From f0a5b2dc2eb229dc461ac14b3b871ec800317e1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 20:13:34 +0300 Subject: [PATCH 1/4] build(deps): Update pydantic requirement from ~=2.5.3 to ~=2.6.1 (#321) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [pydantic](https://github.com/pydantic/pydantic) to permit the latest version.
Release notes

Sourced from pydantic's releases.

v2.6.1 2024-02-05

v2.6.1 (2024-02-05)

What's Changed

Packaging

Fixes

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.6.0...v2.6.1/

Changelog

Sourced from pydantic's changelog.

v2.6.0 (2024-01-23)

GitHub release

The code released in v2.6.0 is practically identical to that of v2.6.0b1.

What's Changed

Packaging

New Features

Changes

Performance

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements-core.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-core.txt b/requirements-core.txt index ffa82f8c..84d84b52 100644 --- a/requirements-core.txt +++ b/requirements-core.txt @@ -1,5 +1,5 @@ uri~=2.0.1 requests~=2.31.0 -pydantic~=2.5.3 +pydantic~=2.6.1 urllib3==2.1.0 email-validator~=2.1.0.post1 From 6ae3830a844107be1a4157a649f12a312ff03fa7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 20:17:02 +0300 Subject: [PATCH 2/4] build(deps): Bump urllib3 from 2.1.0 to 2.2.0 (#319) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.1.0 to 2.2.0.
Release notes

Sourced from urllib3's releases.

2.2.0

🖥️ urllib3 now works in the browser

:tada: This release adds experimental support for using urllib3 in the browser with Pyodide! :tada:

Thanks to Joe Marshall (@​joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
  • Added support for HTTPResponse.read1() method. (#3186)
  • Added rudimentary support for HTTP/2. (#3284)
  • Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
  • Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. (#3130)
  • Fixed an issue where headers passed in a request with json= would be mutated (#3203)
  • Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. (#3267)
  • Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (#3268)
  • Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (#3325)

Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the --integration pytest flag. (#3181)

Changelog

Sourced from urllib3's changelog.

2.2.0 (2024-01-30)

  • Added support for Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>, including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951) <https://github.com/urllib3/urllib3/issues/2951>)
  • Added support for HTTPResponse.read1() method. ([#3186](https://github.com/urllib3/urllib3/issues/3186) <https://github.com/urllib3/urllib3/issues/3186>__)
  • Added rudimentary support for HTTP/2. ([#3284](https://github.com/urllib3/urllib3/issues/3284) <https://github.com/urllib3/urllib3/issues/3284>__)
  • Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. ([#2244](https://github.com/urllib3/urllib3/issues/2244) <https://github.com/urllib3/urllib3/issues/2244>__)
  • Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. ([#3130](https://github.com/urllib3/urllib3/issues/3130) <https://github.com/urllib3/urllib3/issues/3130>__)
  • Fixed an issue where headers passed in a request with json= would be mutated ([#3203](https://github.com/urllib3/urllib3/issues/3203) <https://github.com/urllib3/urllib3/issues/3203>__)
  • Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. ([#3267](https://github.com/urllib3/urllib3/issues/3267) <https://github.com/urllib3/urllib3/issues/3267>__)
  • Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([#3268](https://github.com/urllib3/urllib3/issues/3268) <https://github.com/urllib3/urllib3/issues/3268>__)
  • Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([#3325](https://github.com/urllib3/urllib3/issues/3325) <https://github.com/urllib3/urllib3/issues/3325>__)
  • Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the --integration pytest flag. ([#3181](https://github.com/urllib3/urllib3/issues/3181) <https://github.com/urllib3/urllib3/issues/3181>__)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements-core.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-core.txt b/requirements-core.txt index 84d84b52..80eb6f69 100644 --- a/requirements-core.txt +++ b/requirements-core.txt @@ -1,5 +1,5 @@ uri~=2.0.1 requests~=2.31.0 pydantic~=2.6.1 -urllib3==2.1.0 +urllib3==2.2.0 email-validator~=2.1.0.post1 From 1488931c4a967c64c668c913f9cfbc4974ccb497 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 17:18:02 +0000 Subject: [PATCH 3/4] build(deps): Update mdformat-gfm requirement from ~=0.3.5 to ~=0.3.6 (#317) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [mdformat-gfm](https://github.com/hukkinj1/mdformat-gfm) to permit the latest version.
Commits
  • a532bf0 Bump version: 0.3.5 → 0.3.6
  • 958843b Fix autolink backslash test (markdown-it behavior changed here)
  • 735781e Remove Python 3.7 support
  • 48860d1 Update poetry and pre-commit
  • e60f449 Removes cap on mdit-py-plugins version.
  • cf316a1 Update GitHub actions
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Noor Abu Khleif --- requirements-docs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index 1d1b04c4..4caf8ee9 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -4,7 +4,7 @@ docspec-python~=2.2.1 typer docstring_parser jinja2 -mdformat-gfm~=0.3.5 +mdformat-gfm~=0.3.6 mdformat-footnote~=0.1.1 mdformat-black~=0.1.1 mdformat-tables~=0.4.1 From 76f9f8043c7e67098ca18b5eef03a9ffcca7234f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 20:21:17 +0300 Subject: [PATCH 4/4] build(deps): Update coverage requirement from ~=7.4.0 to ~=7.4.1 (#315) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the requirements on [coverage](https://github.com/nedbat/coveragepy) to permit the latest version.
Changelog

