Upgrade: Bump the dependencies group across 1 directory with 19 updates

[dependabot]

Bumps the dependencies group with 19 updates in the / directory:

Package	From	To
aiohttp	3.9.3	3.9.5
anyio	4.3.0	4.4.0
boto3	1.34.53	1.34.138
botocore	1.34.53	1.34.138
certifi	2024.2.2	2024.6.2
cryptography	42.0.5	42.0.8
exceptiongroup	1.2.0	1.2.1
gitpython	3.1.42	3.1.43
httpcore	1.0.4	1.0.5
idna	3.6	3.7
marshmallow	3.21.0	3.21.3
packaging	23.2	24.1
pycparser	2.21	2.22
python-dateutil	2.9.0	2.9.0.post0
requests	2.31.0	2.32.3
s3transfer	0.10.0	0.10.2
sentry-sdk	1.40.6	2.7.1
typing-extensions	4.10.0	4.12.2
urllib3	1.26.18	1.26.19

Updates aiohttp from 3.9.3 to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: #8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: #8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8335.

---

3.9.4

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: #8089.

• Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: :issue:8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: :issue:8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8335.

---

3.9.4 (2024-04-11)

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: :issue:8089.

... (truncated)

Commits

• b844d42 Release v3.9.5 (#8340)
• 0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
• f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
• 7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
• 82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
• 01df7ec Bump version
• 7917ae2 Merge 3.1
• b3397c7 Release v3.9.4 (#8201)
• a7e240a [PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...
• 2833552 Escape filenames and paths in HTML when generating index pages (#8317) (#8319)
• Additional commits viewable in compare view

Updates anyio from 4.3.0 to 4.4.0

Release notes

Sourced from anyio's releases.

4.4.0

• Added the BlockingPortalProvider class to aid with constructing synchronous counterparts to asynchronous interfaces that would otherwise require multiple blocking portals
• Added __slots__ to AsyncResource so that child classes can use __slots__ (#733; PR by Justin Su)
• Added the TaskInfo.has_pending_cancellation() method
• Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() (#706; PR by Dominik Schwabe)
• Fixed two bugs with TaskGroup.start() on asyncio:
  • Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() (#706; PR by Dominik Schwabe)
  • Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled (#685, #710)
• Fixed a race condition that caused crashes when multiple event loops of the same backend were running in separate threads and simultaneously attempted to use AnyIO for their first time (#425; PR by David Jiricek and Ganden Schaffner)
• Fixed cancellation delivery on asyncio incrementing the wrong cancel scope's cancellation counter when cascading a cancel operation to a child scope, thus failing to uncancel the host task (#716)
• Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises KeyError
• Fixed the asyncio backend not respecting the PYTHONASYNCIODEBUG environment variable when setting the debug flag in anyio.run()
• Fixed SocketStream.receive() not detecting EOF on asyncio if there is also data in the read buffer (#701)
• Fixed MemoryObjectStream dropping an item if the item is delivered to a recipient that is waiting to receive an item but has a cancellation pending (#728)
• Emit a ResourceWarning for MemoryObjectReceiveStream and MemoryObjectSendStream that were garbage collected without being closed (PR by Andrey Kazantcev)
• Fixed MemoryObjectSendStream.send() not raising BrokenResourceError when the last corresponding MemoryObjectReceiveStream is closed while waiting to send a falsey item (#731; PR by Ganden Schaffner)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

UNRELEASED

• Added support for the from_uri(), full_match(), parser methods/properties in anyio.Path, newly added in Python 3.13 ([#737](https://github.com/agronholm/anyio/issues/737) <https://github.com/agronholm/anyio/issues/737>_)
• Changed the ResourceWarning from an unclosed memory object stream to include its address for easier identification
• Fixed to_process.run_sync() failing to initialize if __main__.__file__ pointed to a file in a nonexistent directory ([#696](https://github.com/agronholm/anyio/issues/696) <https://github.com/agronholm/anyio/issues/696>_)

4.4.0

• Added the BlockingPortalProvider class to aid with constructing synchronous counterparts to asynchronous interfaces that would otherwise require multiple blocking portals

