Upgrade: Bump the dependencies-pip group with 11 updates

[dependabot]

Bumps the dependencies-pip group with 11 updates:

Package	From	To
blinker	1.6.2	1.7.0
certifi	2023.7.22	2023.11.17
charset-normalizer	3.2.0	3.3.2
click	8.1.6	8.1.7
flask	2.3.2	3.0.0
idna	3.4	3.6
importlib-metadata	6.8.0	7.0.1
sentry-sdk	1.28.1	1.39.1
urllib3	2.0.4	2.1.0
werkzeug	2.3.6	3.0.1
zipp	3.16.2	3.17.0

Updates blinker from 1.6.2 to 1.7.0

Release notes

Sourced from blinker's releases.

1.7.0

No release notes provided.

1.6.3

release version 1.6.3

Changelog

Sourced from blinker's changelog.

Version 1.7.0

Released 2023-11-01

• Fixed messages printed to standard error about unraisable exceptions during signal cleanup, typically during interpreter shutdown. :pr:123
• Allow the Signal set_class to be customised, to allow calling of receivers in registration order. :pr:116.
• Drop Python 3.7 and support Python 3.12. :pr:126

Version 1.6.3

Released 2023-09-23

• Fix SyncWrapperType and AsyncWrapperType :pr:108
• Fixed issue where signal.connected_to would not disconnect the receiver if an instance of BaseException was raised. :pr:114

Commits

• 2adbe03 Relase version 1.7.0
• 7f3f1a0 Update the supported Python versions
• d32c27a Update the requirements
• 200786d Bump actions/checkout from 3.6.0 to 4.1.1
• 5186dc1 Bump actions/upload-artifact from 3.1.2 to 3.1.3
• 5ad0039 Allow the Signal set_class to be customised
• fe3ec89 Add changelog entry
• 44d29b3 Fix weakref callback errors during finalization
• 36560da Fix deployment issue and re-release 1.6.3
• aafe30d Relase version 1.6.3
• Additional commits viewable in compare view

Updates certifi from 2023.7.22 to 2023.11.17

Commits

• 515962b Merge pull request #252 from certifi/create-pull-request/patch
• 28b2a0d 2023.11.17
• 7ccda9f Bump actions/checkout from 4.1.0 to 4.1.1 (#251)
• 5e4bb9e Bump actions/setup-python from 4.7.0 to 4.7.1 (#248)
• 610354f Bump actions/checkout from 4.0.0 to 4.1.0 (#247)
• 2d98c76 Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#246)
• 7f0e639 ci: add minimal permissions to workflows bump.yml and release.yml (#245)
• 600713d Bump actions/checkout from 3.6.0 to 4.0.0 (#244)
• 0435b2a Bump actions/checkout from 3.5.3 to 3.6.0 (#242)
• 25ea83a Fix bash
• Additional commits viewable in compare view

Updates charset-normalizer from 3.2.0 to 3.3.2

Release notes

Sourced from charset-normalizer's releases.

Version 3.3.2

3.3.2 (2023-10-31)

Fixed

• Unintentional memory usage regression when using large payloads that match several encodings (#376)
• Regression on some detection cases showcased in the documentation (#371)

Added

• Noise (md) probe that identifies malformed Arabic representation due to the presence of letters in isolated form (credit to my wife, thanks!)

Version 3.3.1

3.3.1 (2023-10-22)

Changed

• Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
• Improved the general detection reliability based on reports from the community

Release 3.3.0

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encodings that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Changelog

Sourced from charset-normalizer's changelog.

3.3.2 (2023-10-31)

Fixed

• Unintentional memory usage regression when using large payload that match several encoding (#376)
• Regression on some detection case showcased in the documentation (#371)

Added

• Noise (md) probe that identify malformed arabic representation due to the presence of letters in isolated form (credit to my wife)

3.3.1 (2023-10-22)

Changed

• Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
• Improved the general detection reliability based on reports from the community

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encoding that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Commits

• 79dce48 🐛 Regression on some detection case showcased in the documentation (#371)...
• a4b9b01 Bump github/codeql-action from 2.22.4 to 2.22.5 (#375)
• dcc01cc Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#374)
• 9cd402c Bump pytest from 7.4.2 to 7.4.3 (#373)
• e274dcc 🐛 Fix unintentional memory usage regression when using large payload that...
• 07f3041 ⬆️ Bump github/codeql-action from 2.22.3 to 2.22.4 (#370)
• 5208644 🔖 Release 3.3.1 (#367)
• 66966f1 ❇️ Improve the detection around some cases (#366)
• 49653a6 ⬆️ Bump actions/setup-python from 4.7.0 to 4.7.1 (#359)
• f6a66ed ⬆️ Bump pypa/cibuildwheel from 2.16.0 to 2.16.2 (#361)
• Additional commits viewable in compare view

Updates click from 8.1.6 to 8.1.7

Release notes

Sourced from click's releases.

8.1.7

This is a fix release for the 8.1.x feature branch.

• Changes: https://click.palletsprojects.com/en/8.1.x/changes/#version-8-1-7
• Milestone: https://github.com/pallets/click/milestone/22?closed=1

Changelog

Sourced from click's changelog.

Version 8.1.7

Released 2023-08-17

• Fix issue with regex flags in shell completion. :issue:2581
• Bash version detection issues a warning instead of an error. :issue:2574
• Fix issue with completion script for Fish shell. :issue:2567

Commits

• 874ca2b release version 8.1.7
• 6e1f6d3 completion(fish): add back ; as line endings in fish script (#2570)
• a955c77 update fish enabling script
• 3c1529e add back semicolons in fish script
• a260ca6 Replace bash shell completion version error with warning (#2576)
• d9db70c bash version support shows warning instead of error
• 22b9b1c Fix incorrect passing of flags to re.sub (#2581)
• d69d210 fix flake8 finding
• af2da1e Fix incorrect passing of flags to re.sub
• bb6a872 start version 8.1.7
• Additional commits viewable in compare view

Updates flask from 2.3.2 to 3.0.0

Release notes

Sourced from flask's releases.

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
• Milestone: https://github.com/pallets/flask/milestone/20?closed=1

2.3.3

This is a fix release for the 2.3.x feature branch.

• Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
• Milestone: https://github.com/pallets/flask/milestone/31?closed=1

Changelog

Sourced from flask's changelog.

Version 3.0.0

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

Version 2.3.3

Released 2023-08-21

• Python 3.12 compatibility.
• Require Werkzeug >= 2.3.7.
• Use flit_core instead of setuptools as build backend.
• Refactor how an app's root and instance paths are determined. :issue:5160

Commits

• 735a470 Release version 3.0.0
• efe39ae Bump Werkzeug 3.0.0
• 438edcd Allow self as an argument to url_for
• b7c1290 Fix wrong spelling of JS method .innerHTML
• 8037487 Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 (#5248)
• e8076d9 Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0 (#5247)
• ecc4a38 Bump actions/checkout from 3.5.3 to 3.6.0 (#5246)
• 24c6508 Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
• 98cef9f Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0
• 0c97a41 Bump actions/checkout from 3.5.3 to 3.6.0
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.6

Changelog

Sourced from idna's changelog.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 4ae74cf Release v3.6
• 21888f3 Merge pull request #164 from mgorny/sdist-test
• c5ba76a Include tests in sdist
• 2eb16d3 Merge pull request #162 from kjd/release-3.5
• 89cd061 Release v3.5
• 9fc29cd Merge pull request #161 from kjd/master
• acb8c4a Merge pull request #160 from cclauss/patch-1
• adca101 README.rst: Fix typos
• 33a8f7b Merge pull request #159 from diogoteles08/add-scorecard
• 354a412 Add Scorecard GitHub Action
• Additional commits viewable in compare view

Updates importlib-metadata from 6.8.0 to 7.0.1

Changelog

Sourced from importlib-metadata's changelog.

v7.0.1

Bugfixes

• Corrected the interface for SimplePath to encompass the expectations of locate_file and PackagePath.
• Fixed type annotations to allow strings.

v7.0.0

Deprecations and Removals

• Removed EntryPoint access by numeric index (tuple behavior).

v6.11.0

Features

• Added Distribution.origin supplying the direct_url.json in a SimpleNamespace. (#404)

v6.10.0

Features

• Added diagnose script. (#461)

v6.9.0

Features

• Added EntryPoints.repr (#473)

Commits

• f2e84e3 Finalize
• e9e9f77 Merge commit '98196a'
• 98196a7 Fixed type annotations to allow strings.
• f38e051 Add Python 3.13 to compatibility matrix. Ref python/cpython#113174.
• 0c1d32e Inline os.PathLike using future annotations.
• b99c9d6 Refine SimplePath to allow for os.PathLike on input and SimplePath on output.
• 200cf45 Merge pull request #480 from python/bugfix/distribution-simplepath
• ac243d3 Include _meta in docs to fix doc build failures.
• 1b3f272 Corrected the interface for SimplePath to encompass the expectations of locat...
• fc4df51 Rely on read_text and read_bytes from located paths.
• Additional commits viewable in compare view

Updates sentry-sdk from 1.28.1 to 1.39.1

Release notes

Sourced from sentry-sdk's releases.

1.39.1

Various fixes & improvements

• Fix psycopg2 detection in the Django integration (#2593) by @​sentrivana
• Filter out empty string releases (#2591) by @​sentrivana
• Fixed local var not present when there is an error in a user's error_sampler function (#2511) by @​antonpirker
• Fixed typing in aiohttp (#2590) by @​antonpirker

1.39.0

Various fixes & improvements

• Add support for cluster clients from Redis SDK (#2394) by @​md384
• Improve location reporting for timer metrics (#2552) by @​mitsuhiko
• Fix Celery TypeError with no-argument apply_async (#2575) by @​szokeasaurusrex
• Fix Lambda integration with EventBridge source (#2546) by @​davidcroda
• Add max tries to Spotlight (#2571) by @​hazAT
• Handle os.path.devnull access issues (#2579) by @​sentrivana
• Change code.filepath frame picking logic (#2568) by @​sentrivana
• Trigger AWS Lambda tests on label (#2538) by @​sentrivana
• Run permissions step on pull_request_target but not push (#2548) by @​sentrivana
• Hash AWS Lambda test functions based on current revision (#2557) by @​sentrivana
• Update Django version in tests (#2562) by @​sentrivana
• Make metrics tests non-flaky (#2572) by @​antonpirker

1.38.0

Various fixes & improvements

• Only add trace context to checkins and do not run event_processors for checkins (#2536) by @​antonpirker
• Metric span summaries (#2522) by @​mitsuhiko
• Add source context to code locations (#2539) by @​jan-auer
• Use in-app filepath instead of absolute path (#2541) by @​antonpirker
• Switch to jinja2 for generating CI yamls (#2534) by @​sentrivana

1.37.1

Various fixes & improvements

• Fix NameError on parse_version with eventlet (#2532) by @​sentrivana
• build(deps): bump checkouts/data-schemas from 68def1e to e9f7d58 (#2501) by @​dependabot

1.37.0

Various fixes & improvements

• Move installed modules code to utils (#2429) by @​sentrivana

  Note: We moved the internal function _get_installed_modules from sentry_sdk.integrations.modules to sentry_sdk.utils. So if you use this function you have to update your imports

• Add code locations for metrics (#2526) by @​jan-auer

• Add query source to DB spans (#2521) by @​antonpirker

• Send events to Spotlight sidecar (#2524) by @​HazAT

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

1.39.1

Various fixes & improvements

• Fix psycopg2 detection in the Django integration (#2593) by @​sentrivana
• Filter out empty string releases (#2591) by @​sentrivana
• Fixed local var not present when there is an error in a user's error_sampler function (#2511) by @​antonpirker
• Fixed typing in aiohttp (#2590) by @​antonpirker

1.39.0

Various fixes & improvements

• Add support for cluster clients from Redis SDK (#2394) by @​md384
• Improve location reporting for timer metrics (#2552) by @​mitsuhiko
• Fix Celery TypeError with no-argument apply_async (#2575) by @​szokeasaurusrex
• Fix Lambda integration with EventBridge source (#2546) by @​davidcroda
• Add max tries to Spotlight (#2571) by @​hazAT
• Handle os.path.devnull access issues (#2579) by @​sentrivana
• Change code.filepath frame picking logic (#2568) by @​sentrivana
• Trigger AWS Lambda tests on label (#2538) by @​sentrivana
• Run permissions step on pull_request_target but not push (#2548) by @​sentrivana
• Hash AWS Lambda test functions based on current revision (#2557) by @​sentrivana
• Update Django version in tests (#2562) by @​sentrivana
• Make metrics tests non-flaky (#2572) by @​antonpirker

1.38.0

Various fixes & improvements

• Only add trace context to checkins and do not run event_processors for checkins (#2536) by @​antonpirker
• Metric span summaries (#2522) by @​mitsuhiko
• Add source context to code locations (#2539) by @​jan-auer
• Use in-app filepath instead of absolute path (#2541) by @​antonpirker
• Switch to jinja2 for generating CI yamls (#2534) by @​sentrivana

1.37.1

Various fixes & improvements

• Fix NameError on parse_version with eventlet (#2532) by @​sentrivana
• build(deps): bump checkouts/data-schemas from 68def1e to e9f7d58 (#2501) by @​dependabot

1.37.0

Various fixes & improvements

• Move installed modules code to utils (#2429) by @​sentrivana

  Note: We moved the internal function _get_installed_modules from sentry_sdk.integrations.modules to sentry_sdk.utils.

... (truncated)

Commits

• 2b46ec3 Update CHANGELOG.md
• d634c05 release: 1.39.1
• d76fa98 fix(django): Fix psycopg2 detection (#2593)
• 64c42ca fix(utils): Filter out empty string releases (#2591)
• 4731312 Fixed local var not present when error in users error_sampler function (#2511)
• 4deaa38 Fixed typing in aiohttp (#2590)
• 507d409 Merge branch 'release/1.39.0'
• c6cd636 Update CHANGELOG.md
• c3a60a6 release: 1.39.0
• 7df152b Change code.filepath frame picking logic (#2568)
• Additional commits viewable in compare view

Updates urllib3 from 2.0.4 to 2.1.0

Release notes

Sourced from urllib3's releases.

2.1.0

Read the v2 migration guide for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. (#2680)
• Removed support for the deprecated SecureTransport TLS implementation. (#2681)
• Removed support for the end-of-life Python 3.7. (#3143)

Bugfixes

• Allowed loading CA certificates from memory for proxies. (#3065)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. (#3174)

2.0.7

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

Changelog

Sourced from urllib3's changelog.

2.1.0 (2023-11-13)

Read the v2 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. ([#2680](https://github.com/urllib3/urllib3/issues/2680) <https://github.com/urllib3/urllib3/issues/2680>__)
• Removed support for the deprecated SecureTransport TLS implementation. ([#2681](https://github.com/urllib3/urllib3/issues/2681) <https://github.com/urllib3/urllib3/issues/2681>__)
• Removed support for the end-of-life Python 3.7. ([#3143](https://github.com/urllib3/urllib3/issues/3143) <https://github.com/urllib3/urllib3/issues/3143>__)

Bugfixes

• Allowed loading CA certificates from memory for proxies. ([#3065](https://github.com/urllib3/urllib3/issues/3065) <https://github.com/urllib3/urllib3/issues/3065>__)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. ([#3174](https://github.com/urllib3/urllib3/issues/3174) <https://github.com/urllib3/urllib3/issues/3174>__)

