Upgrade: Bump the dependencies group with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates:

Package	From	To
aiohttp	3.8.5	3.9.1
certifi	2023.7.22	2023.11.17
charset-normalizer	3.2.0	3.3.2
idna	3.4	3.6
prometheus-client	0.17.1	0.19.0
sentry-sdk	1.30.0	1.38.0
typing-extensions	4.7.1	4.8.0
urllib3	2.0.4	2.1.0
yarl	1.9.2	1.9.3

Updates aiohttp from 3.8.5 to 3.9.1

Release notes

Sourced from aiohttp's releases.

3.9.1

Bugfixes

• Fixed importing aiohttp under PyPy on Windows.

  (#7848)

• Fixed async concurrency safety in websocket compressor.

  (#7865)

• Fixed ClientResponse.close() releasing the connection instead of closing.

  (#7869)

• Fixed a regression where connection may get closed during upgrade. -- by :user:Dreamsorcerer

  (#7879)

• Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:Dreamsorcerer

  (#7895)

---

3.9.0

Features

• Introduced AppKey for static typing support of Application storage. See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

  (#5864)

• Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. The period can be adjusted with the shutdown_timeout parameter. -- by :user:Dreamsorcerer. See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

  (#7188)

• Added handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>_ parameter to cancel web handler on client disconnection. -- by :user:mosquito This (optionally) reintroduces a feature removed in a previous release. Recommended for those looking for an extra level of protection against denial-of-service attacks.

  (#7056)

• Added support for setting response header parameters max_line_size and max_field_size.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.1 (2023-11-26)

Bugfixes

• Fixed importing aiohttp under PyPy on Windows.

  [#7848](https://github.com/aio-libs/aiohttp/issues/7848) <https://github.com/aio-libs/aiohttp/issues/7848>_

• Fixed async concurrency safety in websocket compressor.

  [#7865](https://github.com/aio-libs/aiohttp/issues/7865) <https://github.com/aio-libs/aiohttp/issues/7865>_

• Fixed ClientResponse.close() releasing the connection instead of closing.

  [#7869](https://github.com/aio-libs/aiohttp/issues/7869) <https://github.com/aio-libs/aiohttp/issues/7869>_

• Fixed a regression where connection may get closed during upgrade. -- by :user:Dreamsorcerer

  [#7879](https://github.com/aio-libs/aiohttp/issues/7879) <https://github.com/aio-libs/aiohttp/issues/7879>_

• Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:Dreamsorcerer

  [#7895](https://github.com/aio-libs/aiohttp/issues/7895) <https://github.com/aio-libs/aiohttp/issues/7895>_

---

3.9.0 (2023-11-18)

Features

• Introduced AppKey for static typing support of Application storage. See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

  [#5864](https://github.com/aio-libs/aiohttp/issues/5864) <https://github.com/aio-libs/aiohttp/issues/5864>_

• Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. The period can be adjusted with the shutdown_timeout parameter. -- by :user:Dreamsorcerer. See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

  [#7188](https://github.com/aio-libs/aiohttp/issues/7188) <https://github.com/aio-libs/aiohttp/issues/7188>_

• Added handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>_ parameter to cancel web handler on client disconnection. -- by :user:mosquito This (optionally) reintroduces a feature removed in a previous release.

... (truncated)

Commits

• 6333c02 Release v3.9.1 (#7911)
• 9dbd273 [PR #7673/aa7d1a8f backport][3.9] Document release process (#7909)
• dd175b6 Fix regression with connection upgrade (#7879) (#7908)
• 946523d Fix flaky websocket test (#7902) (#7904)
• ddc2a26 [PR #7896/9a7cfe77 backport][3.9] Fix some flaky tests (#7900)
• 2ae4d6f Message is not upgraded if Upgrade header is missing (#7895) (#7898)
• bb11101 Restore async concurrency safety to websocket compressor (#7865) (#7889)
• 6dd0122 Update dependabot.yml (#7888)
• 41a9f1f Bump mypy from 1.7.0 to 1.7.1 (#7882)
• a049701 Fix usage of proxy.py in test_proxy_functional (#7773) (#7876)
• Additional commits viewable in compare view

Updates certifi from 2023.7.22 to 2023.11.17

Commits

• 515962b Merge pull request #252 from certifi/create-pull-request/patch
• 28b2a0d 2023.11.17
• 7ccda9f Bump actions/checkout from 4.1.0 to 4.1.1 (#251)
• 5e4bb9e Bump actions/setup-python from 4.7.0 to 4.7.1 (#248)
• 610354f Bump actions/checkout from 4.0.0 to 4.1.0 (#247)
• 2d98c76 Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#246)
• 7f0e639 ci: add minimal permissions to workflows bump.yml and release.yml (#245)
• 600713d Bump actions/checkout from 3.6.0 to 4.0.0 (#244)
• 0435b2a Bump actions/checkout from 3.5.3 to 3.6.0 (#242)
• 25ea83a Fix bash
• Additional commits viewable in compare view

Updates charset-normalizer from 3.2.0 to 3.3.2

Release notes

Sourced from charset-normalizer's releases.

Version 3.3.2

3.3.2 (2023-10-31)

Fixed

• Unintentional memory usage regression when using large payloads that match several encodings (#376)
• Regression on some detection cases showcased in the documentation (#371)

Added

• Noise (md) probe that identifies malformed Arabic representation due to the presence of letters in isolated form (credit to my wife, thanks!)

Version 3.3.1

3.3.1 (2023-10-22)

Changed

• Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
• Improved the general detection reliability based on reports from the community

Release 3.3.0

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encodings that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Changelog

Sourced from charset-normalizer's changelog.

3.3.2 (2023-10-31)

Fixed

• Unintentional memory usage regression when using large payload that match several encoding (#376)
• Regression on some detection case showcased in the documentation (#371)

Added

• Noise (md) probe that identify malformed arabic representation due to the presence of letters in isolated form (credit to my wife)

3.3.1 (2023-10-22)

Changed

• Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
• Improved the general detection reliability based on reports from the community

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encoding that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Commits

• 79dce48 🐛 Regression on some detection case showcased in the documentation (#371)...
• a4b9b01 Bump github/codeql-action from 2.22.4 to 2.22.5 (#375)
• dcc01cc Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#374)
• 9cd402c Bump pytest from 7.4.2 to 7.4.3 (#373)
• e274dcc 🐛 Fix unintentional memory usage regression when using large payload that...
• 07f3041 ⬆️ Bump github/codeql-action from 2.22.3 to 2.22.4 (#370)
• 5208644 🔖 Release 3.3.1 (#367)
• 66966f1 ❇️ Improve the detection around some cases (#366)
• 49653a6 ⬆️ Bump actions/setup-python from 4.7.0 to 4.7.1 (#359)
• f6a66ed ⬆️ Bump pypa/cibuildwheel from 2.16.0 to 2.16.2 (#361)
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.6

Changelog

Sourced from idna's changelog.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 4ae74cf Release v3.6
• 21888f3 Merge pull request #164 from mgorny/sdist-test
• c5ba76a Include tests in sdist
• 2eb16d3 Merge pull request #162 from kjd/release-3.5
• 89cd061 Release v3.5
• 9fc29cd Merge pull request #161 from kjd/master
• acb8c4a Merge pull request #160 from cclauss/patch-1
• adca101 README.rst: Fix typos
• 33a8f7b Merge pull request #159 from diogoteles08/add-scorecard
• 354a412 Add Scorecard GitHub Action
• Additional commits viewable in compare view

Updates prometheus-client from 0.17.1 to 0.19.0

Release notes

Sourced from prometheus-client's releases.

0.19.0 / 2023-11-20

What's Changed

[FEATURE] support HTTPS/TLS in start_http_server. #946 [BUGFIX] fix: error in determining timestamp less than. #979

0.18.0 / 2023-10-30

[CHANGE] Remove support for Python versions < 3.8. #936 [FEATURE] Add mostrecent aggregation to Gauge. #967 [ENHANCEMENT] Typing improvements. #935, #970 [ENHANCEMENT] Allow enabling or disabling _created metrics from code. #973 [BUGFIX] Change #!/usr/bin/python to #!/usr/bin/env python in remaining places. #945

Commits

• 2dcd17e Release 0.19.0
• d8306b7 Merge pull request #980 from prometheus/fix-doc-site-build
• 2fcdfa6 Remove public/api check copied from client_java
• dc14069 Add documentation site (#974)
• fae24b7 Merge pull request #979 from weidongkl/master
• da8d29d fix: error in determining timestamp less than
• 3d78630 support HTTPS/TLS. (#946)
• a000193 Release 0.18.0
• ea78128 Allow enabling/disabling _created metrics from code (#973)
• 546599b Add mostrecent aggregation to Gauge (#967)
• Additional commits viewable in compare view

Updates sentry-sdk from 1.30.0 to 1.38.0

Release notes

Sourced from sentry-sdk's releases.

1.38.0

Various fixes & improvements

• Only add trace context to checkins and do not run event_processors for checkins (#2536) by @​antonpirker
• Metric span summaries (#2522) by @​mitsuhiko
• Add source context to code locations (#2539) by @​jan-auer
• Use in-app filepath instead of absolute path (#2541) by @​antonpirker
• Switch to jinja2 for generating CI yamls (#2534) by @​sentrivana

1.37.1

Various fixes & improvements

• Fix NameError on parse_version with eventlet (#2532) by @​sentrivana
• build(deps): bump checkouts/data-schemas from 68def1e to e9f7d58 (#2501) by @​dependabot

1.37.0

Various fixes & improvements

• Move installed modules code to utils (#2429) by @​sentrivana

  Note: We moved the internal function _get_installed_modules from sentry_sdk.integrations.modules to sentry_sdk.utils. So if you use this function you have to update your imports

• Add code locations for metrics (#2526) by @​jan-auer

• Add query source to DB spans (#2521) by @​antonpirker

• Send events to Spotlight sidecar (#2524) by @​HazAT

• Run integration tests with newest pytest (#2518) by @​sentrivana

• Bring tests up to date (#2512) by @​sentrivana

• Fix: Prevent global var from being discarded at shutdown (#2530) by @​antonpirker

• Fix: Scope transaction source not being updated in scope.span setter (#2519) by @​sl0thentr0py

1.36.0

• Django: Support Django 5.0 (#2490) by @​sentrivana
• Django: Handling ASGI body in the right way. (#2513) by @​antonpirker
• Flask: Test with Flask 3.0 (#2506) by @​sentrivana
• Celery: Do not create a span when task is triggered by Celery Beat (#2510) by @​antonpirker
• Redis: Ensure RedisIntegration is disabled, unless redis is installed (#2504) by @​szokeasaurusrex
• Quart: Fix Quart integration for Quart 0.19.4 (#2516) by @​antonpirker
• gRPC: Make async gRPC less noisy (#2507) by @​jyggen

1.35.0

Various fixes & improvements

• Updated gRPC integration: Asyncio interceptors and easier setup (#2369) by @​fdellekart

  Our gRPC integration now instruments incoming unary-unary grpc requests and outgoing unary-unary, unary-stream grpc requests using grpcio channels. Everything works now for sync and async code.

  Before this release you had to add Sentry interceptors by hand to your gRPC code, now the only thing you need to do is adding the GRPCIntegration to you sentry_sdk_init() call. (See documentation for more information):

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

1.38.0

Various fixes & improvements

• Only add trace context to checkins and do not run event_processors for checkins (#2536) by @​antonpirker
• Metric span summaries (#2522) by @​mitsuhiko
• Add source context to code locations (#2539) by @​jan-auer
• Use in-app filepath instead of absolute path (#2541) by @​antonpirker
• Switch to jinja2 for generating CI yamls (#2534) by @​sentrivana

1.37.1

Various fixes & improvements

• Fix NameError on parse_version with eventlet (#2532) by @​sentrivana
• build(deps): bump checkouts/data-schemas from 68def1e to e9f7d58 (#2501) by @​dependabot

1.37.0

Various fixes & improvements

• Move installed modules code to utils (#2429) by @​sentrivana

  Note: We moved the internal function _get_installed_modules from sentry_sdk.integrations.modules to sentry_sdk.utils. So if you use this function you have to update your imports

• Add code locations for metrics (#2526) by @​jan-auer

• Add query source to DB spans (#2521) by @​antonpirker

• Send events to Spotlight sidecar (#2524) by @​HazAT

• Run integration tests with newest pytest (#2518) by @​sentrivana

• Bring tests up to date (#2512) by @​sentrivana

• Fix: Prevent global var from being discarded at shutdown (#2530) by @​antonpirker

• Fix: Scope transaction source not being updated in scope.span setter (#2519) by @​sl0thentr0py

1.36.0

Various fixes & improvements

• Django: Support Django 5.0 (#2490) by @​sentrivana
• Django: Handling ASGI body in the right way. (#2513) by @​antonpirker
• Flask: Test with Flask 3.0 (#2506) by @​sentrivana
• Celery: Do not create a span when task is triggered by Celery Beat (#2510) by @​antonpirker
• Redis: Ensure RedisIntegration is disabled, unless redis is installed (#2504) by @​szokeasaurusrex
• Quart: Fix Quart integration for Quart 0.19.4 (#2516) by @​antonpirker
• gRPC: Make async gRPC less noisy (#2507) by @​jyggen

1.35.0

Various fixes & improvements

... (truncated)

Commits

• 2904574 Update CHANGELOG.md
• 62c9220 release: 1.38.0
• a7f5a66 Only add trace context to checkins and do not run event_processors for checki...
• b250a89 feat: metric span summaries (#2522)
• bd68a3e feat(metrics): Add source context to code locations (#2539)
• 044ce0a Use in app filepath instead of absolute path (#2541)
• c025ffe Switch to jinja2 for generating CI yamls (#2534)
• 12b8f98 Merge branch 'release/1.37.1'
• aed0cca release: 1.37.1
• 6723799 Fix NameError on parse_version with eventlet (#2532)
• Additional commits viewable in compare view

Updates typing-extensions from 4.7.1 to 4.8.0

Release notes

Sourced from typing-extensions's releases.

4.8.0

Changes since 4.7.1:

• Add typing_extensions.Doc, as proposed by PEP 727. Patch by Sebastián Ramírez.
• Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
• Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class. Patch by Alex Waygood (backporting python/cpython#107584, by James Hilton-Balfe).
• Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11. Patch by James Hilton-Balfe

No changes since 4.8.0rc1.

4.8.0rc1

• Add typing_extensions.Doc, as proposed by PEP 727. Patch by Sebastián Ramírez.
• Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
• Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class. Patch by Alex Waygood (backporting python/cpython#107584, by James Hilton-Balfe).
• Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11. Patch by James Hilton-Balfe

Changelog

Sourced from typing-extensions's changelog.

Release 4.8.0 (September 17, 2023)

No changes since 4.8.0rc1.

Release 4.8.0rc1 (September 7, 2023)

• Add typing_extensions.Doc, as proposed by PEP 727. Patch by Sebastián Ramírez.
• Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
• Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class. Patch by Alex Waygood (backporting python/cpython#107584, by James Hilton-Balfe).
• Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11. Patch by James Hilton-Balfe

Commits

• c17c499 Prepare release 4.8.0 (#283)
• df9e322 Run tests on py312 for more third-party projects (#281)
• 7e29499 Release 4.8.0rc1 (#280)
• ca2a739 Add Doc from PEP 727: https://peps.python.org/pep-0727/ (#277)
• 13c9484 Fix ParamSpec ellipsis default for <3.10 (#279)
• 4705e74 Improve documentation (#278)
• 99fa708 Backport CPython PR 107584 (#275)
• 688fbd2 Revert "Skip running cattrs tests on PyPy (#272)" (#273)
• 8dfa0a5 Skip running cattrs tests on PyPy (#272)
• 7bb3f3f Fix third-party workflow (#269)
• Additional commits viewable in compare view

Updates urllib3 from 2.0.4 to 2.1.0

Release notes

Sourced from urllib3's releases.

2.1.0

Read the v2 migration guide for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. (#2680)
• Removed support for the deprecated SecureTransport TLS implementation. (#2681)
• Removed support for the end-of-life Python 3.7. (#3143)

Bugfixes

• Allowed loading CA certificates from memory for proxies. (#3065)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. (#3174)

2.0.7

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

Changelog

Sourced from urllib3's changelog.

2.1.0 (2023-11-13)

Read the v2 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. ([#2680](https://github.com/urllib3/urllib3/issues/2680) <https://github.com/urllib3/urllib3/issues/2680>__)
• Removed support for the deprecated SecureTransport TLS implementation. ([#2681](https://github.com/urllib3/urllib3/issues/2681) <https://github.com/urllib3/urllib3/issues/2681>__)
• Removed support for the end-of-life Python 3.7. ([#3143](https://github.com/urllib3/urllib3/issues/3143) <https://github.com/urllib3/urllib3/issues/3143>__)

Bugfixes

• Allowed loading CA certificates from memory for proxies. ([#3065](https://github.com/urllib3/urllib3/issues/3065) <https://github.com/urllib3/urllib3/issues/3065>__)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. ([#3174](https://github.com/urllib3/urllib3/issues/3174) <https://github.com/urllib3/urllib3/issues/3174>__)

2.0.7 (2023-10-17)

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)

Commits

• 69be299 Release 2.1.0
• 77f71d3 Mention myself in README
• e601a0e Check _has_route within the test function (#3187)
• f7cd7f3 Stop naming urllib3/requests tests "integration" (#3182)
• 6fc4260 Use more precise type checks
• 5fa8ea6 Fix lint on Python 3.12
• 8727683 Remove Sphinx version pin
• 5fc48e7 Treat x-gzip content encoding as gzip
• ff764a0 Allow loading CA certificates from memory for proxies (#3150)
• b99cc39 Replace deprecated set-output in GitHub Actions
• Additional commits viewable in compare view

Updates yarl from 1.9.2 to 1.9.3

Release notes

Sourced from yarl's releases.

1.9.3

🐛 Bug fixes

• Stopped dropping trailing slashes in yarl.URL.joinpath() -- by [@​gmacon]. (#862, #866)
• Started accepting string subclasses in __truediv__() operations (URL / segment) -- by [@​mjpieters]. (#871, #884)
• Fixed the human representation of URLs with square brackets in usernames and passwords -- by @​mjpieters. (#876, #882)
• Updated type hints to include URL.missing_port(), URL.__bytes__() and the encoding argument to yarl.URL.joinpath() -- by @​mjpieters. (#891)

📦 Packaging updates and notes for downstreams

• Integrated Cython 3 to enable building yarl under Python 3.12 -- by @​mjpieters. (#829, #881)

• Added the changelog URL to the dist metadata -- by [@​scop]. (#877)

• Declared modern setuptools.build_meta as the :pep:517 build backend in pyproject.toml explicitly -- by [@​webknjaz]. (#886)

• Converted most of the packaging setup into a declarative setup.cfg config -- by @​webknjaz. (#890)

• Replaced the packaging is replaced from an old-fashioned setup.py to an in-tree :pep:517 build backend -- by @​webknjaz.

  Whenever the end-users or downstream packagers need to build yarl from source (a Git checkout or an sdist), they may pass a config_settings flag --pure-python. If this flag is not set, a C-extension will be built and included into the distribution.

  Here is how this can be done with pip:

  $ python -m pip install . --config-settings=--pure-python=

  This will also work with -e | --editable.

  The same can be achieved via pypa/build:

  $ python -m build --config-setting=--pure-python=

  Adding -w | --wheel can force pypa/build produce a wheel from source directly, as opposed to building an sdist and then building from it. (#893)

• Declared Python 3.12 supported officially in the distribution package metadata -- by [@​edgarrmondragon]. (#942)

🛠️ Contributor-facing changes

• A regression test for no-host URLs was added per #821 and RFC 3986 -- by [@​kenballus]. (#821, #822)

• Started testing yarl against Python 3.12 in CI -- by @​mjpieters. (#881)

• All Python 3.12 jobs are now marked as required to pass in CI -- by @​edgarrmondragon. (#942)

• MyST is now integrated in Sphinx -- by @​webknjaz.

  This allows the contributors to author new documents in Markdown when they have difficulties with going straight RST. (#953)

💪 New Contributors

• @​gmacon made their first contribution in aio-libs/yarl#866
• @​scop made their first contribution in aio-libs/yarl#877
• @​edgarrmondragon made their first contribution in aio-libs/yarl#942

... (truncated)

Changelog

Sourced from yarl's changelog.

1.9.3 (2023-11-20)

Bug fixes

• Stopped dropping trailing slashes in :py:meth:~yarl.URL.joinpath -- by :user:gmacon. (:issue:862, :issue:866)
• Started accepting string subclasses in __truediv__() operations (URL / segment) -- by :user:mjpieters. (:issue:871, :issue:884)
• Fixed the human representation of URLs with square brackets in usernames and passwords -- by :user:mjpieters. (:issue:876, :issue:882)
• Updated type hints to include URL.missing_port(), URL.__bytes__() and the encoding argument to :py:meth:~yarl.URL.joinpath -- by :user:mjpieters. (:issue:891)

Packaging updates and notes for downstreams

• Integrated Cython 3 to enable building yarl under Python 3.12 -- by :user:mjpieters. (:issue:829, :issue:881)

• Declared modern setuptools.build_meta as the :pep:517 build backend in :file:pyproject.toml explicitly -- by :user:webknjaz. (:issue:886)

• Converted most of the packaging setup into a declarative :file:setup.cfg config -- by :user:webknjaz. (:issue:890)

• The packaging is replaced from an old-fashioned :file:setup.py to an in-tree :pep:517 build backend -- by :user:webknjaz.

  Whenever the end-users or downstream packagers need to build yarl from source (a Git checkout or an sdist), they may pass a config_settings flag --pure-python. If this flag is not set, a C-extension will be built and included into the distribution.

  Here is how this can be done with pip:

  .. code-block:: console

  $ python -m pip install . --config-settings=--pure-python=false
  

  This will also work with -e | --editable.

  The same can be achieved via pypa/build:

  .. code-block:: console

  $ python -m build --config-setting=--pure-python=false
  

  Adding -w | --wheel can force pypa/build produce a wheel from source directly, as opposed to building an sdist and then building from it. (:issue:893)

  .. attention::

  v1.9.3 was the only version using the --pure-python setting name.

... (truncated)

Commits

• 0698dc9 ⇪📦 Release yarl v1.9.3
• 690b54c 💄 Mark the GHA workflow as CI/CD
• 1addb55 🐛🧪 Fix issue replacement in changelog @ CI
• c2ab1e9 🎨 Pass explicit --no-color to Pip in CI
• f202823 🐛🧪 Unset FORCE_COLOR on Bash level @ CI
• ef5664b 💡Use NO_COLOR to override FORCE_COLOR @ pip
• d1d9f6e Merge PR #956
• e14d10e Attempt disabling FORCE_COLOR env var w/ YAML null
• 11276e0 📦Explicitly list NOTICE @ wheel license files
• 180c2b2 🐛Uncolorize pip JSON report in whl compat cmd
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same re...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.