Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): bump the python-pip group across 1 directory with 5 updates #202

Closed
wants to merge 1 commit into from
Closed

fix(deps): bump the python-pip group across 1 directory with 5 updates #202

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 25, 2024
edited
Loading

Bumps the python-pip group with 5 updates in the / directory:

Package From To
flask 3.0.3 3.1.0
setuptools 75.2.0 75.6.0
numpy 2.1.2 2.1.3
werkzeug 3.1.1 3.1.3
zipp 3.20.2 3.21.0

Updates flask from 3.0.3 to 3.1.0

Release notes

Sourced from flask's releases.

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

  • Drop support for Python 3.8. #5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
  • Provide a configuration option to control automatic option responses. #5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636
Changelog

Sourced from flask's changelog.

Version 3.1.0

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option responses. :pr:5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. :issue:5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. :issue:5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. :issue:5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. :issue:5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. :issue:5636
Commits
  • ab81496 release version 3.1.0
  • 70602a1 remove test pypi
  • 6748a09 update dev dependencies
  • 22c48a7 Merge remote-tracking branch 'origin/stable'
  • 2eab96a use generic bases for session (#5638)
  • f49dbfd use generic bases for session
  • 7b21d43 configure and check request.trusted_hosts (#5637)
  • 4f7156f configure and check trusted_hosts
  • 10bdf61 setting SERVER_NAME does not restrict routing for both subdomain_matching...
  • 4995a77 fix subdomain_matching=False behavior
  • Additional commits viewable in compare view

Updates setuptools from 75.2.0 to 75.6.0

Changelog

Sourced from setuptools's changelog.

v75.6.0

Features

  • Preserve original PKG-INFO into METADATA when creating wheel (instead of calling wheel.metadata.pkginfo_to_metadata). This helps to be more compliant with the flow specified in PEP 517. (#4701)
  • Changed the WindowsSdkVersion, FrameworkVersion32 and FrameworkVersion64 properties of setuptools.msvc.PlatformInfo to return an empty tuple instead of None as a fallthrough case -- by :user:Avasam (#4754)

v75.5.0

Features

  • Removed support for SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION, as it is deemed prone to errors. (#4746)

v75.4.0

Features

  • Added support for the environment variable SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true, allowing users to bypass the validation of pyproject.toml. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that pyproject.toml complies with setuptools requirements. (#4611)

    .. attention:: This environment variable was removed in a later version of setuptools.

  • Require Python 3.9 or later. (#4718)

  • Remove dependency on importlib_resources and the vendored copy of the library. Instead, setuptools consistently rely on stdlib's importlib.resources (available on Python 3.9+). (#4718)

  • Setuptools' bdist_wheel implementation no longer produces wheels with the m SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:sys.abiflags). (#4718)

  • Updated vendored packaging version to 24.2. (#4740)

... (truncated)

Commits
  • bf2ced2 Bump version: 75.5.0 → 75.6.0
  • 8685c80 Empty tuple instead of None for PlatformInfo version properties fallthrough (...
  • 50d671b Rename news fragment
  • 2b471c2 Changed the WindowsSdkVersion, FrameworkVersion32 and ``FrameworkVers...
  • 2c77cd2 Runtime typing fixes for typeshed return type merge (#4753
  • 9a4c8d4 Runtime typing fixes for typeshed return type merge
  • e622859 Preserve original PKG-INFO contents when creating wheel (instead of calling...
  • 0b5b417 Mark tests that may depend on external network
  • a4fa01d Add news fragment
  • 089aca9 Ignore coverage in test code
  • Additional commits viewable in compare view

Updates numpy from 2.1.2 to 2.1.3

Release notes

Sourced from numpy's releases.

2.1.3 (Nov 2, 2024)

NumPy 2.1.3 Release Notes

NumPy 2.1.3 is a maintenance release that fixes bugs and regressions discovered after the 2.1.2 release. This release also adds support for free threaded Python 3.13 on Windows.

The Python versions supported by this release are 3.10-3.13.

Improvements

  • Fixed a number of issues around promotion for string ufuncs with StringDType arguments. Mixing StringDType and the fixed-width DTypes using the string ufuncs should now generate much more uniform results.

    (gh-27636)

Changes

  • numpy.fix now won't perform casting to a floating data-type for integer and boolean data-type input arrays.

    (gh-26766)

Contributors

A total of 15 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Abhishek Kumar +
  • Austin +
  • Benjamin A. Beasley +
  • Charles Harris
  • Christian Lorentzen
  • Marcel Telka +
  • Matti Picus
  • Michael Davidsaver +
  • Nathan Goldbaum
  • Peter Hawkins
  • Raghuveer Devulapalli
  • Ralf Gommers
  • Sebastian Berg
  • dependabot[bot]
  • kp2pml30 +

Pull requests merged

A total of 21 pull requests were merged for this release.

... (truncated)

Commits
  • 98464cc Merge pull request #27690 from charris/prepare-2.1.3
  • cbda85b REL: Prepare for the NumPy 2.1.3 release [wheel build]
  • daa8699 Merge pull request #27672 from charris/backport-27666
  • 614ca19 Merge pull request #27673 from charris/backport-27636
  • e6b02d7 DOC: add release note
  • 54fd729 BUG: substantially simplify and fix issue with justification promoter
  • a90fe7c BUG: fix more issues with string ufunc promotion
  • a121864 BUG: fixes for StringDType/unicode promoters
  • f055fb9 BUG: Fix a reference count leak in npy_find_descr_for_scalar.
  • 5895c02 Merge pull request #27669 from charris/backport-27663
  • Additional commits viewable in compare view

Updates werkzeug from 3.1.1 to 3.1.3

Release notes

Sourced from werkzeug's releases.

3.1.3

This is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.3/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3 Milestone: https://github.com/pallets/werkzeug/milestone/41?closed=1

  • Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. #2994
  • When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. #2993

3.1.2

This is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.2/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2 Milestone: https://github.com/pallets/werkzeug/milestone/40?closed=1

  • Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. #2988
  • Headers does not inherit from MutableMapping, as it is does not exactly match that interface. #2989
Changelog

Sourced from werkzeug's changelog.

Version 3.1.3

Released 2024-11-08

  • Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. :issue:2994
  • When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. :issue:2993

Version 3.1.2

Released 2024-11-04

  • Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. :issue:2988
  • Headers does not inherit from MutableMapping, as it is does not exactly match that interface. :issue:2989
Commits

Updates zipp from 3.20.2 to 3.21.0

Changelog

Sourced from zipp's changelog.

v3.21.0

Features

  • Improve performances of :meth:zipfile.Path.open for non-reading modes. (1a1928d)
  • Rely on cached_property to cache values on the instance.
  • Rely on save_method_args to save method args.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
fix(deps): bump the python-pip group across 1 directory with 5 updates
033191d 
Bumps the python-pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.0` |
| [setuptools](https://github.com/pypa/setuptools) | `75.2.0` | `75.6.0` |
| [numpy](https://github.com/numpy/numpy) | `2.1.2` | `2.1.3` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.3` |
| [zipp](https://github.com/jaraco/zipp) | `3.20.2` | `3.21.0` |



Updates `flask` from 3.0.3 to 3.1.0
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.0.3...3.1.0)

Updates `setuptools` from 75.2.0 to 75.6.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v75.2.0...v75.6.0)

Updates `numpy` from 2.1.2 to 2.1.3
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.1.2...v2.1.3)

Updates `werkzeug` from 3.1.1 to 3.1.3
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.1...3.1.3)

Updates `zipp` from 3.20.2 to 3.21.0
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.20.2...v3.21.0)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-pip
- dependency-name: setuptools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-pip
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-pip
- dependency-name: werkzeug
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-pip
- dependency-name: zipp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 25, 2024
@dependabot dependabot bot mentioned this pull request Nov 25, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 9, 2024

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 16, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 16, 2024
@dependabot dependabot bot deleted the dependabot/pip/python-pip-f68c20d324 branch December 16, 2024 23:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants