Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 18 updates #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the pip group across 1 directory with 18 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 15, 2024

Bumps the pip group with 18 updates in the / directory:

Package From To
wheel 0.34.2 0.38.1
dash 1.9.1 2.15.0
loguru 0.4.1 0.5.3
twisted 20.3.0 24.7.0
requests 2.23.0 2.32.2
brotli 1.0.7 1.1.0
certifi 2019.11.28 2024.7.4
cryptography 2.8 43.0.1
dash-core-components 1.8.1 2.0.0
dash-html-components 1.0.2 2.0.0
flask 1.1.1 2.2.5
future 0.18.2 0.18.3
idna 2.9 3.7
jinja2 2.11.1 3.1.4
lxml 4.5.0 4.9.1
numpy 1.18.2 1.22.0
urllib3 1.25.8 1.26.19
werkzeug 1.0.0 3.0.6

Updates wheel from 0.34.2 to 0.38.1

Changelog

Sourced from wheel's changelog.

Release Notes

0.45.0 (2024-11-08)

  • Refactored the convert command to not need setuptools to be installed

  • Don't configure setuptools logging unless running bdist_wheel

  • Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

    Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri)

0.44.0 (2024-08-04)

  • Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)
  • Deprecated the bdist_wheel module, as the code was migrated to setuptools itself

0.43.0 (2024-03-11)

  • Dropped support for Python 3.7
  • Updated vendored packaging to 24.0

0.42.0 (2023-11-26)

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

  • Updated vendored packaging to 23.2
  • Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

  • Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
  • Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)
  • Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

... (truncated)

Commits
  • 6f1608d Created a new release
  • cf8f5ef Moved news item from PR #484 to its proper place
  • 9ec2016 Removed install dependency on setuptools (#483)
  • 747e1f6 Fixed PyPy SOABI parsing (#484)
  • 7627548 [pre-commit.ci] pre-commit autoupdate (#480)
  • 7b9e8e1 Test on Python 3.11 final
  • a04dfef Updated the pypi-publish action
  • 94bb62c Fixed docs not building due to code style changes
  • d635664 Updated the codecov action to the latest version
  • fcb94cd Updated version to match the release
  • Additional commits viewable in compare view

Updates dash from 1.9.1 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

  • #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
  • #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
    • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
    • Add tooltip.style a style object to give to the div of the tooltip.
    • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
  • #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

  • #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

  • #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
  • #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

  • #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

  • #2672 Fix get_caller_name in case the source is not available.

Changed

  • #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

  • #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

  • #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

  • #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
  • #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

  • #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

  • #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
  • #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
    • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
    • Add tooltip.style a style object to give to the div of the tooltip.
    • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
  • #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

  • #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

  • #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
  • #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

  • #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

  • #2672 Fix get_caller_name in case the source is not available.

Changed

  • #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

  • #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

  • #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

  • #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
  • #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

Updates loguru from 0.4.1 to 0.5.3

Release notes

Sourced from loguru's releases.

0.5.3

  • Fix child process possibly hanging at exit while combining enqueue=True with third party library like uwsgi (#309, thanks @​dstlmrk).
  • Fix possible exception during formatting of non-string messages (#331).

0.5.2

  • Fix AttributeError within handlers using serialize=True when calling logger.exception() outside of the context of an exception (#296).
  • Fix error while logging an exception containing a non-picklable value to a handler with enqueue=True (#298).
  • Add support for async callable classes (with __call__ method) used as sinks (#294, thanks @​jessekrubin).

0.5.1

  • Modify the way the extra dict is used by LogRecord in order to prevent possible KeyError with standard logging handlers (#271).
  • Add a new default optional argument to logger.catch(), it should be the returned value by the decorated function in case an error occurred (#272).
  • Fix ValueError when using serialize=True in combination with logger.catch() or logger.opt(record=True) due to circular reference of the record dict (#286).

0.5.0

  • Remove the possibility to modify the severity no of levels once they have been added in order to prevent surprising behavior (#209).
  • Add better support for "structured logging" by automatically adding **kwargs to the extra dict besides using these arguments to format the message. This behavior can be disabled by setting the new .opt(capture=False) parameter (#2).
  • Add a new onerror optional argument to logger.catch(), it should be a function which will be called when an exception occurs in order to customize error handling (#224).
  • Add a new exclude optional argument to logger.catch(), is should be a type of exception to be purposefully ignored and propagated to the caller without being logged (#248).
  • Modify complete() to make it callable from non-asynchronous functions, it can thus be used if enqueue=True to make sure all messages have been processed (#231).
  • Fix possible deadlocks on Linux when multiprocessing.Process() collides with enqueue=True or threading (#231).
  • Fix compression function not executable concurrently due to file renaming (to resolve conflicts) being performed after and not before it (#243).
  • Fix the filter function listing files for retention being too restrictive, it now matches files based on the pattern "basename(.*).ext(.*)" (#229).
  • Fix the impossibility to remove() a handler if an exception is raised while the sink' stop() function is called (#237).
  • Fix file sink left in an unstable state if an exception occurred during retention or compression process (#238).
  • Fix situation where changes made to record["message"] were unexpectedly ignored when opt(colors=True), causing "out-of-date" message to be logged due to implementation details (#221).
  • Fix possible exception if a stream having an isatty() method returning True but not being compatible with colorama is used on Windows (#249).
  • Fix exceptions occurring in coroutine sinks never retrieved and hence causing warnings (#227).
Changelog

Sourced from loguru's changelog.

0.5.3_ (2020-09-20)

  • Fix child process possibly hanging at exit while combining enqueue=True with third party library like uwsgi ([#309](https://github.com/Delgan/loguru/issues/309) <https://github.com/Delgan/loguru/issues/309>, thanks @dstlmrk <https://github.com/dstlmrk>).
  • Fix possible exception during formatting of non-string messages ([#331](https://github.com/Delgan/loguru/issues/331) <https://github.com/Delgan/loguru/issues/331>_).

0.5.2_ (2020-09-06)

  • Fix AttributeError within handlers using serialize=True when calling logger.exception() outside of the context of an exception ([#296](https://github.com/Delgan/loguru/issues/296) <https://github.com/Delgan/loguru/issues/296>_).
  • Fix error while logging an exception containing a non-picklable value to a handler with enqueue=True ([#298](https://github.com/Delgan/loguru/issues/298) <https://github.com/Delgan/loguru/issues/298>_).
  • Add support for async callable classes (with __call__ method) used as sinks ([#294](https://github.com/Delgan/loguru/issues/294) <https://github.com/Delgan/loguru/pull/294>, thanks @jessekrubin <https://github.com/jessekrubin>).

0.5.1_ (2020-06-12)

  • Modify the way the extra dict is used by LogRecord in order to prevent possible KeyError with standard logging handlers ([#271](https://github.com/Delgan/loguru/issues/271) <https://github.com/Delgan/loguru/issues/271>_).
  • Add a new default optional argument to logger.catch(), it should be the returned value by the decorated function in case an error occurred ([#272](https://github.com/Delgan/loguru/issues/272) <https://github.com/Delgan/loguru/issues/272>_).
  • Fix ValueError when using serialize=True in combination with logger.catch() or logger.opt(record=True) due to circular reference of the record dict ([#286](https://github.com/Delgan/loguru/issues/286) <https://github.com/Delgan/loguru/issues/286>_).

0.5.0_ (2020-05-17)

  • Remove the possibility to modify the severity no of levels once they have been added in order to prevent surprising behavior ([#209](https://github.com/Delgan/loguru/issues/209) <https://github.com/Delgan/loguru/issues/209>_).
  • Add better support for "structured logging" by automatically adding **kwargs to the extra dict besides using these arguments to format the message. This behavior can be disabled by setting the new .opt(capture=False) parameter ([#2](https://github.com/Delgan/loguru/issues/2) <https://github.com/Delgan/loguru/issues/2>_).
  • Add a new onerror optional argument to logger.catch(), it should be a function which will be called when an exception occurs in order to customize error handling ([#224](https://github.com/Delgan/loguru/issues/224) <https://github.com/Delgan/loguru/issues/224>_).
  • Add a new exclude optional argument to logger.catch(), is should be a type of exception to be purposefully ignored and propagated to the caller without being logged ([#248](https://github.com/Delgan/loguru/issues/248) <https://github.com/Delgan/loguru/issues/248>_).
  • Modify complete() to make it callable from non-asynchronous functions, it can thus be used if enqueue=True to make sure all messages have been processed ([#231](https://github.com/Delgan/loguru/issues/231) <https://github.com/Delgan/loguru/issues/231>_).
  • Fix possible deadlocks on Linux when multiprocessing.Process() collides with enqueue=True or threading ([#231](https://github.com/Delgan/loguru/issues/231) <https://github.com/Delgan/loguru/issues/231>_).
  • Fix compression function not executable concurrently due to file renaming (to resolve conflicts) being performed after and not before it ([#243](https://github.com/Delgan/loguru/issues/243) <https://github.com/Delgan/loguru/issues/243>_).
  • Fix the filter function listing files for retention being too restrictive, it now matches files based on the pattern "basename(.*).ext(.*)" ([#229](https://github.com/Delgan/loguru/issues/229) <https://github.com/Delgan/loguru/issues/229>_).
  • Fix the impossibility to remove() a handler if an exception is raised while the sink' stop() function is called ([#237](https://github.com/Delgan/loguru/issues/237) <https://github.com/Delgan/loguru/issues/237>_).
  • Fix file sink left in an unstable state if an exception occurred during retention or compression process ([#238](https://github.com/Delgan/loguru/issues/238) <https://github.com/Delgan/loguru/issues/238>_).
  • Fix situation where changes made to record["message"] were unexpectedly ignored when opt(colors=True), causing "out-of-date" message to be logged due to implementation details ([#221](https://github.com/Delgan/loguru/issues/221) <https://github.com/Delgan/loguru/issues/221>_).
  • Fix possible exception if a stream having an isatty() method returning True but not being compatible with colorama is used on Windows ([#249](https://github.com/Delgan/loguru/issues/249) <https://github.com/Delgan/loguru/issues/249>_).
  • Fix exceptions occurring in coroutine sinks never retrieved and hence causing warnings ([#227](https://github.com/Delgan/loguru/issues/227) <https://github.com/Delgan/loguru/issues/227>_).
Commits
  • f31e971 Bump version to 0.5.3
  • 3394fdb Update Changelog to reference #309 fix
  • 44f6771 Fix removing simple queue in child processes (#325)
  • 296635c Fix possible exception while formatting non-string message (#331)
  • b77f4fd Correct simple typo in docs, propogates -> propagates (#323)
  • e48f3e4 Bump version to 0.5.2
  • d93c19f Flesh out the few remaining incomplete annotations (#316)
  • 084dffd Fix tests fails (since pytest upgrade) due to standard logging misuse
  • 9a40e58 Fix error with "enqueue=True" and non-picklable exception (#298)
  • 6f86f48 Refactor usage of "inspect" functions for simplification
  • Additional commits viewable in compare view

Updates twisted from 20.3.0 to 24.7.0

Release notes

Sourced from twisted's releases.

Twisted 24.7.0 (2024-08-08)

24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) No other changes since 24.7.0.rc2

Features

  • twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
  • twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
  • twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
  • twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
  • twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
  • Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
  • twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
  • twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)

Bugfixes

  • Fixed unreleased regression caused by PR #12109. (#12279)
  • twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
  • Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
  • twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
  • twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)

Improved Documentation

  • The IRC server example found in the documentation was updated for readability. (#12097)
  • Remove contextvars from list of optional dependencies. (#12128)
  • The documentation for installing Twisted was moved into a single page. (#12145)
  • The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
  • Updated imap4client.py example, it no longer references Python 2. (#12252)

Deprecations and Removals

  • twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)
  • The twisted-iocpsupport is no longer a hard dependency on Windows. The IOCP support is now installed together with the other Windows soft dependencies via twisted[windows-platform]. (#11893)
  • twisted.python.deprecate helper function will now always strip whitespaces from the docstrings. This is done to have the same behaviour as with Python 3.13. (#12063)
  • twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse async argument, deprecated since 18.9.0, has been removed. (#12130)
  • twisted.web.soap was removed.

... (truncated)

Changelog

Sourced from twisted's changelog.

Twisted 24.7.0 (2024-08-08)

24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) No other changes since 24.7.0.rc2

Security Advisories

Features

  • twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
  • twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
  • twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
  • twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
  • twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
  • Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
  • twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
  • twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)

Bugfixes

  • twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
  • Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
  • twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
  • twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)

Improved Documentation

  • The IRC server example found in the documentation was updated for readability. (#12097)
  • Remove contextvars from list of optional dependencies. (#12128)
  • The documentation for installing Twisted was moved into a single page. (#12145)
  • The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
  • Updated imap4client.py example, it no longer references Python 2. (#12252)

Deprecations and Removals

  • twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)

... (truncated)

Commits

Updates requests from 2.23.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates brotli from 1.0.7 to 1.1.0

Release notes

Sourced from brotli's releases.

v1.1.0

Added

  • decoder: BrotliDecoderAttachDictionary
  • decoder: BrotliDecoderOnFinish callback behind BROTLI_REPORTING
  • decoder: BrotliDecoderSetMetadataCallbacks
  • encoder: BrotliEncoderPrepareDictionary, BrotliEncoderDestroyPreparedDictionary, BrotliEncoderAttachPreparedDictionary
  • decoder: BrotliEncoderOnFinish callback behind BROTLI_REPORTING
  • common: BrotliSharedDictionaryCreateInstance, BrotliSharedDictionaryDestroyInstance, BrotliSharedDictionaryAttach
  • CLI: --dictionary option
  • java: encoder wrapper: Parameters.mode
  • java: Brotli{Input|Output}Stream.attachDictionary
  • java: wrapper: partial byte array input
  • typescript: decoder (transpiled from Java)

Removed

  • build: BROTLI_BUILD_PORTABLE option

Fixed

  • java: JNI decoder failed sometimes on power of 2 payloads

Improved

  • java / js: smaller decoder footprint
  • decoder: faster decoding
  • encoder: faster encoding
  • encoder: smaller stack frames

v1.1.0rc

Added

  • decoder: BrotliDecoderAttachDictionary
  • decoder: BrotliDecoderOnFinish callback behind BROTLI_REPORTING
  • decoder: BrotliDecoderSetMetadataCallbacks
  • encoder: BrotliEncoderPrepareDictionary, BrotliEncoderDestroyPreparedDictionary, BrotliEncoderAttachPreparedDictionary
  • decoder: BrotliEncoderOnFinish callback behind BROTLI_REPORTING
  • common: BrotliSharedDictionaryCreateInstance, BrotliSharedDictionaryDestroyInstance, BrotliSharedDictionaryAttach
  • CLI: --dictionary option
  • java: encoder wrapper: Parameters.mode
  • java: Brotli{Input|Output}Stream.attachDictionary
  • java: wrapper: partial byte array input
  • typescript: decoder (transpiled from Java)

Removed

  • build: BROTLI_BUILD_PORTABLE option

... (truncated)

Changelog

Sourced from brotli's changelog.

[1.1.0] - 2023-08-28

Added

  • decoder: BrotliDecoderAttachDictionary
  • decoder: BrotliDecoderOnFinish callback behind BROTLI_REPORTING
  • decoder: BrotliDecoderSetMetadataCallbacks
  • encoder: BrotliEncoderPrepareDictionary, BrotliEncoderDestroyPreparedDictionary, BrotliEncoderAttachPreparedDictionary
  • decoder: BrotliEncoderOnFinish callback behind BROTLI_REPORTING
  • common: BrotliSharedDictionaryCreateInstance, BrotliSharedDictionaryDestroyInstance, BrotliSharedDictionaryAttach
  • CLI: --dictionary option
  • java: encoder wrapper: Parameters.mode
  • java: Brotli{Input|Output}Stream.attachDictionary
  • java: wrapper: partial byte array input
  • typescript: decoder (transpiled from Java)

Removed

  • build: BROTLI_BUILD_PORTABLE option

Fixed

  • java: JNI decoder failed sometimes on power of 2 payloads

Improved

  • java / js: smaller decoder footprint
  • decoder: faster decoding
  • encoder: faster encoding
  • encoder: smaller stack frames

[1.0.9] - 2020-08-27

Re-release of 1.0.8.

[1.0.8] - 2020-08-27

SECURITY

Added

  • encoder: BROTLI_PARAM_STREAM_OFFSET

Improved

  • CLI: better reporting
  • CLI: workaround for "lying feof"
  • java: faster decoding
  • java: support "large window"

... (truncated)

Commits
  • ed738e8 more sophisticated golang TestEncoderFlush
  • e7313b0 tune memory manager for BROTLI_EXPERIMENTAL
  • c1bd196 comb HAVE_UTIMENSAT definition
  • 2a5a088 more tuning for BROTLI_EXPERIMENTAL + clean-on-oom
  • feb6d8b prepare for 1.1.0rc
  • 3ebb2d3 Move serialized dictionary feature behind the flag.
  • 0f2157c Update comment; fixes #1061
  • 9ff341d Replace TS strict_checks with source-level suppressions.
  • 8c79230 reduce amount of padding in decoder structs
  • a560089 speedup q5-9 on large files
  • Additional commits viewable in compare view

Updates certifi from 2019.11.28 to 2024.7.4

Commits

Updates cryptography from 2.8 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.

.. _v43-0-0:


43.0.0 - 2024-07-20

  • BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.
  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
  • Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
  • :func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.
  • :func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.
  • Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.
  • Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
  • Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)
  • Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.
  • Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
  • Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.
  • Added support for parsing empty DN string in

... (truncated)

Commits

@dependabot
Bump the pip group across 1 directory with 18 updates
ae48189 
Bumps the pip group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [wheel](https://github.com/pypa/wheel) | `0.34.2` | `0.38.1` |
| [dash](https://github.com/plotly/dash) | `1.9.1` | `2.15.0` |
| [loguru](https://github.com/Delgan/loguru) | `0.4.1` | `0.5.3` |
| [twisted](https://github.com/twisted/twisted) | `20.3.0` | `24.7.0` |
| [requests](https://github.com/psf/requests) | `2.23.0` | `2.32.2` |
| [brotli](https://github.com/google/brotli) | `1.0.7` | `1.1.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2019.11.28` | `2024.7.4` |
| [cryptography](https://github.com/pyca/cryptography) | `2.8` | `43.0.1` |
| [dash-core-components](https://github.com/plotly/dash-component-boilerplate) | `1.8.1` | `2.0.0` |
| [dash-html-components](https://github.com/plotly/dash-html-components) | `1.0.2` | `2.0.0` |
| [flask](https://github.com/pallets/flask) | `1.1.1` | `2.2.5` |
| [future](https://github.com/PythonCharmers/python-future) | `0.18.2` | `0.18.3` |
| [idna](https://github.com/kjd/idna) | `2.9` | `3.7` |
| [jinja2](https://github.com/pallets/jinja) | `2.11.1` | `3.1.4` |
| [lxml](https://github.com/lxml/lxml) | `4.5.0` | `4.9.1` |
| [numpy](https://github.com/numpy/numpy) | `1.18.2` | `1.22.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.25.8` | `1.26.19` |
| [werkzeug](https://github.com/pallets/werkzeug) | `1.0.0` | `3.0.6` |



Updates `wheel` from 0.34.2 to 0.38.1
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.34.2...0.38.1)

Updates `dash` from 1.9.1 to 2.15.0
- [Release notes](https://github.com/plotly/dash/releases)
- [Changelog](https://github.com/plotly/dash/blob/dev/CHANGELOG.md)
- [Commits](plotly/dash@v1.9.1...v2.15.0)

Updates `loguru` from 0.4.1 to 0.5.3
- [Release notes](https://github.com/Delgan/loguru/releases)
- [Changelog](https://github.com/Delgan/loguru/blob/master/CHANGELOG.rst)
- [Commits](Delgan/loguru@0.4.1...0.5.3)

Updates `twisted` from 20.3.0 to 24.7.0
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](twisted/twisted@twisted-20.3.0...twisted-24.7.0)

Updates `requests` from 2.23.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.23.0...v2.32.2)

Updates `brotli` from 1.0.7 to 1.1.0
- [Release notes](https://github.com/google/brotli/releases)
- [Changelog](https://github.com/google/brotli/blob/master/CHANGELOG.md)
- [Commits](google/brotli@v1.0.7...v1.1.0)

Updates `certifi` from 2019.11.28 to 2024.7.4
- [Commits](certifi/python-certifi@2019.11.28...2024.07.04)

Updates `cryptography` from 2.8 to 43.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@2.8...43.0.1)

Updates `dash-core-components` from 1.8.1 to 2.0.0
- [Commits](https://github.com/plotly/dash-component-boilerplate/commits)

Updates `dash-html-components` from 1.0.2 to 2.0.0
- [Changelog](https://github.com/plotly/dash-html-components/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/plotly/dash-html-components/commits)

Updates `flask` from 1.1.1 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@1.1.1...2.2.5)

Updates `future` from 0.18.2 to 0.18.3
- [Release notes](https://github.com/PythonCharmers/python-future/releases)
- [Changelog](https://github.com/PythonCharmers/python-future/blob/master/docs/changelog.rst)
- [Commits](PythonCharmers/python-future@v0.18.2...v0.18.3)

Updates `idna` from 2.9 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v2.9...v3.7)

Updates `jinja2` from 2.11.1 to 3.1.4
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@2.11.1...3.1.4)

Updates `lxml` from 4.5.0 to 4.9.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.5.0...lxml-4.9.1)

Updates `numpy` from 1.18.2 to 1.22.0
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.18.2...v1.22.0)

Updates `urllib3` from 1.25.8 to 1.26.19
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.25.8...1.26.19)

Updates `werkzeug` from 1.0.0 to 3.0.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@1.0.0...3.0.6)

---
updated-dependencies:
- dependency-name: wheel
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: dash
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: loguru
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: twisted
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: brotli
  dependency-type: indirect
  dependency-group: pip
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: dash-core-components
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: dash-html-components
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: future
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: idna
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: lxml
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: numpy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants