Skip to content

build(deps): bump the pip group across 3 directories with 7 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the pip group across 3 directories with 7 updates #1

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 24, 2025

Bumps the pip group with 1 update in the /08-def-type-hints/coordinates directory: future.
Bumps the pip group with 4 updates in the /20-executors/getflags directory: certifi, h11, idna and tqdm.
Bumps the pip group with 3 updates in the /21-async/mojifinder directory: h11, pydantic and starlette.

Updates future from 0.18.2 to 0.18.3

Release notes

Sourced from future's releases.

v0.18.3

This is a minor bug-fix release containing a number of fixes:

  • Backport fix for bpo-38804 (c91d70b)
  • Fix bug in fix_print.py fixer (dffc579)
  • Fix bug in fix_raise.py fixer (3401099)
  • Fix newint bool in py3 (fe645ba)
  • Fix bug in super() with metaclasses (6e27aac)
  • docs: fix simple typo, reqest -> request (974eb1f)
  • Correct eq (c780bf5)
  • Pass if lint fails (2abe00d)
  • Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
  • fix order (f96a219)
  • Add flake8 to image (046ff18)
  • Make lint.sh executable (58cc984)
  • Add docker push to optimize CI (01e8440)
  • Build System (42b3025)
  • Add docs build status badge to README.md (3f40bd7)
  • Use same docs requirements in tox (18ecc5a)
  • Add docs/requirements.txt (5f9893f)
  • Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
  • fix 2.6 test, better comment (ddedcb9)
  • fix 2.6 test (3f1ff7e)
  • remove nan test (4dbded1)
  • include list test values (e3f1a12)
  • fix other python2 test issues (c051026)
  • fix missing subTest (f006cad)
  • import from old imp library on older python versions (fc84fa8)
  • replace fstrings with format for python 3.4,3.5 (4a687ea)
  • minor style/spelling fixes (8302d8c)
  • improve cmp function, add unittest (0d95a40)
  • Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
  • Fix various py26 unit test failures (9ca5a14)
  • Add initial contributing guide with docs build instruction (e55f915)
  • Add docs building to tox.ini (3ee9e7f)
  • Support NumPy's specialized int types in builtins.round (b4b54f0)
  • Added r""" to the docstring to avoid warnings in python3 (5f94572)
  • Add subclasscheck for past.types.basestring (c9bc0ff)
  • Correct example in README (681e78c)
  • Add simple documentation (6c6e3ae)
  • Add pre-commit hooks (a9c6a37)
  • Handling of next and next by future.utils.get_next was reversed (52b0ff9)
  • Add a test for our fix (461d77e)
  • Compare headers to correct definition of str (3eaa8fd)
  • #322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
  • Add tkFileDialog to future.movers.tkinter (f6a6549)
  • Sort before comparing dicts in TestChainMap (6126997)
  • Fix typo (4dfa099)
  • Fix formatting in "What's new" (1663dfa)
  • Fix typo (4236061)

... (truncated)

Changelog

Sourced from future's changelog.

Changes in version 0.18.3 (2023-01-13)

This is a minor bug-fix release containing a number of fixes:

  • Backport fix for bpo-38804 (c91d70b)
  • Fix bug in fix_print.py fixer (dffc579)
  • Fix bug in fix_raise.py fixer (3401099)
  • Fix newint bool in py3 (fe645ba)
  • Fix bug in super() with metaclasses (6e27aac)
  • docs: fix simple typo, reqest -> request (974eb1f)
  • Correct eq (c780bf5)
  • Pass if lint fails (2abe00d)
  • Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
  • fix order (f96a219)
  • Add flake8 to image (046ff18)
  • Make lint.sh executable (58cc984)
  • Add docker push to optimize CI (01e8440)
  • Build System (42b3025)
  • Add docs build status badge to README.md (3f40bd7)
  • Use same docs requirements in tox (18ecc5a)
  • Add docs/requirements.txt (5f9893f)
  • Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
  • fix 2.6 test, better comment (ddedcb9)
  • fix 2.6 test (3f1ff7e)
  • remove nan test (4dbded1)
  • include list test values (e3f1a12)
  • fix other python2 test issues (c051026)
  • fix missing subTest (f006cad)
  • import from old imp library on older python versions (fc84fa8)
  • replace fstrings with format for python 3.4,3.5 (4a687ea)
  • minor style/spelling fixes (8302d8c)
  • improve cmp function, add unittest (0d95a40)
  • Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
  • Fix various py26 unit test failures (9ca5a14)
  • Add initial contributing guide with docs build instruction (e55f915)
  • Add docs building to tox.ini (3ee9e7f)
  • Support NumPy's specialized int types in builtins.round (b4b54f0)
  • Added r""" to the docstring to avoid warnings in python3 (5f94572)
  • Add subclasscheck for past.types.basestring (c9bc0ff)
  • Correct example in README (681e78c)
  • Add simple documentation (6c6e3ae)
  • Add pre-commit hooks (a9c6a37)
  • Handling of next and next by future.utils.get_next was reversed (52b0ff9)
  • Add a test for our fix (461d77e)
  • Compare headers to correct definition of str (3eaa8fd)
  • #322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
  • Add tkFileDialog to future.movers.tkinter (f6a6549)
  • Sort before comparing dicts in TestChainMap (6126997)
  • Fix typo (4dfa099)
  • Fix formatting in "What's new" (1663dfa)

... (truncated)

Commits

Updates certifi from 2021.5.30 to 2024.7.4

Commits

Updates h11 from 0.12.0 to 0.16.0

Commits

Updates idna from 3.2 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

3.4 (2022-09-14) ++++++++++++++++

  • Update to Unicode 15.0.0
  • Migrate to pyproject.toml for build information (PEP 621)
  • Correct another instance where generic exception was raised instead of IDNAError for malformed input
  • Source distribution uses zeroized file ownership for improved reproducibility

Thanks to Seth Michael Larson for contributions to this release.

3.3 (2021-10-13) ++++++++++++++++

  • Update to Unicode 14.0.0
  • Update to in-line type annotations
  • Throw IDNAError exception correctly for some malformed input
  • Advertise support for Python 3.10
  • Improve testing regime on Github

... (truncated)

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates tqdm from 4.62.3 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

tqdm v4.66.2 stable

  • pandas: add DataFrame.progress_map (#1549)
  • notebook: fix HTML padding (#1506)
  • keras: fix resuming training when verbose>=2 (#1508)
  • fix format_num negative fractions missing leading zero (#1548)
  • fix Python 3.12 DeprecationWarning on import (#1519)
  • linting: use f-strings (#1549)
  • update tests (#1549)
  • CI: bump actions (#1549)

tqdm v4.66.1 stable

  • fix utils.envwrap types (#1493 <- #1491, #1320 <- #966, #1319)
    • e.g. cloudwatch & kubernetes workaround: export TQDM_POSITION=-1
  • drop mentions of unsupported Python versions

tqdm v4.66.0 stable

  • environment variables to override defaults (TQDM_*) (#1491 <- #1061, #950 <- #614, #1318, #619, #612, #370)
    • e.g. in CI jobs, export TQDM_MININTERVAL=5 to avoid log spam
    • add tests & docs for tqdm.utils.envwrap
  • fix & update CLI completion
  • fix & update API docs
  • minor code tidy: replace os.path => pathlib.Path
  • fix docs image hosting
  • release with CI bot account again (cli/cli#6680)

tqdm v4.65.2 stable

  • exclude examples from distributed wheel (#1492)

tqdm v4.65.1 stable

  • migrate setup.{cfg,py} => pyproject.toml (#1490)
    • fix asv benchmarks
    • update docs
  • fix snap build (#1490)
  • fix & update tests (#1490)
    • fix flaky notebook tests
    • bump pre-commit
    • bump workflow actions

tqdm v4.65.0 stable

  • add Python 3.11 and drop Python 3.6 support (#1439, #1419, #502 <- #720, #620)
  • misc code & docs tidy
  • fix & update CI workflows & tests

tqdm v4.64.1 stable

... (truncated)

Commits

Updates h11 from 0.12.0 to 0.16.0

Commits

Updates pydantic from 1.8.2 to 1.10.13

Release notes

Sourced from pydantic's releases.

V1.10.13 2023-09-27

What's Changed

Full Changelog: pydantic/pydantic@v1.10.12...v1.10.13

V1.10.12

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.11...v1.10.12

V1.10.11

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.10...v1.10.11

V1.10.10

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.9...v1.10.10

V1.10.9

What's Changed

... (truncated)

Changelog

Sourced from pydantic's changelog.

v1.10.13 (2023-09-27)

v1.10.12 (2023-07-24)

  • Fixes the maxlen property being dropped on deque validation. Happened only if the deque item has been typed. Changes the _validate_sequence_like func, #6581 by @​maciekglowka

v1.10.11 (2023-07-04)

  • Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, #6361 by @​SharathHuddar

v1.10.10 (2023-06-30)

v1.10.9 (2023-06-07)

v1.10.8 (2023-05-23)

v1.10.7 (2023-03-22)

  • Fix creating schema from model using ConstrainedStr with regex as dict key, #5223 by @​matejetz
  • Address bug in mypy plugin caused by explicit_package_bases=True, #5191 by @​dmontagu
  • Add implicit defaults in the mypy plugin for Field with no default argument, #5190 by @​dmontagu
  • Fix schema generated for Enum values used as Literals in discriminated unions, #5188 by @​javibookline
  • Fix mypy failures caused by the pydantic mypy plugin when users define from_orm in their own classes, #5187 by @​dmontagu
  • Fix InitVar usage with pydantic dataclasses, mypy version 1.1.1 and the custom mypy plugin, #5162 by @​cdce8p

v1.10.6 (2023-03-08)

  • Implement logic to support creating validators from non standard callables by using defaults to identify them and unwrapping functools.partial and functools.partialmethod when checking the signature, #5126 by @​JensHeinrich
  • Fix mypy plugin for v1.1.1, and fix dataclass_transform decorator for pydantic dataclasses, #5111 by @​cdce8p
  • Raise ValidationError, not ConfigError, when a discriminator value is unhashable, #4773 by @​kurtmckee

v1.10.5 (2023-02-15)

... (truncated)

Commits

Updates starlette from 0.13.6 to 0.40.0

Release notes

Sourced from starlette's releases.

Version 0.40.0

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

  • Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Version 0.39.2

Fixed

  • Allow use of request.url_for when only "app" scope is available #2672.
  • Fix internal type hints to support python-multipart==0.0.12 #2708.

Full Changelog: Kludex/starlette@0.39.1...0.39.2

Version 0.39.1

Fixed

  • Avoid regex re-compilation in responses.py and schemas.py #2700.
  • Improve performance of get_route_path by removing regular expression usage #2701.
  • Consider FileResponse.chunk_size when handling multiple ranges #2703.
  • Use token_hex for generating multipart boundary strings #2702.

Full Changelog: Kludex/starlette@0.39.0...0.39.1

Version 0.39.0

Added

  • Add support for HTTP Range to FileResponse #2697

Full Changelog: Kludex/starlette@0.38.6...0.39.0

Version 0.38.6

Fixed

  • Close unclosed MemoryObjectReceiveStream in TestClient #2693.

Full Changelog: Kludex/starlette@0.38.5...0.38.6

... (truncated)

Changelog

Sourced from starlette's changelog.

0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

  • Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

0.39.2 (September 29, 2024)

Fixed

  • Allow use of request.url_for when only "app" scope is available #2672.
  • Fix internal type hints to support python-multipart==0.0.12 #2708.

0.39.1 (September 25, 2024)

Fixed

  • Avoid regex re-compilation in responses.py and schemas.py #2700.
  • Improve performance of get_route_path by removing regular expression usage #2701.
  • Consider FileResponse.chunk_size when handling multiple ranges #2703.
  • Use token_hex for generating multipart boundary strings #2702.

0.39.0 (September 23, 2024)

Added

0.38.6 (September 22, 2024)

Fixed

  • Close unclosed MemoryObjectReceiveStream in TestClient #2693.

0.38.5 (September 7, 2024)

Fixed

  • Schedule BackgroundTasks from within BaseHTTPMiddleware #2688. This behavior was removed in 0.38.3, and is now restored.

0.38.4 (September 1, 2024)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.
@dependabot
build(deps): bump the pip group across 3 directories with 7 updates
f6150e3 
Bumps the pip group with 1 update in the /08-def-type-hints/coordinates directory: [future](https://github.com/PythonCharmers/python-future). Bumps the pip group with 4 updates in the /20-executors/getflags directory: [certifi](https://github.com/certifi/python-certifi), [h11](https://github.com/python-hyper/h11), [idna](https://github.com/kjd/idna) and [tqdm](https://github.com/tqdm/tqdm). Bumps the pip group with 3 updates in the /21-async/mojifinder directory: [h11](https://github.com/python-hyper/h11), [pydantic](https://github.com/pydantic/pydantic) and [starlette](https://github.com/encode/starlette). Updates `future` from 0.18.2 to 0.18.3 - [Release notes](https://github.com/PythonCharmers/python-future/releases) - [Changelog](https://github.com/PythonCharmers/python-future/blob/master/docs/changelog.rst) - [Commits](PythonCharmers/python-future@v0.18.2...v0.18.3) Updates `certifi` from 2021.5.30 to 2024.7.4 - [Commits](certifi/python-certifi@2021.05.30...2024.07.04) Updates `h11` from 0.12.0 to 0.16.0 - [Commits](python-hyper/h11@v0.12.0...v0.16.0) Updates `idna` from 3.2 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.2...v3.7) Updates `tqdm` from 4.62.3 to 4.66.3 - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](tqdm/tqdm@v4.62.3...v4.66.3) Updates `h11` from 0.12.0 to 0.16.0 - [Commits](python-hyper/h11@v0.12.0...v0.16.0) Updates `pydantic` from 1.8.2 to 1.10.13 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v1.8.2...v1.10.13) Updates `starlette` from 0.13.6 to 0.40.0 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](Kludex/starlette@0.13.6...0.40.0) --- updated-dependencies: - dependency-name: future dependency-version: 0.18.3 dependency-type: direct:production dependency-group: pip - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: direct:production dependency-group: pip - dependency-name: h11 dependency-version: 0.16.0 dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: direct:production dependency-group: pip - dependency-name: tqdm dependency-version: 4.66.3 dependency-type: direct:production dependency-group: pip - dependency-name: h11 dependency-version: 0.16.0 dependency-type: direct:production dependency-group: pip - dependency-name: pydantic dependency-version: 1.10.13 dependency-type: direct:production dependency-group: pip - dependency-name: starlette dependency-version: 0.40.0 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

1 participant