From b95d4fa92cdde9b130a74b35d7d39437c419e28c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 11:43:21 +0000 Subject: [PATCH 1/7] Bump sphinxcontrib-spelling from 8.0.0 to 8.0.1 (#10212) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [sphinxcontrib-spelling](https://github.com/sphinx-contrib/spelling) from 8.0.0 to 8.0.1.
Release notes

Sourced from sphinxcontrib-spelling's releases.

8.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/sphinx-contrib/spelling/compare/8.0.0...8.0.1

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sphinxcontrib-spelling&package-manager=pip&previous-version=8.0.0&new-version=8.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 3 ++- requirements/doc-spelling.txt | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 86376043919..62cda7b029b 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -196,6 +196,7 @@ requests==2.32.3 # cherry-picker # python-on-whales # sphinx + # sphinxcontrib-spelling rich==13.9.4 # via # pytest-codspeed @@ -227,7 +228,7 @@ sphinxcontrib-qthelp==2.0.0 # via sphinx sphinxcontrib-serializinghtml==2.0.0 # via sphinx -sphinxcontrib-spelling==8.0.0 ; platform_system != "Windows" +sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows" # via -r requirements/doc-spelling.in sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index d02d5f1af92..123121bb322 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -37,7 +37,9 @@ pyenchant==3.2.2 pygments==2.18.0 # via sphinx requests==2.32.3 - # via sphinx + # via + # sphinx + # sphinxcontrib-spelling snowballstemmer==2.2.0 # via sphinx sphinx==8.1.3 @@ -57,7 +59,7 @@ sphinxcontrib-qthelp==2.0.0 # via sphinx sphinxcontrib-serializinghtml==2.0.0 # via sphinx -sphinxcontrib-spelling==8.0.0 ; platform_system != "Windows" +sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows" # via -r requirements/doc-spelling.in sphinxcontrib-towncrier==0.4.0a0 # via -r requirements/doc.in From 18b24eae67617d8c6d3742909fefd2a1b3921b4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 11:52:23 +0000 Subject: [PATCH 2/7] Bump aiohappyeyeballs from 2.4.3 to 2.4.4 (#10214) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs) from 2.4.3 to 2.4.4.
Release notes

Sourced from aiohappyeyeballs's releases.

v2.4.4 (2024-11-30)

Fix

  • fix: handle OSError on failure to close socket instead of raising IndexError (#114)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@​users.noreply.github.com> Co-authored-by: J. Nick Koston <nick@koston.org> (c542f68)

Changelog

Sourced from aiohappyeyeballs's changelog.

v2.4.4 (2024-11-30)

Fix

  • Handle oserror on failure to close socket instead of raising indexerror (#114) (c542f68)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohappyeyeballs&package-manager=pip&previous-version=2.4.3&new-version=2.4.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 16a0080bdec..5e174966611 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -6,7 +6,7 @@ # aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 62cda7b029b..3975255d5dd 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via # -r requirements/lint.in # -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiohttp-theme==0.1.7 # via -r requirements/doc.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 14e7e0d3978..219339ca1e8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via # -r requirements/lint.in # -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiohttp-theme==0.1.7 # via -r requirements/doc.in diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index 29af761624e..f5c4ec4dea4 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -6,7 +6,7 @@ # aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index d53e6889fce..a4f384fc830 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -6,7 +6,7 @@ # aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin" # via -r requirements/runtime-deps.in -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in From f438e64ea022892e72adba15ccd708ae40a2517e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 11:52:30 +0000 Subject: [PATCH 3/7] Bump coverage from 7.6.1 to 7.6.9 (#10216) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.6.1 to 7.6.9.
Changelog

Sourced from coverage's changelog.

Version 7.6.9 — 2024-12-06

  • Fix: Tomas Uribe fixed <pull 1901_>_ a performance problem in the XML report. Large code bases should produce XML reports much faster now.

.. _pull 1901: nedbat/coveragepy#1901

.. _changes_7-6-8:

Version 7.6.8 — 2024-11-23

  • Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn't true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896_.

  • Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, "line 4 didn't jump to line 5 because line 4 was never true, and it didn't jump to line 7 because line 4 was always true." This was also shown in issue 1896_.

.. _issue 1896: nedbat/coveragepy#1896

.. _changes_7-6-7:

Version 7.6.7 — 2024-11-15

  • Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn.

.. _changes_7-6-6:

Version 7.6.6 — 2024-11-15

  • One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891_. The assert has been removed.

.. _issue 1891: nedbat/coveragepy#1891

.. _changes_7-6-5:

... (truncated)

Commits
  • daac76d docs: sample HTML for 7.6.9
  • f7d7e42 docs: prep for 7.6.9
  • 8fe3b2b docs: thanks, Tomas Uribe for #1901
  • 346cfc0 fix: use set instead of list for arcs_executed, fixes poor performance (#1901)
  • 484678e fix: COVERAGE_ONE_CORE should mean ctrace if possible
  • 37451ed chore: make upgrade doc_upgrade
  • bd23445 chore: bump the action-dependencies group with 2 updates (#1899)
  • 01cf50c test: add a test to satisfy a condition in results.py
  • 74d3c50 chore: make upgrade
  • f3b269c build: only comment once on an issue mentioned twice
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=coverage&package-manager=pip&previous-version=7.6.1&new-version=7.6.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 3975255d5dd..afb2c5242b3 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -49,7 +49,7 @@ click==8.1.8 # towncrier # typer # wait-for-it -coverage==7.6.1 +coverage==7.6.9 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/dev.txt b/requirements/dev.txt index 219339ca1e8..6c5b69dc8cc 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -49,7 +49,7 @@ click==8.1.8 # towncrier # typer # wait-for-it -coverage==7.6.1 +coverage==7.6.9 # via # -r requirements/test.in # pytest-cov diff --git a/requirements/test.txt b/requirements/test.txt index a4f384fc830..7ef042572f7 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -29,7 +29,7 @@ click==8.1.8 # via # typer # wait-for-it -coverage==7.6.1 +coverage==7.6.9 # via # -r requirements/test.in # pytest-cov From 72c83b664536815458a1a1450001bef049abe6a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:06:01 +0000 Subject: [PATCH 4/7] Bump jinja2 from 3.1.4 to 3.1.5 (#10217) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253
Commits
  • 877f6e5 release version 3.1.5
  • 8d58859 remove test pypi
  • eda8fe8 update dev dependencies
  • c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
  • 66587ce Fix bug where set would sometimes fail within if
  • fbc3a69 Add support for namespaces in tuple parsing (#1664)
  • b8f4831 more comments about nsref assignment
  • ee83219 Add support for namespaces in tuple assignment
  • 1d55cdd Triple quotes in docs (#2064)
  • 8a8eafc edit block assignment section
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.4&new-version=3.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index afb2c5242b3..41a5c26dd81 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -96,7 +96,7 @@ incremental==24.7.2 # via towncrier iniconfig==2.0.0 # via pytest -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier diff --git a/requirements/dev.txt b/requirements/dev.txt index 6c5b69dc8cc..46a47b5eddc 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -94,7 +94,7 @@ incremental==24.7.2 # via towncrier iniconfig==2.0.0 # via pytest -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 123121bb322..6a555c3ba77 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -24,7 +24,7 @@ imagesize==1.4.1 # via sphinx incremental==24.7.2 # via towncrier -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index e1f5edc6b04..76c52295692 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -24,7 +24,7 @@ imagesize==1.4.1 # via sphinx incremental==24.7.2 # via towncrier -jinja2==3.1.4 +jinja2==3.1.5 # via # sphinx # towncrier From c3db717aff91db45cf82f1acc7378e00ce51a7ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:06:30 +0000 Subject: [PATCH 5/7] Bump tqdm from 4.66.5 to 4.67.1 (#10218) Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.66.5 to 4.67.1.
Release notes

Sourced from tqdm's releases.

tqdm v4.67.1 stable

  • fix gui (matplotlib syntax) (#1629)
  • misc test & framework updates
    • bump pytest-asyncio (#1630)
    • fix codecov rate limit
    • fix pybuild
    • sync dependencies

tqdm v4.67.0 stable

  • contrib.discord: replace disco-py with requests (#1536)

tqdm v4.66.6 stable

  • cli: zip-safe --manpath, --comppath (#1627)
  • misc framework updates (#1627)
    • fix pytest DeprecationWarning
    • fix snapcraft build
    • fix nbval DeprecationWarning
    • update & tidy workflows
    • bump pre-commit
    • docs: update URLs
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tqdm&package-manager=pip&previous-version=4.66.5&new-version=4.67.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/test.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 41a5c26dd81..9f215c9f6bc 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -248,7 +248,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 46a47b5eddc..88ad905c7f0 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -239,7 +239,7 @@ towncrier==23.11.0 # via # -r requirements/doc.in # sphinxcontrib-towncrier -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via diff --git a/requirements/lint.txt b/requirements/lint.txt index 1ba40066e60..237a81b5c79 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -107,7 +107,7 @@ tomli==2.0.2 # mypy # pytest # slotscheck -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 # via -r requirements/lint.in diff --git a/requirements/test.txt b/requirements/test.txt index 7ef042572f7..c91f1fe295e 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -126,7 +126,7 @@ tomli==2.0.2 # coverage # mypy # pytest -tqdm==4.66.5 +tqdm==4.67.1 # via python-on-whales trustme==1.1.0 ; platform_machine != "i686" # via -r requirements/test.in From babd88d0c2963649a63098dad6ce477b2087bedb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:10:35 +0000 Subject: [PATCH 6/7] Bump virtualenv from 20.27.0 to 20.28.0 (#10219) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.27.0 to 20.28.0.
Release notes

Sourced from virtualenv's releases.

20.28.0

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.27.2...20.28.0

20.27.2

What's Changed

New Contributors

Full Changelog: https://github.com/pypa/virtualenv/compare/20.27.1...20.27.2

20.27.1

What's Changed

Full Changelog: https://github.com/pypa/virtualenv/compare/20.27.0...20.27.1

Changelog

Sourced from virtualenv's changelog.

v20.28.0 (2024-11-25)

Features - 20.28.0

- Write CACHEDIR.TAG file on creation - by
"user:`neilramsay`. (:issue:`2803`)

v20.27.2 (2024-11-25)


Bugfixes - 20.27.2

  • Upgrade embedded wheels:

    • setuptools to 75.3.0 from 75.2.0 (:issue:2798)

  • Upgrade embedded wheels:

    • wheel to 0.45.0 from 0.44.0
    • setuptools to 75.5.0 (:issue:2800)

  • no longer forcibly echo off during windows batch activation (:issue:2801)

  • Upgrade embedded wheels:

    • setuptools to 75.6.0 from 75.5.0
    • wheel to 0.45.1 from 0.45.0 (:issue:2804)

v20.27.1 (2024-10-28)

Bugfixes - 20.27.1

- Upgrade embedded wheels:

    

  • pip to 24.3.1 from 24.2
(:issue:2789)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=virtualenv&package-manager=pip&previous-version=20.27.0&new-version=20.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 9f215c9f6bc..8fa05f7b0bb 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -275,7 +275,7 @@ uvloop==0.21.0 ; platform_system != "Windows" # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.27.0 +virtualenv==20.28.0 # via pre-commit wait-for-it==2.2.2 # via -r requirements/test.in diff --git a/requirements/dev.txt b/requirements/dev.txt index 88ad905c7f0..672b79625f0 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -266,7 +266,7 @@ uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpytho # -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.27.0 +virtualenv==20.28.0 # via pre-commit wait-for-it==2.2.2 # via -r requirements/test.in diff --git a/requirements/lint.txt b/requirements/lint.txt index 237a81b5c79..a06a52ce84d 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -127,5 +127,5 @@ uvloop==0.21.0 ; platform_system != "Windows" # via -r requirements/lint.in valkey==6.0.2 # via -r requirements/lint.in -virtualenv==20.27.0 +virtualenv==20.28.0 # via pre-commit From 45de81da0d0122ab9a2e3a33ac88c7b60f2e8ef7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:14:41 +0000 Subject: [PATCH 7/7] Bump async-timeout from 4.0.3 to 5.0.1 (#10220) Bumps [async-timeout](https://github.com/aio-libs/async-timeout) from 4.0.3 to 5.0.1.
Release notes

Sourced from async-timeout's releases.

5.0.1

Misc

  • [#423](https://github.com/aio-libs/async-timeout/issues/423) <https://github.com/aio-libs/async-timeout/issues/423>_

5.0.0

Features

  • Make asyncio_timeout fully compatible with the standard asyncio.Timeout but keep backward compatibility with existing asyncio_timeout.Timeout API. ([#422](https://github.com/aio-libs/async-timeout/issues/422) <https://github.com/aio-libs/async-timeout/issues/422>_)

Improved Documentation

  • On the CHANGES/README.rst <https://github.com/aio-libs/async-timeout/tree/master/CHANGES/README.rst>_ page, a link to the Towncrier philosophy has been fixed. ([#388](https://github.com/aio-libs/async-timeout/issues/388) <https://github.com/aio-libs/async-timeout/issues/388>_)

Deprecations and Removals

  • Drop deprecated sync context manager support, use async with timeout(...): ... instead. ([#421](https://github.com/aio-libs/async-timeout/issues/421) <https://github.com/aio-libs/async-timeout/issues/421>_)
Changelog

Sourced from async-timeout's changelog.

5.0.1 (2024-11-06)

Misc

  • [#423](https://github.com/aio-libs/async-timeout/issues/423) <https://github.com/aio-libs/async-timeout/issues/423>_

5.0.0 (2024-10-31)

Features

  • Make asyncio_timeout fully compatible with the standard asyncio.Timeout but keep backward compatibility with existing asyncio_timeout.Timeout API. ([#422](https://github.com/aio-libs/async-timeout/issues/422) <https://github.com/aio-libs/async-timeout/issues/422>_)

Improved Documentation

  • On the CHANGES/README.rst <https://github.com/aio-libs/async-timeout/tree/master/CHANGES/README.rst>_ page, a link to the Towncrier philosophy has been fixed. ([#388](https://github.com/aio-libs/async-timeout/issues/388) <https://github.com/aio-libs/async-timeout/issues/388>_)

Deprecations and Removals

  • Drop deprecated sync context manager support, use async with timeout(...): ... instead. ([#421](https://github.com/aio-libs/async-timeout/issues/421) <https://github.com/aio-libs/async-timeout/issues/421>_)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-timeout&package-manager=pip&previous-version=4.0.3&new-version=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/base.txt | 2 +- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- requirements/runtime-deps.txt | 2 +- requirements/test.txt | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 5e174966611..dbef368efa0 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -10,7 +10,7 @@ aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 8fa05f7b0bb..2403a8312df 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -18,7 +18,7 @@ alabaster==1.0.0 # via sphinx annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via # -r requirements/runtime-deps.in # valkey diff --git a/requirements/dev.txt b/requirements/dev.txt index 672b79625f0..3c3516e9cc9 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -18,7 +18,7 @@ alabaster==1.0.0 # via sphinx annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via # -r requirements/runtime-deps.in # valkey diff --git a/requirements/lint.txt b/requirements/lint.txt index a06a52ce84d..a5b34afb7e0 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -8,7 +8,7 @@ aiodns==3.2.0 # via -r requirements/lint.in annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 +async-timeout==5.0.1 # via valkey certifi==2024.12.14 # via requests diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt index f5c4ec4dea4..53e931b291a 100644 --- a/requirements/runtime-deps.txt +++ b/requirements/runtime-deps.txt @@ -10,7 +10,7 @@ aiohappyeyeballs==2.4.4 # via -r requirements/runtime-deps.in aiosignal==1.3.2 # via -r requirements/runtime-deps.in -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in diff --git a/requirements/test.txt b/requirements/test.txt index c91f1fe295e..c7931d3429c 100644 --- a/requirements/test.txt +++ b/requirements/test.txt @@ -12,7 +12,7 @@ aiosignal==1.3.2 # via -r requirements/runtime-deps.in annotated-types==0.7.0 # via pydantic -async-timeout==4.0.3 ; python_version < "3.11" +async-timeout==5.0.1 ; python_version < "3.11" # via -r requirements/runtime-deps.in brotli==1.1.0 ; platform_python_implementation == "CPython" # via -r requirements/runtime-deps.in