• Added __slots__ to AsyncResource so that child classes can use __slots__ ([#733](https://github.com/agronholm/anyio/issues/733) <https://github.com/agronholm/anyio/pull/733>_; PR by Justin Su)

• Added the TaskInfo.has_pending_cancellation() method

• Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() ([#706](https://github.com/agronholm/anyio/issues/706) <https://github.com/agronholm/anyio/issues/706>_; PR by Dominik Schwabe)

• Fixed two bugs with TaskGroup.start() on asyncio:

  • Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() ([#706](https://github.com/agronholm/anyio/issues/706) <https://github.com/agronholm/anyio/issues/706>_; PR by Dominik Schwabe)
  • Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled ([#685](https://github.com/agronholm/anyio/issues/685) <https://github.com/agronholm/anyio/issues/685>, [#710](https://github.com/agronholm/anyio/issues/710) <https://github.com/agronholm/anyio/issues/710>)

• Fixed a race condition that caused crashes when multiple event loops of the same backend were running in separate threads and simultaneously attempted to use AnyIO for their first time ([#425](https://github.com/agronholm/anyio/issues/425) <https://github.com/agronholm/anyio/issues/425>_; PR by David Jiricek and Ganden Schaffner)

• Fixed cancellation delivery on asyncio incrementing the wrong cancel scope's cancellation counter when cascading a cancel operation to a child scope, thus failing to uncancel the host task ([#716](https://github.com/agronholm/anyio/issues/716) <https://github.com/agronholm/anyio/issues/716>_)

• Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises KeyError

• Fixed the asyncio backend not respecting the PYTHONASYNCIODEBUG environment variable when setting the debug flag in anyio.run()

• Fixed SocketStream.receive() not detecting EOF on asyncio if there is also data in the read buffer ([#701](https://github.com/agronholm/anyio/issues/701) <https://github.com/agronholm/anyio/issues/701>_)

... (truncated)

Commits

• 053e8f0 Bumped up the version
• e7f750b Fixed memory object stream sometimes dropping sent items (#735)
• 9f5f14b Fixed task group getting cancelled if start() gets cancelled (#717)
• 8b648bc Adjusted the pull request template
• 3ff5e9a Rearranged changelog items
• 541d1f8 [pre-commit.ci] pre-commit autoupdate (#734)
• 8a07690 Fix MemoryObjectSendStream.send(falsey) not raising BrokenResourceError w...
• 4b3de97 Adjust the headings in the PR template
• dfc44cf Added __slots__ to AsyncResource (#733)
• 96920b0 Fix typo in PR template (#730)
• Additional commits viewable in compare view

Updates boto3 from 1.34.53 to 1.34.138

Commits

• a9f692a Merge branch 'release-1.34.138'
• 2c161e0 Bumping version to 1.34.138
• 7bc84e1 Add changelog entries from botocore
• 441bc9e Merge branch 'release-1.34.137'
• 02bf15d Merge branch 'release-1.34.137' into develop
• 00b24b9 Bumping version to 1.34.137
• d72ff46 Add changelog entries from botocore
• 7ba80c1 Merge branch 'release-1.34.136' into develop
• 04045c4 Merge branch 'release-1.34.136'
• c04875b Bumping version to 1.34.136
• Additional commits viewable in compare view

Updates botocore from 1.34.53 to 1.34.138

Changelog

Sourced from botocore's changelog.

1.34.138

• api-change:ec2: Documentation updates for Elastic Compute Cloud (EC2).
• api-change:fms: Increases Customer API's ManagedServiceData length
• api-change:s3: Added response overrides to Head Object requests.

1.34.137

• api-change:apigateway: Add v2 smoke tests and smithy smokeTests trait for SDK testing.
• api-change:cognito-identity: Add v2 smoke tests and smithy smokeTests trait for SDK testing.
• api-change:connect: Authentication profiles are Amazon Connect resources (in gated preview) that allow you to configure authentication settings for users in your contact center. This release adds support for new ListAuthenticationProfiles, DescribeAuthenticationProfile and UpdateAuthenticationProfile APIs.
• api-change:docdb: Add v2 smoke tests and smithy smokeTests trait for SDK testing.
• api-change:eks: Updates EKS managed node groups to support EC2 Capacity Blocks for ML
• api-change:payment-cryptography: Added further restrictions on logging of potentially sensitive inputs and outputs.
• api-change:payment-cryptography-data: Adding support for dynamic keys for encrypt, decrypt, re-encrypt and translate pin functions. With this change, customers can use one-time TR-31 keys directly in dataplane operations without the need to first import them into the service.
• api-change:stepfunctions: Add v2 smoke tests and smithy smokeTests trait for SDK testing.
• api-change:swf: Add v2 smoke tests and smithy smokeTests trait for SDK testing.
• api-change:wafv2: JSON body inspection: Update documentation to clarify that JSON parsing doesn't include full validation.

1.34.136

• api-change:acm-pca: Added CCPC_LEVEL_1_OR_HIGHER KeyStorageSecurityStandard and SM2 KeyAlgorithm and SM3WITHSM2 SigningAlgorithm for China regions.
• api-change:cloudhsmv2: Added 3 new APIs to support backup sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added BackupArn to the output of the DescribeBackups API. Added support for BackupArn in the CreateCluster API.
• api-change:connect: This release supports showing PreferredAgentRouting step via DescribeContact API.
• api-change:emr: This release provides the support for new allocation strategies i.e. CAPACITY_OPTIMIZED_PRIORITIZED for Spot and PRIORITIZED for On-Demand by taking input of priority value for each instance type for instance fleet clusters.
• api-change:glue: Added AttributesToGet parameter to Glue GetDatabases, allowing caller to limit output to include only the database name.
• api-change:kinesisanalyticsv2: Support for Flink 1.19 in Managed Service for Apache Flink
• api-change:opensearch: This release removes support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains.
• api-change:pi: Noting that the filter db.sql.db_id isn't available for RDS for SQL Server DB instances.
• api-change:workspaces: Added support for Red Hat Enterprise Linux 8 on Amazon WorkSpaces Personal.

1.34.135

• api-change:application-autoscaling: Amazon WorkSpaces customers can now use Application Auto Scaling to automatically scale the number of virtual desktops in a WorkSpaces pool.
• api-change:chime-sdk-media-pipelines: Added Amazon Transcribe multi language identification to Chime SDK call analytics. Enabling customers sending single stream audio to generate call recordings using Chime SDK call analytics
• api-change:cloudfront: Doc only update for CloudFront that fixes customer-reported issue
• api-change:datazone: This release supports the data lineage feature of business data catalog in Amazon DataZone.
• api-change:elasticache: Add v2 smoke tests and smithy smokeTests trait for SDK testing.
• api-change:mq: This release makes the EngineVersion field optional for both broker and configuration and uses the latest available version by default. The AutoMinorVersionUpgrade field is also now optional for broker creation and defaults to 'true'.
• api-change:qconnect: Adds CreateContentAssociation, ListContentAssociations, GetContentAssociation, and DeleteContentAssociation APIs.
• api-change:quicksight: Adding support for Repeating Sections, Nested Filters
• api-change:rds: Updates Amazon RDS documentation for TAZ export to S3.
• api-change:sagemaker: Add capability for Admins to customize Studio experience for the user by showing or hiding Apps and MLTools.

... (truncated)

Commits

• 723dc63 Merge branch 'release-1.34.138'
• 7d8512b Bumping version to 1.34.138
• 562b0ef Update to latest models
• 9e27562 Merge branch 'release-1.34.137'
• 02f90a7 Merge branch 'release-1.34.137' into develop
• 9f8acbc Bumping version to 1.34.137
• 13ff416 Update endpoints model
• 71434ab Update to latest models
• 446acfb Merge branch 'release-1.34.136'
• ec6e342 Merge branch 'release-1.34.136' into develop
• Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.6.2

Commits

• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
• 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
• 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
• 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
• Additional commits viewable in compare view

Updates cryptography from 42.0.5 to 42.0.8

Changelog

Sourced from cryptography's changelog.

42.0.8 - 2024-06-04

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2.
.. _v42-0-7:
42.0.7 - 2024-05-06

• Restored Windows 7 compatibility for our pre-built wheels. Note that we do not test on Windows 7 and wheels for our next release will not support it. Microsoft no longer provides support for Windows 7 and users are encouraged to upgrade.

.. _v42-0-6:

42.0.6 - 2024-05-04

* Fixed compilation when using LibreSSL 3.9.1.
.. _v42-0-5:

Commits

• 761ef4b bump for 42.0.8 release (#11072)
• 0cc7fc3 Prepare for 42.0.7 release (#10949)
• cfad004 Prepare backports for 42.0.6 release (#10929)
• See full diff in compare view

Updates exceptiongroup from 1.2.0 to 1.2.1

Release notes

Sourced from exceptiongroup's releases.

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

• Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
• Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
• Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except* handler

1.1.3

• catch() now raises a TypeError if passed an async exception handler instead of just giving a RuntimeWarning about the coroutine never being awaited. (#66, PR by John Litborn)
• Fixed plain raise statement in an exception handler callback to work like a raise in an except* block
• Fixed new exception group not being chained to the original exception when raising an exception group from exceptions raised in handler callbacks
• Fixed type annotations of the derive(), subgroup() and split() methods to match the ones in typeshed

1.1.2

• Changed handling of exceptions in exception group handler callbacks to not wrap a single exception in an exception group, as per CPython issue 103590 <https://github.com/python/cpython/issues/103590>_

1.1.1

• Worked around CPython issue [#98778](https://github.com/agronholm/exceptiongroup/issues/98778) <https://github.com/python/cpython/issues/98778>_, urllib.error.HTTPError(..., fp=None) raises KeyError on unknown attribute access, on affected Python versions. (PR by Zac Hatfield-Dodds)

1.1.0

... (truncated)

Commits

• b91b7a3 Added the release version
• 521f02f Fixed type errors, added type tests (#118)
• 4639b1e Fixed test failure on Python 3.12.3
• 684b79a Have tox install the package in editable mode
• 9ebe9f5 Updated GitHub actions
• e57b07f [pre-commit.ci] pre-commit autoupdate (#115)
• 8d2f627 [pre-commit.ci] pre-commit autoupdate (#113)
• ee53e9f BaseExceptionGroup.derive should not copy notes (#112)
• 2f23259 Corrected the type annotation for the exception handler callback (#109)
• 0c89199 [pre-commit.ci] pre-commit autoupdate (#110)
• Additional commits viewable in compare view

Updates gitpython from 3.1.42 to 3.1.43

Release notes

Sourced from gitpython's releases.

3.1.43

Particularly Important Changes

These are likely to affect you, please do take a careful look.

• Issue and test deprecation warnings by @​EliahKagan in gitpython-developers/GitPython#1886
• Fix version_info cache invalidation, typing, parsing, and serialization by @​EliahKagan in gitpython-developers/GitPython#1838
• Document manual refresh path treatment by @​EliahKagan in gitpython-developers/GitPython#1839
• Improve static typing and docstrings related to git object types by @​EliahKagan in gitpython-developers/GitPython#1859

Other Changes

• Test in Docker with Alpine Linux on CI by @​EliahKagan in gitpython-developers/GitPython#1826
• Build online docs (RTD) with -W and dependencies by @​EliahKagan in gitpython-developers/GitPython#1843
• Suggest full-path refresh() in failure message by @​EliahKagan in gitpython-developers/GitPython#1844
• repo.blame and repo.blame_incremental now accept None as the rev parameter. by @​Gaubbe in gitpython-developers/GitPython#1846
• Make sure diff always uses the default diff driver when create_patch=True by @​can-taslicukur in gitpython-developers/GitPython#1832
• Revise docstrings, comments, and a few messages by @​EliahKagan in gitpython-developers/GitPython#1850
• Expand what is included in the API Reference by @​EliahKagan in gitpython-developers/GitPython#1855
• Restore building of documentation downloads by @​EliahKagan in gitpython-developers/GitPython#1856
• Revise type annotations slightly by @​EliahKagan in gitpython-developers/GitPython#1860
• Updating regex pattern to handle unicode whitespaces. by @​jcole-crowdstrike in gitpython-developers/GitPython#1853
• Use upgraded pip in test fixture virtual environment by @​EliahKagan in gitpython-developers/GitPython#1864
• lint: replace flake8 with ruff check by @​Borda in gitpython-developers/GitPython#1862
• lint: switch Black with ruff-format by @​Borda in gitpython-developers/GitPython#1865
• Update readme and tox.ini for recent tooling changes by @​EliahKagan in gitpython-developers/GitPython#1868
• Split tox lint env into three envs, all safe by @​EliahKagan in gitpython-developers/GitPython#1870
• Slightly broaden Ruff, and update and clarify tool configuration by @​EliahKagan in gitpython-developers/GitPython#1871
• Add a "doc" extra for documentation build dependencies by @​EliahKagan in gitpython-developers/GitPython#1872
• Describe Submodule.__init__ parent_commit parameter by @​EliahKagan in gitpython-developers/GitPython#1877
• Include TagObject in git.types.Tree_ish by @​EliahKagan in gitpython-developers/GitPython#1878
• Improve Sphinx role usage, including linking Git manpages by @​EliahKagan in gitpython-developers/GitPython#1879
• Replace all wildcard imports with explicit imports by @​EliahKagan in gitpython-developers/GitPython#1880
• Clarify how tag objects are usually tree-ish and commit-ish by @​EliahKagan in gitpython-developers/GitPython#1881

New Contributors

• @​Gaubbe made their first contribution in gitpython-developers/GitPython#1846
• @​can-taslicukur made their first contribution in gitpython-developers/GitPython#1832
• @​jcole-crowdstrike made their first contribution in gitpython-developers/GitPython#1853
• @​Borda made their first contribution in gitpython-developers/GitPython#1862

Full Changelog: gitpython-developers/GitPython@3.1.42...3.1.43

Commits

• 5364053 bump version to 3.1.43
• 4e626bd Merge pull request #1886 from EliahKagan/deprecation-warnings
• f6060df Add GitMeta alias
• 8327b45 Test GitMeta alias
• f92f4c3 Clarify security risk in USE_SHELL doc and warnings
• c7675d2 update security policy, to use GitHub instead of email
• cf2576e Make/use test.deprecation.lib; abandon idea to filter by module
• 7cd3aa9 Make test.performance.lib docstring more specific
• b51b080 Explain the approach in test.deprecation to static checking
• bdabb21 Expand USE_SHELL docstring; clarify a test usage
• Additional commits viewable in compare view

Updates httpcore from 1.0.4 to 1.0.5

Release notes

Sourced from httpcore's releases.

Version 1.0.5

1.0.5 (March 27th, 2024)

• Handle EndOfStream for anyio backend. (encode/httpcore#899)
• Allow trio 0.25.* series in package dependancies. (encode/httpcore#903)

Changelog

Sourced from httpcore's changelog.

1.0.5 (March 27th, 2024)

• Handle EndOfStream exception for anyio backend. (#899)
• Allow trio 0.25.* series in package dependancies. (#903)

Commits

• 1851ac3 Version 1.0.5 (#904)
• 4565838 Update trio dependency... (#903)
• fbbd909 Handle EndOfStream for anyio backend (#899)
• 10481ce Fixed typo in Request class docstring. (#898)
• 7b39e6a Bump the python-packages group with 6 updates (#896)
• 5c9be94 bump to v0.3.0 && format (#895)
• 5518172 Move unasync.py to scripts (#891)
• See full diff in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates marshmallow from 3.21.0 to 3.21.3

Changelog

Sourced from marshmallow's changelog.

3.21.3 (2024-06-05)

---

Bug fixes:

• Fix memory leak that prevented schema instances from getting GC'd (:pr:2277). Thanks :user:mrcljx for the PR.

3.21.2 (2024-05-01)

---

Bug fixes:

• Allow timestamp 0 in fields.DateTime (:issue:2133). Thanks :user:flydzen for reporting.

3.21.1 (2024-03-04)

---

Bug fixes:

• Fix error message when field is declared as a class and not an instance (:issue:2245). Thanks :user:travnick for reporting.

Commits

• b9646e3 Bump version and update changelog
• 99103a6 Remove leaky lru_cache (#2277)
• 47205b5 [pre-commit.ci] pre-commit autoupdate (#2276)
• aaecd5b [pre-commit.ci] pre-commit autoupdate
• c592536 [pre-commit.ci] pre-commit autoupdate (#2269)
• ee0c903 [pre-commit.ci] pre-commit autoupdate
• d4fd5a4 [pre-commit.ci] pre-commit autoupdate
• 511b8c5 Bump version and update changelog
• 03f56a4 Merge pull request #2264 from marshmallow-code/allow_timestamp_0
• 58fbbcd Encapsulate timestamp boolean check in utils
• Additional commits viewable in compare view

Updates packaging from 23.2 to 24.1

Release notes

Sourced from packaging's releases.

24.1

What's Changed

• pyupgrade/black/isort/flake8 → ruff by @​DimitriPapadopoulos in pypa/packaging#769
• Add support for Python 3.13 and drop EOL 3.7 by @​hugovk in pypa/packaging#783
• Bump the github-actions group with 4 updates by @​dependabot in pypa/packaging#782
• Fix typo in _parser docstring by @​pradyunsg in pypa/packaging#784
• Modernise type annotations using FA rules from ruff by @​pradyunsg in pypa/packaging#785
• Document markers.default_environment() by @​edgarrmondragon in pypa/packaging#753
• Bump the github-actions group with 3 updates by @​dependabot in pypa/packaging#789
• Work around platform.python_version() returning non PEP 440 compliant version for non-tagged CPython builds by @​sbidoul in pypa/packaging#802

New Contributors

• @​dependabot made their first contribution in pypa/packaging#782
• @​edgarrmondragon made their first contribution in pypa/packaging#753

Full Changelog: pypa/packaging@24.0...24.1

24.0

What's Changed

• Fix specifier matching when the specifier is long and has an epoch by @​SpecLad in pypa/packaging#712
• Clarify version split/join usage by @​uranusjr in pypa/packaging#725
• Default optional metadata values to None by @​dstufft in pypa/packaging#734
• Stop using deprecated/removed keys by @​dstufft in pypa/packaging#739
• Correctly use the ExceptionGroup shim only when needed by @​dstufft in pypa/packaging#736
• Update CHANGELOG entry about validate kwarg by @​pradyunsg in pypa/packaging#731
• Support --disable-gil builds (PEP 703) in packaging.tags by @​colesbury in pypa/packaging#728
• Skip test_glibc_version_string_ctypes_raise_oserror if ctypes is unavailable by @​kevinchang96 in pypa/packaging#741
• Enable CodeQL by @​joycebrum in pypa/packaging#743
• PEP 703: Rename Py_NOGIL to Py_GIL_DISABLED by @​hugovk in pypa/packaging#747
• Replace PEP references with PUG links by @​jeanas in pypa/packaging#750
• Remove coverage ignore for non-existent file by @​shenanigansd in pypa/packaging#752
• Update URLs by @​DimitriPapadopoulos in pypa/packaging#764
• Configure dependabot by @​joycebrum in pypa/packaging#757
• Hash pin github actions by @​joycebrum in pypa/packaging#758
• Apply some refurb suggestions by @​DimitriPapadopoulos in pypa/packaging#763
• Appply some bugbear suggestions by @​DimitriPapadopoulos in pypa/packaging#761
• Apply some ruff suggestions by @​DimitriPapadopoulos in pypa/packaging#772
• Add riscv64 as a supported manylinux architecture by @​markdryan in pypa/packaging#751

New Contributors

• @​colesbury made their first contribution in pypa/packaging#728
• @​kevinchang96 made their first contribution in pypa/packaging#741
• @​jeanas made their first contribution in pypa/packaging#750
• @​shenanigansd made their first contribution in pypa/packaging#752
• @​markdryan made their first contribution in pypa/packaging#751

Full Changelog: pypa/packaging@23.2...24.0

Changelog

Sourced from packaging's changelog.

24.1 - 2024-06-10

No unreleased changes.
24.0 - 2024-03-10

• Do specifier matching correctly when the specifier contain...

  Description has been truncated