Bump the pip group across 1 directory with 10 updates #1

dependabot · 2024-08-21T20:42:37Z

Bumps the pip group with 9 updates in the / directory:

Package	From	To
jinja2	`3.0.3`	`3.1.4`
cryptography	`36.0.1`	`42.0.4`
lxml	`4.8.0`	`4.9.1`
sentry-sdk	`1.5.11`	`2.8.0`
pyjwt	`2.3.0`	`2.4.0`
idna	`3.3`	`3.7`
gitpython	`3.1.27`	`3.1.41`
certifi	`2021.10.8`	`2024.7.4`
tqdm	`4.63.0`	`4.66.3`

Updates jinja2 from 3.0.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

3.1.2

This is a fix release for the 3.1.0 feature release.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2

Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

3.1.1

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1

Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0

Milestone: https://github.com/pallets/jinja/milestone/8?closed=1

MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

Add parameters to Environment.overlay to match __init__. :issue:1645

Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

Drop support for Python 3.6. :pr:1534

Remove previously deprecated code. :pr:1544

... (truncated)

Commits

dd4a8b5 release version 3.1.4
0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
d655030 disallow invalid characters in keys to xmlattr filter
a7863ba add ghsa links
b5c98e7 start version 3.1.4
da3a9f0 update project files (#1968)
0ee5eb4 satisfy formatter, linter, and strict mypy
20477c6 update project files (#5457)
e491223 update pyyaml dev dependency
36f9885 fix pr link
Additional commits viewable in compare view

Updates cryptography from 36.0.1 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the definitions in :rfc:`2633` :rfc:`3370`. .. _v42-0-3:

42.0.3 - 2024-02-15

Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. .. _v42-0-1:

42.0.1 - 2024-01-24

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
Additional commits viewable in compare view

Updates lxml from 4.8.0 to 4.9.1

Changelog

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

Commits

d01872c Prevent parse failure in new test from leaking into later test runs.
d65e632 Prepare release of lxml 4.9.1.
86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
50c2764 Delete unused Travis CI config and reference in docs (GH-345)
8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
b9f7074 Remove debug print from test.
b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
853c9e9 Prepare release of 4.9.0.
d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
Additional commits viewable in compare view

Updates sentry-sdk from 1.5.11 to 2.8.0

Release notes

Sourced from sentry-sdk's releases.

2.8.0

Various fixes & improvements

profiler_id uses underscore (#3249) by @Zylphrex

Don't send full env to subprocess (#3251) by @kmichel-aiven

Stop using Hub in HttpTransport (#3247) by @szokeasaurusrex

Remove ipdb from test requirements (#3237) by @rominf

Avoid propagation of empty baggage (#2968) by @hartungstenio

Add entry point for SentryPropagator (#3086) by @mender

Bump checkouts/data-schemas from 8c13457 to 88273a9 (#3225) by @dependabot

2.7.1

Various fixes & improvements

fix(otel): Fix missing baggage (#3218) by @sentrivana

This is the config file of asdf-vm which we do not use. (#3215) by @antonpirker

Added option to disable middleware spans in Starlette (#3052) by @antonpirker

build: Update tornado version in setup.py to match code check. (#3206) by @aclemons

2.7.0

Add origin to spans and transactions (#3133) by @antonpirker

OTel: Set up typing for OTel (#3168) by @sentrivana

OTel: Auto instrumentation skeleton (#3143) by @sentrivana

OpenAI: If there is an internal error, still return a value (#3192) by @colin-sentry

MongoDB: Add MongoDB collection span tag (#3182) by @0Calories

MongoDB: Change span operation from db.query to db (#3186) by @0Calories

MongoDB: Remove redundant command name in query description (#3189) by @0Calories

Apache Spark: Fix spark driver integration (#3162) by @seyoon-lim

Apache Spark: Add Spark test suite to tox.ini and to CI (#3199) by @sentrivana

Codecov: Add failed test commits in PRs (#3190) by @antonpirker

Update library, Python versions in tests (#3202) by @sentrivana

Remove Hub from our test suite (#3197) by @antonpirker

Use env vars for default CA cert bundle location (#3160) by @DragoonAethis

Create a separate test group for AI (#3198) by @sentrivana

Add additional stub packages for type checking (#3122) by @Daverball

Proper naming of requirements files (#3191) by @antonpirker

Pinning pip because new version does not work with some versions of Celery and Httpx (#3195) by @antonpirker

build(deps): bump supercharge/redis-github-action from 1.7.0 to 1.8.0 (#3193) by @dependabot

build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#3171) by @dependabot

build(deps): update pytest-asyncio requirement (#3087) by @dependabot

2.6.0

Introduce continuous profiling mode (#2830) by @Zylphrex

Profiling: Add deprecation comment for profiler internals (#3167) by @sentrivana

Profiling: Move thread data to trace context (#3157) by @Zylphrex

Explicitly export cron symbols for typecheckers (#3072) by @spladug

Cleaning up ASGI tests for Django (#3180) by @antonpirker

Celery: Add Celery receive latency (#3174) by @antonpirker

Metrics: Update type hints for tag values (#3156) by @elramen

Django: Fix psycopg3 reconnect error (#3111) by @szokeasaurusrex

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.8.0

Various fixes & improvements

profiler_id uses underscore (#3249) by @Zylphrex

Don't send full env to subprocess (#3251) by @kmichel-aiven

Stop using Hub in HttpTransport (#3247) by @szokeasaurusrex

Remove ipdb from test requirements (#3237) by @rominf

Avoid propagation of empty baggage (#2968) by @hartungstenio

Add entry point for SentryPropagator (#3086) by @mender

Bump checkouts/data-schemas from 8c13457 to 88273a9 (#3225) by @dependabot

2.7.1

Various fixes & improvements

fix(otel): Fix missing baggage (#3218) by @sentrivana

This is the config file of asdf-vm which we do not use. (#3215) by @antonpirker

Added option to disable middleware spans in Starlette (#3052) by @antonpirker

build: Update tornado version in setup.py to match code check. (#3206) by @aclemons

2.7.0

Add origin to spans and transactions (#3133) by @antonpirker

OTel: Set up typing for OTel (#3168) by @sentrivana

OTel: Auto instrumentation skeleton (#3143) by @sentrivana

OpenAI: If there is an internal error, still return a value (#3192) by @colin-sentry

MongoDB: Add MongoDB collection span tag (#3182) by @0Calories

MongoDB: Change span operation from db.query to db (#3186) by @0Calories

MongoDB: Remove redundant command name in query description (#3189) by @0Calories

Apache Spark: Fix spark driver integration (#3162) by @seyoon-lim

Apache Spark: Add Spark test suite to tox.ini and to CI (#3199) by @sentrivana

Codecov: Add failed test commits in PRs (#3190) by @antonpirker

Update library, Python versions in tests (#3202) by @sentrivana

Remove Hub from our test suite (#3197) by @antonpirker

Use env vars for default CA cert bundle location (#3160) by @DragoonAethis

Create a separate test group for AI (#3198) by @sentrivana

Add additional stub packages for type checking (#3122) by @Daverball

Proper naming of requirements files (#3191) by @antonpirker

Pinning pip because new version does not work with some versions of Celery and Httpx (#3195) by @antonpirker

build(deps): bump supercharge/redis-github-action from 1.7.0 to 1.8.0 (#3193) by @dependabot

build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#3171) by @dependabot

build(deps): update pytest-asyncio requirement (#3087) by @dependabot

2.6.0

Introduce continuous profiling mode (#2830) by @Zylphrex

Profiling: Add deprecation comment for profiler internals (#3167) by @sentrivana

Profiling: Move thread data to trace context (#3157) by @Zylphrex

Explicitly export cron symbols for typecheckers (#3072) by @spladug

... (truncated)

Commits

6f4685e Update CHANGELOG.md
7e6998e release: 2.8.0
32335dd fix(profiling): profiler_id uses underscore (#3249)
763e40a fix(integrations): don't send full env to subprocess (#3251)
31efa62 ref(transport): Stop using Hub in HttpTransport (#3247)
defb448 build: Remove ipdb from test requirements (#3237)
407f651 feat(opentelemetry): Add entry point for SentryPropagator (#3086)
eab218c build(deps): bump checkouts/data-schemas from 8c13457 to 88273a9 (#3225)
5782560 fix(opentelemetry): avoid propagation of empty baggage (#2968)
6701616 Merge branch 'release/2.7.1'
Additional commits viewable in compare view

Updates pyjwt from 2.3.0 to 2.4.0

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24

What's Changed

Add support for Python 3.10 by @hugovk in jpadilla/pyjwt#699

Don't use implicit optionals by @rekyungmin in jpadilla/pyjwt#705

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#708

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#710

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#711

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#712

documentation fix: show correct scope for decode_complete() by @sseering in jpadilla/pyjwt#661

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#716

Explicit check the key for ECAlgorithm by @estin in jpadilla/pyjwt#713

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#720

api_jwk: Add PyJWKSet.getitem by @woodruffw in jpadilla/pyjwt#725

Update usage.rst by @guneybilen in jpadilla/pyjwt#727

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#728

fix: Update copyright information by @kkirsche in jpadilla/pyjwt#729

Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in jpadilla/pyjwt#734

Fixed typo in usage.rst by @israelabraham in jpadilla/pyjwt#738

Add detached payload support for JWS encoding and decoding by @fviard in jpadilla/pyjwt#723

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#740

Raise DeprecationWarning for jwt.decode(verify=...) by @akx in jpadilla/pyjwt#742

Don't mutate options dictionary in .decode_complete() by @akx in jpadilla/pyjwt#743

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#748

Replace various string interpolations with f-strings by @akx in jpadilla/pyjwt#744

Update CHANGELOG.rst by @hipertracker in jpadilla/pyjwt#751

New Contributors

@hugovk made their first contribution in jpadilla/pyjwt#699

@rekyungmin made their first contribution in jpadilla/pyjwt#705

@sseering made their first contribution in jpadilla/pyjwt#661

@estin made their first contribution in jpadilla/pyjwt#713

@woodruffw made their first contribution in jpadilla/pyjwt#725

@guneybilen made their first contribution in jpadilla/pyjwt#727

@dmahr1 made their first contribution in jpadilla/pyjwt#734

@israelabraham made their first contribution in jpadilla/pyjwt#738

@fviard made their first contribution in jpadilla/pyjwt#723

@akx made their first contribution in jpadilla/pyjwt#742

@hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: jpadilla/pyjwt@2.3.0...2.4.0

Changelog

Sourced from pyjwt's changelog.

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added


Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

</code></pre>

</blockquote>

</details>

<details>

<summary>Commits</summary>

<ul>

<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653&quot;&gt;&lt;code&gt;83ff831&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9&quot;&gt;&lt;code&gt;4c1ce8f&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea&quot;&gt;&lt;code&gt;96f3f02&lt;/code&gt;&lt;/a> fix: failing advisory test</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc&quot;&gt;&lt;code&gt;9c52867&lt;/code&gt;&lt;/a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc&quot;&gt;&lt;code&gt;24b29ad&lt;/code&gt;&lt;/a> Update CHANGELOG.rst (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/751&quot;&gt;#751&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f&quot;&gt;&lt;code&gt;31f5acb&lt;/code&gt;&lt;/a> Replace various string interpolations with f-strings (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/744&quot;&gt;#744&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda&quot;&gt;&lt;code&gt;5581a31&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/748&quot;&gt;#748&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6&quot;&gt;&lt;code&gt;3d4d822&lt;/code&gt;&lt;/a> Don't mutate options dictionary in .decode_complete() (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/743&quot;&gt;#743&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613&quot;&gt;&lt;code&gt;1f1fe15&lt;/code&gt;&lt;/a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e&quot;&gt;&lt;code&gt;35fa28e&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/740&quot;&gt;#740&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates idna from 3.3 to 3.7

Release notes
Sourced from idna's releases.

v3.7
What's Changed

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.
Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7



Changelog
Sourced from idna's changelog.

3.7 (2024-04-11)
++++++++++++++++

Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
++++++++++++++++

Fix regression to include tests in source distribution.

3.5 (2023-11-24)
++++++++++++++++

Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.
3.4 (2022-09-14)
++++++++++++++++

Update to Unicode 15.0.0
Migrate to pyproject.toml for build information (PEP 621)
Correct another instance where generic exception was raised instead of
IDNAError for malformed input
Source distribution uses zeroized file ownership for improved
reproducibility

Thanks to Seth Michael Larson for contributions to this release.



Commits

1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view




Updates gitpython from 3.1.27 to 3.1.41

Release notes
Sourced from gitpython's releases.

3.1.41 - fix Windows security issue
The details about the Windows security issue can be found in this advisory.
Special thanks go to @EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.
What's Changed

Add __all__ in git.exc by @EliahKagan in gitpython-developers/GitPython#1719
Set submodule update cadence to weekly by @EliahKagan in gitpython-developers/GitPython#1721
Never modify sys.path by @EliahKagan in gitpython-developers/GitPython#1720
Bump git/ext/gitdb from 8ec2390 to ec58b7e by @dependabot in gitpython-developers/GitPython#1722
Revise comments, docstrings, some messages, and a bit of code by @EliahKagan in gitpython-developers/GitPython#1725
Use zero-argument super() by @EliahKagan in gitpython-developers/GitPython#1726
Remove obsolete note in _iter_packed_refs by @EliahKagan in gitpython-developers/GitPython#1727
Reorganize test_util and make xfail marks precise by @EliahKagan in gitpython-developers/GitPython#1729
Clarify license and make module top comments more consistent by @EliahKagan in gitpython-developers/GitPython#1730
Deprecate compat.is_, rewriting all uses by @EliahKagan in gitpython-developers/GitPython#1732
Revise and restore some module docstrings by @EliahKagan in gitpython-developers/GitPython#1735
Make the rmtree callback Windows-only by @EliahKagan in gitpython-developers/GitPython#1739
List all non-passing tests in test summaries by @EliahKagan in gitpython-developers/GitPython#1740
Document some minor subtleties in test_util.py by @EliahKagan in gitpython-developers/GitPython#1749
Always read metadata files as UTF-8 in setup.py by @EliahKagan in gitpython-developers/GitPython#1748
Test native Windows on CI by @EliahKagan in gitpython-developers/GitPython#1745
Test macOS on CI by @EliahKagan in gitpython-developers/GitPython#1752
Let close_fds be True on all platforms by @EliahKagan in gitpython-developers/GitPython#1753
Fix IndexFile.from_tree on Windows by @EliahKagan in gitpython-developers/GitPython#1751
Remove unused TASKKILL fallback in AutoInterrupt by @EliahKagan in gitpython-developers/GitPython#1754
Don't return with operand when conceptually void by @EliahKagan in gitpython-developers/GitPython#1755
Group .gitignore entries by purpose by @EliahKagan in gitpython-developers/GitPython#1758
Adding dubious ownership handling by @marioaag in gitpython-developers/GitPython#1746
Avoid brittle assumptions about preexisting temporary files in tests by @EliahKagan in gitpython-developers/GitPython#1759
Overhaul noqa directives by @EliahKagan in gitpython-developers/GitPython#1760
Clarify some Git.execute kill_after_timeout limitations by @EliahKagan in gitpython-developers/GitPython#1761
Bump actions/setup-python from 4 to 5 by @dependabot in gitpython-developers/GitPython#1763
Don't install black on Cygwin by @EliahKagan in gitpython-developers/GitPython#1766
Extract all "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1765
Extract remaining local "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1768
Replace xfail with gc.collect in TestSubmodule.test_rename by @EliahKagan in gitpython-developers/GitPython#1767
Enable CodeQL by @EliahKagan in gitpython-developers/GitPython#1769
Replace some uses of the deprecated mktemp function by @EliahKagan in gitpython-developers/GitPython#1770
Bump github/codeql-action from 2 to 3 by @dependabot in gitpython-developers/GitPython#1773
Run some Windows environment variable tests only on Windows by @EliahKagan in gitpython-developers/GitPython#1774
Fix TemporaryFileSwap regression where file_path could not be Path by @EliahKagan in gitpython-developers/GitPython#1776
Improve hooks tests by @EliahKagan in gitpython-developers/GitPython#1777
Fix if items of Index is of type PathLike by @stegm in gitpython-developers/GitPython#1778
Better document IterableObj.iter_items and improve some subclasses by @EliahKagan in gitpython-developers/GitPython#1780
Revert "Don't install black on Cygwin" by @EliahKagan in gitpython-developers/GitPython#1783
Add missing pip in $PATH on Cygwin CI by @EliahKagan in gitpython-developers/GitPython#1784
Shorten Iterable docstrings and put IterableObj first by @EliahKagan in gitpython-developers/GitPython#1785
Fix incompletely revised Iterable/IterableObj docstrings by @EliahKagan in gitpython-developers/GitPython#1786
Pre-deprecate setting Git.USE_SHELL by @EliahKagan in gitpython-developers/GitPython#1782



... (truncated)


Commits

f288738 bump patch level
ef3192c Merge pull request #1792 from EliahKagan/popen
1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
3eb7c2a Move safer_popen from git.util to git.cmd

Bumps the pip group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [jinja2](https://github.com/pallets/jinja) | `3.0.3` | `3.1.4` | | [cryptography](https://github.com/pyca/cryptography) | `36.0.1` | `42.0.4` | | [lxml](https://github.com/lxml/lxml) | `4.8.0` | `4.9.1` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `1.5.11` | `2.8.0` | | [pyjwt](https://github.com/jpadilla/pyjwt) | `2.3.0` | `2.4.0` | | [idna](https://github.com/kjd/idna) | `3.3` | `3.7` | | [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.27` | `3.1.41` | | [certifi](https://github.com/certifi/python-certifi) | `2021.10.8` | `2024.7.4` | | [tqdm](https://github.com/tqdm/tqdm) | `4.63.0` | `4.66.3` | Updates `jinja2` from 3.0.3 to 3.1.4 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.0.3...3.1.4) Updates `cryptography` from 36.0.1 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@36.0.1...42.0.4) Updates `lxml` from 4.8.0 to 4.9.1 - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.8.0...lxml-4.9.1) Updates `sentry-sdk` from 1.5.11 to 2.8.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@1.5.11...2.8.0) Updates `pyjwt` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.3.0...2.4.0) Updates `idna` from 3.3 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.3...v3.7) Updates `gitpython` from 3.1.27 to 3.1.41 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.27...3.1.41) Updates `certifi` from 2021.10.8 to 2024.7.4 - [Commits](certifi/python-certifi@2021.10.08...2024.07.04) Updates `tqdm` from 4.63.0 to 4.66.3 - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](tqdm/tqdm@v4.63.0...v4.66.3) Updates `urllib3` from 1.26.8 to 1.26.19 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.8...1.26.19) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-type: direct:production dependency-group: pip - dependency-name: lxml dependency-type: direct:production dependency-group: pip - dependency-name: sentry-sdk dependency-type: direct:production dependency-group: pip - dependency-name: pyjwt dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-type: direct:production dependency-group: pip - dependency-name: gitpython dependency-type: direct:development dependency-group: pip - dependency-name: certifi dependency-type: indirect dependency-group: pip - dependency-name: tqdm dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directory with 10 updates #1

Bump the pip group across 1 directory with 10 updates #1

dependabot bot commented on behalf of github Aug 21, 2024

v3.7

What's Changed

3.1.41 - fix Windows security issue

What's Changed

Bump the pip group across 1 directory with 10 updates #1

Are you sure you want to change the base?

Bump the pip group across 1 directory with 10 updates #1

Conversation

dependabot bot commented on behalf of github Aug 21, 2024

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

Version 3.1.4

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

4.9.1 (2022-07-01)

Bugs fixed

4.9.0 (2022-06-01)

Bugs fixed

Other changes

2.8.0

Various fixes & improvements

2.7.1

Various fixes & improvements

2.7.0

2.6.0

2.8.0

Various fixes & improvements

2.7.1

Various fixes & improvements

2.7.0

2.6.0

2.4.0

Security

What's Changed

New Contributors

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

v3.7

What's Changed

3.1.41 - fix Windows security issue

What's Changed

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__