Sourced from coverage's changelog.

Version 7.4.1 — 2024-01-26

  • Python 3.13.0a3 is supported.

  • Fix: the JSON report now includes an explicit format version number, closing issue 1732_.

.. _issue 1732: nedbat/coveragepy#1732

.. _changes_7-4-0:

Version 7.4.0 — 2023-12-27

  • In Python 3.12 and above, you can try an experimental core based on the new :mod:sys.monitoring <python:sys.monitoring> module by defining a COVERAGE_CORE=sysmon environment variable. This should be faster for line coverage, but not for branch coverage, and plugins and dynamic contexts are not yet supported with it. I am very interested to hear how it works (or doesn't!) for you.

.. _changes_7-3-4:

Version 7.3.4 — 2023-12-20

  • Fix: the change for multi-line signature exclusions in 7.3.3 broke other forms of nested clauses being excluded properly. This is now fixed, closing issue 1713_.

  • Fix: in the HTML report, selecting code for copying won't select the line numbers also. Thanks, Robert Harris <pull 1717_>_.

.. _issue 1713: nedbat/coveragepy#1713 .. _pull 1717: nedbat/coveragepy#1717

.. _changes_7-3-3:

Version 7.3.3 — 2023-12-14

  • Fix: function definitions with multi-line signatures can now be excluded by matching any of the lines, closing issue 684. Thanks, Jan Rusak, Maciej Kowalczyk and Joanna Ejzel <pull 1705_>.

  • Fix: XML reports could fail with a TypeError if files had numeric components

... (truncated)

Commits
  • 07588ea test: give hypothesis a little more time
  • 2c96518 build: tags should be signed
  • 8d1857f docs: sample HTML for 7.4.1
  • ddc88f7 docs: prep for 7.4.1
  • 98cd671 docs: correct two library urls
  • 498b8c9 build: coverage runs have to skip windows pypy too
  • 75b22f0 test: ignore color in tracebacks
  • b7c41a2 build: show action environment variables for debugging
  • f8be865 build: run actions on 3.13 since a3 came out.
  • de60a6d build(deps): bump actions/dependency-review-action from 3 to 4
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-test.txt b/requirements-test.txt index 0bb456f6..c07f8285 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,4 +1,4 @@ furl~=2.1.3 prettytable~=3.9.0 virtualenv~=20.25.0 -coverage~=7.4.0 +coverage~=7.4.1