Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump the python-packages group in /backend with 3 updates (#96)
Bumps the python-packages group in /backend with 3 updates: [coverage](https://github.com/nedbat/coveragepy), [scrapy](https://github.com/scrapy/scrapy) and [flask](https://github.com/pallets/flask). Updates `coverage` from 7.6.4 to 7.6.7 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst">coverage's changelog</a>.</em></p> <blockquote> <h2>Version 7.6.7 — 2024-11-15</h2> <ul> <li>fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn.</li> </ul> <p>.. _changes_7-6-6:</p> <h2>Version 7.6.6 — 2024-11-15</h2> <ul> <li>One of the new asserts from 7.6.5 caused problems in real projects, as reported in <code>issue 1891</code>_. The assert has been removed.</li> </ul> <p>.. _issue 1891: <a href="https://redirect.github.com/nedbat/coveragepy/issues/1891">nedbat/coveragepy#1891</a></p> <p>.. _changes_7-6-5:</p> <h2>Version 7.6.5 — 2024-11-14</h2> <ul> <li> <p>fix: fine-tuned the exact Python version (3.12.6) when exiting from <code>with</code> statements changed how they traced. This affected whether people saw the fix for <code>issue 1880</code>_.</p> </li> <li> <p>fix: isolate our code more from mocking in the os module that in rare cases can cause <code>bizarre behavior <pytest-cov-666_></code>_.</p> </li> <li> <p>refactor: some code unreachable code paths in parser.py were changed to asserts. If you encounter any of these, please let me know!</p> </li> </ul> <p>.. _pytest-cov-666: <a href="https://redirect.github.com/pytest-dev/pytest-cov/issues/666">pytest-dev/pytest-cov#666</a></p> <p>.. _changes_7-6-4:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nedbat/coveragepy/commit/af89ebb81a99113bb663a64c494f4aed03c383cb"><code>af89ebb</code></a> docs: sample HTML for 7.6.7</li> <li><a href="https://github.com/nedbat/coveragepy/commit/c723de2d6ab806fd9cfc2762cd10c04d904a0870"><code>c723de2</code></a> docs: prep for 7.6.7</li> <li><a href="https://github.com/nedbat/coveragepy/commit/898e94a1ebb224924776f4d5e77497a40302727f"><code>898e94a</code></a> fix: another possible assert changed back to a conditional.</li> <li><a href="https://github.com/nedbat/coveragepy/commit/42961d6bd4c2e379539e8dd117407fd584357384"><code>42961d6</code></a> build: tweaks to release process</li> <li><a href="https://github.com/nedbat/coveragepy/commit/1a09d4aeaf7c50a7e8e164f575db901f046341ad"><code>1a09d4a</code></a> build: bump version</li> <li><a href="https://github.com/nedbat/coveragepy/commit/c26fc6ee2f4a40b603ef33fd1e03de55f843c2eb"><code>c26fc6e</code></a> docs: sample HTML for 7.6.6</li> <li><a href="https://github.com/nedbat/coveragepy/commit/79ad46919c72afbd996409b31d81ec6fa0a2828f"><code>79ad469</code></a> docs: prep for 7.6.6</li> <li><a href="https://github.com/nedbat/coveragepy/commit/98939c9199d9196bf55e0f6d02443dbdd46d1b85"><code>98939c9</code></a> fix: this assert is possible, remove it. <a href="https://redirect.github.com/nedbat/coveragepy/issues/1891">#1891</a></li> <li><a href="https://github.com/nedbat/coveragepy/commit/ad4a4ffaad8149133f57024f794a49d3c00baac7"><code>ad4a4ff</code></a> build: automate the 'final' version</li> <li><a href="https://github.com/nedbat/coveragepy/commit/e1502e679db440b1c2a76549d2de6ac1b1a25fa2"><code>e1502e6</code></a> build: bump version</li> <li>Additional commits viewable in <a href="https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.7">compare view</a></li> </ul> </details> <br /> Updates `scrapy` from 2.11.2 to 2.12.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/scrapy/scrapy/releases">scrapy's releases</a>.</em></p> <blockquote> <h2>2.12.0</h2> <ul> <li>Dropped support for Python 3.8, added support for Python 3.13</li> <li><code>start_requests</code> can now yield items</li> <li>Added <code>scrapy.http.JsonResponse</code></li> <li>Added the <code>CLOSESPIDER_PAGECOUNT_NO_ITEM</code> setting</li> </ul> <p><a href="https://docs.scrapy.org/en/2.12/news.html#scrapy-2-12-0-2024-11-18">See the full changelog.</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/scrapy/scrapy/blob/master/docs/news.rst">scrapy's changelog</a>.</em></p> <blockquote> <h2>Scrapy 2.12.0 (2024-11-18)</h2> <p>Highlights:</p> <ul> <li> <p>Dropped support for Python 3.8, added support for Python 3.13</p> </li> <li> <p>:meth:<code>~scrapy.Spider.start_requests</code> can now yield items</p> </li> <li> <p>Added :class:<code>~scrapy.http.JsonResponse</code></p> </li> <li> <p>Added :setting:<code>CLOSESPIDER_PAGECOUNT_NO_ITEM</code></p> </li> </ul> <p>Modified requirements</p> <pre><code> - Dropped support for Python 3.8. (:issue:`6466`, :issue:`6472`) <ul> <li> <p>Added support for Python 3.13.<br /> (:issue:<code>6166</code>)</p> </li> <li> <p>Minimum versions increased for these dependencies:</p> <ul> <li> <p>Twisted_: 18.9.0 → 21.7.0</p> </li> <li> <p>cryptography_: 36.0.0 → 37.0.0</p> </li> <li> <p>pyOpenSSL_: 21.0.0 → 22.0.0</p> </li> <li> <p>lxml_: 4.4.1 → 4.6.0</p> </li> </ul> </li> <li> <p>Removed <code>setuptools</code> from the dependency list.<br /> (:issue:<code>6487</code>)</p> </li> </ul> <p>Backward-incompatible changes<br /> </code></pre></p> <ul> <li> <p>User-defined cookies for HTTPS requests will have the <code>secure</code> flag set to <code>True</code> unless it's set to <code>False</code> explictly. This is important when these cookies are reused in HTTP requests, e.g. after a redirect to an HTTP URL. (:issue:<code>6357</code>)</p> </li> <li> <p>The Reppy-based <code>robots.txt</code> parser, <code>scrapy.robotstxt.ReppyRobotParser</code>, was removed, as it doesn't support Python 3.9+. (:issue:<code>5230</code>, :issue:<code>6099</code>, :issue:<code>6499</code>)</p> </li> <li> <p>The initialization API of :class:<code>scrapy.pipelines.media.MediaPipeline</code> and</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/scrapy/scrapy/commit/b1f9e56693cd2000ddcea922306f726f3e9339af"><code>b1f9e56</code></a> Bump version: 2.11.2 → 2.12.0</li> <li><a href="https://github.com/scrapy/scrapy/commit/10089c6fe2028b879f9f60e9598fa580ef6a3e33"><code>10089c6</code></a> 2.12 release notes (<a href="https://redirect.github.com/scrapy/scrapy/issues/6226">#6226</a>)</li> <li><a href="https://github.com/scrapy/scrapy/commit/212e848402a63b43fe8b7204e19d47fa7c4f0cd9"><code>212e848</code></a> Merge pull request <a href="https://redirect.github.com/scrapy/scrapy/issues/6545">#6545</a> from wRAR/mitmproxy-dhparam</li> <li><a href="https://github.com/scrapy/scrapy/commit/feea3a0f67f8e6f32ae6452f485709db16146c5e"><code>feea3a0</code></a> Commit mitmproxy-dhparam.pem.</li> <li><a href="https://github.com/scrapy/scrapy/commit/87b2300831c02e965542e818276c99511feb51a0"><code>87b2300</code></a> Merge pull request <a href="https://redirect.github.com/scrapy/scrapy/issues/6543">#6543</a> from scrapy/pep740-attestations</li> <li><a href="https://github.com/scrapy/scrapy/commit/dc4d6d16ead45932a564ea37eef03da92714f5cf"><code>dc4d6d1</code></a> Verified PyPI releases (a.k.a. PEP740)</li> <li><a href="https://github.com/scrapy/scrapy/commit/30fb54f47e0c130010db53c6e5f9b668e1e41a86"><code>30fb54f</code></a> Merge pull request <a href="https://redirect.github.com/scrapy/scrapy/issues/6542">#6542</a> from nicklaustrup/Tests-contracts-swallowed-exceptions</li> <li><a href="https://github.com/scrapy/scrapy/commit/bfcee452b0f90dc3c642604bb77cd37f22ac0af1"><code>bfcee45</code></a> Added failing test cases to tests/test_contracts.py and fixed corresponding m...</li> <li><a href="https://github.com/scrapy/scrapy/commit/ab5cb7c7d9e268b501009d991d97ca19b6f7fe96"><code>ab5cb7c</code></a> Merge pull request <a href="https://redirect.github.com/scrapy/scrapy/issues/6540">#6540</a> from wRAR/build_from_settings</li> <li><a href="https://github.com/scrapy/scrapy/commit/929d665a74333434c9cede7133ea4f0707dbf9a6"><code>929d665</code></a> Address PR feedback.</li> <li>Additional commits viewable in <a href="https://github.com/scrapy/scrapy/compare/2.11.2...2.12.0">compare view</a></li> </ul> </details> <br /> Updates `flask` from 3.0.3 to 3.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/flask/releases">flask's releases</a>.</em></p> <blockquote> <h2>3.1.0</h2> <p>This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as <a href="https://pypi.org/project/pip-tools/">pip-tools</a> to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.</p> <p>PyPI: <a href="https://pypi.org/project/Flask/3.1.0/">https://pypi.org/project/Flask/3.1.0/</a> Changes: <a href="https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0">https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0</a> Milestone: <a href="https://github.com/pallets/flask/milestone/33?closed=1">https://github.com/pallets/flask/milestone/33?closed=1</a></p> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/pallets/flask/issues/5623">#5623</a></li> <li>Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. <a href="https://redirect.github.com/pallets/flask/issues/5624">#5624</a>, <a href="https://redirect.github.com/pallets/flask/issues/5633">#5633</a></li> <li>Provide a configuration option to control automatic option responses. <a href="https://redirect.github.com/pallets/flask/issues/5496">#5496</a></li> <li><code>Flask.open_resource</code>/<code>open_instance_resource</code> and <code>Blueprint.open_resource</code> take an <code>encoding</code> parameter to use when opening in text mode. It defaults to <code>utf-8</code>. <a href="https://redirect.github.com/pallets/flask/issues/5504">#5504</a></li> <li><code>Request.max_content_length</code> can be customized per-request instead of only through the <code>MAX_CONTENT_LENGTH</code> config. Added <code>MAX_FORM_MEMORY_SIZE</code> and <code>MAX_FORM_PARTS</code> config. Added documentation about resource limits to the security page. <a href="https://redirect.github.com/pallets/flask/issues/5625">#5625</a></li> <li>Add support for the <code>Partitioned</code> cookie attribute (CHIPS), with the <code>SESSION_COOKIE_PARTITIONED</code> config. <a href="https://redirect.github.com/pallets/flask/issues/5472">#5472</a></li> <li><code>-e path</code> takes precedence over default <code>.env</code> and <code>.flaskenv</code> files. <code>load_dotenv</code> loads default files in addition to a path unless <code>load_defaults=False</code> is passed. <a href="https://redirect.github.com/pallets/flask/issues/5628">#5628</a></li> <li>Support key rotation with the <code>SECRET_KEY_FALLBACKS</code> config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. <a href="https://redirect.github.com/pallets/flask/issues/5621">#5621</a></li> <li>Fix how setting <code>host_matching=True</code> or <code>subdomain_matching=False</code> interacts with <code>SERVER_NAME</code>. Setting <code>SERVER_NAME</code> no longer restricts requests to only that domain. <a href="https://redirect.github.com/pallets/flask/issues/5553">#5553</a></li> <li><code>Request.trusted_hosts</code> is checked during routing, and can be set through the <code>TRUSTED_HOSTS</code> config. <a href="https://redirect.github.com/pallets/flask/issues/5636">#5636</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/flask/blob/main/CHANGES.rst">flask's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.0</h2> <p>Released 2024-11-13</p> <ul> <li>Drop support for Python 3.8. :pr:<code>5623</code></li> <li>Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:<code>5624,5633</code></li> <li>Provide a configuration option to control automatic option responses. :pr:<code>5496</code></li> <li><code>Flask.open_resource</code>/<code>open_instance_resource</code> and <code>Blueprint.open_resource</code> take an <code>encoding</code> parameter to use when opening in text mode. It defaults to <code>utf-8</code>. :issue:<code>5504</code></li> <li><code>Request.max_content_length</code> can be customized per-request instead of only through the <code>MAX_CONTENT_LENGTH</code> config. Added <code>MAX_FORM_MEMORY_SIZE</code> and <code>MAX_FORM_PARTS</code> config. Added documentation about resource limits to the security page. :issue:<code>5625</code></li> <li>Add support for the <code>Partitioned</code> cookie attribute (CHIPS), with the <code>SESSION_COOKIE_PARTITIONED</code> config. :issue:<code>5472</code></li> <li><code>-e path</code> takes precedence over default <code>.env</code> and <code>.flaskenv</code> files. <code>load_dotenv</code> loads default files in addition to a path unless <code>load_defaults=False</code> is passed. :issue:<code>5628</code></li> <li>Support key rotation with the <code>SECRET_KEY_FALLBACKS</code> config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:<code>5621</code></li> <li>Fix how setting <code>host_matching=True</code> or <code>subdomain_matching=False</code> interacts with <code>SERVER_NAME</code>. Setting <code>SERVER_NAME</code> no longer restricts requests to only that domain. :issue:<code>5553</code></li> <li><code>Request.trusted_hosts</code> is checked during routing, and can be set through the <code>TRUSTED_HOSTS</code> config. :issue:<code>5636</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/flask/commit/ab8149664182b662453a563161aa89013c806dc9"><code>ab81496</code></a> release version 3.1.0</li> <li><a href="https://github.com/pallets/flask/commit/70602a196a6da90eb0d34cdfe5d4d16a99606279"><code>70602a1</code></a> remove test pypi</li> <li><a href="https://github.com/pallets/flask/commit/6748a09341deeac16acb33996df95a31fae0c545"><code>6748a09</code></a> update dev dependencies</li> <li><a href="https://github.com/pallets/flask/commit/22c48a738b5fb5b5cf09fb77270139f116069748"><code>22c48a7</code></a> Merge remote-tracking branch 'origin/stable'</li> <li><a href="https://github.com/pallets/flask/commit/2eab96a32a92ceb4b6947102626f896816a0291d"><code>2eab96a</code></a> use generic bases for session (<a href="https://redirect.github.com/pallets/flask/issues/5638">#5638</a>)</li> <li><a href="https://github.com/pallets/flask/commit/f49dbfd3e451006a485e81ebce030495131c4454"><code>f49dbfd</code></a> use generic bases for session</li> <li><a href="https://github.com/pallets/flask/commit/7b21d43d4c763b874bc86d4c2d69a48ee492dc22"><code>7b21d43</code></a> configure and check <code>request.trusted_hosts</code> (<a href="https://redirect.github.com/pallets/flask/issues/5637">#5637</a>)</li> <li><a href="https://github.com/pallets/flask/commit/4f7156f2c3271613b34d04040b502b9d7ae35eb9"><code>4f7156f</code></a> configure and check trusted_hosts</li> <li><a href="https://github.com/pallets/flask/commit/10bdf61a0f751f3cb000f8f8ac5ac5b4bb535677"><code>10bdf61</code></a> setting <code>SERVER_NAME</code> does not restrict routing for both <code>subdomain_matching</code>...</li> <li><a href="https://github.com/pallets/flask/commit/4995a775df21a206b529403bc30d71795a994fd4"><code>4995a77</code></a> fix subdomain_matching=False behavior</li> <li>Additional commits viewable in <a href="https://github.com/pallets/flask/compare/3.0.3...3.1.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
bae1a03
commit ee8b4b9