2.0.7 (2023-10-17)

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)

Commits

• 69be299 Release 2.1.0
• 77f71d3 Mention myself in README
• e601a0e Check _has_route within the test function (#3187)
• f7cd7f3 Stop naming urllib3/requests tests "integration" (#3182)
• 6fc4260 Use more precise type checks
• 5fa8ea6 Fix lint on Python 3.12
• 8727683 Remove Sphinx version pin
• 5fc48e7 Treat x-gzip content encoding as gzip
• ff764a0 Allow loading CA certificates from memory for proxies (#3150)
• b99cc39 Replace deprecated set-output in GitHub Actions
• Additional commits viewable in compare view

Updates werkzeug from 2.3.6 to 3.0.1

Release notes

Sourced from werkzeug's releases.

3.0.1

This is a security release for the 3.0.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
• Milestone: https://github.com/pallets/werkzeug/milestone/21?closed=1

2.3.8

This is a security release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-8

2.3.7

This is a fix release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-7
• Milestone: https://github.com/pallets/werkzeug/milestone/33?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 3.0.1

Released 2023-10-24

• Fix slow multipart parsing for large parts potentially enabling DoS attacks. :cwe:CWE-407

Version 3.0.0

Released 2023-09-30

• Remove previously deprecated code. :pr:2768
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("werkzeug"), instead. :issue:2770
• generate_password_hash uses scrypt by default. :issue:2769
• Add the "werkzeug.profiler" item to the WSGI environ dictionary passed to ProfilerMiddleware's filename_format function. It contains the elapsed and time values for the profiled request. :issue:2775
• Explicitly marked the PathConverter as non path isolating. :pr:2784

Version 2.3.8

Released 2023-11-08

• Fix slow multipart parsing for large parts potentially enabling DoS attacks. :cwe:CWE-407

Version 2.3.7

Released 2023-08-14

• Use flit_core instead of setuptools as build backend.
• Fix parsing of multipart bodies. :issue:2734
• Adjust index of last newline in data start. :issue:2761
• Parsing ints from header values strips spacing first. :issue:2734
• Fix empty file streaming when testing. :issue:2740
• Clearer error message when URL rule does not start with slash. :pr:2750
• Accept q value can be a float without a decimal part. :issue:2751

Commits

• ce4eff5 Release version 3.0.1
• b1916c0 Fix: slow multipart parsing for huge files with few CR/LF characters
• 726eaa2 Release version 3.0.0
• 6427542 Default the PathConverter (and descendants) to be non part isolating
• 4820d8c Provide elapsed and timestamp info to filename_format
• 599993d Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 (#2780)
• a2394ed Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0 (#2779)
• 1efd6f3 Bump actions/checkout from 3.5.3 to 3.6.0 (#2778)
• 76a5419 Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
• ce8cfe7 Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0
• Additional commits viewable in compare view

Updates zipp from 3.16.2 to 3.17.0

Changelog

Sourced from zipp's changelog.

v3.17.0

Features

• Added CompleteDirs.inject classmethod to make available for use elsewhere.

Bugfixes

• Avoid matching path separators for '?' in glob.

Commits

• 5c59b56 Merge https://github.com/jaraco/skeleton
• ca1831c Prefer pass_env in tox config. Preferred failure mode for tox-dev/tox#312...
• 488dd04 Finalize
• c230d98 Add CompleteDirs.inject classmethod for use elsewhere
• c331584 In tests, always use alpharep fixture.
• 92a8531 Merge https://github.com/jaraco/skeleton
• 928e9a8 Add FORCE_COLOR to the TOX_OVERRIDE for GHA. Requires tox 4.11.1. Closes jara...
• a6256e2 Add descriptions to the tox environments. Closes jaraco/skeleton#91.
• b02bf32 Add diff-cover check to Github Actions CI. Closes jaraco/skeleton#90.
• 0484daa Clean up 'color' environment variables.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions