Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scheduled weekly dependency update for week 43 #93

Closed
wants to merge 11 commits into from

Conversation

pyup-bot
Copy link
Collaborator

Update dj-database-url from 2.0.0 to 2.1.0.

Changelog

2.1.0

* Add value to int parsing when deconstructing url string.
Links

Update django from 4.2.1 to 4.2.6.

Changelog

4.2.6

==========================

*October 4, 2023*

Django 4.2.6 fixes a security issue with severity "moderate" and several bugs
in 4.2.5.

CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator``
================================================================================

Following the fix for :cve:`2019-14232`, the regular expressions used in the
implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()``
methods (with ``html=True``) were revised and improved. However, these regular
expressions still exhibited linear backtracking complexity, so when given a
very long, potentially malformed HTML input, the evaluation would still be
slow, leading to a potential denial of service vulnerability.

The ``chars()`` and ``words()`` methods are used to implement the
:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
filters, which were thus also vulnerable.

The input processed by ``Truncator``, when operating in HTML mode, has been
limited to the first five million characters in order to avoid potential
performance and memory issues.

Bugfixes
========

* Fixed a regression in Django 4.2.5 where overriding the deprecated
``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings in tests caused
the main ``STORAGES`` to mutate (:ticket:`34821`).

* Fixed a regression in Django 4.2 that caused unnecessary casting of string
based fields (``CharField``, ``EmailField``, ``TextField``, ``CICharField``,
``CIEmailField``, and ``CITextField``) used with the ``__isnull`` lookup on
PostgreSQL. As a consequence, the pre-Django 4.2 indexes didn't match and
were not used by the query planner (:ticket:`34840`).

You may need to recreate indexes propagated to the database with Django
4.2 - 4.2.5 as they contain unnecessary ``::text`` casting that is avoided as
of this release.


==========================

4.2.5

==========================

*September 4, 2023*

Django 4.2.5 fixes a security issue with severity "moderate" and several bugs
in 4.2.4.

CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()``
===================================================================================================

``django.utils.encoding.uri_to_iri()`` was subject to potential denial of
service attack via certain inputs with a very large number of Unicode
characters.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused an incorrect validation of
``CheckConstraints`` on ``__isnull`` lookups against ``JSONField``
(:ticket:`34754`).

* Fixed a bug in Django 4.2 where the deprecated ``DEFAULT_FILE_STORAGE`` and
``STATICFILES_STORAGE`` settings were not synced with ``STORAGES``
(:ticket:`34773`).

* Fixed a regression in Django 4.2.2 that caused an unnecessary selection of a
non-nullable ``ManyToManyField`` without a natural key during serialization
(:ticket:`34779`).

* Fixed a regression in Django 4.2 that caused a crash of a queryset when
filtering against deeply nested ``OuterRef()`` annotations (:ticket:`34803`).


==========================

4.2.4

==========================

*August 1, 2023*

Django 4.2.4 fixes several bugs in 4.2.3.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused a crash of
``QuerySet.aggregate()`` with aggregates referencing window functions
(:ticket:`34717`).

* Fixed a regression in Django 4.2 that caused a crash when grouping by a
reference in a subquery (:ticket:`34748`).

* Fixed a regression in Django 4.2 that caused aggregation over query that
uses explicit grouping by multi-valued annotations to group against the wrong
columns (:ticket:`34750`).


==========================

4.2.3

==========================

*July 3, 2023*

Django 4.2.3 fixes a security issue with severity "moderate" and several bugs
in 4.2.2.

CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator``
===================================================================================================================

``EmailValidator`` and ``URLValidator`` were subject to potential regular
expression denial of service attack via a very large number of domain name
labels of emails and URLs.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused incorrect alignment of timezone
warnings for ``DateField`` and ``TimeField`` in the admin (:ticket:`34645`).

* Fixed a regression in Django 4.2 that caused incorrect highlighting of rows
in the admin changelist view when ``ModelAdmin.list_editable`` contained a
``BooleanField`` (:ticket:`34638`).


==========================

4.2.2

==========================

*June 5, 2023*

Django 4.2.2 fixes several bugs in 4.2.1.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused an unnecessary
``DBMS_LOB.SUBSTR()`` wrapping in the ``__isnull`` and ``__exact=None``
lookups for ``TextField()``/``BinaryField()`` on Oracle (:ticket:`34544`).

