Skip to content

Bump the all-pip-packages group with 6 updates#383

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/all-pip-packages-e58bcebc47
Closed

Bump the all-pip-packages group with 6 updates#383
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/all-pip-packages-e58bcebc47

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 1, 2025
edited
Loading

Bumps the all-pip-packages group with 6 updates:

Package From To
flask 3.0.3 3.1.0
python-gnupg 0.5.3 0.5.4
semver 3.0.2 3.0.4
setuptools 75.6.0 75.8.0
black 24.10.0 25.1.0
boto3 1.35.90 1.36.11

Updates flask from 3.0.3 to 3.1.0

Release notes

Sourced from flask's releases.

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

  • Drop support for Python 3.8. #5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
  • Provide a configuration option to control automatic option responses. #5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636
Changelog

Sourced from flask's changelog.

Version 3.1.0

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option responses. :pr:5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. :issue:5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. :issue:5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. :issue:5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. :issue:5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. :issue:5636
Commits
  • ab81496 release version 3.1.0
  • 70602a1 remove test pypi
  • 6748a09 update dev dependencies
  • 22c48a7 Merge remote-tracking branch 'origin/stable'
  • 2eab96a use generic bases for session (#5638)
  • f49dbfd use generic bases for session
  • 7b21d43 configure and check request.trusted_hosts (#5637)
  • 4f7156f configure and check trusted_hosts
  • 10bdf61 setting SERVER_NAME does not restrict routing for both subdomain_matching...
  • 4995a77 fix subdomain_matching=False behavior
  • Additional commits viewable in compare view

Updates python-gnupg from 0.5.3 to 0.5.4

Release notes

Sourced from python-gnupg's releases.

Enhancement and bug-fix release

This is an enhancement and bug-fix release, and all users are encouraged to upgrade.

Brief summary:

  • Fix #242: Handle exceptions in the on_data callable.

This release has been signed with my code signing key:

Vinay Sajip (CODE SIGNING KEY) Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86

Commits

Updates semver from 3.0.2 to 3.0.4

Release notes

Sourced from semver's releases.

3.0.4

Documentation: https://python-semver.rtfd.io/en/3.0.4/ PyPI: https://pypi.org/project/semver/3.0.4/ Full Changelog: python-semver/python-semver@3.0.3...3.0.4

What's Changed

New Contributors

Thanks to @​RobPasMue and @​mgorny ❤️

3.0.3

Documentation: https://python-semver.rtfd.io/en/3.0.3/ PyPI: https://pypi.org/project/semver/3.0.3/ (yanked release) Full Changelog: python-semver/python-semver@3.0.2...3.0.3

What's Changed

New Contributors

Changelog

Sourced from semver's changelog.

Version 3.0.4

:Released: 2025-01-24 :Maintainer: Tom Schraitle

Bug Fixes

  • :gh:459: Fix 3.0.3:

    • :pr:457: Re-enable Trove license identifier
    • :pr:456: Fix source dist file

Version 3.0.3

:Released: 2025-01-18 :Maintainer: Tom Schraitle

Bug Fixes

  • :pr:453: The check in _comparator does not match the check in :meth:Version.compare. This breaks comparision with subclasses.

Improved Documentation

  • :pr:435: Several small improvements for documentation:

    • Add meta description to improve SEO
    • Use canonicals on ReadTheDocs (commit 87f639f)
    • Pin versions for reproducable doc builds (commit 03fb990)
    • Add missing :file:.readthedocs.yaml file (commit ec9348a)
    • Correct some smaller issues when building (commit f65feab)

  • :pr:436: Move search box more at the top. This makes it easier for users as if the TOC is long, the search box isn't visible anymore.

... (truncated)

Commits
  • 6adf876 Merge pull request #459 from python-semver/fix-3.0.3
  • bae0b7c Fix #459: Fix 3.0.3
  • 486e489 Merge pull request #454 from python-semver/release/3.0.3
  • cc4ae07 Change version to 3.0.3
  • 15aa6a6 Merge pull request #453 from viccie30/fix-subclass-comparison
  • bc41390 Fix comparison with subclasses
  • bd97cfc Require validation for bug issue template
  • 2eeefcb Merge pull request #451 from python-semver/improve-issue-templates2
  • 06fe49f Turn our Markdown templates into YAML
  • 37e80d7 Merge pull request #447 from tomschr/modernize-project
  • Additional commits viewable in compare view

Updates setuptools from 75.6.0 to 75.8.0

Changelog

Sourced from setuptools's changelog.

v75.8.0

Features

  • Implemented Dynamic field for core metadata (as introduced in PEP 643). The existing implementation is currently experimental and the exact approach may change in future releases. (#4698)

v75.7.0

Features

Commits
  • 5c9d980 Bump version: 75.7.0 → 75.8.0
  • 72c4222 Avoid using Any in function
  • 1c61d47 Add news fragments for PEP 643
  • f285d01 Implement PEP 643 (Dynamic field for core metadata) (#4698)
  • a50f6e2 Fix _static.Dict.ior for Python 3.8
  • b055895 Add extra tests for static/dynamic metadata
  • 770b4fc Remove test workaround for unmarked static values from pyproject.toml
  • 8b22d73 Mark values from pyproject.toml as static
  • f699fd8 Fix spelling error
  • 8b4c8a3 Add tests for static 'attr' directive
  • Additional commits viewable in compare view

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

  • Normalize casing of Unicode escape characters in strings to lowercase (#2916)
  • Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
  • Consistently add trailing commas to typed function parameters (#4164)
  • Remove redundant parentheses in if guards for case blocks (#4214)
  • Add parentheses to if clauses in case blocks when the line is too long (#4269)
  • Whitespace before # fmt: skip comments is no longer normalized (#4146)
  • Fix line length computation for certain expressions that involve the power operator (#4154)
  • Check if there is a newline before the terminating quotes of a docstring (#4185)
  • Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

  • Remove parentheses around sole list items (#4312)
  • Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

  • Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
  • Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

  • Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
  • Collapse multiple empty lines after an import into one (#4489)
  • Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
  • Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

  • Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

  • Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

  • If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

  • Normalize casing of Unicode escape characters in strings to lowercase (#2916)
  • Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
  • Consistently add trailing commas to typed function parameters (#4164)
  • Remove redundant parentheses in if guards for case blocks (#4214)
  • Add parentheses to if clauses in case blocks when the line is too long (#4269)
  • Whitespace before # fmt: skip comments is no longer normalized (#4146)
  • Fix line length computation for certain expressions that involve the power operator (#4154)
  • Check if there is a newline before the terminating quotes of a docstring (#4185)
  • Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

  • Remove parentheses around sole list items (#4312)
  • Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

  • Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
  • Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

  • Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
  • Collapse multiple empty lines after an import into one (#4489)
  • Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
  • Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

  • Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

  • Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

Updates boto3 from 1.35.90 to 1.36.11

Commits
  • 1f4efb9 Merge branch 'release-1.36.11'
  • c7543e5 Bumping version to 1.36.11
  • 18d8817 Add changelog entries from botocore
  • 7893a06 Merge branch 'release-1.36.10'
  • c5c634b Merge branch 'release-1.36.10' into develop
  • f147d86 Bumping version to 1.36.10
  • 07397a2 Add changelog entries from botocore
  • 6003754 Merge branch 'release-1.36.9'
  • 622fdef Merge branch 'release-1.36.9' into develop
  • 76e9059 Bumping version to 1.36.9
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-pip-packages group with 6 updates
daa2ab1 
Bumps the all-pip-packages group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.0` |
| [python-gnupg](https://github.com/vsajip/python-gnupg) | `0.5.3` | `0.5.4` |
| [semver](https://github.com/python-semver/python-semver) | `3.0.2` | `3.0.4` |
| [setuptools](https://github.com/pypa/setuptools) | `75.6.0` | `75.8.0` |
| [black](https://github.com/psf/black) | `24.10.0` | `25.1.0` |
| [boto3](https://github.com/boto/boto3) | `1.35.90` | `1.36.11` |


Updates `flask` from 3.0.3 to 3.1.0
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.0.3...3.1.0)

Updates `python-gnupg` from 0.5.3 to 0.5.4
- [Release notes](https://github.com/vsajip/python-gnupg/releases)
- [Changelog](https://github.com/vsajip/python-gnupg/blob/master/release)
- [Commits](vsajip/python-gnupg@0.5.3...0.5.4)

Updates `semver` from 3.0.2 to 3.0.4
- [Release notes](https://github.com/python-semver/python-semver/releases)
- [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst)
- [Commits](python-semver/python-semver@3.0.2...3.0.4)

Updates `setuptools` from 75.6.0 to 75.8.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v75.6.0...v75.8.0)

Updates `black` from 24.10.0 to 25.1.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.10.0...25.1.0)

Updates `boto3` from 1.35.90 to 1.36.11
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.90...1.36.11)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-pip-packages
- dependency-name: python-gnupg
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-pip-packages
- dependency-name: setuptools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-pip-packages
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-pip-packages
- dependency-name: boto3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-pip-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 1, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 1, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 1, 2025
@dependabot dependabot bot deleted the dependabot/pip/all-pip-packages-e58bcebc47 branch March 1, 2025 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants