Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependencies group across 1 directory with 13 updates #139

Closed
wants to merge 1 commit into from
Closed

Bump the dependencies group across 1 directory with 13 updates #139

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 9, 2024
edited
Loading

Bumps the dependencies group with 13 updates in the /.config directory:

Package From To
certifi 2024.2.2 2024.6.2
coverage 7.5.1 7.5.3
griffe 0.44.0 0.45.3
jinja2 3.1.3 3.1.4
markdown-exec 1.8.1 1.8.3
mkdocs-material 9.5.21 9.5.26
mkdocstrings-python 1.10.0 1.10.3
pipdeptree 2.19.1 2.22.0
platformdirs 4.2.1 4.2.2
pytest 8.2.1 8.2.2
regex 2024.4.28 2024.5.15
requests 2.31.0 2.32.3
watchdog 4.0.0 4.0.1

Updates certifi from 2024.2.2 to 2024.6.2

Commits
  • 124f4ad 2024.06.02 (#291)
  • c2196ce --- (#290)
  • fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
  • 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
  • 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
  • 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
  • ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
  • 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
  • 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
  • 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
  • Additional commits viewable in compare view

Updates coverage from 7.5.1 to 7.5.3

Changelog

Sourced from coverage's changelog.

Version 7.5.3 — 2024-05-28

  • Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

  • Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: nedbat/coveragepy#1791

.. _changes_7-5-2:

Version 7.5.2 — 2024-05-24

  • Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

  • Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

  • In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

  • Python 3.13.0b1 is supported.

  • Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Commits
  • f310d7e docs: sample HTML for 7.5.3
  • a51d52f docs: prep for 7.5.3
  • b666f3a perf: it's faster in all versions if we don't cache tokenize #1791
  • a2b4929 docs: changelog entry for combine performance improvements
  • b9aff50 perf: don't read full line_bits table each time
  • c45ebac perf: cache alias mapping
  • 390cb97 perf: avoid quadratic behavior when combining line coverage
  • d3caf53 docs(build): tweaks to howto
  • 909e887 build: bump version
  • 242adea build: don't claim pre-alpha-1 in classifiers
  • Additional commits viewable in compare view

Updates griffe from 0.44.0 to 0.45.3

Release notes

Sourced from griffe's releases.

0.45.3

0.45.3 - 2024-06-09

Compare with 0.45.2

Bug Fixes

  • Always call on_package_loaded hook on a package, and not any other object (40db38d by Timothée Mazzucotelli). Issue-283

0.45.2

0.45.2 - 2024-05-23

Compare with 0.45.1

Bug Fixes

  • Support setuptools' new editable modules using type annotations (14d45e8 by Timothée Mazzucotelli). Issue-273

0.45.1

0.45.1 - 2024-05-18

Compare with 0.45.0

Bug Fixes

  • Fix loading of importable modules thanks to their __path__ attribute (56f5363 by Timothée Mazzucotelli). Issue-269

0.45.0

0.45.0 - 2024-05-12

Compare with 0.44.0

Features

  • Implement -x, --force-inspection CLI option (776063d by Timothée Mazzucotelli).
  • Implement force_inspection option in the loader API (3266f22 by Timothée Mazzucotelli).
  • Support inspecting packages (__init__ modules) (3f74f67 by Timothée Mazzucotelli).
  • Add parameters for resolving aliases to load functions (e418dee by Timothée Mazzucotelli).
  • Load private sibling modules by default when resolving aliases (4806189 by Timothée Mazzucotelli).

Bug Fixes

  • Pass down modules collection when inspecting (bc0f74b by Timothée Mazzucotelli).
  • Catch loading errors when loading additional modules during wildcard expansion and alias resolution (964e0d2 by Timothée Mazzucotelli).

Code Refactoring

  • Improve stats code and performance (eeb497f by Timothée Mazzucotelli).
  • Recurse immediately into non-discoverable submodules (no path on disk) during dynamic analysis (d0b7a1d by Timothée Mazzucotelli).
  • Simplify the code that checks if an object should be aliased or not during dynamic analysis (fc794c2 by Timothée Mazzucotelli).

... (truncated)

Changelog

Sourced from griffe's changelog.

0.45.3 - 2024-06-09

Compare with 0.45.2

Bug Fixes

  • Always call on_package_loaded hook on a package, and not any other object (40db38d by Timothée Mazzucotelli). Issue-283

0.45.2 - 2024-05-23

Compare with 0.45.1

Bug Fixes

  • Support setuptools' new editable modules using type annotations (14d45e8 by Timothée Mazzucotelli). Issue-273

0.45.1 - 2024-05-18

Compare with 0.45.0

Bug Fixes

  • Fix loading of importable modules thanks to their __path__ attribute (56f5363 by Timothée Mazzucotelli). Issue-269

0.45.0 - 2024-05-12

Compare with 0.44.0

Features

  • Implement -x, --force-inspection CLI option (776063d by Timothée Mazzucotelli).
  • Implement force_inspection option in the loader API (3266f22 by Timothée Mazzucotelli).
  • Support inspecting packages (__init__ modules) (3f74f67 by Timothée Mazzucotelli).
  • Add parameters for resolving aliases to load functions (e418dee by Timothée Mazzucotelli).
  • Load private sibling modules by default when resolving aliases (4806189 by Timothée Mazzucotelli).

Bug Fixes

  • Pass down modules collection when inspecting (bc0f74b by Timothée Mazzucotelli).
  • Catch loading errors when loading additional modules during wildcard expansion and alias resolution (964e0d2 by Timothée Mazzucotelli).

Code Refactoring

  • Improve stats code and performance (eeb497f by Timothée Mazzucotelli).
  • Recurse immediately into non-discoverable submodules (no path on disk) during dynamic analysis (d0b7a1d by Timothée Mazzucotelli).
  • Simplify the code that checks if an object should be aliased or not during dynamic analysis (fc794c2 by Timothée Mazzucotelli).
  • Avoid side-effect in inspector by checking early if an object is a cached property (a6bfcfd by Timothée Mazzucotelli).
Commits
  • 9b37682 chore: Prepare release 0.45.3
  • 40db38d fix: Always call on_package_loaded hook on a package, and not any other object
  • e438336 chore: Template upgrade
  • 58b1742 chore: Prepare release 0.45.2
  • 14d45e8 fix: Support setuptools' new editable modules using type annotations
  • 88e7e71 chore: Prepare release 0.45.1
  • 56f5363 fix: Fix loading of importable modules thanks to their __path__ attribute
  • 587346e chore: Prepare release 0.45.0
  • eeb497f refactor: Improve stats code and performance
  • 721ce7d docs: Fix example in SetMembersMixin docstring
  • Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj
Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj
Commits

Updates markdown-exec from 1.8.1 to 1.8.3

Release notes

Sourced from markdown-exec's releases.

1.8.3

1.8.3 - 2024-05-22

Compare with 1.8.2

Bug Fixes

  • Don't leak future annotations in user code (ba0c35e by Timothée Mazzucotelli). Issue-47

1.8.2

1.8.2 - 2024-05-20

Compare with 1.8.1

Bug Fixes

  • Give __name__ to executed Python "modules", and populate sys.modules too (db25ee7 by Timothée Mazzucotelli). Issue-47
Changelog

Sourced from markdown-exec's changelog.

1.8.3 - 2024-05-22

Compare with 1.8.2

Bug Fixes

  • Don't leak future annotations in user code (ba0c35e by Timothée Mazzucotelli). Issue-47

1.8.2 - 2024-05-20

Compare with 1.8.1

Bug Fixes

  • Give __name__ to executed Python "modules", and populate sys.modules too (db25ee7 by Timothée Mazzucotelli). Issue-47
Commits
  • 97de061 chore: Prepare release 1.8.3
  • ba0c35e fix: Don't leak future annotations in user code
  • 0a485b4 chore: Prepare release 1.8.2
  • db25ee7 fix: Give __name__ to executed Python "modules", and populate sys.modules...
  • 20b7570 ci: Fix installing project with extras
  • See full diff in compare view

Updates mkdocs-material from 9.5.21 to 9.5.26

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.26

  • Fixed #7232: Tab switches on scroll when linking tabs (9.5.19 regression)
  • Fixed #7230: Blog author avatar broken when referring to local file

mkdocs-material-9.5.25

  • Fixed #7209: Tags plugin crashing on numeric tags

mkdocs-material-9.5.24

  • Fixed #7187: Version selector title rendering issue

mkdocs-material-9.5.23

  • Fixed #7183: Edge case in anchor navigation when using instant navigation
  • Fixed #6436: Version selector not showing version alias

mkdocs-material-9.5.22

  • Fixed #7170: Copy button adds empty lines for line spans (9.5.18 regression)
  • Fixed #7160: Version switching doesn't stay on page (9.5.5 regression)
  • Fixed #5619: Links in Mermaid.js diagrams not discernible
Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.26 (2024-06-06)

  • Fixed #7232: Tab switches on scroll when linking tabs (9.5.19 regression)
  • Fixed #7230: Blog author avatar broken when referring to local file

mkdocs-material-9.5.25+insiders-4.53.11 (2024-05-27)

  • Fixed projects plugin crashing when serving before building subprojects

mkdocs-material-9.5.25 (2024-05-27)

  • Fixed #7209: Tags plugin crashing on numeric tags

mkdocs-material-9.5.24+insiders-4.53.10 (2024-05-20)

  • Fixed projects plugin crashing in serve mode when disabled
  • Fixed projects plugin crashing when building nested projects

mkdocs-material-9.5.24+insiders-4.53.9 (2024-05-20)

  • Fixed #7191: Tags listings not rendering when toc_depth is changed

mkdocs-material-9.5.24 (2024-05-20)

  • Fixed #7187: Version selector title rendering issue

mkdocs-material-9.5.23 (2024-05-15)

  • Fixed #7183: Edge case in anchor navigation when using instant navigation
  • Fixed #6436: Version selector not showing version alias

mkdocs-material-9.5.22 (2024-05-12)

  • Fixed #7170: Copy button adds empty lines for line spans (9.5.18 regression)
  • Fixed #7160: Version switching doesn't stay on page (9.5.5 regression)
  • Fixed #5619: Links in Mermaid.js diagrams not discernible

mkdocs-material-9.5.21 (2024-05-03)

  • Fixed #7133: Ensure latest version of Mermaid.js is used
  • Fixed #7125: Added warning for dotfiles in info plugin

mkdocs-material-9.5.20 (2024-04-29)

  • Fixed deprecation warning in privacy plugin (9.5.19 regression)
  • Fixed #7119: Tags plugin emits deprecation warning (9.5.19 regression)
  • Fixed #7118: Social plugin crashes if fonts are disabled (9.5.19 regression)
  • Fixed #7085: Social plugin crashes on Windows when downloading fonts

mkdocs-material-9.5.19+insiders-4.53.8 (2024-04-26)

... (truncated)

Commits

Updates mkdocstrings-python from 1.10.0 to 1.10.3

Release notes

Sourced from mkdocstrings-python's releases.

1.10.3

1.10.3 - 2024-05-22

Compare with 1.10.2

Bug Fixes

  • Don't crash when rendering the source of an object whose lineno is none (64df00b by Timothée Mazzucotelli). Issue-163

1.10.2

1.10.2 - 2024-05-16

Compare with 1.10.1

Bug Fixes

  • Actually make use of custom .html.jinja templates (5668abb by Timothée Mazzucotelli).

1.10.1

1.10.1 - 2024-05-14

Compare with 1.10.0

Build

  • Depend on mkdocstrings 0.25 which adds support for parameter once when logging messages (2bc156b by Timothée Mazzucotelli).

Code Refactoring

  • Set handler's name (a71ab12 by Timothée Mazzucotelli).
  • Update *.html top-level templates to extend the *.html.jinja base templates (a8c540e by Timothée Mazzucotelli). Issue-151
  • Update *.html base templates to extend their *.html.jinja counterpart, while overriding the logs block to issue a logging message (info) stating that extending *.html templates is deprecated (e6f1b9c by Timothée Mazzucotelli). Issue-151
  • Add *.html.jinja top-level (overridable) templates, extending their base counterpart (7c14924 by Timothée Mazzucotelli). Issue-151
  • Add *.html.jinja base templates, which are copies of *.html templates, with an additional logs block, and using the updated get_template filter (eced9a5 by Timothée Mazzucotelli). Issue-151
  • Update get_template filter to support both *.html and *.html.jinja templates, logging a message (info) when *.html templates are overridden by users (3546fd7 by Timothée Mazzucotelli). Issue-151
  • Log a warning when base templates are overridden (26e3d66 by Timothée Mazzucotelli). Issue-151
Changelog

Sourced from mkdocstrings-python's changelog.

1.10.3 - 2024-05-22

Compare with 1.10.2

Bug Fixes

  • Don't crash when rendering the source of an object whose lineno is none (64df00b by Timothée Mazzucotelli). Issue-163

1.10.2 - 2024-05-16

Compare with 1.10.1

Bug Fixes

  • Actually make use of custom .html.jinja templates (5668abb by Timothée Mazzucotelli).

1.10.1 - 2024-05-14

Compare with 1.10.0

Build

  • Depend on mkdocstrings 0.25 which adds support for parameter once when logging messages (2bc156b by Timothée Mazzucotelli).

Code Refactoring

  • Set handler's name (a71ab12 by Timothée Mazzucotelli).
  • Update *.html top-level templates to extend the *.html.jinja base templates (a8c540e by Timothée Mazzucotelli). Issue-151
  • Update *.html base templates to extend their *.html.jinja counterpart, while overriding the logs block to issue a logging message (info) stating that extending *.html templates is deprecated (e6f1b9c by Timothée Mazzucotelli). Issue-151
  • Add *.html.jinja top-level (overridable) templates, extending their base counterpart (7c14924 by Timothée Mazzucotelli). Issue-151
  • Add *.html.jinja base templates, which are copies of *.html templates, with an additional logs block, and using the updated get_template filter (eced9a5 by Timothée Mazzucotelli). Issue-151
  • Update get_template filter to support both *.html and *.html.jinja templates, logging a message (info) when *.html templates are overridden by users (3546fd7 by Timothée Mazzucotelli). Issue-151
  • Log a warning when base templates are overridden (26e3d66 by Timothée Mazzucotelli). Issue-151
Commits
  • 9c7e304 chore: Prepare release 1.10.3
  • 64df00b fix: Don't crash when rendering the source of an object whose lineno is none
  • 0b8a3a9 chore: Prepare release 1.10.2
  • 5668abb fix: Actually make use of custom .html.jinja templates
  • f7705ce chore: Prepare release 1.10.1
  • 6885009 ci: Remove unused type ignore comment
  • 5253358 docs: Correct PrintOK doctest examples
  • 583b8fe docs: Document Jinja templates
  • e7f997b docs: Enable parameter headings
  • cfdccd3 docs: Load Python-Markdown objects inventory
  • Additional commits viewable in compare view

Updates pipdeptree from 2.19.1 to 2.22.0

Release notes

Sourced from pipdeptree's releases.

2.22.0

What's Changed

Full Changelog: tox-dev/pipdeptree@2.21.0...2.22.0

2.21.0

What's Changed

Full Changelog: tox-dev/pipdeptree@2.20.0...2.21.0

2.20.0

What's Changed

Full Changelog: tox-dev/pipdeptree@2.19.1...2.20.0

Commits

Updates platformdirs from 4.2.1 to 4.2.2

Release notes

Sourced from platformdirs's releases.

4.2.2

What's Changed

New Contributors

Full Changelog: platformdirs/platformdirs@4.2.1...4.2.2

Commits

Updates pytest from 8.2.1 to 8.2.2

Release notes

Sourced from pytest's releases.

8.2.2

pytest 8.2.2 (2024-06-04)

Bug Fixes

  • #12355: Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters.
  • #12367: Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown.
  • #12381: Fix possible "Directory not empty" crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0.

Improved Documentation

  • #12290: Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme.
  • #12356: Added a subsection to the documentation for debugging flaky tests to mention lack of thread safety in pytest as a possible source of flakyness.
  • #12363: The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results.
Commits
  • 329d371 Prepare release version 8.2.2
  • 214d098 Merge pull request #12414 from bluetech/backport-12409
  • 153a436 [8.2.x] fixtures: fix catastrophic performance problem in reorder_items
  • b41d5a5 Merge pull request #12412 from pytest-dev/backport-12408-to-8.2.x
  • 9bb73d7 [8.2.x] cacheprovider: fix "Directory not empty" crash from cache directory c...
  • 4569a01 [8.2.x] doc: Update trainings/events (#12402)
  • 1d103e5 [8.2.x] Clarify pytest_ignore_collect docs (#12386)
  • 240a252 [8.2.x] Add html_baseurl to sphinx conf.py (#12372)
  • a5ee3c4 Merge pull request #12370 from pytest-dev/backport-12368-to-8.2.x
  • f7358ae [8.2.x] unittest: fix class instances no longer released on test teardown sin...
  • Additional commits viewable in compare view

Updates regex from 2024.4.28 to 2024.5.15

Changelog

Sourced from regex's changelog.

Version: 2024.5.15

Git issue 530: hangs with fuzzy and optionals

It's not hanging, it'll finish eventually. It's just an example of catastrophic backtracking.


The error printed when Ctrl+C is pressed does show a bug, though, which is now fixed.

Version: 2024.5.10

Updated for Python 3.13.

<time.h> now needs to be included explicitly because Python.h no longer includes it.

Version: 2024.4.28

Git issue 527: `VERBOSE`/`X` flag breaks `\N` escapes

Version: 2024.4.16

Git issue 525: segfault when fuzzy matching empty list

Version: 2023.12.25

Cannot get release notification action in main.yml to work. Commenting it out for now.

Version: 2023.12.24

Fixed invalid main.yml.

Version: 2023.12.23

The escape function no longer escapes \x00. It's not necessary.

Inline flags can now be turned off and apply to what follows.


Added \R to match line endings.

Version: 2023.10.3

Updated to Unicode 15.1.0.

Version: 2023.8.8

Git issue 508: Regex doesn't build using CPython main (3.13.0a0)
Removed usage of _PyBytes_Join and did a little tidying of the code that makes the result string.

Version: 2023.6.3

Git issue 498: Conditional negative lookahead inside positive lookahead fails to match

... (truncated)

Commits

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits
  • 0e322af v2.32.3
  • e188799 Don't create default SSLContext if ssl module isn't present (#6724)
  • 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
  • b1d73dd Don't use default SSLContext with custom poolmanager kwargs

@dependabot
Bump the dependencies group across 1 directory with 13 updates
e6ec453 
Bumps the dependencies group with 13 updates in the /.config directory:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.6.2` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.5.1` | `7.5.3` |
| [griffe](https://github.com/mkdocstrings/griffe) | `0.44.0` | `0.45.3` |
| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.4` |
| [markdown-exec](https://github.com/pawamoy/markdown-exec) | `1.8.1` | `1.8.3` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.21` | `9.5.26` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `1.10.0` | `1.10.3` |
| [pipdeptree](https://github.com/tox-dev/pipdeptree) | `2.19.1` | `2.22.0` |
| [platformdirs](https://github.com/platformdirs/platformdirs) | `4.2.1` | `4.2.2` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.2.1` | `8.2.2` |
| [regex](https://github.com/mrabarnett/mrab-regex) | `2024.4.28` | `2024.5.15` |
| [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.3` |
| [watchdog](https://github.com/gorakhargosh/watchdog) | `4.0.0` | `4.0.1` |



Updates `certifi` from 2024.2.2 to 2024.6.2
- [Commits](certifi/python-certifi@2024.02.02...2024.06.02)

Updates `coverage` from 7.5.1 to 7.5.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.5.1...7.5.3)

Updates `griffe` from 0.44.0 to 0.45.3
- [Release notes](https://github.com/mkdocstrings/griffe/releases)
- [Changelog](https://github.com/mkdocstrings/griffe/blob/0.45.3/CHANGELOG.md)
- [Commits](mkdocstrings/griffe@0.44.0...0.45.3)

Updates `jinja2` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.3...3.1.4)

Updates `markdown-exec` from 1.8.1 to 1.8.3
- [Release notes](https://github.com/pawamoy/markdown-exec/releases)
- [Changelog](https://github.com/pawamoy/markdown-exec/blob/main/CHANGELOG.md)
- [Commits](pawamoy/markdown-exec@1.8.1...1.8.3)

Updates `mkdocs-material` from 9.5.21 to 9.5.26
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.21...9.5.26)

Updates `mkdocstrings-python` from 1.10.0 to 1.10.3
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@1.10.0...1.10.3)

Updates `pipdeptree` from 2.19.1 to 2.22.0
- [Release notes](https://github.com/tox-dev/pipdeptree/releases)
- [Commits](tox-dev/pipdeptree@2.19.1...2.22.0)

Updates `platformdirs` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/platformdirs/platformdirs/releases)
- [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst)
- [Commits](platformdirs/platformdirs@4.2.1...4.2.2)

Updates `pytest` from 8.2.1 to 8.2.2
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.2.1...8.2.2)

Updates `regex` from 2024.4.28 to 2024.5.15
- [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt)
- [Commits](mrabarnett/mrab-regex@2024.4.28...2024.5.15)

Updates `requests` from 2.31.0 to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.3)

Updates `watchdog` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/gorakhargosh/watchdog/releases)
- [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst)
- [Commits](gorakhargosh/watchdog@v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: griffe
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: jinja2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: markdown-exec
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: mkdocstrings-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pipdeptree
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: platformdirs
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: watchdog
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner June 9, 2024 17:17
@dependabot dependabot bot added the dependabot label Jun 9, 2024
@dependabot dependabot bot removed the request for review from a team June 9, 2024 17:17
@dependabot dependabot bot requested review from ssbarnea and Qalthos June 9, 2024 17:17
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 16, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 16, 2024
@dependabot dependabot bot deleted the dependabot/pip/dot-config/dependencies-b29be4824e branch June 16, 2024 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ssbarnea ssbarnea Awaiting requested review from ssbarnea ssbarnea is a code owner automatically assigned from ansible/devtools

@Qalthos Qalthos Awaiting requested review from Qalthos Qalthos is a code owner automatically assigned from ansible/devtools

Assignees
No one assigned
Labels
dependabot skip-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants