Bump the minor-patch group across 1 directory with 13 updates

[dependabot]

Bumps the minor-patch group with 13 updates in the / directory:

Package	From	To
sqlalchemy	2.0.29	2.0.30
bcrypt	4.1.2	4.1.3
dockerflow	2024.3.0	2024.4.2
jsonschema	4.21.1	4.22.0
newrelic	9.8.0	9.9.1
playwright	1.42.0	1.44.0
pytest	8.1.1	8.2.1
python-rapidjson	1.16	1.17
requests	2.31.0	2.32.0
ruff	0.3.5	0.4.4
werkzeug	3.0.2	3.0.3
sphinx	7.2.6	7.3.7
docutils	0.20.1	0.21.2

Updates sqlalchemy from 2.0.29 to 2.0.30

Release notes

Sourced from sqlalchemy's releases.

2.0.30

Released: May 5, 2024

orm

• [orm] [bug] Added new attribute _orm.ORMExecuteState.is_from_statement to detect statements created using _sql.Select.from_statement(), and enhanced FromStatement to set _orm.ORMExecuteState.is_select, _orm.ORMExecuteState.is_insert, _orm.ORMExecuteState.is_update, and _orm.ORMExecuteState.is_delete according to the element that is sent to the _sql.Select.from_statement() method itself.

  References: #11220

• [orm] [bug] Fixed issue in _orm.selectin_polymorphic() loader option where attributes defined with _orm.composite() on a superclass would cause an internal exception on load.

  References: #11291

• [orm] [bug] [regression] Fixed regression from 1.4 where using _orm.defaultload() in conjunction with a non-propagating loader like _orm.contains_eager() would nonetheless propagate the _orm.contains_eager() to a lazy load operation, causing incorrect queries as this option is only intended to come from an original load.

  References: #11292

• [orm] [bug] Fixed issue in ORM Annotated Declarative where typing issue where literals defined using PEP 695 type aliases would not work with inference of Enum datatypes. Pull request courtesy of Alc-Alc.

  References: #11305

• [orm] [bug] Fixed issue in _orm.selectin_polymorphic() loader option where the SELECT emitted would only accommodate for the child-most class among the result rows that were returned, leading intermediary-class attributes to be unloaded if there were no concrete instances of that intermediary-class present in the result. This issue only presented itself for multi-level inheritance hierarchies.

  References: #11327

• [orm] [bug] Fixed issue in _orm.Session.bulk_save_objects() where the form of the identity key produced when using return_defaults=True would be incorrect. This could lead to an errors during pickling as well as identity map mismatches.

... (truncated)

Commits

• See full diff in compare view

Updates bcrypt from 4.1.2 to 4.1.3

Commits

• 35e5a6f Bump version for 4.1.3 release (#791)
• d99d1e5 Bump autocfg from 1.2.0 to 1.3.0 in /src/_bcrypt (#790)
• 0775d47 allow testing with pytest 8.2.0 (#786)
• 97d09ac Bump base64 from 0.22.0 to 0.22.1 in /src/_bcrypt (#787)
• ee4a9a8 use ubuntu rolling in arm64 CI (#784)
• 7d2474f Bump libc from 0.2.153 to 0.2.154 in /src/_bcrypt (#783)
• 7a252dd Try blocking pytest 8.2.0 (#785)
• 297a915 Remove brew install rust from macOS CI (#782)
• 6b3f99e Bump parking_lot_core from 0.9.9 to 0.9.10 in /src/_bcrypt (#778)
• c88b310 Bump parking_lot from 0.12.1 to 0.12.2 in /src/_bcrypt (#780)
• Additional commits viewable in compare view

Updates dockerflow from 2024.3.0 to 2024.4.2

Release notes

Sourced from dockerflow's releases.

2024.04.2

What's Changed

• Fix docstrings about heartbeat status on warnings (200, not 5XX) by @​wilbrdt in mozilla-services/python-dockerflow#110
• Update Django docs by @​jwhitlock in mozilla-services/python-dockerflow#109
• Allowing for async checks in fastApi. Cleaning up old code. by @​alexcottner in mozilla-services/python-dockerflow#114

New Contributors

• @​wilbrdt made their first contribution in mozilla-services/python-dockerflow#110
• @​alexcottner made their first contribution in mozilla-services/python-dockerflow#114

Full Changelog: mozilla-services/python-dockerflow@2024.4.1...2024.04.2

2024.4.1

What's Changed

• Update changelog for latest release by @​grahamalama in mozilla-services/python-dockerflow#108

Full Changelog: mozilla-services/python-dockerflow@2024.4.0...2024.4.1

2024.4.0

What's Changed

• Fix #79: add support for recent versions of Flask by @​leplatrem in mozilla-services/python-dockerflow#103
• Fix #78: Add support for Sanic 23 by @​leplatrem in mozilla-services/python-dockerflow#104
• Fix #45: Document extra log fields by @​leplatrem in mozilla-services/python-dockerflow#105
• Bugfix: Initialize JsonLogFormatter to pass to handler by @​grahamalama in mozilla-services/python-dockerflow#107

Full Changelog: mozilla-services/python-dockerflow@2024.3.0...2024.4.0

Changelog

Sourced from dockerflow's changelog.

Changelog

2024.4.1

- Update this changelog
  The changelog entry for ``2024.4.0`` was missing from that release
2024.4.0

• Add support for Flask 2.3 and 3.0 (#103)

• Add support for Sanic 23 (#104)

• Document extra log fields (#105)

• Bugfix: Initialize JsonLogFormatter to pass to handler (#107)

Commits

• 391f9ba Allowing for async checks in fastApi. Cleaning up old code. (#114)
• 0424734 Update Django docs (#109)
• f3ff9c3 Fix docstrings about heartbeat status on warnings (200, not 5XX) (#110)
• 9014f6e Update changelog for 2024.4.0 release (#108)
• ea3d2ba (fastapi) Initialize JsonLogFormatter to pass to handler (#107)
• 540563a Fix #45: Document extra log fields (#105)
• 4c5ae34 Add support for Sanic 23 (#104)
• 559aa01 Fix #79: add support for recent versions of Flask (#103)
• See full diff in compare view

Updates jsonschema from 4.21.1 to 4.22.0

Release notes

Sourced from jsonschema's releases.

v4.22.0

What's Changed

• Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
• (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.

New Contributors

• @​shinnar made their first contribution in python-jsonschema/jsonschema#1224

Full Changelog: python-jsonschema/jsonschema@v4.21.1...v4.22.0

Changelog

Sourced from jsonschema's changelog.

v4.22.0

• Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
• (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.

Commits

• 9882dbe Add / ignore the new specification test suite property.
• ebc90bb Merge commit '8fcfc3a674a7188a4fcc822b7a91efb3e0422a20'
• 8fcfc3a Squashed 'json/' changes from b41167c74..54f3784a8
• 30b7537 Pin pyenchant to pre from below until pyenchant/pyenchant#302 is released.
• c3729db Enable doctests for the rest of the referencing page.
• 70a994c Remove a now-unneeded noqa since apparently this is fixed in new ruff.
• e6d0ef1 Fix a minor typo in the referencing example docs.
• bceaf41 Another placeholder benchmark for future optimization.
• b20234e Consider errors from earlier indices (in instances) to be better matches
• 41b49c6 Minor improvement to test failure message when a best match test fails.
• Additional commits viewable in compare view

Updates newrelic from 9.8.0 to 9.9.1

Release notes

Sourced from newrelic's releases.

v9.9.1

https://docs.newrelic.com/docs/release-notes/agent-release-notes/python-release-notes/python-agent-90901/

v9.9.0

https://docs.newrelic.com/docs/release-notes/agent-release-notes/python-release-notes/python-agent-90900/

Commits

• 3e5be52 Fix Celery Instrumentation for Workers (#1133)
• df2b159 Fix gRPC URI Detection (#1137)
• 8884497 Fix LangChain tests and pin langchain to 0.1.16. (#1134)
• 8b9e394 Add method to urllib3 trace (#1130)
• a447772 Merge pull request #1132 from newrelic/drop-3_7-for-jinja
• a1ff84a Merge branch 'main' into drop-3_7-for-jinja
• f697c65 Merge branch 'main' into drop-3_7-for-jinja
• 0aef37a Merge pull request #1131 from newrelic/add-vlite-vectorstore
• 9734878 Add 3.7 testing to version before latest
• b7bcc52 Drop Python 3.7 for jinja testing
• Additional commits viewable in compare view

Updates playwright from 1.42.0 to 1.44.0

Release notes

Sourced from playwright's releases.

v1.44.0

New APIs

Accessibility assertions

• expect(locator).to_have_accessible_name() checks if the element has the specified accessible name:

  locator = page.get_by_role("button")
  expect(locator).to_have_accessible_name("Submit")

• expect(locator).to_have_accessible_description() checks if the element has the specified accessible description:

  locator = page.get_by_role("button")
  expect(locator).to_have_accessible_description("Upload a photo")

• expect(locator).to_have_role() checks if the element has the specified ARIA role:

  locator = page.get_by_test_id("save-button")
  expect(locator).to_have_role("button")

Locator handler

• After executing the handler added with page.add_locator_handler(), Playwright will now wait until the overlay that triggered the handler is not visible anymore. You can opt-out of this behavior with the new no_wait_after option.
• You can use new times option in page.add_locator_handler() to specify maximum number of times the handler should be run.
• The handler in page.add_locator_handler() now accepts the locator as argument.
• New page.remove_locator_handler() method for removing previously added locator handlers.

locator = page.get_by_text("This interstitial covers the button")
page.add_locator_handler(locator, lambda overlay: overlay.locator("#close").click(), times=3, no_wait_after=True)
# Run your tests that can be interrupted by the overlay.
# ...
page.remove_locator_handler(locator)

Miscellaneous options

• expect(page).to_have_url() now supports ignore_case option.

Browser Versions

• Chromium 125.0.6422.14
• Mozilla Firefox 125.0.1
• WebKit 17.4

This version was also tested against the following stable channels:

• Google Chrome 124
• Microsoft Edge 124

... (truncated)

Commits

• 7cc2bc9 chore(roll): roll Playwright to 1.44.0-beta-1715802478000 (#2438)
• e756233 feat(roll): roll Playwright to v1.44.0 (#2433)
• 8dc3978 build(deps): bump pytest from 8.1.1 to 8.2.0 (#2422)
• a053818 test: unflake Firefox tests (#2431)
• 7bd2c7f build(deps): bump mypy from 1.9.0 to 1.10.0 (#2423)
• 789a47e build(deps): bump pytest-xdist from 3.5.0 to 3.6.1 (#2421)
• 5cf07fa build(deps): bump types-pyopenssl from 24.0.0.20240417 to 24.1.0.20240425 (#2...
• 4ac3b49 build(deps): bump black from 24.4.0 to 24.4.2 (#2419)
• 27079a1 devops: upgrade EsrpRelease task to v7 (#2429)
• cb94c25 fix(connect): Future exception was never retrieved on close() (#2427)
• Additional commits viewable in compare view

Updates pytest from 8.1.1 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

• #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

  • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
  • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
  • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
  • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
  • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

  The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

  See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

• #11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.

  See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

... (truncated)

Commits

• 66ff8df Prepare release version 8.2.1
• 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
• 0b28313 [8.2.x] Add Python 3.13 (beta) support
• f3dd93a [8.2.x] Attest package provenance (#12335)
• bb5a125 [8.2.x] Spelling (#12331)
• f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
• 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
• 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
• 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
• cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
• Additional commits viewable in compare view

Updates python-rapidjson from 1.16 to 1.17

Changelog

Sourced from python-rapidjson's changelog.

1.17 (2024-05-18)

* Use `current master`__ version of rapidjson
__ Tencent/rapidjson@5e17dbe...ab1842a


Generate wheels on PyPI using Python 3.13b1 release, thanks to cibuildwheel 2.18.0__
__ https://cibuildwheel.pypa.io/en/stable/changelog/#v2180

Commits

• e3a2527 Release 1.17
• 68d30d7 Update CHANGES.rst
• 5ec7b84 Include the changelog in the documentation
• 5624040 Rectify URL to previous upgrade of underlying rapidjson
• 9eef116 Use cibuildwheel 2.18.0
• e6dbdec Use cibuildwheel 2.17.0
• aeeeea5 Recompute the benchmarks against latest pysimdjson, orjson and ujson
• 046dc46 Upgrade underlying rapidjson library to its current master
• 8b4375c Upgrade development requirements
• See full diff in compare view

Updates requests from 2.31.0 to 2.32.0

Release notes

Sourced from requests's releases.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

• Requests has officially added support for CPython 3.12 (#6503)
• Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
• Requests has officially dropped support for CPython 3.7 (#6642)
• Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

• Various typo fixes and doc improvements.

Packaging

• Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)
• Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

New Contributors

• @​matthewarmand made their first contribution in psf/requests#6258
• @​cpzt made their first contribution in psf/requests#6456

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

• Requests has officially added support for CPython 3.12 (#6503)
• Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
• Requests has officially dropped support for CPython 3.7 (#6642)
• Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

• Various typo fixes and doc improvements.

Packaging

• Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)
• Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

Commits

• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• bf24b7d Use an invalid URI that will not cause httpbin to throw 500
• 2d5f547 Pin 3.8 and 3.9 runners back to macos-13 (#6688)
• f1bb07d Merge pull request #6687 from psf/dependabot/github_actions/github/codeql-act...
• 60047ad Bump github/codeql-action from 3.24.0 to 3.25.0
• 31ebb81 Merge pull request #6682 from frenzymadness/pytest8
• Additional commits viewable in compare view

Updates ruff from 0.3.5 to 0.4.4

Release notes

Sourced from ruff's releases.

v0.4.4

Changes

Preview features

• [pycodestyle] Ignore end-of-line comments when determining blank line rules (#11342)
• [pylint] Detect pathlib.Path.open calls in unspecified-encoding (PLW1514) (#11288)
• [flake8-pyi] Implement PYI059 (generic-not-last-base-class) (#11233)
• [flake8-pyi] Implement PYI062 (duplicate-literal-member) (#11269)

Rule changes

• [flake8-boolean-trap] Allow passing booleans as positional-only arguments in code such as set(True) (#11287)
• [flake8-bugbear] Ignore enum classes in cached-instance-method (B019) (#11312)

Server

• Expand tildes when resolving Ruff server configuration file (#11283)
• Fix ruff server hanging after Neovim closes (#11291)
• Editor settings are used by default if no file-based configuration exists (#11266)

Bug fixes

• [pylint] Consider with statements for too-many-branches (PLR0912) (#11321)
• [flake8-blind-except, tryceratops] Respect logged and re-raised expressions in nested statements (BLE001, TRY201) (#11301)
• Recognise assignments such as __all__ = builtins.list(["foo", "bar"]) as valid __all__ definitions (#11335)

Contributors

• @​Abdur-rahmaanJ
• @​AlexWaygood
• @​KPCOFGS
• @​MichaReiser
• @​augustelalande
• @​blueraft
• @​carljm
• @​carloshbcabral
• @​charliermarsh
• @​dhruvmanila
• @​renovate
• @​snowsignal
• @​tusharsadhwani

v0.4.3

Changes

Enhancements

• Add support for PEP 696 syntax (#11120)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.4

Preview features

• [pycodestyle] Ignore end-of-line comments when determining blank line rules (#11342)
• [pylint] Detect pathlib.Path.open calls in unspecified-encoding (PLW1514) (#11288)
• [flake8-pyi] Implement PYI059 (generic-not-last-base-class) (#11233)
• [flake8-pyi] Implement PYI062 (duplicate-literal-member) (#11269)

Rule changes

• [flake8-boolean-trap] Allow passing booleans as positional-only arguments in code such as set(True) (#11287)
• [flake8-bugbear] Ignore enum classes in cached-instance-method (B019) (#11312)

Server

• Expand tildes when resolving Ruff server configuration file (#11283)
• Fix ruff server hanging after Neovim closes (#11291)
• Editor settings are used by default if no file-based configuration exists (#11266)

Bug fixes

• [pylint] Consider with statements for too-many-branches (PLR0912) (#11321)
• [flake8-blind-except, tryceratops] Respect logged and re-raised expressions in nested statements (BLE001, TRY201) (#11301)
• Recognise assignments such as __all__ = builtins.list(["foo", "bar"]) as valid __all__ definitions (#11335)

0.4.3

Enhancements

• Add support for PEP 696 syntax (#11120)

Preview features

• [refurb] Use function range for reimplemented-operator diagnostics (#11271)
• [refurb] Ignore methods in reimplemented-operator (FURB118) (#11270)
• [refurb] Implement fstring-number-format (FURB116) (#10921)
• [ruff] Implement redirected-noqa (RUF101) (#11052)
• [pyflakes] Distinguish between first-party and third-party imports for fix suggestions (#11168)

Rule changes

• [flake8-bugbear] Ignore non-abstract class attributes when enforcing B024 (#11210)
• [flake8-logging] Include inline instantiations when detecting loggers (#11154)
• [pylint] Also emit PLR0206 for properties with variadic parameters (#11200)
• [ruff] Detect duplicate codes as part of unused-noqa (RUF100) (#10850)

Formatter

• Avoid multiline expression if format specifier is present (#11123)

... (truncated)

Commits

• 3e8878a Bump version to v0.4.4 (#11352)
• b6b4ad9 [red-knot] @​override lint rule (#11282)
• dd42961 [pylint] Detect pathlib.Path.open calls in unspecified-encoding (`PLW15...
• c80c171 [red-knot] Vendor typeshed's stdlib (#11340)
• e2fe177 Revert "Simplify arithmetic operation in logical lines checker (#11346)" (#11...
• e9d1cdd Simplify arithmetic operation in logical lines checker (#11346)
• dfe4291 Improve ruff_python_semantic::all::extract_all_names() (#11335)
• 4541337 [red-knot] Remove \<Db: SemanticDb> contraints in favor of dynamic dispatch ...
• 8e9ddee Ignore end-of-line comments when determining blank line rules (#11342)
• 702d2fa Make B024 and B027 documentation more nuanced (#11341)
• Additional commits viewable in compare view

Updates werkzeug from 3.0.2 to 3.0.3

Release notes

Sourced from werkzeug's releases.

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
• Make reloader more robust when "" is in sys.path. #2823
• Better TLS cert format with adhoc dev certs. #2891
• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828
• Type annotation for Rule.endpoint and other uses of endpoint is Any. #2836

Changelog

Sourced from werkzeug's changelog.

Version 3.0.3

Released 2024-05-05

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:2g68-c3qc-8985

• Make reloader more robust when "" is in sys.path. :pr:2823

• Better TLS cert format with adhoc dev certs. :pr:2891

• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:2828

• Type annotation for Rule.endpoint and other uses of endpoint is Any. :issue:2836

• Make reloader more robust when "" is in sys.path. :pr:2823

Commits

• f9995e9 release version 3.0.3
• 3386395 Merge pull request from GHSA-2g68-c3qc-8985
• 890b6b6 only require trusted host for evalex
• 71b69df restrict debugger trusted hosts
• d2d3869 endpoint type is Any (#2895)
• 7080b55 endpoint type is Any
• 7555eff remove iri_to_uri redirect workaround (#2894)
• 97fb2f7 remove _invalid_iri_to_uri workaround
• 249527f make cn field a valid single hostname, and use wildcard in SANs field. (#2892)
• 793be47 update adhoc tls dev cert format
• Additional commits viewable in compare view

Updates sphinx from 7.2.6 to 7.3.7

Release notes

Sourced from sphinx's releases.

Sphinx 7.3.7

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.6

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.5

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.4

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.3

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 7.3.2

Changelog:

[dependabot]

Superseded by #3415.