* Restored, following a regression in Django 4.2, ``get_prep_value()`` call in
``JSONField`` subclasses (:ticket:`34539`).

* Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.defer()``
when passing a ``ManyToManyField`` or ``GenericForeignKey`` reference. While
doing so is a no-op, it was allowed in older version (:ticket:`34570`).

* Fixed a regression in Django 4.2 that caused a crash of ``QuerySet.only()``
when passing a reverse ``OneToOneField`` reference (:ticket:`34612`).

* Fixed a bug in Django 4.2 where :option:`makemigrations --update` didn't
respect the ``--name`` option (:ticket:`34568`).

* Fixed a performance regression in Django 4.2 when compiling queries without
ordering (:ticket:`34580`).

* Fixed a regression in Django 4.2 where nonexistent stylesheet was linked on a
“Congratulations!” page (:ticket:`34588`).

* Fixed a regression in Django 4.2 that caused a crash of
``QuerySet.aggregate()`` with expressions referencing other aggregates
(:ticket:`34551`).

* Fixed a regression in Django 4.2 that caused a crash of
``QuerySet.aggregate()`` with aggregates referencing subqueries
(:ticket:`34551`).

* Fixed a regression in Django 4.2 that caused a crash of querysets on SQLite
when filtering on ``DecimalField`` against values outside of the defined
range (:ticket:`34590`).

* Fixed a regression in Django 4.2 that caused a serialization crash on a
``ManyToManyField`` without a natural key when its ``Manager``’s base
``QuerySet`` used ``select_related()`` (:ticket:`34620`).


==========================
Links

Update django-storages from 1.13.2 to 1.14.2.

Changelog

1.14.2

*******************

S3
--

- Fix re-opening of ``S3File`` (`1321`_)
- Revert raising ``ImproperlyConfigured`` when no ``bucket_name`` is set (`1322`_)

.. _1321: https://github.com/jschneier/django-storages/pull/1321
.. _1322: https://github.com/jschneier/django-storages/pull/1322

1.14.1

*******************

Azure
-----

- Do not require both ``AccountName`` and ``AccountKey`` in ``connection_string`` (`1312`_)

S3
--

- Work around boto3 closing the uploaded file (`1303`_)
- Fix crash when cleaning up during aborted connection of ``S3File.write`` (`1304`_)
- Raise ``FileNotFoundError`` when attempting to read the ``size`` of a non-existent file (`1309`_)
- Move auth & CloudFront signer validation to init (`1302`_)
- Raise ``ImproperlyConfigured`` if no ``bucket_name`` is set (`1313`_)
- Fix tracking of ``S3File.closed`` (`1311`_)

.. _1303: https://github.com/jschneier/django-storages/pull/1303
.. _1304: https://github.com/jschneier/django-storages/pull/1304
.. _1309: https://github.com/jschneier/django-storages/pull/1309
.. _1302: https://github.com/jschneier/django-storages/pull/1302
.. _1313: https://github.com/jschneier/django-storages/pull/1313
.. _1312: https://github.com/jschneier/django-storages/pull/1312
.. _1311: https://github.com/jschneier/django-storages/pull/1311

1.14

*******************

General
-------

- **Breaking**: Drop support for Django 4.0 (`1235`_)
- **Breaking**: The long deprecated & removed (from Django) ``(modified|created|accessed)_time`` methods have been
removed from the various storages, please replace with the ``get_(modified|created|accessed)_time`` methods
- Add support for saving ``pathlib.PurePath`` names (`1278`_)
- Add support for Django 4.2 (`1236`_)

Azure
-----

- Set ``account_(name|key)`` from ``connection_string`` if not provided (`1225`_)

Dropbox
-------

- **Deprecated:** The name ``DropboxStorage.location`` has been deprecated, please rename to ``DropboxStorage.root_path``, a future version will
remove support for the old name. (`1251`_)
- Storage and related names with a captialized B have been changed to no longer have one e.g ``DropboxStorage`` has now replaced
``DropBoxStorage``. Aliases have been added so no change is necessary at this time. A future version might deprecate the old names. (`1250`_)
- ``DropboxStorage`` now conforms to the ``BaseStorage`` interface (`1251`_)
- Fix name mangling when saving with certain complex root paths (`1279`_)

FTP
---

- Use setting ``BASE_URL`` if it is defined (`1238`_)

