Bump the python-packages group across 1 directory with 7 updates

[dependabot]

Bumps the python-packages group with 7 updates in the / directory:

Package	From	To
packaging	24.1	24.2
starlette	0.41.2	0.41.3
tomli	2.0.2	2.1.0
uvicorn	0.32.0	0.32.1
watchfiles	0.24.0	1.0.0
websockets	13.1	14.1
zipp	3.20.2	3.21.0

Updates packaging from 24.1 to 24.2

Release notes

Sourced from packaging's releases.

24.2

What's Changed

• The source is auto-formatted with ruff, not black by @​DimitriPapadopoulos in pypa/packaging#798
• Bump the github-actions group across 1 directory with 3 updates by @​dependabot in pypa/packaging#813
• Apply ruff rules (RUF) by @​DimitriPapadopoulos in pypa/packaging#800
• Fix typo in Version __str__ by @​aryanpingle in pypa/packaging#817
• Bump the github-actions group with 3 updates by @​dependabot in pypa/packaging#819
• Get rid of duplicate test cases by @​DimitriPapadopoulos in pypa/packaging#821
• Fix doc for canonicalize_version and a typo in a docstring by @​Laurent-Dx in pypa/packaging#801
• docs: public/base_version comparison by @​henryiii in pypa/packaging#818
• Apply ruff/bugbear rules (B) by @​DimitriPapadopoulos in pypa/packaging#787
• Apply ruff/pyupgrade rules (UP) by @​DimitriPapadopoulos in pypa/packaging#786
• Add a changelog entry for dropping Python 3.7 support by @​alexwlchan in pypa/packaging#824
• Patch python_full_version unconditionally by @​jaraco in pypa/packaging#825
• Refactor canonicalize_version by @​jaraco in pypa/packaging#793
• Allow creating a SpecifierSet from a list of specifiers by @​pfmoore in pypa/packaging#777
• Fix uninformative error message by @​abravalheri in pypa/packaging#830
• Fix prerelease detection for > and < by @​notatallshaw in pypa/packaging#794
• Bump the github-actions group across 1 directory with 4 updates by @​dependabot in pypa/packaging#839
• Add support for PEP 730 iOS tags. by @​freakboy3742 in pypa/packaging#832
• Update the changelog to reflect 24.1 changes by @​pradyunsg in pypa/packaging#840
• Mention updating changelog in release process by @​pradyunsg in pypa/packaging#841
• Add a comment as to why Metadata.name isn't normalized by @​brettcannon in pypa/packaging#842
• Use !r formatter for error messages with filenames. by @​Carreau in pypa/packaging#844
• PEP 639: Implement License-Expression and License-File by @​ewdurbin in pypa/packaging#828
• Bump the github-actions group with 4 updates by @​dependabot in pypa/packaging#852
• Upgrade to latest mypy by @​hauntsaninja in pypa/packaging#853
• Extraneous quotes by @​ewdurbin in pypa/packaging#848

New Contributors

• @​aryanpingle made their first contribution in pypa/packaging#817
• @​Laurent-Dx made their first contribution in pypa/packaging#801
• @​alexwlchan made their first contribution in pypa/packaging#824
• @​jaraco made their first contribution in pypa/packaging#825
• @​notatallshaw made their first contribution in pypa/packaging#794
• @​freakboy3742 made their first contribution in pypa/packaging#832
• @​Carreau made their first contribution in pypa/packaging#844
• @​ewdurbin made their first contribution in pypa/packaging#828

Full Changelog: pypa/packaging@24.1...24.2

Changelog

Sourced from packaging's changelog.

24.2 - 2024-11-08

* PEP 639: Implement License-Expression and License-File (:issue:`828`)
* Use ``!r`` formatter for error messages with filenames (:issue:`844`)
* Add support for PEP 730 iOS tags (:issue:`832`)
* Fix prerelease detection for ``>`` and ``<`` (:issue:`794`)
* Fix uninformative error message (:issue:`830`)
* Refactor ``canonicalize_version`` (:issue:`793`)
* Patch python_full_version unconditionally (:issue:`825`)
* Fix doc for ``canonicalize_version`` to mention ``strip_trailing_zero`` and a typo in a docstring (:issue:`801`)
* Fix typo in Version ``__str__`` (:issue:`817`)
* Support creating a ``SpecifierSet`` from an iterable of ``Specifier`` objects (:issue:`775`)

Commits

• d8e3b31 Bump for release
• 2de393d Update changelog for release
• 9c66f5c Remove extraneous quotes in f-strings by using !r (#848)
• 4dc334c Upgrade to latest mypy (#853)
• d1a9f93 Bump the github-actions group with 4 updates (#852)
• 029f415 PEP 639: Implement License-Expression and License-File (#828)
• 6c338a8 Use !r formatter for error messages with filenames. (#844)
• 28e7da7 Add a comment as to why Metadata.name isn't normalized (#842)
• ce0d79c Mention updating changelog in release process (#841)
• ac5bdf3 Update the changelog to reflect 24.1 changes (#840)
• Additional commits viewable in compare view

Updates starlette from 0.41.2 to 0.41.3

Release notes

Sourced from starlette's releases.

Version 0.41.3

Fixed

• Exclude the query parameters from the scope[raw_path] on the TestClient #2716.
• Replace dict by Mapping on HTTPException.headers #2749.
• Correct middleware argument passing and improve factory pattern #2752.

---

Full Changelog: encode/starlette@0.41.2...0.41.3

Changelog

Sourced from starlette's changelog.

0.41.3 (November 18, 2024)

Fixed

• Exclude the query parameters from the scope[raw_path] on the TestClient #2716.
• Replace dict by Mapping on HTTPException.headers #2749.
• Correct middleware argument passing and improve factory pattern #2752.

Commits

• 1a8efba Version 0.41.3 (#2754)
• 9dc9d2e fix(testclient): exclude query sting from raw_path (#2716)
• cc1e2d7 Replace dict by Mapping on HTTPException.headers (#2749)
• 427a8dc Fix issue with middleware args passing (#2752)
• c2e3a39 Match httpx documentation style (#2742)
• See full diff in compare view

Updates tomli from 2.0.2 to 2.1.0

Changelog

Sourced from tomli's changelog.

2.1.0

• Deprecated
  • Instantiating TOMLDecodeError with free-form arguments. msg, doc and pos arguments should be given.
• Added
  • msg, doc, pos, lineno and colno attributes to TOMLDecodeError

Commits

• d6e045b Bump version: 2.0.2 → 2.1.0
• d1d6a85 Add attributes to TOMLDecodeError. Deprecate free-form __init__ args (#238)
• 59ed9ef Add a comment about implicit lru_cache bound
• 9d25b3f Test against Python 3.13 final (#237)
• f57fb66 Add test coverage for text mode error (#231)
• 4be816b Convert tox config to native TOML
• e2f8d2d Merge pull request #233 from hukkin/version-2.0.2
• See full diff in compare view

Updates uvicorn from 0.32.0 to 0.32.1

Release notes

Sourced from uvicorn's releases.

Version 0.32.1

What's Changed

• Enable httptools lenient data by @​vvanglro in encode/uvicorn#2488
• Drop ASGI spec version to 2.3 on HTTP scope by @​Kludex in encode/uvicorn#2513

---

Full Changelog: encode/uvicorn@0.32.0...0.32.1

Changelog

Sourced from uvicorn's changelog.

0.32.1 (2024-11-20)

Fixed

• Drop ASGI spec version to 2.3 on HTTP scope #2513
• Enable httptools lenient data on httptools >= 0.6.3 #2488

Commits

• 5279296 Upgrade upload/download GitHub Actions (#2517)
• 8c3402d Update publish.yaml with latest PyPI recommendations (#2516)
• 04c6320 Version 0.32.1 (#2515)
• fc6c51b Drop ASGI spec version to 2.3 on HTTP (#2513)
• 2aea835 fix(http): enable httptools lenient data (#2488)
• See full diff in compare view

Updates watchfiles from 0.24.0 to 1.0.0

Release notes

Sourced from watchfiles's releases.

v1.0.0 2024-11-25

What's Changed

• Bump PyO3 to 0.23, drop Python 3.8 support by @​gi0baro in samuelcolvin/watchfiles#307
• allow modify poll_delay_ms argument using an environment variable by @​joelpelaez in samuelcolvin/watchfiles#303
• remove set_version, prepare for v1 release by @​samuelcolvin in samuelcolvin/watchfiles#309
• fix version check and release in CI by @​samuelcolvin in samuelcolvin/watchfiles#310

New Contributors

• @​joelpelaez made their first contribution in samuelcolvin/watchfiles#303

Full Changelog: samuelcolvin/watchfiles@v0.24.0...v1.0.0

Commits

• 2430022 fix version check and release in CI (#310)
• cd820f3 remove set_version, prepare for v1 release (#309)
• e14de63 allow modify poll_delay_ms argument using an environment variable (#303)
• e493e75 Bump PyO3 to 0.23, drop Python 3.8 support (#307)
• See full diff in compare view

Updates websockets from 13.1 to 14.1

Release notes

Sourced from websockets's releases.

14.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

14.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

• 0403823 Release version 14.1.
• d0015c9 Fix refactoring error in a78b5546.
• 7438b8e Stop testing on PyPy 3.9.
• 1f19487 Add changelog for previous commit.
• de2e7fb Add close_code and close_reason to new implementations.
• 9a2f39f Support max_queue=None like the legacy implementation.
• 3034834 Support recv() after the connection is closed.
• bdfc8cf Uniformize comments.
• f17c11a Keep queued messages after abort.
• 86bf0c5 Remove unnecessary branch.
• Additional commits viewable in compare view

Updates zipp from 3.20.2 to 3.21.0

Changelog

Sourced from zipp's changelog.

v3.21.0

Features

• Improve performances of :meth:zipfile.Path.open for non-reading modes. (1a1928d)
• Rely on cached_property to cache values on the instance.
• Rely on save_method_args to save method args.

Commits

• 45b7f67 Finalize
• 71ddd8d Skip zipfile.Path.existspython/cpython#126576
• 9a2705e Merge https://github.com/jaraco/skeleton
• 5c34e69 Use extend for proper workaround.
• ee027f6 Merge https://github.com/jaraco/skeleton
• 750a189 Require Python 3.9 or later now that Python 3.8 is EOL.
• e61a9df Include pyproject.toml in ruff.toml.
• db4dfc4jaraco/skeleton#151
• 62b6678 Bump pre-commit hook for ruff to avoid clashes with pytest-ruff (jaraco/skele...
• 466f535 Merge pull request #109 from jaraco/feature/functools
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0c6328b.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
packaging	24.2	Apache-2.0 AND BSD-2-Clause	Incompatible License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/packaging	24.2	🟢 7.6	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 18 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 4 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
pip/starlette	0.41.3	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 4 Found 12/28 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/tomli	2.1.0	🟢 5.7	Details Check Score Reason Maintained 🟢 10 14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 2 Found 7/26 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/uvicorn	0.32.1	🟢 6.2	Details Check Score Reason Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 4 Found 13/27 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/watchfiles	1.0.0	🟢 4.1	Details Check Score Reason Maintained ⚠️ 2 1 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 2 Code-Review 🟢 4 Found 11/26 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/websockets	14.1	🟢 5.9	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/25 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/zipp	3.21.0	🟢 6.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• poetry.lock

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.