Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the prod-dependencies group across 1 directory with 18 updates #189

Closed
wants to merge 1 commit into from
Closed

build(deps): bump the prod-dependencies group across 1 directory with 18 updates #189

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 3, 2024
edited
Loading

Bumps the prod-dependencies group with 18 updates in the / directory:

Package From To
babel 2.14.0 2.15.0
boto3 1.34.93 1.34.117
botocore 1.34.93 1.34.117
certifi 2024.2.2 2024.6.2
coverage 7.5.0 7.5.3
cssutils 2.10.2 2.11.0
domdf-python-tools 3.8.0.post2 3.8.1
filelock 3.13.4 3.14.0
jinja2 3.1.3 3.1.4
keyring 25.2.0 25.2.1
pkginfo 1.10.0 1.11.0
platformdirs 4.2.1 4.2.2
pygments 2.17.2 2.18.0
pytest 8.2.0 8.2.1
requests 2.31.0 2.32.3
twine 5.0.0 5.1.0
typing-extensions 4.11.0 4.12.1
zipp 3.18.1 3.19.1

Updates babel from 2.14.0 to 2.15.0

Release notes

Sourced from babel's releases.

v2.15.0

The changelog below is auto-generated by GitHub.

The binary artifacts attached to this GitHub release were generated by the GitHub Actions workflow.

Please see CHANGELOG.rst for additional details.

What's Changed

New Contributors

Full Changelog: python-babel/babel@v2.14.0...v2.15.0

Changelog

Sourced from babel's changelog.

Version 2.15.0

Python version support


* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)

Features



* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)

Infrastructure




    

  • Upgrade GitHub Actions (:gh:1054) (@​cclauss's first contribution)
    • 

  • The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@​akx)
Commits
  • 40b194f Prepare for 2.15.0 release (#1079)
  • c2e6c6e Encode support for the "fall back to short format" logic for time delta forma...
  • 1a03526 Include Unicode license in locale-data and in documentation (#1074)
  • c0fb56e Allow alternative space characters as group separator when parsing numbers (#...
  • fe82fbc Use CLDR 44 and adjust tests to match new data (#1071)
  • e0d1018 Improve .po IO (#1068)
  • 40e60a1 Upgrade GitHub Actions (#1054)
  • 2a1709a Drop support for Python 3.7 (EOL since June 2023) (#1048)
  • See full diff in compare view

Updates boto3 from 1.34.93 to 1.34.117

Changelog

Sourced from boto3's changelog.

1.34.117

  • api-change:codebuild: [botocore] AWS CodeBuild now supports Self-hosted GitHub Actions runners for Github Enterprise
  • api-change:codeguru-security: [botocore] This release includes minor model updates and documentation updates.
  • api-change:elasticache: [botocore] Update to attributes of TestFailover and minor revisions.
  • api-change:launch-wizard: [botocore] This release adds support for describing workload deployment specifications, deploying additional workload types, and managing tags for Launch Wizard resources with API operations.

1.34.116

  • api-change:acm: [botocore] add v2 smoke tests and smithy smokeTests trait for SDK testing.
  • api-change:bedrock-agent: [botocore] With this release, Knowledge bases for Bedrock adds support for Titan Text Embedding v2.
  • api-change:bedrock-runtime: [botocore] This release adds Converse and ConverseStream APIs to Bedrock Runtime
  • api-change:cloudtrail: [botocore] CloudTrail Lake returns PartitionKeys in the GetEventDataStore API response. Events are grouped into partitions based on these keys for better query performance. For example, the calendarday key groups events by day, while combining the calendarday key with the hour key groups them by day and hour.
  • api-change:connect: [botocore] Adding associatedQueueIds as a SearchCriteria and response field to the SearchRoutingProfiles API
  • api-change:emr-serverless: [botocore] The release adds support for spark structured streaming.
  • api-change:rds: [botocore] Updates Amazon RDS documentation for Aurora Postgres DBname.
  • api-change:sagemaker: [botocore] Adds Model Card information as a new component to Model Package. Autopilot launches algorithm selection for TimeSeries modality to generate AutoML candidates per algorithm.

1.34.115

  • api-change:athena: [botocore] Throwing validation errors on CreateNotebook with Name containing /,:,\
  • api-change:codebuild: [botocore] AWS CodeBuild now supports manually creating GitHub webhooks
  • api-change:connect: [botocore] This release includes changes to DescribeContact API's response by including ConnectedToSystemTimestamp, RoutingCriteria, Customer, Campaign, AnsweringMachineDetectionStatus, CustomerVoiceActivity, QualityMetrics, DisconnectDetails, and SegmentAttributes information from a contact in Amazon Connect.
  • api-change:glue: [botocore] Add optional field JobMode to CreateJob and UpdateJob APIs.
  • api-change:securityhub: [botocore] Add ROOT type for TargetType model

1.34.114

  • api-change:dynamodb: [botocore] Doc-only update for DynamoDB. Specified the IAM actions needed to authorize a user to create a table with a resource-based policy.
  • api-change:ec2: [botocore] Providing support to accept BgpAsnExtended attribute
  • api-change:kafka: [botocore] Adds ControllerNodeInfo in ListNodes response to support Raft mode for MSK
  • api-change:swf: [botocore] This release adds new APIs for deleting activity type and workflow type resources.

1.34.113

  • api-change:dynamodb: [botocore] Documentation only updates for DynamoDB.
  • api-change:iotfleetwise: [botocore] AWS IoT FleetWise now supports listing vehicles with attributes filter, ListVehicles API is updated to support additional attributes filter.
  • api-change:managedblockchain: [botocore] This is a minor documentation update to address the impact of the shut down of the Goerli and Polygon networks.

1.34.112

... (truncated)

Commits
  • 006e016 Merge branch 'release-1.34.117'
  • 1b228ea Bumping version to 1.34.117
  • adb9f74 Add changelog entries from botocore
  • bfcc451 Merge branch 'release-1.34.116'
  • 05019ed Merge branch 'release-1.34.116' into develop
  • e2e0979 Bumping version to 1.34.116
  • 3372d1d Add changelog entries from botocore
  • 335a1e9 Merge branch 'release-1.34.115'
  • 53faaee Merge branch 'release-1.34.115' into develop
  • 70b7e9c Bumping version to 1.34.115
  • Additional commits viewable in compare view

Updates botocore from 1.34.93 to 1.34.117

Changelog

Sourced from botocore's changelog.

1.34.117

  • api-change:codebuild: AWS CodeBuild now supports Self-hosted GitHub Actions runners for Github Enterprise
  • api-change:codeguru-security: This release includes minor model updates and documentation updates.
  • api-change:elasticache: Update to attributes of TestFailover and minor revisions.
  • api-change:launch-wizard: This release adds support for describing workload deployment specifications, deploying additional workload types, and managing tags for Launch Wizard resources with API operations.

1.34.116

  • api-change:acm: add v2 smoke tests and smithy smokeTests trait for SDK testing.
  • api-change:bedrock-agent: With this release, Knowledge bases for Bedrock adds support for Titan Text Embedding v2.
  • api-change:bedrock-runtime: This release adds Converse and ConverseStream APIs to Bedrock Runtime
  • api-change:cloudtrail: CloudTrail Lake returns PartitionKeys in the GetEventDataStore API response. Events are grouped into partitions based on these keys for better query performance. For example, the calendarday key groups events by day, while combining the calendarday key with the hour key groups them by day and hour.
  • api-change:connect: Adding associatedQueueIds as a SearchCriteria and response field to the SearchRoutingProfiles API
  • api-change:emr-serverless: The release adds support for spark structured streaming.
  • api-change:rds: Updates Amazon RDS documentation for Aurora Postgres DBname.
  • api-change:sagemaker: Adds Model Card information as a new component to Model Package. Autopilot launches algorithm selection for TimeSeries modality to generate AutoML candidates per algorithm.

1.34.115

  • api-change:athena: Throwing validation errors on CreateNotebook with Name containing /,:,\
  • api-change:codebuild: AWS CodeBuild now supports manually creating GitHub webhooks
  • api-change:connect: This release includes changes to DescribeContact API's response by including ConnectedToSystemTimestamp, RoutingCriteria, Customer, Campaign, AnsweringMachineDetectionStatus, CustomerVoiceActivity, QualityMetrics, DisconnectDetails, and SegmentAttributes information from a contact in Amazon Connect.
  • api-change:glue: Add optional field JobMode to CreateJob and UpdateJob APIs.
  • api-change:securityhub: Add ROOT type for TargetType model

1.34.114

  • api-change:dynamodb: Doc-only update for DynamoDB. Specified the IAM actions needed to authorize a user to create a table with a resource-based policy.
  • api-change:ec2: Providing support to accept BgpAsnExtended attribute
  • api-change:kafka: Adds ControllerNodeInfo in ListNodes response to support Raft mode for MSK
  • api-change:swf: This release adds new APIs for deleting activity type and workflow type resources.

1.34.113

  • api-change:dynamodb: Documentation only updates for DynamoDB.
  • api-change:iotfleetwise: AWS IoT FleetWise now supports listing vehicles with attributes filter, ListVehicles API is updated to support additional attributes filter.
  • api-change:managedblockchain: This is a minor documentation update to address the impact of the shut down of the Goerli and Polygon networks.

1.34.112

... (truncated)

Commits
  • 56fa487 Merge branch 'release-1.34.117'
  • 900d9ed Bumping version to 1.34.117
  • 2f04ce2 Update to latest models
  • 2cdf7fc Merge branch 'release-1.34.116'
  • c7d7b96 Merge branch 'release-1.34.116' into develop
  • 2d4ada4 Bumping version to 1.34.116
  • 2684c02 Update endpoints model
  • d42df74 Update to latest models
  • aea01e5 Merge branch 'release-1.34.115'
  • 1f7932b Merge branch 'release-1.34.115' into develop
  • Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.6.2

Commits
  • 124f4ad 2024.06.02 (#291)
  • c2196ce --- (#290)
  • fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
  • 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
  • 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
  • 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
  • ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
  • 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
  • 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
  • 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
  • Additional commits viewable in compare view

Updates coverage from 7.5.0 to 7.5.3

Changelog

Sourced from coverage's changelog.

Version 7.5.3 — 2024-05-28

  • Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

  • Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: nedbat/coveragepy#1791

.. _changes_7-5-2:

Version 7.5.2 — 2024-05-24

  • Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

  • Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

  • In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

  • Python 3.13.0b1 is supported.

  • Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Version 7.5.1 — 2024-05-04

... (truncated)

Commits
  • f310d7e docs: sample HTML for 7.5.3
  • a51d52f docs: prep for 7.5.3
  • b666f3a perf: it's faster in all versions if we don't cache tokenize #1791
  • a2b4929 docs: changelog entry for combine performance improvements
  • b9aff50 perf: don't read full line_bits table each time
  • c45ebac perf: cache alias mapping
  • 390cb97 perf: avoid quadratic behavior when combining line coverage
  • d3caf53 docs(build): tweaks to howto
  • 909e887 build: bump version
  • 242adea build: don't claim pre-alpha-1 in classifiers
  • Additional commits viewable in compare view

Updates cssutils from 2.10.2 to 2.11.0

Changelog

Sourced from cssutils's changelog.

v2.11.0

Features

  • Reduced cyclomatic complexity in selector module. (#47)

v2.10.3

Bugfixes

  • Fixed DeprecationWarning with cgi module.
Commits
  • 8fc50e3 Finalize
  • c11b558 Add news fragment.
  • c24ee15 Merge pull request #51 from jaraco/feature/refactor-complexity
  • bde08c8 Remove 'else' clauses; none of the 'if' clauses fall through.
  • cd435f7 Moved productions into the 'New' class (and constants into their own class).
  • 8afae87 Moved append function into 'New' class.
  • 80af16b Move the 'New' object into a dataclass.
  • 4775886 Extract _prepare_tokens
  • cec52e3 Short circuit and reduce indentation.
  • 253fd24 Use contextlib.suppress
  • Additional commits viewable in compare view

Updates domdf-python-tools from 3.8.0.post2 to 3.8.1

Release notes

Sourced from domdf-python-tools's releases.

Version 3.8.1

Automatically copied from PyPI.

Powered by OctoCheese
📝 docs | :octocat: repo | 🙋 issues | 🏪 marketplace

Commits
  • d17cc36 Bump version v3.8.0.post2 -> v3.8.1
  • 094de5f Updated files with 'repo_helper'. (#121)
  • 1836bf8 [repo-helper] Configuration Update (#118)
  • d3d2cde Updated files with 'repo_helper'. (#117)
  • f4b8bff Skip test_repr_deep on newer Pythons where it doesn't error
  • a814f8a Drop natsort-stubs as natsort has type hints itself
  • e075869 Bump Python 3.13 alpha (#116)
  • adce67b [repo-helper] Configuration Update (#115)
  • 8304947 [repo-helper] Configuration Update (#112)
  • 074a5af [repo-helper] Configuration Update (#111)
  • Additional commits viewable in compare view

Updates filelock from 3.13.4 to 3.14.0

Release notes

Sourced from filelock's releases.

3.14.0

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.13.4...3.14.0

Commits

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj
Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj
Commits

Updates keyring from 25.2.0 to 25.2.1

Changelog

Sourced from keyring's changelog.

v25.2.1

Bugfixes

  • Fix typo in CLI creds mode. (#681)
Commits

Updates pkginfo from 1.10.0 to 1.11.0

Updates platformdirs from 4.2.1 to 4.2.2

Release notes

Sourced from platformdirs's releases.

4.2.2

What's Changed

New Contributors

Full Changelog: tox-dev/platformdirs@4.2.1...4.2.2

Commits

Updates pygments from 2.17.2 to 2.18.0

Release notes

Sourced from pygments's releases.

2.18.0

  • New lexers:

  • Updated lexers:

    • Awk: recognize ternary operator (#2687)
    • Bash: add openrc alias (#2599, #2371)
    • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
    • DNS zone files: Fix comment parsing (#2595)
    • Hy: Support unicode literals (#1126)
    • Inform6: Update to Inform 6.42 (#2644)
    • lean: Fix name handling (#2614)
    • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
    • Macaulay2: Update to 1.23 (#2655)
    • Python: fix highlighting of soft keywords before None/True/False
    • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
    • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
    • Spice: Add keywords (#2621)
    • SQL Explain: allow negative numbers (#2610)
    • Swift: Support multiline strings (#2681)
    • ThingsDB: add constants and new functions; support template strings (#2624)
    • UL4: support nested <?doc?> and <?note?> tags (#2597)
    • VHDL: support multi-line comments of VHDL-2008 (#2622)
    • Wikitext: Remove kk-* in variant_langs (#2647)
    • Xtend: Add val and var (#2602)

  • New styles:

  • Make background colors in the image formatter work with Pillow 10.0 (#2623)

  • Require Python 3.8. As a result, the importlib-metadata package is no longer needed for fast plugin discovery on Python 3.7. The plugins extra (used as, e.g., pip install pygments[plugins])

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.18.0

(released May 4th, 2024)

  • New lexers:

  • Updated lexers:

    • Awk: recognize ternary operator (#2687)
    • Bash: add openrc alias (#2599, #2371)
    • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
    • DNS zone files: Fix comment parsing (#2595)
    • Hy: Support unicode literals (#1126)
    • Inform6: Update to Inform 6.42 (#2644)
    • lean: Fix name handling (#2614)
    • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
    • Macaulay2: Update to 1.23 (#2655)
    • Python: fix highlighting of soft keywords before None/True/False
    • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
    • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
    • Spice: Add keywords (#2621)
    • SQL Explain: allow negative numbers (#2610)
    • Swift: Support multiline strings (#2681)
    • ThingsDB: add constants and new functions; support template strings (#2624)
    • UL4: support nested <?doc?> and <?note?> tags (#2597)
    • VHDL: support multi-line comments of VHDL-2008 (#2622)
    • Wikitext: Remove kk-* in variant_langs (#2647)
    • Xtend: Add val and var (#2602)

  • New styles:

  • Make background colors in the image formatter work with Pillow 10.0 (#2623)

... (truncated)

Commits

Updates pytest from 8.2.0 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

  • #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

  • #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
  • #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
  • #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
  • #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

  • #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.
Commits
  • 66ff8df Prepare release version 8.2.1
  • 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
  • 0b28313 [8.2.x] Add Python 3.13 (beta) support
  • f3dd93a [8.2.x] Attest package provenance (#12335)
  • bb5a125 [8.2.x] Spelling (#12331)
  • f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
  • 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
  • 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
  • 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
  • cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
  • Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

@dependabot
build(deps): bump the prod-dependencies group across 1 directory with…
1c2b702 
… 18 updates

Bumps the prod-dependencies group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [babel](https://github.com/python-babel/babel) | `2.14.0` | `2.15.0` |
| [boto3](https://github.com/boto/boto3) | `1.34.93` | `1.34.117` |
| [botocore](https://github.com/boto/botocore) | `1.34.93` | `1.34.117` |
| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.6.2` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.5.0` | `7.5.3` |
| [cssutils](https://github.com/jaraco/cssutils) | `2.10.2` | `2.11.0` |
| [domdf-python-tools](https://github.com/domdfcoding/domdf_python_tools) | `3.8.0.post2` | `3.8.1` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.13.4` | `3.14.0` |
| [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.4` |
| [keyring](https://github.com/jaraco/keyring) | `25.2.0` | `25.2.1` |
| [pkginfo](https://code.launchpad.net/~tseaver/pkginfo/trunk) | `1.10.0` | `1.11.0` |
| [platformdirs](https://github.com/platformdirs/platformdirs) | `4.2.1` | `4.2.2` |
| [pygments](https://github.com/pygments/pygments) | `2.17.2` | `2.18.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.2.0` | `8.2.1` |
| [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.3` |
| [twine](https://github.com/pypa/twine) | `5.0.0` | `5.1.0` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.11.0` | `4.12.1` |
| [zipp](https://github.com/jaraco/zipp) | `3.18.1` | `3.19.1` |



Updates `babel` from 2.14.0 to 2.15.0
- [Release notes](https://github.com/python-babel/babel/releases)
- [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst)
- [Commits](python-babel/babel@v2.14.0...v2.15.0)

Updates `boto3` from 1.34.93 to 1.34.117
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.34.93...1.34.117)

Updates `botocore` from 1.34.93 to 1.34.117
- [Changelog](https://github.com/boto/botocore/blob/develop/CHANGELOG.rst)
- [Commits](boto/botocore@1.34.93...1.34.117)

Updates `certifi` from 2024.2.2 to 2024.6.2
- [Commits](certifi/python-certifi@2024.02.02...2024.06.02)

Updates `coverage` from 7.5.0 to 7.5.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.5.0...7.5.3)

Updates `cssutils` from 2.10.2 to 2.11.0
- [Release notes](https://github.com/jaraco/cssutils/releases)
- [Changelog](https://github.com/jaraco/cssutils/blob/main/NEWS.rst)
- [Commits](jaraco/cssutils@v2.10.2...v2.11.0)

Updates `domdf-python-tools` from 3.8.0.post2 to 3.8.1
- [Release notes](https://github.com/domdfcoding/domdf_python_tools/releases)
- [Commits](domdfcoding/domdf_python_tools@v3.8.0.post2...v3.8.1)

Updates `filelock` from 3.13.4 to 3.14.0
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.13.4...3.14.0)

Updates `jinja2` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.3...3.1.4)

Updates `keyring` from 25.2.0 to 25.2.1
- [Release notes](https://github.com/jaraco/keyring/releases)
- [Changelog](https://github.com/jaraco/keyring/blob/main/NEWS.rst)
- [Commits](jaraco/keyring@v25.2.0...v25.2.1)

Updates `pkginfo` from 1.10.0 to 1.11.0

Updates `platformdirs` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/platformdirs/platformdirs/releases)
- [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst)
- [Commits](tox-dev/platformdirs@4.2.1...4.2.2)

Updates `pygments` from 2.17.2 to 2.18.0
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](pygments/pygments@2.17.2...2.18.0)

Updates `pytest` from 8.2.0 to 8.2.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.2.0...8.2.1)

Updates `requests` from 2.31.0 to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.3)

Updates `twine` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/pypa/twine/releases)
- [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst)
- [Commits](pypa/twine@5.0.0...5.1.0)

Updates `typing-extensions` from 4.11.0 to 4.12.1
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.11.0...4.12.1)

Updates `zipp` from 3.18.1 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.18.1...v3.19.1)

---
updated-dependencies:
- dependency-name: babel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: botocore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: cssutils
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: domdf-python-tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: filelock
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: jinja2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: keyring
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: pkginfo
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: platformdirs
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: pygments
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: twine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: typing-extensions
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: zipp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 10, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 10, 2024
@dependabot dependabot bot deleted the dependabot/pip/prod-dependencies-62b1239350 branch June 10, 2024 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants