  • 2024-04-18 16:35:32 -0700 0c1fb92 more api endpoints
  • 2024-03-19 15:02:14 -0700 839ac32 remove f-string for Python <3.6 compatibility
  • 2024-03-11 22:25:20 -0300 ab8a1aa added documentation urls, etc for pypi
  • 2024-03-11 22:21:01 -0300 fc0e111 finally removed the VOID calls, added /ai/run endpoints
  • 2024-03-04 19:50:56 -0500 56ffcfc still testing docs
  • 2024-03-04 19:46:21 -0500 82d2dcb added more download stats
  • 2024-03-04 19:32:03 -0500 1ae9c2a still testing docs
  • 2024-03-04 19:29:14 -0500 f9b565a added download stats
  • 2024-03-04 00:02:19 -0500 984284f still testing docs
  • 2024-03-04 00:01:25 -0500 cf2b3d7 still testing docs
  • 2024-03-01 12:05:09 -0800 26f6af8 still testing docs
  • 2024-03-01 11:39:45 -0800 35c0e06 start of longstanding need for documentation, update of copyright string
  • 2024-03-01 10:15:38 -0800 4fe03ee readthedocs initial setup - long overdue
  • 2024-02-26 23:33:35 -0800 77fee2e pylint fixes
  • 2024-02-26 23:30:57 -0800 e7cc964 moved all requests code/exceptions into network where it belongs, import cleanup, exception handling cleanup
  • 2024-02-26 23:20:06 -0800 dbaf7d6 handle python < 3.10 to get utc time correctly
  • 2024-02-23 16:47:01 -0800 036c5ed document cli4 having --header flag
  • 2024-02-23 16:39:32 -0800 6eed220 cli4 has --header flag, plus http_headers needed some more syntax checking
  • 2024-02-22 19:03:24 -0800 dec9835 added Python 3.5 note
  • 2024-02-22 15:10:24 -0800 b3cf637 remove excessive import statements
  • 2024-02-22 15:09:41 -0800 c5a5587 improved date/time rfc/iso code, lint fixes
  • 2024-02-22 13:49:22 +0900 9dca32b CHANGELOG.md pushed to github
  • 2024-02-22 13:49:15 +0900 28b768a 2.19.2
  • 2024-02-22 13:48:52 +0900 11d1270 typo
  • 2024-02-22 13:37:13 +0900 287c8a7 CHANGELOG.md pushed to github
  • 2024-02-22 13:36:59 +0900 6f9e5cf 2.19.1
  • 2024-02-22 13:34:05 +0900 08123c1 http_headers documentation
  • 2024-02-22 13:14:37 +0900 44751a0 fix tag name creation
  • 2024-02-22 11:25:20 +0900 10d8af3 CHANGELOG.md pushed to github
  • 2024-02-22 11:23:43 +0900 32d1461 2.18.1.rc1
  • 2024-02-22 11:23:09 +0900 a71dd35 added http_headers
  • 2024-02-22 09:32:55 +0900 c2c4adf solidfied the Python3 only mindset
  • 2024-02-19 16:45:40 +0900 64f3a01 brought man page up to date
  • 2024-02-18 18:48:47 +0900 618d02e create dummy loa document on-the-fly with very-basic pdf content
  • 2024-02-17 08:13:17 +0900 4b2ec55 CHANGELOG.md pushed to github
  • 2024-02-17 08:12:56 +0900 c7d9ae3 2.19.0
  • 2024-02-17 08:10:02 +0900 9135f17 typo introduced before 2.18.x - now fixed
  • 2024-02-17 08:09:18 +0900 3901158 purge_cache test - was chasing a different bug
  • 2024-02-14 13:42:44 -0800 ba42673 typo
  • 2024-02-12 14:24:48 -0800 c5b035a CHANGELOG.md pushed to github

... (truncated)

Commits


Updates django from 5.0.2 to 5.0.6

Commits
  • 2719a7f [5.0.x] Bumped version for 5.0.6 release.
  • c90b20f [5.0.x] Added release notes for 5.0.6 and 4.2.13.
  • 0504608 [5.0.x] Added stub release notes for 5.0.6.
  • 2fa9fe3 [5.0.x] Post-release version bump.
  • b6844c6 [5.0.x] Bumped version for 5.0.5 release.
  • e1eecba [5.0.x] Added release date for 5.0.5 and 4.2.12.
  • 9b5029f [5.0.x] Fixed #35426 -- Updated querysets to be a required argument of Generi...
  • ac9e18f [5.0.x] Refs #35359 -- Fixed OperationTests.test_add_generate_field() test on...
  • 59c3f8a [5.0.x] Fixed #35427 -- Corrected help text for makemessages --extension in d...
  • e18e931 [5.0.x] Refs #35422 -- Fixed typo in docs/releases/5.0.5.txt.
  • Additional commits viewable in compare view


Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/
Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view


Updates pytest from 8.0.1 to 8.2.0

Release notes

Sourced from pytest's releases.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

  • #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

    • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
    • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
    • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
    • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
    • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

    The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

    See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

  • #11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.

    See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

  • #11523: pytest.importorskip{.interpreted-text role="func"} will now issue a warning if the module could be found, but raised ImportError{.interpreted-text role="class"} instead of ModuleNotFoundError{.interpreted-text role="class"}.

    The warning can be suppressed by passing exc_type=ImportError to pytest.importorskip{.interpreted-text role="func"}.

    See import-or-skip-import-error{.interpreted-text role="ref"} for details.

  • #11728: For unittest-based tests, exceptions during class cleanup (as raised by functions registered with TestCase.addClassCleanup <unittest.TestCase.addClassCleanup>{.interpreted-text role="meth"}) are now reported instead of silently failing.

  • #11777: Text is no longer truncated in the short test summary info section when -vv is given.

  • #12112: Improved namespace packages detection when consider_namespace_packages{.interpreted-text role="confval"} is enabled, covering more situations (like editable installs).

  • #9502: Added PYTEST_VERSION{.interpreted-text role="envvar"} environment variable which is defined at the start of the pytest session and undefined afterwards. It contains the value of pytest.__version__, and among other things can be used to easily check if code is running from within a pytest run.

Bug Fixes

  • #12065: Fixed a regression in pytest 8.0.0 where test classes containing setup_method and tests using @staticmethod or @classmethod would crash with AttributeError: 'NoneType' object has no attribute 'setup_method'.

    Now the request.instance <pytest.FixtureRequest.instance>{.interpreted-text role="attr"} attribute of tests using @staticmethod and @classmethod is no longer None, but a fresh instance of the class, like in non-static methods.

... (truncated)

Commits
  • 6bd3f31 Tweak changelog for 8.2.0
  • 9b6219b Prepare release version 8.2.0
  • 835765c Merge pull request #12130 from bluetech/fixtures-inline
  • 7e7503c unittest: report class cleanup exceptions (#12250)
  • 882c4da fixtures: inline fail_fixturefunc
  • 2e8fb9f fixtures: extract a _check_fixturedef method
  • acf2971 fixtures: inline _getnextfixturedef into _get_active_fixturedef
  • 3c77aec fixtures: move "request" check early
  • d217d68 fixtures: inline _compute_fixture_value
  • 530be28 fixtures: use early return in _get_active_fixturedef
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 6 months ago

Superseded by #427.