Bump the pip group with 2 updates #133

dependabot · 2024-12-24T01:21:12Z

Updates the requirements on aiohttp and jinja2 to permit the latest version.
Updates aiohttp to 3.11.11

Release notes

3.11.11

Bug fixes

Updated :py:meth:~aiohttp.ClientSession.request to reuse the quote_cookie setting from ClientSession._cookie_jar when processing cookies parameter. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: #10093.

Fixed type of SSLContext for some static type checkers (e.g. pyright).

Related issues and pull requests on GitHub: #10099.

Updated :meth:aiohttp.web.StreamResponse.write annotation to also allow :class:bytearray and :class:memoryview as inputs -- by :user:cdce8p.

Related issues and pull requests on GitHub: #10154.

Fixed a hang where a connection previously used for a streaming download could be returned to the pool in a paused state. -- by :user:javitonino.

Related issues and pull requests on GitHub: #10169.

Features

Enabled ALPN on default SSL contexts. This improves compatibility with some proxies which don't work without this extension. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: #10156.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.11.11 (2024-12-18)

Bug fixes

Updated :py:meth:~aiohttp.ClientSession.request to reuse the quote_cookie setting from ClientSession._cookie_jar when processing cookies parameter. -- by :user:Cycloctane.

Related issues and pull requests on GitHub: :issue:10093.

Fixed type of SSLContext for some static type checkers (e.g. pyright).

Related issues and pull requests on GitHub: :issue:10099.

Updated :meth:aiohttp.web.StreamResponse.write annotation to also allow :class:bytearray and :class:memoryview as inputs -- by :user:cdce8p.

Related issues and pull requests on GitHub: :issue:10154.

Fixed a hang where a connection previously used for a streaming download could be returned to the pool in a paused state. -- by :user:javitonino.

Related issues and pull requests on GitHub: :issue:10169.

Features

Enabled ALPN on default SSL contexts. This improves compatibility with some proxies which don't work without this extension. -- by :user:Cycloctane.

... (truncated)

Commits

8aaaba3 Release 3.11.11 (#10181)
db56d74 [PR #10171/5185f93 backport][3.11] Stream unpauses protocol before releasing ...
8c96a62 [PR #10093/7b5d54a backport][3.11] Use quote_cookie setting from ClientSess...
c80be67 [PR #10151/7c12b1a9 backport][3.11] Fix infinite callback loop when time is n...
3680479 [PR #10156/00700458 backport][3.11] Add ALPN extension to client SSL Context ...
7f38913 [PR #10154/3f07b1a3 backport][3.11] Update StreamResponse.write annotation fo...
b770b1a Fix type of SSLContext for some static type checkers (#10099) (#10145)
489b664 [PR #10138/dbd77ad6 backport][3.11] Bump sphinx to 8.1.3 along with required ...
87f0f48 Bump actions/cache from 4.1.2 to 4.2.0 (#10136)
7b86843 [PR #10131/7f92bebb backport][3.11] Bump Python version for benchmarks to 3.1...
Additional commits viewable in compare view

Updates jinja2 to 3.1.5

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. #2032

Calling sync render for an async template uses asyncio.run. #1952

Avoid unclosed auto_aiter warnings. #1960

Return an aclose-able AsyncGenerator from Template.generate_async. #1960

Avoid leaving root_render_func() unclosed in Template.generate_async. #1960

Avoid leaving async generators unclosed in blocks, includes and extends. #1960

The runtime uses the correct concat function for the current environment when calling block references. #1701

Make |unique async-aware, allowing it to be used after another async-aware filter. #1781

|int filter handles OverflowError from scientific notation. #1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025

Fix copy/pickle support for the internal missing object. #2027

Environment.overlay(enable_async) is applied correctly. #2061

The error message from FileSystemLoader includes the paths that were searched. #1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705

Improve annotations for methods returning copies. #1880

urlize does not add mailto: to values like @a@b. #1870

Tests decorated with @pass_context can be used with the |select filter. #1624

Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413

Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032

Calling sync render for an async template uses asyncio.run. :pr:1952

Avoid unclosed auto_aiter warnings. :pr:1960

Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960

Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960

Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960

The runtime uses the correct concat function for the current environment when calling block references. :issue:1701

Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781

|int filter handles OverflowError from scientific notation. :issue:1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025

Fix copy/pickle support for the internal missing object. :issue:2027

Environment.overlay(enable_async) is applied correctly. :pr:2061

The error message from FileSystemLoader includes the paths that were searched. :issue:1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705

Improve annotations for methods returning copies. :pr:1880

urlize does not add mailto: to values like @a@b. :pr:1870

Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`

Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413

Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253

... (truncated)

Commits

877f6e5 release version 3.1.5
8d58859 remove test pypi
eda8fe8 update dev dependencies
c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
66587ce Fix bug where set would sometimes fail within if
fbc3a69 Add support for namespaces in tuple parsing (#1664)
b8f4831 more comments about nsref assignment
ee83219 Add support for namespaces in tuple assignment
1d55cdd Triple quotes in docs (#2064)
8a8eafc edit block assignment section
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Updates the requirements on [aiohttp](https://github.com/aio-libs/aiohttp) and [jinja2](https://github.com/pallets/jinja) to permit the latest version. Updates `aiohttp` to 3.11.11 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.7.4...v3.11.11) Updates `jinja2` to 3.1.5 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.11.2...3.1.5) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Dec 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group with 2 updates #133

Bump the pip group with 2 updates #133

dependabot bot commented on behalf of github Dec 24, 2024

Bump the pip group with 2 updates #133

Are you sure you want to change the base?

Bump the pip group with 2 updates #133

Conversation

dependabot bot commented on behalf of github Dec 24, 2024

3.11.11

Bug fixes

Features

3.11.11 (2024-12-18)

Bug fixes

Features

3.1.5

Version 3.1.5