Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependencies group across 1 directory with 7 updates #224

Closed
wants to merge 1 commit into from
Closed

Bump the dependencies group across 1 directory with 7 updates #224

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 3, 2025
edited
Loading

Bumps the dependencies group with 7 updates in the / directory:

Package From To
authlib 1.3.2 1.4.1
certifi 2024.12.14 2025.1.31
black 24.10.0 25.1.0
zizmor 1.0.0 1.3.0
charset-normalizer 3.4.0 3.4.1
click 8.1.7 8.1.8
urllib3 2.2.3 2.3.0

Updates authlib from 1.3.2 to 1.4.1

Release notes

Sourced from authlib's releases.

Version 1.4.1

  • Improve garbage collection on OAuth clients. #698
  • Fix client parameters for httpx. #694

Version 1.4.0

Bugfixes

  • Fix id_token decoding when kid is null. #659
  • Support for Python 3.13. #682
  • Force login if the prompt parameter value is login. #637
  • Support for httpx 0.28. #695

Breaking changes

  • Stop support for Python 3.8. #682
Changelog

Sourced from authlib's changelog.

Version 1.4.1

Released on Jan 28, 2025

  • Improve garbage collection on OAuth clients. :issue:698
  • Fix client parameters for httpx. :issue:694

Version 1.4.0

Released on Dec 20, 2024

  • Fix id_token decoding when kid is null. :pr:659
  • Support for Python 3.13. :pr:682
  • Force login if the prompt parameter value is login. :pr:637
  • Support for httpx 0.28, :pr:695

Breaking changes:

  • Stop support for Python 3.8. :pr:682
Commits
  • 0e8f480 chore: release 1.4.1
  • c46e939 fix(client): improve garbage collection for oauth clients
  • 9188e21 fix(httpx): remove compact code for httpx
  • c7e2d9f fix(httpx): update test cases for httpx
  • ce1405d fix: improve garbage collection via #698
  • 532cce6 fix: update httpx client kwargs #694
  • fe12a57 chore: update readme
  • eb34edf chore: release 1.4.0
  • bc55003 Merge pull request #695 from MeggyCal/master
  • 1d10ff3 Support httpx 0.28
  • Additional commits viewable in compare view

Updates certifi from 2024.12.14 to 2025.1.31

Commits

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

  • Normalize casing of Unicode escape characters in strings to lowercase (#2916)
  • Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
  • Consistently add trailing commas to typed function parameters (#4164)
  • Remove redundant parentheses in if guards for case blocks (#4214)
  • Add parentheses to if clauses in case blocks when the line is too long (#4269)
  • Whitespace before # fmt: skip comments is no longer normalized (#4146)
  • Fix line length computation for certain expressions that involve the power operator (#4154)
  • Check if there is a newline before the terminating quotes of a docstring (#4185)
  • Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

  • Remove parentheses around sole list items (#4312)
  • Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

  • Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
  • Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

  • Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
  • Collapse multiple empty lines after an import into one (#4489)
  • Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
  • Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

  • Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

  • Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

  • If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

  • Normalize casing of Unicode escape characters in strings to lowercase (#2916)
  • Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
  • Consistently add trailing commas to typed function parameters (#4164)
  • Remove redundant parentheses in if guards for case blocks (#4214)
  • Add parentheses to if clauses in case blocks when the line is too long (#4269)
  • Whitespace before # fmt: skip comments is no longer normalized (#4146)
  • Fix line length computation for certain expressions that involve the power operator (#4154)
  • Check if there is a newline before the terminating quotes of a docstring (#4185)
  • Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

  • Remove parentheses around sole list items (#4312)
  • Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

  • Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
  • Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

  • Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
  • Collapse multiple empty lines after an import into one (#4489)
  • Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
  • Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

  • Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

  • Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

Updates zizmor from 1.0.0 to 1.3.0

Release notes

Sourced from zizmor's releases.

v1.3.0

This release comes with one new audit (overprovisioned-secrets), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with a special easter egg for those who wish to kvell about their audit results.

New Features 🌈🔗

  • New audit: overprovisioned-secrets detects uses of the secrets context that result in excessive secret provisioning (#485)
  • Added a special naches mode for when you're feeling particularly proud of your audit results (#490)

Improvements 🌱🔗

  • zizmor produces slightly more informative error messages when given an invalid input file (#482)
  • Case insensitivity in contexts is now handeled more consistently and pervasively (#491)

Bug Fixes 🐛🔗

  • Fixed a bug where zizmor would fail to discover actions within subdirectories of .github/workflows (#477)
  • Fixed a bug where zizmor would fail to parse composite action definitions with no name field (#487)

v1.2.2

Bug Fixes 🐛🔗

Improvements 🌱🔗

  • Fetch failures when running zizmor org/repo are now more informative (#475)

v1.2.1

This is a small corrective release for some SARIF behavior that changed with v1.2.0.

Bug Fixes 🐛🔗

  • SARIF outputs now use relative paths again, but more correctly than before v1.2.0 (#469)

v1.2.0

This release comes with one new audit (bot-conditions), plus a handful of bugfixes and analysis improvements to existing audits.

One bugfix in this release is also a slight behavior change: zizmor now emits SARIF outputs with absolute paths. This should not affect most users, but may make it slightly harder to share SARIF outputs between machines without fully reproducing exact file paths. If this affects you, please let us know!

New Features 🌈🔗

  • New audit: bot-conditions detects spoofable uses of github.actor within dangerous triggers (#460)

Improvements 🌱🔗

  • The unpinned-uses audit no longer flags local reusable workflows or actions as unpinned/unhashed (#439)
  • The excessive-permissions audit has been refactored, and better captures both true positive and true negative cases (#441)
  • The SARIF output mode (--format=sarif) now always returns absolute paths in its location information, rather than attempting to infer a (sometimes incorrect) repository-relative path (#453)
  • zizmor now provides manylinux wheel builds for aarch64 (#457)

... (truncated)

Changelog

Sourced from zizmor's changelog.

v1.3.0

This release comes with one new audit ([overprovisioned-secrets]), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with a special easter egg for those who wish to kvell about their audit results.

New Features 🌈

  • New audit: [overprovisioned-secrets] detects uses of the secrets context that result in excessive secret provisioning (#485)
  • Added a special naches mode for when you're feeling particularly proud of your audit results (#490)

Improvements 🌱

  • zizmor produces slightly more informative error messages when given an invalid input file (#482)
  • Case insensitivity in contexts is now handeled more consistently and pervasively (#491)

Bug Fixes 🐛

  • Fixed a bug where zizmor would fail to discover actions within subdirectories of .github/workflows (#477)
  • Fixed a bug where zizmor would fail to parse composite action definitions with no name field (#487)

v1.2.2

Bug Fixes 🐛

  • The [excessive-permissions] audit is now more precise about both reusable workflows and reusable workflow calls (#473)

Improvements 🌱

  • Fetch failures when running zizmor org/repo are now more informative (#475)

v1.2.1

This is a small corrective release for some SARIF behavior that changed with v1.2.0.

Bug Fixes 🐛

  • SARIF outputs now use relative paths again, but more correctly than before v1.2.0 (#469)

v1.2.0

... (truncated)

Commits

Updates charset-normalizer from 3.4.0 to 3.4.1

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] Using Requests today is the rough equivalent of using EOL Windows 8! We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.

It leverages charset-normalizer in a better way! Check it out, you will gain up to being 3X faster and get a real/respectable support with it.

3.4.1 (2024-12-24)

Changed

  • Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
  • Enforce annotation delayed loading for a simpler and consistent types in the project.
  • Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

  • pre-commit configuration.
  • noxfile.

Removed

  • build-requirements.txt as per using pyproject.toml native build configuration.
  • bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
  • setup.cfg in favor of pyproject.toml metadata configuration.
  • Unused utils.range_scan function.

Fixed

  • Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
  • Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+
Changelog

Sourced from charset-normalizer's changelog.

3.4.1 (2024-12-24)

Changed

  • Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
  • Enforce annotation delayed loading for a simpler and consistent types in the project.
  • Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

  • pre-commit configuration.
  • noxfile.

Removed

  • build-requirements.txt as per using pyproject.toml native build configuration.
  • bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
  • setup.cfg in favor of pyproject.toml metadata configuration.
  • Unused utils.range_scan function.

Fixed

  • Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
  • Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+
Commits
  • ffdf7f5 🔧 fix long description content-type inferred as rst instead of md
  • c7197b7 📝 fix changelog entries (#582)
  • c390e1f Merge pull request #581 from jawah/refresh-part-2
  • f9d6b8c 🔒 add CODEOWNERS
  • 7ce1ef1 🔧 use ubuntu-22.04 for cibuildwheel in continuous deployment workflow
  • deed205 🔧 update LICENSE copyright
  • f11f571 🔧 include noxfile in sdist
  • 1ec7c06 🔧 update changelog
  • 14b4649 🐛 output(...) replace declarative mark using non iana compliant encoding ...
  • 1b06bc0 Merge branch 'refresh-part-2' of github.com:jawah/charset_normalizer into ref...
  • Additional commits viewable in compare view

Updates click from 8.1.7 to 8.1.8

Release notes

Sourced from click's releases.

8.1.8

This is the Click 8.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.1.8/ Changes: https://click.palletsprojects.com/en/stable/changes/#version-8-1-8 Milestone https://github.com/pallets/click/milestones/23?closed=1

  • Fix an issue with type hints for click.open_file(). #2717
  • Fix issue where error message for invalid click.Path displays on multiple lines. #2697
  • Fixed issue that prevented a default value of "" from being displayed in the help for an option. #2500
  • The test runner handles stripping color consistently on Windows. #2705
  • Show correct value for flag default when using default_map. #2632
  • Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. #2606.
  • More robust bash version check, fixing problem on Windows with git-bash. #2638
  • Cache the help option generated by the help_option_names setting to respect its eagerness. #2811
  • Replace uses of os.system with subprocess.Popen. #1476
  • Exceptions generated during a command will use the context's color setting when being displayed. #2193
  • Error message when defining option with invalid name is more descriptive. #2452
  • Refactor code generating default --help option to deduplicate code. #2563
  • Test CLIRunner resets patched _compat.should_strip_ansi. #2732
Changelog

Sourced from click's changelog.

Version 8.1.8

Unreleased

  • Fix an issue with type hints for click.open_file(). :issue:2717
  • Fix issue where error message for invalid click.Path displays on multiple lines. :issue:2697
  • Fixed issue that prevented a default value of "" from being displayed in the help for an option. :issue:2500
  • The test runner handles stripping color consistently on Windows. :issue:2705
  • Show correct value for flag default when using default_map. :issue:2632
  • Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. :issue:2606.
Commits

Updates urllib3 from 2.2.3 to 2.3.0

Release notes

Sourced from urllib3's releases.

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
  • Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

Full Changelog: urllib3/urllib3@2.2.3...2.3.0

Changelog

Sourced from urllib3's changelog.

2.3.0 (2024-12-22)

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
  • Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

  • Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group across 1 directory with 7 updates
9e5d3bf 
Bumps the dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [authlib](https://github.com/lepture/authlib) | `1.3.2` | `1.4.1` |
| [certifi](https://github.com/certifi/python-certifi) | `2024.12.14` | `2025.1.31` |
| [black](https://github.com/psf/black) | `24.10.0` | `25.1.0` |
| [zizmor](https://github.com/woodruffw/zizmor) | `1.0.0` | `1.3.0` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.0` | `3.4.1` |
| [click](https://github.com/pallets/click) | `8.1.7` | `8.1.8` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.3.0` |



Updates `authlib` from 1.3.2 to 1.4.1
- [Release notes](https://github.com/lepture/authlib/releases)
- [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst)
- [Commits](lepture/authlib@v1.3.2...v1.4.1)

Updates `certifi` from 2024.12.14 to 2025.1.31
- [Commits](certifi/python-certifi@2024.12.14...2025.01.31)

Updates `black` from 24.10.0 to 25.1.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.10.0...25.1.0)

Updates `zizmor` from 1.0.0 to 1.3.0
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](woodruffw/zizmor@v1.0.0...v1.3.0)

Updates `charset-normalizer` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.0...3.4.1)

Updates `click` from 8.1.7 to 8.1.8
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.1.7...8.1.8)

Updates `urllib3` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.3...2.3.0)

---
updated-dependencies:
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: zizmor
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: charset-normalizer
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: click
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: urllib3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 3, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 10, 2025

Superseded by #225.

@dependabot dependabot bot closed this Feb 10, 2025
@dependabot dependabot bot deleted the dependabot/pip/dependencies-d059e65d7c branch February 10, 2025 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants