Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the python-packages group across 1 directory with 4 updates #4

Closed
wants to merge 1 commit into from
Closed

Bump the python-packages group across 1 directory with 4 updates #4

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 3, 2024
edited
Loading

Updates the requirements on docker, requests, setuptools and pyright to permit the latest version.
Updates docker from 7.0.0 to 7.1.0

Release notes

Sourced from docker's releases.

7.1.0

Upgrade Notes

  • Bumped minimum engine API version to 1.24
  • Bumped default engine API version to 1.44 (Moby 25.0)

Bugfixes

  • Fixed issue with tag parsing when the registry address includes ports that resulted in invalid tag format errors
  • Fixed issue preventing creating new configs (ConfigCollection), which failed with a KeyError due to the name field
  • Fixed an issue due to an update in the requests package breaking docker-py by applying the suggested fix

Miscellaneous

  • Documentation improvements
  • Updated Ruff (linter) and fixed minor linting issues
  • Packaging/CI updates
  • Updated tests
    • Stopped checking for deprecated container and image related fields (Container and ContainerConfig)
    • Updated tests that check NetworkSettings.Networks.<network>.Aliases due to engine changes

What's Changed

New Contributors

Full Changelog: docker/docker-py@7.0.0...7.1.0

Commits
  • a365202 Merge pull request #3264 from krissetto/rename-env-var-in-release-pipeline
  • 1ab40c8 Fix env var name in release pipeline to match hatch expectations
  • b33088e Merge pull request #3263 from krissetto/fix-release-pipeline
  • 45488ac Fix env var name in release pipeline
  • 20879ec Merge pull request #3262 from krissetto/changelog-7.1.0
  • 4f2a26d Added 7.1.0 changelog
  • 7785ad9 Merge pull request #3257 from felixfontein/requests-hotfix
  • d8e9bcb requests 2.32.0 and 2.32.1 have been yanked.
  • 2a059a9 Extend fix to requests 2.32.2+.
  • e33e0a4 Hotfix for requests 2.32.0.
  • Additional commits viewable in compare view

Updates requests to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)
Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits
  • 0e322af v2.32.3
  • e188799 Don't create default SSLContext if ssl module isn't present (#6724)
  • 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
  • b1d73dd Don't use default SSLContext with custom poolmanager kwargs
  • 6badbac Update HISTORY.md
  • a62a2d3 Allow for overriding of specific pool key params
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • Additional commits viewable in compare view

Updates setuptools from 69.5.1 to 70.0.0

Changelog

Sourced from setuptools's changelog.

v70.0.0

Features

  • Emit a warning when [tools.setuptools] is present in pyproject.toml and will be ignored. -- by :user:SnoopJ (#4150)
  • Improved AttributeError error message if pkg_resources.EntryPoint.require is called without extras or distribution Gracefully "do nothing" when trying to activate a pkg_resources.Distribution with a None location, rather than raising a TypeError -- by :user:Avasam (#4262)
  • Typed the dynamically defined variables from pkg_resources -- by :user:Avasam (#4267)
  • Modernized and refactored VCS handling in package_index. (#4332)

Bugfixes

  • In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
  • Fix finder template for lenient editable installs of implicit nested namespaces constructed by using package_dir to reorganise directory structure. (#4278)
  • Fix an error with UnicodeDecodeError handling in pkg_resources when trying to read files in UTF-8 with a fallback -- by :user:Avasam (#4348)

Improved Documentation

  • Uses RST substitution to put badges in 1 line. (#4312)

Deprecations and Removals

  • Further adoption of UTF-8 in setuptools. This change regards mostly files produced and consumed during the build process (e.g. metadata files, script wrappers, automatically updated config files, etc..) Although precautions were taken to minimize disruptions, some edge cases might be subject to backwards incompatibility.

    Support for "locale" encoding is now deprecated. (#4309)

  • Remove setuptools.convert_path after long deprecation period. This function was never defined by setuptools itself, but rather a side-effect of an import for internal usage. (#4322)

  • Remove fallback for customisations of distutils' build.sub_command after long deprecated period. Users are advised to import build directly from setuptools.command.build. (#4322)

  • Removed typing_extensions from vendored dependencies -- by :user:Avasam (#4324)

  • Remove deprecated setuptools.dep_util. The provided alternative is setuptools.modified. (#4360)

... (truncated)

Commits
  • 5cbf12a Workaround for release error in v70
  • 9c1bcc3 Bump version: 69.5.1 → 70.0.0
  • 4dc0c31 Remove deprecated setuptools.dep_util (#4360)
  • 6c1ef57 Remove xfail now that test passes. Ref #4371.
  • d14fa01 Add all site-packages dirs when creating simulated environment for test_edita...
  • 6b7f7a1 Prevent bin folders to be taken as extern packages when vendoring (#4370)
  • 69141f6 Add doctest for vendorised bin folder
  • 2a53cc1 Prevent 'bin' folders to be taken as extern packages
  • 7208628 Replace call to deprecated validate_pyproject command (#4363)
  • 96d681a Remove call to deprecated validate_pyproject command
  • Additional commits viewable in compare view

Updates pyright from 1.1.363 to 1.1.365

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-packages group across 1 directory with 4 updates
7458c5f 
Updates the requirements on [docker](https://github.com/docker/docker-py), [requests](https://github.com/psf/requests), [setuptools](https://github.com/pypa/setuptools) and [pyright](https://github.com/RobertCraigie/pyright-python) to permit the latest version.

Updates `docker` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/docker/docker-py/releases)
- [Commits](docker/docker-py@7.0.0...7.1.0)

Updates `requests` to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v0.2.0...v2.32.3)

Updates `setuptools` from 69.5.1 to 70.0.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v69.5.1...v70.0.0)

Updates `pyright` from 1.1.363 to 1.1.365
- [Release notes](https://github.com/RobertCraigie/pyright-python/releases)
- [Commits](RobertCraigie/pyright-python@v1.1.363...v1.1.365)

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: python-packages
- dependency-name: setuptools
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: pyright
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 3, 2024
@dependabot dependabot bot mentioned this pull request Jun 3, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 10, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 10, 2024
@dependabot dependabot bot deleted the dependabot/pip/python-packages-157c791118 branch June 10, 2024 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants