search

voxpupuli / puppetboard

Web frontend for PuppetDB
https://pypi.org/project/puppetboard/
Apache License 2.0
708 stars 239 forks source link

Bump the python group across 1 directory with 18 updates #1174

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps the python group with 18 updates in the / directory:

Package From To
certifi 2024.7.4 2024.8.30
charset-normalizer 3.3.2 3.4.0
flask-wtf 1.2.1 1.2.2
idna 3.7 3.10
markupsafe 2.1.5 3.0.2
pyparsing 3.1.2 3.2.0
urllib3 2.2.2 2.2.3
werkzeug 3.0.3 3.0.6
wtforms 3.1.2 3.2.1
zipp 3.19.2 3.20.2
gunicorn 22.0.0 23.0.0
coverage 7.6.1 7.6.4
pytest 8.3.2 8.3.3
pylint 3.2.6 3.3.1
pytest-randomly 3.15.0 3.16.0
bandit 1.7.9 1.7.10
mypy 1.11.1 1.13.0
types-setuptools 71.1.0.20240806 75.2.0.20241025

Updates certifi from 2024.7.4 to 2024.8.30

Commits


Updates charset-normalizer from 3.3.2 to 3.4.0

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.0

🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] All of this while our community is still struggling to make a firm advancement in HTTP clients. Now, many of you use Requests as the defacto http client, now, and for many years now, Requests has been frozen. Being left in a vegetative state and not evolving, this blocked millions of developers from using more advanced features.

We promptly invite Python developers to look at the drop-in replacement for Requests, namely Niquests. It leverage charset-normalizer in a better way! Check it out, you will be positively surprised! Don't wait another decade.

We are thankful to @​microsoft and involved parties for funding our work through the Microsoft FOSS Fund program.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Changelog

Sourced from charset-normalizer's changelog.

3.4.0 (2024-10-08)

Added

  • Argument --no-preemptive in the CLI to prevent the detector to search for hints.
  • Support for Python 3.13 (#512)

Fixed

  • Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
  • Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
  • Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)
Commits
  • f3118e3 :wrench: change download/upload artifact version to last working version
  • 33e67e8 :wrench: set compile-generator in generator_generic_slsa3 action
  • 73dd24c :wrench: add explicit build deps to setuptools
  • 78f1e9b :wrench: attempt to fix cd.yml *3
  • 56ae702 :wrench: attempt to fix cd.yml *2
  • 9720055 :wrench: attempt to fix cd.yml (macos part)
  • 1e10d06 Update CHANGELOG.md
  • 36c103a :bookmark: Release 3.4.0 (#545)
  • 7658dfc :arrow_up: Bump github/codeql-action from 3.26.11 to 3.26.12 (#544)
  • ca2535d :arrow_up: Bump github/codeql-action from 3.26.9 to 3.26.11 (#542)
  • Additional commits viewable in compare view


Updates flask-wtf from 1.2.1 to 1.2.2

Release notes

Sourced from flask-wtf's releases.

v1.2.2

  • Move the project to the pallets-eco organization. #602
  • Stop support for Python 3.8. Start support for Python 3.13. #603
Changelog

Sourced from flask-wtf's changelog.

Version 1.2.2

Released 2024-10-20

  • Move the project to the pallets-eco organization. :pr:602
  • Stop support for Python 3.8. Start support for Python 3.13. :pr:603
Commits
  • 2e14295 chore: pre-commit autoupdate
  • 552b7a7 chore: bump to 1.2.2
  • 32f1276 chore: install 'build' dependency for the release GHA workflow
  • f712367 chore: dependencies update
  • b929162 chore: use Flask inspired GHA workflow
  • 07049e3 Merge pull request #604 from azmeuk/flask-pre-commit
  • 49a1380 chore: pre-commit configuration insipred from Flask
  • f2bbd1b Merge pull request #603 from azmeuk/py313
  • d3cd8bf chore: stop support for python 3.8; start support for python 3.13
  • 0b2e5e4 Merge pull request #602 from azmeuk/pallets-eco
  • Additional commits viewable in compare view


Updates idna from 3.7 to 3.10

Release notes

Sourced from idna's releases.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

  • Fix regression where IDNAError exception was not being produced for certain inputs.
  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
  • Documentation improvements
  • Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: https://github.com/kjd/idna/compare/v3.7...v3.8

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

  • Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

  • Update to Unicode 16.0.0
  • Deprecate setup.cfg in favour of pyproject.toml
  • Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

  • Fix regression where IDNAError exception was not being produced for certain inputs.
  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
  • Documentation improvements
  • Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Commits


Updates markupsafe from 2.1.5 to 3.0.2

Release notes

Sourced from markupsafe's releases.

3.0.2

This is the MarkupSafe 3.0.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.2/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-2 Milestone: https://github.com/pallets/markupsafe/milestone/14?closed=1

  • Fix compatibility when __str__ returns a str subclass. #472
  • Build requires setuptools >= 70.1. #475

3.0.1

This is the MarkupSafe 3.0.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.1/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-1 Milestone: https://github.com/pallets/markupsafe/milestone/13?closed=1

  • Address compiler warnings that became errors in GCC 14. #466
  • Fix compatibility with proxy objects. #467

3.0.0

This is the MarkupSafe 3.0.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. The 3.0.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/MarkupSafe/3.0.0/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-0 Milestone: https://github.com/pallets/markupsafe/milestone/10?closed=1

  • Support Python 3.13 and its experimental free-threaded build. #461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348
  • Change distutils imports to setuptools. #399
  • Use deferred evaluation of annotations. #400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402
  • Speed up escaping plain strings by 40%. #434
  • Simplify speedups implementation. #437
Changelog

Sourced from markupsafe's changelog.

Version 3.0.2

Released 2024-10-18

  • Fix compatibility when __str__ returns a str subclass. :issue:472
  • Build requires setuptools >= 70.1. :issue:475

Version 3.0.1

Released 2024-10-08

  • Address compiler warnings that became errors in GCC 14. :issue:466
  • Fix compatibility with proxy objects. :issue:467

Version 3.0.0

Released 2024-10-07

  • Support Python 3.13 and its experimental free-threaded build. :pr:461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:348
  • Change distutils imports to setuptools. :pr:399
  • Use deferred evaluation of annotations. :pr:400
  • Update signatures for Markup methods to match str signatures. Use positional-only arguments. :pr:400
  • Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. :issue:401
  • The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. :pr:402
  • Speed up escaping plain strings by 40%. :pr:434
  • Simplify speedups implementation. :pr:437
Commits


Updates pyparsing from 3.1.2 to 3.2.0

Changelog

Sourced from pyparsing's changelog.

Version 3.2.0 - October, 2024

  • Discontinued support for Python 3.6, 3.7, and 3.8. Adopted new Python features from Python versions 3.7-3.9:

    • Updated type annotations to use built-in container types instead of names imported from the typing module (e.g., list[str] vs List[str]).
    • Reworked portions of the packrat cache to leverage insertion-preserving ordering in dicts (including removal of uses of OrderedDict).
    • Changed pdb.set_trace() call in ParserElement.set_break() to breakpoint().
    • Converted typing.NamedTuple to dataclasses.dataclass in railroad diagramming code.
    • Added from __future__ import annotations to clean up some type annotations. (with assistance from ISyncWithFoo, issue #535, thanks for the help!)

  • POSSIBLE BREAKING CHANGES

    The following bugfixes may result in subtle changes in the results returned or exceptions raised by pyparsing.

    • Fixed code in ParseElementEnhance subclasses that replaced detailed exception messages raised in contained expressions with a less-specific and less-informative generic exception message and location.

      If your code has conditional logic based on the message content in raised ParseExceptions, this bugfix may require changes in your code.

    • Fixed bug in transform_string() where whitespace in the input string was not properly preserved in the output string.

      If your code uses transform_string, this bugfix may require changes in your code.

    • Fixed bug where an IndexError raised in a parse action was incorrectly handled as an IndexError raised as part of the ParserElement parsing methods, and reraised as a ParseException. Now an IndexError that raises inside a parse action will properly propagate out as an IndexError. (Issue #573, reported by August Karlstedt, thanks!)

      If your code raises IndexErrors in parse actions, this bugfix may require changes in your code.

  • FIXES AND NEW FEATURES

    • Added type annotations to remainder of pyparsing package, and added mypy run to tox.ini, so that type annotations are now run as part of pyparsing's CI. Addresses Issue #373, raised by Iwan Aucamp, thanks!

    • Exception message format can now be customized, by overriding ParseBaseException.format_message:

... (truncated)

Commits
  • 36fc04b Fix docstring with invalid esc sequence
  • a46066d Prep for 3.2.0 release
  • a0c219b Docs cleanup; added new whats_new_* docs for 3.1 and 3.2
  • d9b1f14 Rewrite _collapse_string_to_ranges to use _GroupConsecutive class instead of ...
  • 0d3c2d7 Fix minor internal bug in one_of building regex when all choices are single c...
  • 2165ab2 Cleanup ambiguous "contains" vs "in" usage in mongodb_query_expression.py
  • 25ddb02 Prep for dev before final release
  • 08846ae Prep for release
  • 9ee042b Remove deprecated utcnow()
  • a2b2f25 Final cleanup on mongodb_query_expression.py and mongodb_query_expression_ste...
  • Additional commits viewable in compare view


Updates urllib3 from 2.2.2 to 2.2.3

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added support for Python 3.13. (#3473)

Bugfixes

  • Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)
  • Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)
  • Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)
  • Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)
  • Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

  • Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)
  • Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)
  • Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)
  • Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

  • Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

  • Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)
  • Fixed ResourceWarning on CONNECT with Python `__)
  • Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)
  • Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)
  • Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

  • Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

  • Added version checking for h2 (https://pypi.org/project/h2/) usage.

    Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

  • Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

  • Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

  • Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)
  • Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)
Commits


Updates werkzeug from 3.0.3 to 3.0.6

Release notes

Sourced from werkzeug's releases.

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.6/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6

  • Fix how max_form_memory_size is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j

3.0.5

This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.5/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5 Milestone: https://github.com/pallets/werkzeug/milestone/37?closed=1

  • The Watchdog reloader ignores file closed no write events. #2945
  • Logging works with client addresses containing an IPv6 scope. #2952
  • Ignore invalid authorization parameters. #2955
  • Improve type annotation fore SharedDataMiddleware. #2958
  • Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. #2957

3.0.4

This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.4/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4 Milestone: https://github.com/pallets/werkzeug/milestone/36?closed=1

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. #2930
  • Improve parse_options_header performance when parsing unterminated quoted string values. #2904
  • Debugger pin auth is synchronized across threads/processes when tracking failed entries. #2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. #2926
  • Debugger pin auth works when the URL already contains a query string. #2918
Changelog

Sourced from werkzeug's changelog.

Version 3.0.6

Released 2024-10-25

  • Fix how max_form_memory_size is applied when parsing large non-file fields. :ghsa:q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

Version 3.0.5

Released 2024-10-24

  • The Watchdog reloader ignores file closed no write events. :issue:2945
  • Logging works with client addresses containing an IPv6 scope :issue:2952
  • Ignore invalid authorization parameters. :issue:2955
  • Improve type annotation fore SharedDataMiddleware. :issue:2958
  • Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. :issue:2957

Version 3.0.4

Released 2024-08-21

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. :issue:2930
  • Improve parse_options_header performance when parsing unterminated quoted string values. :issue:2904
  • Debugger pin auth is synchronized across threads/processes when tracking failed entries. :issue:2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. :issue:2926
  • Debugger pin auth works when the URL already contains a query string. :issue:2918
Commits


Updates wtforms from 3.1.2 to 3.2.1

Release notes

Sourced from wtforms's releases.

3.2.1

Released 2024-10-21

  • Fix SelectMultipleBase import. #861 #862

3.2.0

Released 2024-10-20

  • Translations update: korean, chinese (traditional), portugese, russian, dutch, kazakh, swedish, turkish, slovak, ukranian, spanish, french.
  • Move the repository to the pallets-eco organization. #854
  • Stop supporting Python 3.9 and start supporting Python 3.13 #855
  • Removed required flag support from HiddenWidget, RangeWidget and SelectWidget to conform to W3C #810
  • NoneOf and AnyOf can validate multiple valued fields like SelectMultipleField #538 #807
  • Use GHA and pre-commit workflows inspired from Flask. #856 #860

[!WARNING] Some deprecated code was removed (#859):

  • Flags can no longer be tuples. #467
  • iter_choices needs a tuple of 4 items #816

[!WARNING] The key for form errors moved from :data:None to empty string "". #829 #858

[!NOTE]
If you need to keep the old behavior you can set the _form_error_key parameter of your form to :data:None.

Changelog

Sourced from wtforms's changelog.

Version 3.2.1

Released 2024-10-21

  • Fix :class:~fields.SelectMultipleBase import. :issue:861 :pr:862

Version 3.2.0

Released 2024-10-20

  • Translations update: korean, chinese (traditional), portugese, russian, dutch, kazakh, swedish, turkish, slovak, ukranian, spanish, french.

  • Move the repository to the pallets-eco organization. :pr:854

  • Stop supporting Python 3.9 and start supporting Python 3.13 :pr:855

  • Removed required flag support from :class:~fields.HiddenWidget, :class:~fields.RangeWidget and :class:~fields.SelectWidget to conform to W3C :pr:810

  • :class:~wtforms.validators.NoneOf and :class:~wtforms.validators.AnyOf can validate multiple valued fields like :class:~fields.SelectMultipleField :pr:538 :pr:807

  • Use GHA and pre-commit workflows inspired from Flask. :pr:856 :pr:860

  • ⚠️Breaking change⚠️: Some deprecated code was removed (:pr:859):

    • :class:~wtforms.Flags can no longer be tuples. :issue:467
    • iter_choices needs a tuple of 4 items :issue:816

  • ⚠️Breaking change⚠️: The key for form errors moved from :data:None to empty string "". :issue:829 :pr:858

.. note:: If you need to keep the old behavior you can set the _form_error_key parameter of your form to :data:None.

Commits
  • f9a999e chore: bump to 3.2.1
  • 6565960 Merge pull request #862 from azmeuk/issue-861-selectfieldbase
  • ffccfed fix: SelectFieldBase import
  • 6ff08ce chore: install 'build' dependency for the release GHA workflow
  • 2ce93f2 chore: bump to 3.2.0
  • ba21823 docs: changelog update
  • 05ad5da Merge pull request #860 from azmeuk/flask-gha
  • 6867ba9 chore: bump to pallets-sphinx-themes 2.2.0
  • a09d53c chore: use Flask inspired GHA workflow
  • 3ba396e tests: remove useless flake8 related dependency in the style tox env
  • Additional commits viewable in compare view


Updates zipp from 3.19.2 to 3.20.2

Changelog

Sourced from zipp's changelog.

v3.20.2

Bugfixes

  • Make zipp.compat.overlay.zipfile hashable. (#126)

v3.20.1

Bugfixes

  • python/cpython#123270

v3.20.0

Features

  • Made the zipfile compatibility overlay available as zipp.compat.overlay.

v3.19.3

Bugfixes

  • Also match directories in Path.glob. (#121)
Commits


Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT_NAME=/subfolder
  • Additional commits viewable in compare view


Updates coverage from 7.6.1 to 7.6.4

Changelog

Sourced from coverage's changelog.

Version 7.6.4 — 2024-10-20

  • fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880_). This is now fixed.

.. _issue 1880: nedbat/coveragepy#1880

.. _changes_7-6-3:

Version 7.6.3 — 2024-10-13

  • Fix: nested context managers could incorrectly be analyzed to flag a missing branch on the last context manager, as described in issue 1876_. This is now fixed.

  • Fix: the missing branch message about not exiting a module had an extra "didn't," as described in issue 1873_. This is now fixed.

.. _issue 1873: nedbat/coveragepy#1873 .. _issue 1876: nedbat/coveragepy#1876

.. _changes_7-6-2:

Version 7.6.2 — 2024-10-09

  • Dropped support for Python 3.8 and PyPy 3.8.

  • Fix: a final wildcard match/case clause assigning to a name (case _ as value) was incorrectly marked as a missing branch. This is now fixed, closing issue 1860_.

  • Fewer things are considered branches now. Lambdas, comprehensions, and generator expressions are no longer marked as missing branches if they don't complete execution. Closes issue 1852_.

  • Fix: the HTML report didn't properly show multi-line f-strings that end with a backslash continuation. This is now fixed, closing issue 1836, thanks to LiuYinCarl and Marco Ricci <pull 1838_>.

  • Fix: the LCOV report now has correct line numbers (fixing issue 1846) and better branch descriptions for BRDA records (fixing issue 1850). There are other changes to lcov also, including a new configuration option :ref:line_checksums <config_lcov_line_checksums> to control whether line checksums are included in the lcov report. The default is false. To keep checksums set it to true. All this work is thanks to Zack Weinberg

... (truncated)

Commits
  • f24f76b docs: sample HTML for 7.6.4
  • 96e10f7 docs: prep for 7.6.4
  • b8c236a fix: multi-line with-statements exit correctly. #1880
  • 64b7a45 docs: another discord reference
  • 68d7427 docs: Python Discord
  • 43adcea build: include 3.14 in the usual Pythons
  • fb2b49f build: github_releases can update older releases, and pauses to get the sorti...
  • ca550ca 3.0b2 wasn't correctly titled
  • dependabot[bot] commented 2 weeks ago

    Looks like these dependencies are updatable in another way, so this is no longer needed.