Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependencies group across 1 directory with 5 updates #216

Closed
wants to merge 1 commit into from
Closed

Bump the dependencies group across 1 directory with 5 updates #216

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 9, 2025
edited
Loading

Bumps the dependencies group with 5 updates in the / directory:

Package From To
authlib 1.3.2 1.4.0
zizmor 1.0.0 1.0.1
charset-normalizer 3.4.0 3.4.1
click 8.1.7 8.1.8
urllib3 2.2.3 2.3.0

Updates authlib from 1.3.2 to 1.4.0

Changelog

Sourced from authlib's changelog.

Version 1.4.0

Released on Dec 20, 2024

  • Fix id_token decoding when kid is null. :pr:659
  • Support for Python 3.13. :pr:682
  • Force login if the prompt parameter value is login. :pr:637
  • Support for httpx 0.28, :pr:695

Breaking changes:

  • Stop support for Python 3.8. :pr:682
Commits
  • eb34edf chore: release 1.4.0
  • bc55003 Merge pull request #695 from MeggyCal/master
  • 1d10ff3 Support httpx 0.28
  • 27fb1fd docs: remove starlette.config.Config from docs via #612
  • 5a0ca3c Updated notes on using a cache instance when initializing OAuth. (#693)
  • fbdbbd6 Merge pull request #691 from iSOLveIT/master
  • d36dc38 Fixed typos and grammatical errors in the flask_client docs.
  • 639ca66 doc: changelog for contributions since version 1.3.2
  • 858f7d9 Merge pull request #637 from frankie567/fix/oidc-guess-prompt
  • 1cba980 doc: improve RFC9068 examples in documentation
  • Additional commits viewable in compare view

Updates zizmor from 1.0.0 to 1.0.1

Release notes

Sourced from zizmor's releases.

v1.0.1

This is a small quality and bugfix release. Thank you to everybody who helped by reporting and shaking out bugs from our first stable release!

Improved

  • The github-env audit now detects dangerous writes to GITHUB_PATH, is more precise, and can produce multiple findings per run block (#391)

Fixed

  • workflow_call.secrets keys with missing values are now parsed correctly (#388)
  • The cache-poisoning audit no longer incorrectly treats docker/build-push-action as a publishing workflow is push: false is explicitly set (#389)
  • The template-injection audit no longer considers github.action_path to be a potentially dangerous expansion (#402)
  • The github-env audit no longer skips run: steps with non-trivial shell: stanzas (#403)
Changelog

Sourced from zizmor's changelog.

v1.0.1

This is a small quality and bugfix release. Thank you to everybody who helped by reporting and shaking out bugs from our first stable release!

Improved

  • The [github-env] audit now detects dangerous writes to GITHUB_PATH, is more precise, and can produce multiple findings per run block (#391)

Fixed

  • workflow_call.secrets keys with missing values are now parsed correctly (#388)
  • The [cache-poisoning] audit no longer incorrectly treats docker/build-push-action as a publishing workflow is push: false is explicitly set (#389)
  • The [template-injection] audit no longer considers github.action_path to be a potentially dangerous expansion (#402)
  • The [github-env] audit no longer skips run: steps with non-trivial shell: stanzas (#403)
Commits

Updates charset-normalizer from 3.4.0 to 3.4.1

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] Using Requests today is the rough equivalent of using EOL Windows 8! We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.

It leverages charset-normalizer in a better way! Check it out, you will gain up to being 3X faster and get a real/respectable support with it.

3.4.1 (2024-12-24)

Changed

  • Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
  • Enforce annotation delayed loading for a simpler and consistent types in the project.
  • Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

  • pre-commit configuration.
  • noxfile.

Removed

  • build-requirements.txt as per using pyproject.toml native build configuration.
  • bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
  • setup.cfg in favor of pyproject.toml metadata configuration.
  • Unused utils.range_scan function.

Fixed

  • Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
  • Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+
Changelog

Sourced from charset-normalizer's changelog.

3.4.1 (2024-12-24)

Changed

  • Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
  • Enforce annotation delayed loading for a simpler and consistent types in the project.
  • Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

  • pre-commit configuration.
  • noxfile.

Removed

  • build-requirements.txt as per using pyproject.toml native build configuration.
  • bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
  • setup.cfg in favor of pyproject.toml metadata configuration.
  • Unused utils.range_scan function.

Fixed

  • Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
  • Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+
Commits
  • ffdf7f5 🔧 fix long description content-type inferred as rst instead of md
  • c7197b7 📝 fix changelog entries (#582)
  • c390e1f Merge pull request #581 from jawah/refresh-part-2
  • f9d6b8c 🔒 add CODEOWNERS
  • 7ce1ef1 🔧 use ubuntu-22.04 for cibuildwheel in continuous deployment workflow
  • deed205 🔧 update LICENSE copyright
  • f11f571 🔧 include noxfile in sdist
  • 1ec7c06 🔧 update changelog
  • 14b4649 🐛 output(...) replace declarative mark using non iana compliant encoding ...
  • 1b06bc0 Merge branch 'refresh-part-2' of github.com:jawah/charset_normalizer into ref...
  • Additional commits viewable in compare view

Updates click from 8.1.7 to 8.1.8

Release notes

Sourced from click's releases.

8.1.8

This is the Click 8.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.1.8/ Changes: https://click.palletsprojects.com/en/stable/changes/#version-8-1-8 Milestone https://github.com/pallets/click/milestones/23?closed=1

  • Fix an issue with type hints for click.open_file(). #2717
  • Fix issue where error message for invalid click.Path displays on multiple lines. #2697
  • Fixed issue that prevented a default value of "" from being displayed in the help for an option. #2500
  • The test runner handles stripping color consistently on Windows. #2705
  • Show correct value for flag default when using default_map. #2632
  • Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. #2606.
  • More robust bash version check, fixing problem on Windows with git-bash. #2638
  • Cache the help option generated by the help_option_names setting to respect its eagerness. #2811
  • Replace uses of os.system with subprocess.Popen. #1476
  • Exceptions generated during a command will use the context's color setting when being displayed. #2193
  • Error message when defining option with invalid name is more descriptive. #2452
  • Refactor code generating default --help option to deduplicate code. #2563
  • Test CLIRunner resets patched _compat.should_strip_ansi. #2732
Changelog

Sourced from click's changelog.

Version 8.1.8

Unreleased

  • Fix an issue with type hints for click.open_file(). :issue:2717
  • Fix issue where error message for invalid click.Path displays on multiple lines. :issue:2697
  • Fixed issue that prevented a default value of "" from being displayed in the help for an option. :issue:2500
  • The test runner handles stripping color consistently on Windows. :issue:2705
  • Show correct value for flag default when using default_map. :issue:2632
  • Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. :issue:2606.
Commits

Updates urllib3 from 2.2.3 to 2.3.0

Release notes

Sourced from urllib3's releases.

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
  • Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

Full Changelog: urllib3/urllib3@2.2.3...2.3.0

Changelog

Sourced from urllib3's changelog.

2.3.0 (2024-12-22)

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
  • Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

  • Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group across 1 directory with 5 updates
0f0edc9 
Bumps the dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [authlib](https://github.com/lepture/authlib) | `1.3.2` | `1.4.0` |
| [zizmor](https://github.com/woodruffw/zizmor) | `1.0.0` | `1.0.1` |
| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.0` | `3.4.1` |
| [click](https://github.com/pallets/click) | `8.1.7` | `8.1.8` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.3.0` |



Updates `authlib` from 1.3.2 to 1.4.0
- [Release notes](https://github.com/lepture/authlib/releases)
- [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst)
- [Commits](lepture/authlib@v1.3.2...v1.4.0)

Updates `zizmor` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/woodruffw/zizmor/releases)
- [Changelog](https://github.com/woodruffw/zizmor/blob/main/docs/release-notes.md)
- [Commits](woodruffw/zizmor@v1.0.0...v1.0.1)

Updates `charset-normalizer` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](jawah/charset_normalizer@3.4.0...3.4.1)

Updates `click` from 8.1.7 to 8.1.8
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.1.7...8.1.8)

Updates `urllib3` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.3...2.3.0)

---
updated-dependencies:
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: zizmor
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: charset-normalizer
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: click
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: urllib3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 9, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 13, 2025

Superseded by #217.

@dependabot dependabot bot closed this Jan 13, 2025
@dependabot dependabot bot deleted the dependabot/pip/dependencies-f78ce6d63e branch January 13, 2025 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants