Bump the dependencies group with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates:

Package	From	To
typing-extensions	4.9.0	4.12.0
uvicorn	0.29.0	0.30.0
fastapi	0.110.3	0.111.0
jinja2	3.1.3	3.1.4
pygments	2.17.2	2.18.0
pytest	8.2.0	8.2.1
coverage	7.5.0	7.5.3
babel	2.14.0	2.15.0
mdit-py-plugins	0.4.0	0.4.1
requests	2.31.0	2.32.3

Updates typing-extensions from 4.9.0 to 4.12.0

Release notes

Sourced from typing-extensions's releases.

4.12.0

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

There is a single change since 4.12.0rc1:

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Changes included in 4.12.0rc1:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.
  • Fix bug in PEP-696 implementation where a default value for a ParamSpec would be cast to a tuple if a list was provided. Patch by Alex Waygood.
• Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new __static_attributes__ attribute to all classes in Python, which broke some assumptions made by the implementation of typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new __firstlineno__ attribute to all classes.
• Fix AttributeError when using typing_extensions.runtime_checkable in combination with typing.Protocol on Python 3.12.2 or newer. Patch by Alex Waygood.
• At runtime, assert_never now includes the repr of the argument

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.12.0 (May 23, 2024)

This release is mostly the same as 4.12.0rc1 but fixes one more longstanding bug.

• Fix incorrect behaviour of typing_extensions.ParamSpec on Python 3.8 and 3.9 that meant that isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) would have a different result in some situations depending on whether or not a profiling function had been set using sys.setprofile. Patch by Alex Waygood.

Release 4.12.0rc1 (May 16, 2024)

This release focuses on compatibility with the upcoming release of Python 3.13. Most changes are related to the implementation of type parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex Waygood, who did most of the work adapting typing-extensions to the CPython PEP 696 implementation.

Full changelog:

• Improve the implementation of type parameter defaults (PEP 696)
  • Backport the typing.NoDefault sentinel object from Python 3.13. TypeVars, ParamSpecs and TypeVarTuples without default values now have their __default__ attribute set to this sentinel value.
  • TypeVars, ParamSpecs and TypeVarTuples now have a has_default() method, matching typing.TypeVar, typing.ParamSpec and typing.TypeVarTuple on Python 3.13+.
  • TypeVars, ParamSpecs and TypeVarTuples with default=None passed to their constructors now have their __default__ attribute set to None at runtime rather than types.NoneType.
  • Fix most tests for TypeVar, ParamSpec and TypeVarTuple on Python 3.13.0b1 and newer.
  • Backport CPython PR #118774, allowing type parameters without default values to follow those with default values in some type parameter lists. Patch by Alex Waygood, backporting a CPython PR by Jelle Zijlstra.
  • It is now disallowed to use a TypeVar with a default value after a TypeVarTuple in a type parameter list. This matches the CPython implementation of PEP 696 on Python 3.13+.
  • Fix bug in PEP-696 implementation where a default value for a ParamSpec would be cast to a tuple if a list was provided. Patch by Alex Waygood.
• Fix Protocol tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new __static_attributes__ attribute to all classes in Python, which broke some assumptions made by the implementation of typing_extensions.Protocol. Similarly, 3.13.0b1 adds the new __firstlineno__ attribute to all classes.

... (truncated)

Commits

• f90a8dc Prepare release 4.12.0 (#408)
• 118e1a6 Make sure isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar) is u...
• 910141a Add security documentation (#403)
• 0dbc7c9 Prepare release 4.12.0rc1 (#402)
• 1da5d3d Update actions/setup-python (#401)
• 72298f0 4.12.0a2 (#400)
• 465ba78 Fix publish workflow (#399)
• 21fde1f Prepare releaes 4.12.0a1 (#398)
• 63d8277 Add workflow for Trusted Publishing (#395)
• 074d053 Backport PEP-696 specialisation on Python >=3.11.1 (#397)
• Additional commits viewable in compare view

Updates uvicorn from 0.29.0 to 0.30.0

Release notes

Sourced from uvicorn's releases.

Version 0.30.0

Added

• New multiprocess manager (#2183)
• Allow ConfigParser or a io.IO[Any] on log_config (#1976)

Fixed

• Suppress side effects of signal propagation (#2317)
• Send content-length header on 5xx (#2304)

Deprecated

• Deprecate the uvicorn.workers module (#2302)

---

Full Changelog: encode/uvicorn@0.29.0...0.30.0

Changelog

Sourced from uvicorn's changelog.

0.30.0 (2024-05-28)

Added

• New multiprocess manager (#2183)
• Allow ConfigParser or a io.IO[Any] on log_config (#1976)

Fixed

• Suppress side-effects of signal propagation (#2317)
• Send content-length header on 5xx (#2304)

Deprecated

• Deprecate the uvicorn.workers module (#2302)

Commits

• 9a6b3a8 Version 0.30.0 (#2348)
• 53fa273 New multiprocess manager (#2183)
• 22873a9 Suppress side-effects of signal propagation (#2317)
• 14ffba8 Simplify CHANGELOG (#2337)
• 5c78192 Add favicon and logo to the documentation (#2336)
• b9c03a8 Improve type hints on WebSockets implementations (#2335)
• 14bdf04 Use pytestmark to simplify test suite (#2334)
• 0efd383 Send content-length header on 5xx (#2304)
• 772c24b Deprecate the uvicorn.workers module (#2302)
• 12c9ee3 Allow ConfigParser or a io.IO[Any] on log_config (#1976)
• Additional commits viewable in compare view

Updates fastapi from 0.110.3 to 0.111.0

Release notes

Sourced from fastapi's releases.

0.111.0

Features

• ✨ Add FastAPI CLI, the new fastapi command. PR #11522 by @​tiangolo.
  • New docs: FastAPI CLI.

Try it out with:

$ pip install --upgrade fastapi
$ fastapi dev main.py
╭────────── FastAPI CLI - Development mode ───────────╮
│                                                     │
│  Serving at: http://127.0.0.1:8000                  │
│                                                     │
│  API docs: http://127.0.0.1:8000/docs               │
│                                                     │
│  Running in development mode, for production use:   │
│                                                     │
│  fastapi run                                        │
│                                                     │
╰─────────────────────────────────────────────────────╯
INFO:     Will watch for changes in these directories: ['/home/user/code/awesomeapp']
INFO:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO:     Started reloader process [2248755] using WatchFiles
INFO:     Started server process [2248757]
INFO:     Waiting for application startup.
INFO:     Application startup complete.

Refactors

• 🔧 Add configs and setup for fastapi-slim including optional extras fastapi-slim[standard], and fastapi including by default the same standard extras. PR #11503 by @​tiangolo.

Commits

• 1c3e691 📝 Update release notes
• ab8f557 📝 Update release notes
• 67da3bb 🔖 Release version 0.111.0
• 9ed94e4 📝 Update release notes
• d71be59 ✨ Add FastAPI CLI, the new fastapi command (#11522)
• a94ef33 📝 Update release notes
• ea1f219 🔧 Add configs and setup for fastapi-slim including optional extras `fastapi...
• See full diff in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates pygments from 2.17.2 to 2.18.0

Release notes

Sourced from pygments's releases.

2.18.0

• New lexers:

  • Janet (#2557)
  • Lean 4 (#2618, #2626)
  • Luau (#2605)
  • Mojo (#2691, #2515)
  • org-mode (#2628, #2636)
  • Promela (#2620)
  • Soong / Android.bp (#2659)
  • Tact (#2571)
  • Typst (#2596)

• Updated lexers:

  • Awk: recognize ternary operator (#2687)
  • Bash: add openrc alias (#2599, #2371)
  • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
  • DNS zone files: Fix comment parsing (#2595)
  • Hy: Support unicode literals (#1126)
  • Inform6: Update to Inform 6.42 (#2644)
  • lean: Fix name handling (#2614)
  • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
  • Macaulay2: Update to 1.23 (#2655)
  • Python: fix highlighting of soft keywords before None/True/False
  • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
  • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
  • Spice: Add keywords (#2621)
  • SQL Explain: allow negative numbers (#2610)
  • Swift: Support multiline strings (#2681)
  • ThingsDB: add constants and new functions; support template strings (#2624)
  • UL4: support nested <?doc?> and <?note?> tags (#2597)
  • VHDL: support multi-line comments of VHDL-2008 (#2622)
  • Wikitext: Remove kk-* in variant_langs (#2647)
  • Xtend: Add val and var (#2602)

• New styles:

  • Coffee (#2609)

• Make background colors in the image formatter work with Pillow 10.0 (#2623)

• Require Python 3.8. As a result, the importlib-metadata package is no longer needed for fast plugin discovery on Python 3.7. The plugins extra (used as, e.g., pip install pygments[plugins])

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.18.0

(released May 4th, 2024)

• New lexers:

  • Janet (#2557)
  • Lean 4 (#2618, #2626)
  • Luau (#2605)
  • Mojo (#2691, #2515)
  • org-mode (#2628, #2636)
  • Promela (#2620)
  • Soong / Android.bp (#2659)
  • Tact (#2571)
  • Typst (#2596)

• Updated lexers:

  • Awk: recognize ternary operator (#2687)
  • Bash: add openrc alias (#2599, #2371)
  • Coq: add keywords, lex more vernacular command arguments, produce fewer tokens on heading comments (#2678)
  • DNS zone files: Fix comment parsing (#2595)
  • Hy: Support unicode literals (#1126)
  • Inform6: Update to Inform 6.42 (#2644)
  • lean: Fix name handling (#2614)
  • Logtalk: add uninstantiation keyword and recognize escape sequences (#2619)
  • Macaulay2: Update to 1.23 (#2655)
  • Python: fix highlighting of soft keywords before None/True/False
  • reStructuredText: use Token.Comment for comments instead of Comment.Preproc (#2598)
  • Rust: highlight :, :: and -> as Punctuation and whitespace as Whitespace, instead of Text in both cases (#2631)
  • Spice: Add keywords (#2621)
  • SQL Explain: allow negative numbers (#2610)
  • Swift: Support multiline strings (#2681)
  • ThingsDB: add constants and new functions; support template strings (#2624)
  • UL4: support nested <?doc?> and <?note?> tags (#2597)
  • VHDL: support multi-line comments of VHDL-2008 (#2622)
  • Wikitext: Remove kk-* in variant_langs (#2647)
  • Xtend: Add val and var (#2602)

• New styles:

  • Coffee (#2609)

• Make background colors in the image formatter work with Pillow 10.0 (#2623)

... (truncated)

Commits

• d7d11f6 Last steps for 2.18 release.
• ec7bfd2 Fix Janet version_added.
• ea9c823 Update CHANGES.
• 338d366 Merge pull request #2670 from Kodiologist/hylex
• 4d1371b Lock down the pytest version.
• 8dd97e0 Improve docs.
• 26179d6 Fix deprecated variable usage in tests.
• ad125ca Prepare 2.18 release.
• 24deeb9 Lock the ruff version in tox.ini.
• c9165cf Fix format string usage.
• Additional commits viewable in compare view

Updates pytest from 8.2.0 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

Commits

• 66ff8df Prepare release version 8.2.1
• 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
• 0b28313 [8.2.x] Add Python 3.13 (beta) support
• f3dd93a [8.2.x] Attest package provenance (#12335)
• bb5a125 [8.2.x] Spelling (#12331)
• f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
• 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
• 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
• 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
• cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
• Additional commits viewable in compare view

Updates coverage from 7.5.0 to 7.5.3

Changelog

Sourced from coverage's changelog.

Version 7.5.3 — 2024-05-28

• Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

• Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: nedbat/coveragepy#1791

.. _changes_7-5-2:

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Version 7.5.1 — 2024-05-04

... (truncated)

Commits

• f310d7e docs: sample HTML for 7.5.3
• a51d52f docs: prep for 7.5.3
• b666f3a perf: it's faster in all versions if we don't cache tokenize #1791
• a2b4929 docs: changelog entry for combine performance improvements
• b9aff50 perf: don't read full line_bits table each time
• c45ebac perf: cache alias mapping
• 390cb97 perf: avoid quadratic behavior when combining line coverage
• d3caf53 docs(build): tweaks to howto
• 909e887 build: bump version
• 242adea build: don't claim pre-alpha-1 in classifiers
• Additional commits viewable in compare view

Updates babel from 2.14.0 to 2.15.0

Release notes

Sourced from babel's releases.

v2.15.0

The changelog below is auto-generated by GitHub.

The binary artifacts attached to this GitHub release were generated by the GitHub Actions workflow.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Drop support for Python 3.7 (EOL since June 2023) by @​akx in python-babel/babel#1048
• Upgrade GitHub Actions by @​cclauss in python-babel/babel#1054
• Improve .po IO by @​akx in python-babel/babel#1068
• Use CLDR 44 by @​akx in python-babel/babel#1071
• Allow alternative space characters as group separator when parsing numbers by @​ronnix in python-babel/babel#1007
• Include Unicode license in locale-data and in documentation by @​akx in python-babel/babel#1074
• Encode support for the "fall back to short format" logic for time delta formatting by @​akx in python-babel/babel#1075
• Prepare for 2.15.0 release by @​akx in python-babel/babel#1079

New Contributors

• @​cclauss made their first contribution in python-babel/babel#1054
• @​ronnix made their first contribution in python-babel/babel#1007

Full Changelog: python-babel/babel@v2.14.0...v2.15.0

Changelog

Sourced from babel's changelog.

Version 2.15.0

Python version support

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)
Features

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)
Infrastructure



Upgrade GitHub Actions (:gh:1054) (@​cclauss's first contribution)
The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@​akx)

Commits

• 40b194f Prepare for 2.15.0 release (#1079)
• c2e6c6e Encode support for the "fall back to short format" logic for time delta forma...
• 1a03526 Include Unicode license in locale-data and in documentation (#1074)
• c0fb56e Allow alternative space characters as group separator when parsing numbers (#...
• fe82fbc Use CLDR 44 and adjust tests to match new data (#1071)
• e0d1018 Improve .po IO (#1068)
• 40e60a1 Upgrade GitHub Actions (#1054)
• 2a1709a Drop support for Python 3.7 (EOL since June 2023) (#1048)
• See full diff in compare view

Updates mdit-py-plugins from 0.4.0 to 0.4.1

Release notes

Sourced from mdit-py-plugins's releases.

v0.4.1

What's Changed

• 👌 Expand support for Python-Markdown in the admon plugin by @​KyleKing in executablebooks/mdit-py-plugins#94

• 👌 Add option for footnotes references to always be matched by @​chrisjsewell in executablebooks/mdit-py-plugins#108

• 🔧 Export plugins explicitly with __all__ by @​llimllib in executablebooks/mdit-py-plugins#91

• 🔧 Use ruff-format by @​chrisjsewell in executablebooks/mdit-py-plugins#107

• 🧪 Test against 3.12 by @​chrisjsewell in executablebooks/mdit-py-plugins#109

New Contributors

• @​llimllib made their first contribution in executablebooks/mdit-py-plugins#91

Full Changelog: executablebooks/mdit-py-plugins@v0.4.0...v0.4.1

Changelog

Sourced from mdit-py-plugins's changelog.

0.4.1 - 2024-05-12

• 👌 Add option for footnotes references to always be matched

  Usually footnote references are only matched when a footnote definition of the same label has already been found. If always_match_refs=True, any [^...] syntax will be treated as a footnote.

Commits

• d11bdaf 🚀 Release v0.4.1 (#110)
• aa1f557 🧪 Test against 3.12 (#109)
• 33c27e0 👌 Add option for footnotes references to always be matched (#108)
• 7762458 🔧 Use ruff-format (#107)
• 950908b [pre-commit.ci] pre-commit autoupdate (#100)
• 14dfd1a ⬆️ Bump actions/setup-python from 4 to 5 (#101)
• bd8d37d ⬆️ Bump actions/checkout from 3 to 4 (#98)
• 867a77a 👌 Expand support for Python-Markdown in the admon plugin (#94)
• 3829c84 [pre-commit.ci] pre-commit autoupdate (#90)
• ba0c31e 🔧 Export plugins explicitly with __all__ (#91)
• See full diff in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions