Bump the minor-patch group across 1 directory with 13 updates

[dependabot]

Bumps the minor-patch group with 13 updates in the / directory:

Package	From	To
sqlalchemy	2.0.29	2.0.30
bcrypt	4.1.2	4.1.3
dockerflow	2024.3.0	2024.4.2
jsonschema	4.21.1	4.22.0
newrelic	9.8.0	9.10.0
playwright	1.42.0	1.44.0
pytest	8.1.1	8.2.1
python-rapidjson	1.16	1.17
requests	2.31.0	2.32.2
ruff	0.3.5	0.4.5
werkzeug	3.0.2	3.0.3
sphinx	7.2.6	7.3.7
docutils	0.20.1	0.21.2

Updates sqlalchemy from 2.0.29 to 2.0.30

Release notes

Sourced from sqlalchemy's releases.

2.0.30

Released: May 5, 2024

orm

• [orm] [bug] Added new attribute _orm.ORMExecuteState.is_from_statement to detect statements created using _sql.Select.from_statement(), and enhanced FromStatement to set _orm.ORMExecuteState.is_select, _orm.ORMExecuteState.is_insert, _orm.ORMExecuteState.is_update, and _orm.ORMExecuteState.is_delete according to the element that is sent to the _sql.Select.from_statement() method itself.

  References: #11220

• [orm] [bug] Fixed issue in _orm.selectin_polymorphic() loader option where attributes defined with _orm.composite() on a superclass would cause an internal exception on load.

  References: #11291

• [orm] [bug] [regression] Fixed regression from 1.4 where using _orm.defaultload() in conjunction with a non-propagating loader like _orm.contains_eager() would nonetheless propagate the _orm.contains_eager() to a lazy load operation, causing incorrect queries as this option is only intended to come from an original load.

  References: #11292

• [orm] [bug] Fixed issue in ORM Annotated Declarative where typing issue where literals defined using PEP 695 type aliases would not work with inference of Enum datatypes. Pull request courtesy of Alc-Alc.

  References: #11305

• [orm] [bug] Fixed issue in _orm.selectin_polymorphic() loader option where the SELECT emitted would only accommodate for the child-most class among the result rows that were returned, leading intermediary-class attributes to be unloaded if there were no concrete instances of that intermediary-class present in the result. This issue only presented itself for multi-level inheritance hierarchies.

  References: #11327

• [orm] [bug] Fixed issue in _orm.Session.bulk_save_objects() where the form of the identity key produced when using return_defaults=True would be incorrect. This could lead to an errors during pickling as well as identity map mismatches.

... (truncated)

Commits

• See full diff in compare view

Updates bcrypt from 4.1.2 to 4.1.3

Commits

• 35e5a6f Bump version for 4.1.3 release (#791)
• d99d1e5 Bump autocfg from 1.2.0 to 1.3.0 in /src/_bcrypt (#790)
• 0775d47 allow testing with pytest 8.2.0 (#786)
• 97d09ac Bump base64 from 0.22.0 to 0.22.1 in /src/_bcrypt (#787)
• ee4a9a8 use ubuntu rolling in arm64 CI (#784)
• 7d2474f Bump libc from 0.2.153 to 0.2.154 in /src/_bcrypt (#783)
• 7a252dd Try blocking pytest 8.2.0 (#785)
• 297a915 Remove brew install rust from macOS CI (#782)
• 6b3f99e Bump parking_lot_core from 0.9.9 to 0.9.10 in /src/_bcrypt (#778)
• c88b310 Bump parking_lot from 0.12.1 to 0.12.2 in /src/_bcrypt (#780)
• Additional commits viewable in compare view

Updates dockerflow from 2024.3.0 to 2024.4.2

Release notes

Sourced from dockerflow's releases.

2024.04.2

What's Changed

• Fix docstrings about heartbeat status on warnings (200, not 5XX) by @​wilbrdt in mozilla-services/python-dockerflow#110
• Update Django docs by @​jwhitlock in mozilla-services/python-dockerflow#109
• Allowing for async checks in fastApi. Cleaning up old code. by @​alexcottner in mozilla-services/python-dockerflow#114

New Contributors

• @​wilbrdt made their first contribution in mozilla-services/python-dockerflow#110
• @​alexcottner made their first contribution in mozilla-services/python-dockerflow#114

Full Changelog: mozilla-services/python-dockerflow@2024.4.1...2024.04.2

2024.4.1

What's Changed

• Update changelog for latest release by @​grahamalama in mozilla-services/python-dockerflow#108

Full Changelog: mozilla-services/python-dockerflow@2024.4.0...2024.4.1

2024.4.0

What's Changed

• Fix #79: add support for recent versions of Flask by @​leplatrem in mozilla-services/python-dockerflow#103
• Fix #78: Add support for Sanic 23 by @​leplatrem in mozilla-services/python-dockerflow#104
• Fix #45: Document extra log fields by @​leplatrem in mozilla-services/python-dockerflow#105
• Bugfix: Initialize JsonLogFormatter to pass to handler by @​grahamalama in mozilla-services/python-dockerflow#107

Full Changelog: mozilla-services/python-dockerflow@2024.3.0...2024.4.0

Changelog

Sourced from dockerflow's changelog.

Changelog

2024.4.1

- Update this changelog
  The changelog entry for ``2024.4.0`` was missing from that release
2024.4.0

• Add support for Flask 2.3 and 3.0 (#103)

• Add support for Sanic 23 (#104)

• Document extra log fields (#105)

• Bugfix: Initialize JsonLogFormatter to pass to handler (#107)

Commits

• 391f9ba Allowing for async checks in fastApi. Cleaning up old code. (#114)
• 0424734 Update Django docs (#109)
• f3ff9c3 Fix docstrings about heartbeat status on warnings (200, not 5XX) (#110)
• 9014f6e Update changelog for 2024.4.0 release (#108)
• ea3d2ba (fastapi) Initialize JsonLogFormatter to pass to handler (#107)
• 540563a Fix #45: Document extra log fields (#105)
• 4c5ae34 Add support for Sanic 23 (#104)
• 559aa01 Fix #79: add support for recent versions of Flask (#103)
• See full diff in compare view

Updates jsonschema from 4.21.1 to 4.22.0

Release notes

Sourced from jsonschema's releases.

v4.22.0

What's Changed

• Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
• (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.

New Contributors

• @​shinnar made their first contribution in python-jsonschema/jsonschema#1224

Full Changelog: python-jsonschema/jsonschema@v4.21.1...v4.22.0

Changelog

Sourced from jsonschema's changelog.

v4.22.0

• Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
• (Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.

Commits

• 9882dbe Add / ignore the new specification test suite property.
• ebc90bb Merge commit '8fcfc3a674a7188a4fcc822b7a91efb3e0422a20'
• 8fcfc3a Squashed 'json/' changes from b41167c74..54f3784a8
• 30b7537 Pin pyenchant to pre from below until pyenchant/pyenchant#302 is released.
• c3729db Enable doctests for the rest of the referencing page.
• 70a994c Remove a now-unneeded noqa since apparently this is fixed in new ruff.
• e6d0ef1 Fix a minor typo in the referencing example docs.
• bceaf41 Another placeholder benchmark for future optimization.
• b20234e Consider errors from earlier indices (in instances) to be better matches
• 41b49c6 Minor improvement to test failure message when a best match test fails.
• Additional commits viewable in compare view

Updates newrelic from 9.8.0 to 9.10.0

Release notes

Sourced from newrelic's releases.

v9.10.0

Notes

This release of the Python agent adds instrumentation for AIOBotocore, support for Meta Llama3 and Mistral AI in Amazon Bedrock, fixes an error parsing issue in OpenAI, and updates Loguru's instrumentation to use milliseconds instead of seconds.

Install the agent using easy_install/pip/distribute via the Python Package Index or download it directly from the New Relic download site.

New features

• Add AIOBotocore instrumentation

  • Add instrumentation for AIOBotocore. Supports proxy mode in addition to standard operation.

• Add new Amazon Bedrock models

  • Add instrumentation for the following Amazon Bedrock models:
    • Meta Llama3
    • Mistral AI

Bug fixes

• Fix OpenAI error parsing

  • Previously, if an error in OpenAI was encountered, the Python Agent would attempt to override the default error.message within notice_error() with the one used in OpenAI. However, if there was no message attribute in the error, the Python Agent would crash. Now it defaults to the original methodology of error handling by the Python Agent.

• Record timing in Loguru in milliseconds

  • Timing in Loguru is recorded as an integer and if that value was less than 1 second, it would record it as 0s. This changes the units to be in milliseconds instead. Thanks, (@​julia-tadej-wwtech)[https://github.com/julia-tadej-wttech] for the contribution!

Support statement

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date.

See the New Relic Python agent EOL policy for information about agent releases and support dates.

v9.9.1

https://docs.newrelic.com/docs/release-notes/agent-release-notes/python-release-notes/python-agent-90901/

v9.9.0

https://docs.newrelic.com/docs/release-notes/agent-release-notes/python-release-notes/python-agent-90900/

Commits

• b75ea43 AIOBotocore instrumentation (#1135)
• 20c5298 Merge pull request #1148 from newrelic/fix-ensemble-sklearn-tests
• 08a3971 Merge branch 'main' into fix-ensemble-sklearn-tests
• ac28232 Update logger_loguru.py to include milliseconds (#1149)
• e6c2a2f Merge branch 'main' into fix-ensemble-sklearn-tests
• 8b79e6c Merge pull request #1146 from newrelic/fix-parsing-error
• 4ffb603 Fix sklearn ensemble tests.
• acd91f1 Merge branch 'main' into fix-parsing-error
• 6d30f32 Merge pull request #1147 from newrelic/support-llama3
• 8c6bb58 Add support for llama3
• Additional commits viewable in compare view

Updates playwright from 1.42.0 to 1.44.0

Release notes

Sourced from playwright's releases.

v1.44.0

New APIs

Accessibility assertions

• expect(locator).to_have_accessible_name() checks if the element has the specified accessible name:

  locator = page.get_by_role("button")
  expect(locator).to_have_accessible_name("Submit")

• expect(locator).to_have_accessible_description() checks if the element has the specified accessible description:

  locator = page.get_by_role("button")
  expect(locator).to_have_accessible_description("Upload a photo")

• expect(locator).to_have_role() checks if the element has the specified ARIA role:

  locator = page.get_by_test_id("save-button")
  expect(locator).to_have_role("button")

Locator handler

• After executing the handler added with page.add_locator_handler(), Playwright will now wait until the overlay that triggered the handler is not visible anymore. You can opt-out of this behavior with the new no_wait_after option.
• You can use new times option in page.add_locator_handler() to specify maximum number of times the handler should be run.
• The handler in page.add_locator_handler() now accepts the locator as argument.
• New page.remove_locator_handler() method for removing previously added locator handlers.

locator = page.get_by_text("This interstitial covers the button")
page.add_locator_handler(locator, lambda overlay: overlay.locator("#close").click(), times=3, no_wait_after=True)
# Run your tests that can be interrupted by the overlay.
# ...
page.remove_locator_handler(locator)

Miscellaneous options

• expect(page).to_have_url() now supports ignore_case option.

Browser Versions

• Chromium 125.0.6422.14
• Mozilla Firefox 125.0.1
• WebKit 17.4

This version was also tested against the following stable channels:

• Google Chrome 124
• Microsoft Edge 124

... (truncated)

Commits

• 7cc2bc9 chore(roll): roll Playwright to 1.44.0-beta-1715802478000 (#2438)
• e756233 feat(roll): roll Playwright to v1.44.0 (#2433)
• 8dc3978 build(deps): bump pytest from 8.1.1 to 8.2.0 (#2422)
• a053818 test: unflake Firefox tests (#2431)
• 7bd2c7f build(deps): bump mypy from 1.9.0 to 1.10.0 (#2423)
• 789a47e build(deps): bump pytest-xdist from 3.5.0 to 3.6.1 (#2421)
• 5cf07fa build(deps): bump types-pyopenssl from 24.0.0.20240417 to 24.1.0.20240425 (#2...
• 4ac3b49 build(deps): bump black from 24.4.0 to 24.4.2 (#2419)
• 27079a1 devops: upgrade EsrpRelease task to v7 (#2429)
• cb94c25 fix(connect): Future exception was never retrieved on close() (#2427)
• Additional commits viewable in compare view

Updates pytest from 8.1.1 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

8.2.0

pytest 8.2.0 (2024-04-27)

Deprecations

• #12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

  • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
  • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
  • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
  • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
  • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

  The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

  See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

• #11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @tests.txt. The file must have one argument per line.

  See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

... (truncated)

Commits

• 66ff8df Prepare release version 8.2.1
• 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
• 0b28313 [8.2.x] Add Python 3.13 (beta) support
• f3dd93a [8.2.x] Attest package provenance (#12335)
• bb5a125 [8.2.x] Spelling (#12331)
• f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
• 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
• 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
• 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
• cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
• Additional commits viewable in compare view

Updates python-rapidjson from 1.16 to 1.17

Changelog

Sourced from python-rapidjson's changelog.

1.17 (2024-05-18)

* Use `current master`__ version of rapidjson
__ Tencent/rapidjson@5e17dbe...ab1842a


Generate wheels on PyPI using Python 3.13b1 release, thanks to cibuildwheel 2.18.0__
__ https://cibuildwheel.pypa.io/en/stable/changelog/#v2180

Commits

• e3a2527 Release 1.17
• 68d30d7 Update CHANGES.rst
• 5ec7b84 Include the changelog in the documentation
• 5624040 Rectify URL to previous upgrade of underlying rapidjson
• 9eef116 Use cibuildwheel 2.18.0
• e6dbdec Use cibuildwheel 2.17.0
• aeeeea5 Recompute the benchmarks against latest pysimdjson, orjson and ujson
• 046dc46 Upgrade underlying rapidjson library to its current master
• 8b4375c Upgrade development requirements
• See full diff in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Updates ruff from 0.3.5 to 0.4.5

Release notes

Sourced from ruff's releases.

v0.4.5

Changes

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

• Add --preview to the README (#11395)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.4.5

Ruff's language server is now in Beta

v0.4.5 marks the official Beta release of ruff server, an integrated language server built into Ruff. ruff server supports the same feature set as ruff-lsp, powering linting, formatting, and code fixes in Ruff's editor integrations -- but with superior performance and no installation required. We'd love your feedback!

You can enable ruff server in the VS Code extension today.

To read more about this exciting milestone, check out our blog post!

Rule changes

• [flake8-future-annotations] Reword future-rewritable-type-annotation (FA100) message (#11381)
• [pycodestyle] Consider soft keywords for E27 rules (#11446)
• [pyflakes] Recommend adding unused import bindings to __all__ (#11314)
• [pyflakes] Update documentation and deprecate ignore_init_module_imports (#11436)
• [pyupgrade] Mark quotes as unnecessary for non-evaluated annotations (#11485)

Formatter

• Avoid multiline quotes warning with quote-style = preserve (#11490)

Server

• Support Jupyter Notebook files (#11206)
• Support noqa comment code actions (#11276)
• Fix automatic configuration reloading (#11492)
• Fix several issues with configuration in Neovim and Helix (#11497)

CLI

• Add --output-format as a CLI option for ruff config (#11438)

Bug fixes

• Avoid PLE0237 for property with setter (#11377)
• Avoid TCH005 for if stmt with elif/else block (#11376)
• Avoid flagging __future__ annotations as required for non-evaluated type annotations (#11414)
• Check for ruff executable in 'bin' directory as installed by 'pip install --target'. (#11450)
• Sort edits prior to deduplicating in quotation fix (#11452)
• Treat escaped newline as valid sequence (#11465)
• [flake8-pie] Preserve parentheses in unnecessary-dict-kwargs (#11372)
• [pylint] Ignore __slots__ with dynamic values (#11488)
• [pylint] Remove try body from branch counting (#11487)
• [refurb] Respect operator precedence in FURB110 (#11464)

Documentation

... (truncated)

Commits

• 550aa87 Bump version to v0.4.5 (#11502)
• 3c22a3b Minor edits to ruff server docs (#11500)
• 6263923 Update documentation for ruff server with new migration guide (#11499)
• 94abea4 ruff server: Fix multiple issues with Neovim and Helix (#11497)
• 519a650 Mark quotes as unnecessary for non-evaluated annotations (#11485)
• 573facd Fix automatic configuration reloading for text and notebook documents (#11492)
• 3cb2e67 ruff.applyFormat now formats an entire notebook document (#11493)
• f0046ab Move has_comments to CommentRanges (#11495)
• 5bb9720 Avoid multiline quotes warning with quote-style = preserve (#11490)
• 9ff18bf Simplify Neovim docs for the LSP setup (#11489)
• Additional commits viewable in compare view

Updates werkzeug from 3.0.2 to 3.0.3

Release notes

Sourced from werkzeug's releases.

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
• Make reloader more robust when "" is in sys.path. #2823
• Better TLS cert format with adhoc dev certs. #2891
• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828
• Type annotation for Rule.endpoint and other uses of endpoint is Any. #2836

Changelog

Sourced from werkzeug's changelog.

Version 3.0.3

Released 2024-05-05

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:2g68-c3qc-8985

• Make reloader more robust when "" is in sys.path. :pr:2823

• Better TLS cert format with adhoc dev certs. :pr:2891

• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:2828

• Type annotation for Rule.endpoint and other uses of endpoint is Any. :issue:2836

• Make reloader more robust when "" is in sys.path. :pr:2823

Commits

• f9995e9 release version 3.0.3
• 3386395 Merge pull request from GHSA-2g68-c3qc-8985
• 890b6b6 only require trusted host for evalex
• 71b69df restrict debugger trusted hosts
• d2d3869 endpoint type is Any (#2895)
• 7080b55 endpoint type is Any
• 7555eff remove ir...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.