Google Cloud
------------

- **Breaking**: Support for the deprecated ``GS_CACHE_CONTROL`` has been removed. Please set the ``cache_control`` parameter of
``GS_OBJECT_PARAMETERS`` instead. (`1220`_)

Libcloud
--------

- Reading a file that does not exist will now raise ``FileNotFoundError`` (`1191`_)

SFTP
----

- Add closing context manager for standalone usage to ensure connections are cleaned up (`1253`_)

S3
--

- **Deprecated:** ``AWS_S3_USE_THREADS`` has been deprecated in favor of ``AWS_S3_TRANSFER_CONFIG`` (`1280`_)
- **Important:** The namespace of this backend has changed from ``S3Boto3`` to ``S3``. There are no current plans
to deprecate and remove the old namespace but please update if you can. All paths, imports, and classes that previously
referred to ``s3boto`` are now ``s3``. E.g ``S3Boto3Storage`` has been changed to ``S3Storage`` and ``S3Boto3StorageFile``
has been changed to ``S3File``. (`1289`_). Additionally the install extra is now ``s3`` (`1284`_)
- Add setting ``transfer_config/AWS_S3_TRANSFER_CONFIG`` to customize any of the ``TransferConfig`` properties (`1280`_)
- Enable passing ``security_token`` to constructor (`1246`_)
- Do not overwrite a returned ``ContentType`` from ``get_object_parameters`` (`1281`_)
- Add support for setting ``cloudfront_key_id`` and ``cloudfront_key`` via Django 4.2's ``OPTIONS`` (`1274`_)
- Fix ``S3File.closed`` (`1249`_)
- Fix opening new files in write mode with ``S3File`` (`1282`_)
- Fix ``S3File`` not respecting mode on ``readlines`` (`1000`_)
- Fix saving files with string content (`911`_)
- Fix retrieving files with SSE-C enabled (`1286`_)

.. _1280: https://github.com/jschneier/django-storages/pull/1280
.. _1289: https://github.com/jschneier/django-storages/pull/1289
.. _1284: https://github.com/jschneier/django-storages/pull/1284
.. _1274: https://github.com/jschneier/django-storages/pull/1274
.. _1281: https://github.com/jschneier/django-storages/pull/1281
.. _1282: https://github.com/jschneier/django-storages/pull/1282
.. _1279: https://github.com/jschneier/django-storages/pull/1279
.. _1278: https://github.com/jschneier/django-storages/pull/1278
.. _1235: https://github.com/jschneier/django-storages/pull/1235
.. _1236: https://github.com/jschneier/django-storages/pull/1236
.. _1225: https://github.com/jschneier/django-storages/pull/1225
.. _1251: https://github.com/jschneier/django-storages/pull/1251
.. _1250: https://github.com/jschneier/django-storages/pull/1250
.. _1238: https://github.com/jschneier/django-storages/pull/1238
.. _1220: https://github.com/jschneier/django-storages/pull/1220
.. _1191: https://github.com/jschneier/django-storages/pull/1191
.. _1253: https://github.com/jschneier/django-storages/pull/1253
.. _1246: https://github.com/jschneier/django-storages/pull/1246
.. _1249: https://github.com/jschneier/django-storages/pull/1249
.. _1000: https://github.com/jschneier/django-storages/pull/1000
.. _911: https://github.com/jschneier/django-storages/pull/911
.. _1286: https://github.com/jschneier/django-storages/pull/1286
Links

Update flake8 from 6.0.0 to 6.1.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update gunicorn from 20.1.0 to 21.2.0.

Changelog

21.2.0

===================

- fix thread worker: revert change considering connection as idle . 

*** NOTE ***

This is fixing the bad file description error.

21.0.1

===================

- fix documentation build

21.0.0

===================

- support python 3.11
- fix gevent and eventlet workers
- fix threads support (gththread): improve performance and unblock requests
- SSL: noaw use SSLContext object
- HTTP parser: miscellaneous fixes
- remove unecessary setuid calls
- fix testing
- improve logging
- miscellaneous fixes to core engine

*** RELEASE NOTE ***

We made this release major to start our new release cycle. More info will be provided on our discussion forum.
Links

Update pillow from 9.5.0 to 10.1.0.

Changelog

10.1.0

-------------------

- Added TrueType default font to allow for different sizes 7354
[radarhere]

- Fixed invalid argument warning 7442
[radarhere]

- Added ImageOps cover method 7412
[radarhere, hugovk]

- Catch struct.error from truncated EXIF when reading JPEG DPI 7458
[radarhere]

- Consider default image when selecting mode for PNG save_all 7437
[radarhere]

- Support BGR;15, BGR;16 and BGR;24 access, unpacking and putdata 7303
[radarhere]

- Added CMYK to RGB unpacker 7310
[radarhere]

- Improved flexibility of XMP parsing 7274
[radarhere]

- Support reading 8-bit YCbCr TIFF images 7415
[radarhere]

- Allow saving I;16B images as PNG 7302
[radarhere]

- Corrected drawing I;16 points and writing I;16 text 7257
[radarhere]

- Set blue channel to 128 for BC5S 7413
[radarhere]

- Increase flexibility when reading IPTC fields 7319
[radarhere]

- Set C palette to be empty by default 7289
[radarhere]

- Added gs_binary to control Ghostscript use on all platforms 7392
[radarhere]

- Read bounding box information from the trailer of EPS files if specified 7382
[nopperl, radarhere]

- Added reading 8-bit color DDS images 7426
[radarhere]

- Added has_transparency_data 7420
[radarhere, hugovk]

- Fixed bug when reading BC5S DDS images 7401
[radarhere]

- Prevent TIFF orientation from being applied more than once 7383
[radarhere]

- Use previous pixel alpha for QOI_OP_RGB 7357
[radarhere]

- Added BC5U reading 7358
[radarhere]

- Allow getpixel() to accept a list 7355
[radarhere, homm]

- Allow GaussianBlur and BoxBlur to accept a sequence of x and y radii 7336
[radarhere]

- Expand JPEG buffer size when saving optimized or progressive 7345
[radarhere]

- Added session type check for Linux in ImageGrab.grabclipboard() 7332
[TheNooB2706, radarhere, hugovk]

- Allow "loop=None" when saving GIF images 7329
[radarhere]

- Fixed transparency when saving P mode images to PDF 7323
[radarhere]

- Added saving LA images as PDFs 7299
[radarhere]

- Set SMaskInData to 1 for PDFs with alpha 7316, 7317
[radarhere]

- Changed Image mode property to be read-only by default 7307
[radarhere]

- Silence exceptions in _repr_jpeg_ and _repr_png_ 7266
[mtreinish, radarhere]

- Do not use transparency when saving GIF if it has been removed when normalizing mode 7284
[radarhere]

- Fix missing symbols when libtiff depends on libjpeg 7270
[heitbaum]

10.0.1

-------------------

- Updated libwebp to 1.3.2 7395
[radarhere]

- Updated zlib to 1.3 7344
[radarhere]

10.0.0

-------------------

- Fixed deallocating mask images 7246
[radarhere]

- Added ImageFont.MAX_STRING_LENGTH 7244
[radarhere, hugovk]

- Fix Windows build with pyproject.toml 7230
[hugovk, nulano, radarhere]

- Do not close provided file handles with libtiff 7199
[radarhere]

- Convert to HSV if mode is HSV in getcolor() 7226
[radarhere]

- Added alpha_only argument to getbbox() 7123
[radarhere. hugovk]

- Prioritise speed in _repr_png_ 7242
[radarhere]

- Do not use CFFI access by default on PyPy 7236
[radarhere]

- Limit size even if one dimension is zero in decompression bomb check 7235
[radarhere]

- Use --config-settings instead of deprecated --global-option 7171
[radarhere]

- Better C integer definitions 6645
[Yay295, hugovk]

- Fixed finding dependencies on Cygwin 7175
[radarhere]

- Changed grabclipboard() to use PNG instead of JPG compression on macOS 7219
[abey79, radarhere]

- Added in_place argument to ImageOps.exif_transpose() 7092
[radarhere]

- Fixed calling putpalette() on L and LA images before load() 7187
[radarhere]

- Fixed saving TIFF multiframe images with LONG8 tag types 7078
[radarhere]

- Fixed combining single duration across duplicate APNG frames 7146
[radarhere]

- Remove temporary file when error is raised 7148
[radarhere]

- Do not use temporary file when grabbing clipboard on Linux 7200
[radarhere]

- If the clipboard fails to open on Windows, wait and try again 7141
[radarhere]

- Fixed saving multiple 1 mode frames to GIF 7181
[radarhere]

- Replaced absolute PIL import with relative import 7173
[radarhere]

- Replaced deprecated Py_FileSystemDefaultEncoding for Python >= 3.12 7192
[radarhere]

- Improved wl-paste mimetype handling in ImageGrab 7094
[rrcgat, radarhere]

- Added _repr_jpeg_() for IPython display_jpeg 7135
[n3011, radarhere, nulano]

- Use "/sbin/ldconfig" if ldconfig is not found 7068
[radarhere]

- Prefer screenshots using XCB over gnome-screenshot 7143
[nulano, radarhere]

- Fixed joined corners for ImageDraw rounded_rectangle() odd dimensions 7151
[radarhere]

- Support reading signed 8-bit TIFF images 7111
[radarhere]

- Added width argument to ImageDraw regular_polygon 7132
[radarhere]

- Support I mode for ImageFilter.BuiltinFilter 7108
[radarhere]

- Raise error from stderr of Linux ImageGrab.grabclipboard() command 7112
[radarhere]

- Added unpacker from I;16B to I;16 7125
[radarhere]

- Support float font sizes 7107
[radarhere]

- Use later value for duplicate xref entries in PdfParser 7102
[radarhere]

- Load before getting size in __getstate__ 7105
[bigcat88, radarhere]

- Fixed type handling for include and lib directories 7069
[adisbladis, radarhere]

- Remove deprecations for Pillow 10.0.0 7059, 7080
[hugovk, radarhere]

- Drop support for soon-EOL Python 3.7 7058
[hugovk, radarhere]
Links

Update psycopg2-binary from 2.9.6 to 2.9.9.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update pycodestyle from 2.10.0 to 2.11.1.

Changelog

2.11.1

-------------------

Changes:

* E275: fix false positive with fstrings containing keyword parts in python 3.12

2.11.0

-------------------

Changes:

* Drop EOL python 3.6 / 3.7.  PR 1129, 1160.
* Add support for python 3.12.  PR 1147, 1148, 1152, 1153, 1154, 1163,
1164, 1165, 1166, 1176, 1177, 1182.
* E721: adjust handling of type comparison.  Allowed forms are now
``isinstance(x, t)`` or ``type(x) is t``.  PR 1086, 1167.
* Remove handling of python 2 ``<>`` operator.  PR 1161.
* W606: removed.  ``async`` / ``await`` are always keywords.  PR 1162.
* Internal: move tests to pytest.  PR 1168, 1169, 1171, 1173, 1174, 1175.
* Remove handling of python 2 ``ur''`` strings.  PR 1181.
Links

Update pyflakes from 3.0.1 to 3.1.0.

Changelog

3.1.0

- Drop support for EOL python 3.6 / 3.7
- Remove ``ContinueInFinally`` check (only relevant in python < 3.8)
- Fix forward annotations inside a nested scope
- Produce an error when a definition shadows an unused variable
- Fix accessed global annotation being redefined in a local scope
- Allow redefinition of functions across ``match`` arms
- Fix potential ``None`` for ``lineno`` during tokenization errors
- Add support for PEP 695 and python 3.12
Links

Update setuptools from 67.8.0 to 68.2.2.

Changelog

68.2.2

=======

Bugfixes
--------

- Improve backwards compatibility with deprecated CLI practices. (4048)

68.2.1

=======

Bugfixes
--------

- Avoid using caching attributes in ``Distribution.metadata`` for requirements.
This is done for backwards compatibility with customizations that attempt to
modify ``install_requires`` or ``extras_require`` at a late point (still not
recommended). (4043)


Misc
----

- 4045

68.2.0

=======

Features
--------

- Rework how ``setuptools`` internally handles ``dependencies/install_requires``
and ``optional-dependencies/extras_require``. (3903)
- Improve the generated ``PKG-INFO`` files, by adding ``Requires-Dist`` fields.
Previously, these fields would be omitted in favour of a non-standard
``*.egg-info/requires.txt`` file (which is still generated for the time being). (3904)
- Improve atomicity when writing ``PKG-INFO`` files to avoid race
conditions with ``importlib.metadata``. (3904)


Bugfixes
--------

- Fix the name given to the ``*-nspkg.pth`` files in editable installs,
ensuring they are unique per distribution. (4041)
- Workaround some limitations on ``pkg_resources``-style legacy namespaces in
the meta path finder for editable installations. (4041)


Misc
----

- 4023, 4027, 4027

68.1.2

=======

Misc
----

- 4022, 4022

68.1.1

=======

Bugfixes
--------

- Fix editable install finder handling of nested packages, by only handling 1
level of nesting and relying on ``importlib.machinery`` to find the remaining
modules based on the parent package path. (4020)

68.1.0

=======

Features
--------

- Removed code referencing bdist_wininst in install_scripts. (3525)
- Promote ``pyproject.toml``'s ``[tool.setuptools]`` out of beta.
Note that some fields are still considered deprecated and/or obsolete,
and these might be removed in future versions (i.e., there is no guarantee
for long term support and backward compatibility on those fields). (3962)
- Automatically add files listed in ``Extension.depends`` to sdists,
as long as they are contained in the project directory -- by :user:`RuRo` (4000)
- Require Python 3.8 or later.


Bugfixes
--------

- Made imports in editable installs case-sensitive on case-insensitive filesystems -- by :user:`aganders3` (3995)
- Use default encoding to create ``.pth`` files with ``editable_wheel``. (4009)
- Detects (and complain about) ``scripts`` and ``gui-scripts`` set via ``setup.py``
when ``pyproject.toml`` does not include them in ``dynamic``. (4012)


Misc
----

- 3833, 3960, 4001, 4007

68.0.0

=======


Breaking Changes
----------------
* 3948: Removed verification for existing ``depends.txt`` file (deprecated since v0.5a4).
* 3948: Remove autofixing of broken ``.egg-info`` directories containing the ``-``
character in their base name (without suffix).
They should no longer be produced by sufficiently new versions of ``setuptools``
(warning introduced in 2005).
* 3948: Remove deprecated APIs in ``easy_install``: ``get_script_args``,
``get_script_header`` and ``get_writer``.
The direct usage of ``easy_install`` has been deprecated since v58.3.0,
and the warnings regarding these APIs predate that version.
* 3948: Removed ``egg_info.get_pkg_info_revision`` (deprecated since 2015).
* 3948: Removed ``setuptools.dist._get_unpatched`` (deprecated since 2016)
* 3948: Removed support for SVN in ``setuptools.package_index`` (deprecated since 2018).
* 3948: Removed support for invalid ``pyproject.toml`` files.
During the implementation of PEP 621, it was identified that some users were
producing invalid files. As a transitional measure, the validation was relaxed
for a few use cases. The grace period, however, came to an end.

Changes
-------
* 3760: Added symlink support to launcher for installed executables -- by :user:`eugene-sevostianov-sc`
* 3926: Updated vendored ``packaging`` version from 23.0 to 23.1 -- by :user:`MetRonnie`
* 3950: Implemented workaround for old versions of ``vswhere``, which miss the
``-requiresAny`` parameter, such as the ones distributed together with Visual Studio 2017 < 15.6.
* 3952: Changed ``DistutilsMetaFinder`` to skip ``spec_for_pip`` on Python >= 3.12.
* 3952: Removed ``_distutils_hack.remove_shim`` on Python >= 3.12
(since ``distutils`` was removed from the standard library,
``DistutilsMetaFinder`` cannot be disabled on Python >= 3.12).

Misc
----
* 3920: Add a link to deprecation warning in ``pkg_resources`` and improve
``stacklevel`` for better visibility.
Links

Update typing-extensions from 4.6.2 to 4.8.0.

Changelog

4.8.0

No changes since 4.8.0rc1.

4.8.0rc1

- Add `typing_extensions.Doc`, as proposed by PEP 727. Patch by
Sebastián Ramírez.
- Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
- Fix bug where `get_original_bases()` would return incorrect results when
called on a concrete subclass of a generic class. Patch by Alex Waygood
(backporting https://github.com/python/cpython/pull/107584, by James
Hilton-Balfe).
- Fix bug where `ParamSpec(default=...)` would raise a `TypeError` on Python
versions <3.11. Patch by James Hilton-Balfe

4.7.1

- Fix support for `TypedDict`, `NamedTuple` and `is_protocol` on PyPy-3.7 and
PyPy-3.8. Patch by Alex Waygood. Note that PyPy-3.7 and PyPy-3.8 are unsupported
by the PyPy project. The next feature release of typing-extensions will
drop support for PyPy-3.7 and may also drop support for PyPy-3.8.

4.7.0

- This is expected to be the last feature release supporting Python 3.7,
which reaches its end of life on June 27, 2023. Version 4.8.0 will support
only Python 3.8.0 and up.
- Fix bug where a `typing_extensions.Protocol` class that had one or more
non-callable members would raise `TypeError` when `issubclass()`
was called against it, even if it defined a custom `__subclasshook__`
method. The correct behaviour -- which has now been restored -- is not to
raise `TypeError` in these situations if a custom `__subclasshook__` method
is defined. Patch by Alex Waygood (backporting
https://github.com/python/cpython/pull/105976).

4.7.0rc1

- Add `typing_extensions.get_protocol_members` and
`typing_extensions.is_protocol` (backport of CPython PR 104878).
Patch by Jelle Zijlstra.
- `typing_extensions` now re-exports all names in the standard library's
`typing` module, except the deprecated `ByteString`. Patch by Jelle
Zijlstra.
- Due to changes in the implementation of `typing_extensions.Protocol`,
`typing.runtime_checkable` can now be used on `typing_extensions.Protocol`
(previously, users had to use `typing_extensions.runtime_checkable` if they
were using `typing_extensions.Protocol`).
- Align the implementation of `TypedDict` with the implementation in the
standard library on Python 3.9 and higher.
`typing_extensions.TypedDict` is now a function instead of a class. The
private functions `_check_fails`, `_dict_new`, and `_typeddict_new`
have been removed. `is_typeddict` now returns `False` when called with
`TypedDict` itself as the argument. Patch by Jelle Zijlstra.
- Declare support for Python 3.12. Patch by Jelle Zijlstra.
- Fix tests on Python 3.13, which removes support for creating
`TypedDict` classes through the keyword-argument syntax. Patch by
Jelle Zijlstra.
- Fix a regression introduced in v4.6.3 that meant that
``issubclass(object, typing_extensions.Protocol)`` would erroneously raise
``TypeError``. Patch by Alex Waygood (backporting the CPython PR
https://github.com/python/cpython/pull/105239).
- Allow `Protocol` classes to inherit from `typing_extensions.Buffer` or
`collections.abc.Buffer`. Patch by Alex Waygood (backporting
https://github.com/python/cpython/pull/104827, by Jelle Zijlstra).
- Allow classes to inherit from both `typing.Protocol` and `typing_extensions.Protocol`
simultaneously. Since v4.6.0, this caused `TypeError` to be raised due to a
metaclass conflict. Patch by Alex Waygood.
- Backport several deprecations from CPython relating to unusual ways to
create `TypedDict`s and `NamedTuple`s. CPython PRs 105609 and 105780
by Alex Waygood; `typing_extensions` backport by Jelle Zijlstra.
- Creating a `NamedTuple` using the functional syntax with keyword arguments
 (`NT = NamedTuple("NT", a=int)`) is now deprecated.
- Creating a `NamedTuple` with zero fields using the syntax `NT = NamedTuple("NT")`
 or `NT = NamedTuple("NT", None)` is now deprecated.
- Creating a `TypedDict` with zero fields using the syntax `TD = TypedDict("TD")`
 or `TD = TypedDict("TD", None)` is now deprecated.
- Fix bug on Python 3.7 where a protocol `X` that had a member `a` would not be
considered an implicit subclass of an unrelated protocol `Y` that only has a
member `a`. Where the members of `X` are a superset of the members of `Y`,
`X` should always be considered a subclass of `Y` iff `Y` is a
runtime-checkable protocol that only has callable members. Patch by Alex
Waygood (backporting CPython PR
https://github.com/python/cpython/pull/105835).

4.6.3

- Fix a regression introduced in v4.6.0 in the implementation of
runtime-checkable protocols. The regression meant
that doing `class Foo(X, typing_extensions.Protocol)`, where `X` was a class that
had `abc.ABCMeta` as its metaclass, would then cause subsequent
`isinstance(1, X)` calls to erroneously raise `TypeError`. Patch by
Alex Waygood (backporting the CPython PR
https://github.com/python/cpython/pull/105152).
- Sync the repository's LICENSE file with that of CPython.
`typing_extensions` is distributed under the same license as
CPython itself.
- Skip a problematic test on Python 3.12.0b1. The test fails on 3.12.0b1 due to
a bug in CPython, which will be fixed in 3.12.0b2. The
`typing_extensions` test suite now passes on 3.12.0b1.
Links

@pyup-bot
Copy link
Collaborator Author

Closing this in favor of #94

@pyup-bot pyup-bot closed this Oct 30, 2023
@aguiardafa aguiardafa deleted the pyup-scheduled-update-2023-10-23 branch October 30, 2023 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant