Upgrade: Bump the dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
aiohttp	3.9.3	3.9.5
certifi	2023.11.17	2024.2.2
idna	3.6	3.7
prometheus-client	0.19.0	0.20.0
sentry-sdk	1.40.0	2.3.1
typing-extensions	4.9.0	4.12.1
urllib3	2.2.0	2.2.1

Updates aiohttp from 3.9.3 to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: #8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: #8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8335.

---

3.9.4

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: #8089.

• Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: :issue:8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: :issue:8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8335.

---

3.9.4 (2024-04-11)

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: :issue:8089.

... (truncated)

Commits

• b844d42 Release v3.9.5 (#8340)
• 0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
• f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
• 7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
• 82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
• 01df7ec Bump version
• 7917ae2 Merge 3.1
• b3397c7 Release v3.9.4 (#8201)
• a7e240a [PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...
• 2833552 Escape filenames and paths in HTML when generating index pages (#8317) (#8319)
• Additional commits viewable in compare view

Updates certifi from 2023.11.17 to 2024.2.2

Commits

• 45eb611 2024.02.02 (#266)
• 83f4f04 fix leaking certificate issue (#265)
• bbf2208 Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#264)
• 9e837a5 Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#262)
• 05d071b Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#261)
• 2a3088a Bump actions/download-artifact from 4.1.0 to 4.1.1 (#260)
• d4ca66e Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#258)
• 5d15663 Bump actions/download-artifact from 3.0.2 to 4.1.0 (#257)
• d66ef9d Bump actions/setup-python from 4.7.1 to 5.0.0 (#256)
• 8f0d412 Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (#255)
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates prometheus-client from 0.19.0 to 0.20.0

Release notes

Sourced from prometheus-client's releases.

0.20.0 / 2024-02-14

What's Changed

• [CHANGE/BUGFIX] Update OpenMetrics Content Type to 1.0.0. #997
• [FEATURE] Enable graceful shutdown for start_{http,wsgi}_server by returning the server and thread. #999
• [FEATURE] Allow resetting counter metrics. #1005
• [BUGFIX] wsgi server: address family discovery is not quite right. #1006

Commits

• 7a80f00 Release 0.20.0
• 6ae7737 wsgi server: address family discovery is not quite right (#1006)
• 1f8ceb7 Reset counter (#1005)
• b9edc43 Enable graceful shutdown for start_{http,wsgi}_server (#999)
• 9dd6b0d Update OpenMetrics Content Type to 1.0.0 (#997)
• 998d8af Update documentation and code warning for remove and clear in multi-process m...
• 147c9d1 Update documentation for disabling _created metrics (#992)
• See full diff in compare view

Updates sentry-sdk from 1.40.0 to 2.3.1

Release notes

Sourced from sentry-sdk's releases.

2.3.1

Various fixes & improvements

• Handle also byte arras as strings in Redis caches (#3101) by @​antonpirker
• Do not crash exceptiongroup (by patching excepthook and keeping the name of the function) (#3099) by @​antonpirker

2.3.0

Various fixes & improvements

• NEW: Redis integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3073) by @​antonpirker
• NEW: Django integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3009) by @​antonpirker
• Fix cohere testsuite for new release of cohere (#3098) by @​antonpirker
• Fix ClickHouse integration where _sentry_span might be missing (#3096) by @​sentrivana

2.2.1

Various fixes & improvements

• Add conditional check for delivery_info's existence (#3083) by @​cmanallen
• Updated deps for latest langchain version (#3092) by @​antonpirker
• Fixed grpcio extras to work as described in the docs (#3081) by @​antonpirker
• Use pythons venv instead of virtualenv to create virtual envs (#3077) by @​antonpirker
• Celery: Add comment about kwargs_headers (#3079) by @​szokeasaurusrex
• Celery: Queues module producer implementation (#3079) by @​szokeasaurusrex
• Fix N803 flake8 failures (#3082) by @​szokeasaurusrex

2.2.0

New features

• Celery integration now sends additional data to Sentry to enable new features to guage the health of your queues
• Added a new integration for Cohere
• Reintroduced the last_event_id function, which had been removed in 2.0.0

Other fixes & improvements

• Add tags + data passing functionality to @​ai_track (#3071) by @​colin-sentry
• fix(tracing): Only propagate headers from spans within transactions (#3070) by @​szokeasaurusrex
• ref(metrics): Improve type hints for set metrics (#3048) by @​elramen
• ref(scope): Fix get_client typing (#3063) by @​szokeasaurusrex
• Auto-enable Anthropic integration + gate imports (#3054) by @​colin-sentry
• Made MeasurementValue.unit NotRequired (#3051) by @​antonpirker

2.1.1

• Fix trace propagation in Celery tasks started by Celery Beat. (#3047) by @​antonpirker

2.1.0

• fix(quart): Fix Quart integration (#3043) by @​szokeasaurusrex

• New integration: Langchain (#2911) by @​colin-sentry

  Usage: (Langchain is auto enabling, so you do not need to do anything special)

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.3.1

Various fixes & improvements

• Handle also byte arras as strings in Redis caches (#3101) by @​antonpirker
• Do not crash exceptiongroup (by patching excepthook and keeping the name of the function) (#3099) by @​antonpirker

2.3.0

Various fixes & improvements

• NEW: Redis integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3073) by @​antonpirker
• NEW: Django integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3009) by @​antonpirker
• Fix cohere testsuite for new release of cohere (#3098) by @​antonpirker
• Fix ClickHouse integration where _sentry_span might be missing (#3096) by @​sentrivana

2.2.1

Various fixes & improvements

• Add conditional check for delivery_info's existence (#3083) by @​cmanallen
• Updated deps for latest langchain version (#3092) by @​antonpirker
• Fixed grpcio extras to work as described in the docs (#3081) by @​antonpirker
• Use pythons venv instead of virtualenv to create virtual envs (#3077) by @​antonpirker
• Celery: Add comment about kwargs_headers (#3079) by @​szokeasaurusrex
• Celery: Queues module producer implementation (#3079) by @​szokeasaurusrex
• Fix N803 flake8 failures (#3082) by @​szokeasaurusrex

2.2.0

New features

• Celery integration now sends additional data to Sentry to enable new features to guage the health of your queues
• Added a new integration for Cohere
• Reintroduced the last_event_id function, which had been removed in 2.0.0

Other fixes & improvements

• Add tags + data passing functionality to @​ai_track (#3071) by @​colin-sentry
• Only propagate headers from spans within transactions (#3070) by @​szokeasaurusrex
• Improve type hints for set metrics (#3048) by @​elramen
• Fix get_client typing (#3063) by @​szokeasaurusrex
• Auto-enable Anthropic integration + gate imports (#3054) by @​colin-sentry
• Made MeasurementValue.unit NotRequired (#3051) by @​antonpirker

2.1.1

• Fix trace propagation in Celery tasks started by Celery Beat. (#3047) by @​antonpirker

2.1.0

... (truncated)

Commits

• a0ea6a9 Updated changelog
• f12712f release: 2.3.1
• 35e9bab Handle also byte arras as strings (#3101)
• 45bf880 Do not crash exceptiongroup (by patching excepthook and keeping the name of t...
• 0983f74 Merge branch 'release/2.3.0'
• 4e74f91 Updated Changelog
• fadd277 Update CHANGELOG.md
• 88dd524 release: 2.3.0
• 121aa0e Redis Cache Module - 1 - Prepare Code (#3073)
• 30f72a3 Django caching instrumentation update (#3009)
• Additional commits viewable in compare view

Updates typing-extensions from 4.9.0 to 4.12.1

Release notes

Sourced from typing-extensions's releases.

4.12.1

• Preliminary changes for compatibility with the draft implementation of PEP 649 in Python 3.14. Patch by Jelle Zijlstra.
• Fix regression in v4.12.0 where nested Annotated types would cause TypeError to be raised if the nested Annotated type had unhashable metadata. Patch by Alex Waygood.

4.12.0

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

There is a single change since 4.12.0rc1:

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Changes included in 4.12.0rc1:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.
  • Fix bug in PEP-696 implementation where a default value for a ParamSpec would be cast to a tuple if a list was provided. Patch by Alex Waygood.
• Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new __static_attributes__ attribute to all classes in Python,

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.12.1 (June 1, 2024)

• Preliminary changes for compatibility with the draft implementation of PEP 649 in Python 3.14. Patch by Jelle Zijlstra.
• Fix regression in v4.12.0 where nested Annotated types would cause TypeError to be raised if the nested Annotated type had unhashable metadata. Patch by Alex Waygood.

Release 4.12.0 (May 23, 2024)

This release is mostly the same as 4.12.0rc1 but fixes one more longstanding bug.

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Release 4.12.0rc1 (May 16, 2024)

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

Full changelog:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.

... (truncated)

Commits

• 7269638 Prepare release 4.12.1 (#418)
• 8dfcf3c Fix TypeError on nested Annotated types where the inner type has unhashab...
• d76f591 Switch from flake8 to ruff (#414)
• 920d60d Support my PEP 649 branch (#412)
• e792bce Ignore fewer flake8 rules when linting tests (#413)
• f90a8dc Prepare release 4.12.0 (#408)
• 118e1a6 Make sure isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) is u...
• 910141a Add security documentation (#403)
• 0dbc7c9 Prepare release 4.12.0rc1 (#402)
• 1da5d3d Update actions/setup-python (#401)
• Additional commits viewable in compare view

Updates urllib3 from 2.2.0 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
• Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

Changelog

Sourced from urllib3's changelog.

2.2.1 (2024-02-16)

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>__)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>__)
• Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>__)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>__)

Commits

• 54d6edf Release 2.2.1
• 49b2dda Stop casting request headers to HTTPHeaderDict (#3344)
• e22f651 Fix docstring of retries parameter
• fa54179 Distinguish between truncated and excess content in response (#3273)
• cfe52f9 Fix InsecureRequestWarning for HTTPS Emscripten requests (#3333)
• 25155d7 Ensure no remote connections during testing (#3328)
• 12f9233 Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (#3340)
• 9929d3c Add nox session to start local Pyodide console
• aa8d3dd Fix ssl_version tests for upcoming migration to pytest 8
• 23f2287 Remove TODO about informational responses (#3319)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[TrueBrain]

@dependabot recreate

[dependabot]

Superseded by #233.