Skip to content

chore(deps): bump the poetry group across 1 directory with 5 updates#23

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/poetry-faac9a73df
Closed

chore(deps): bump the poetry group across 1 directory with 5 updates#23
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/poetry-faac9a73df

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 28, 2025

Copy link
Copy Markdown

Updates the requirements on cryptography, httpx, pre-commit, ruff and uvicorn to permit the latest version.
Updates cryptography to 44.0.2

Changelog

Sourced from cryptography's changelog.

44.0.2 - 2025-03-01


* We now build wheels for PyPy 3.11.

.. _v44-0-1:

44.0.1 - 2025-02-11

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
  • We now build armv7l manylinux wheels and publish them to PyPI.
  • We now build manylinux_2_34 wheels and publish them to PyPI.

.. _v44-0-0:

44.0.0 - 2024-11-27


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
  Python core team. Support for Python 3.7 will be removed in a future
  ``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
  versions of macOS should upgrade, or they will need to build
  ``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions must
  not be empty.
* Added support for timestamp extraction to the
  :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
  during X.509 verification to allow fields permitted by :rfc:`5280` but
  forbidden by the CA/Browser BRs.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
  when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.

.. _v43-0-3:

43.0.3 - 2024-10-18

  • Fixed release metadata for cryptography-vectors

.. _v43-0-2:

... (truncated)

Commits

Updates httpx to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.
Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

0.27.2 (27th August, 2024)

Fixed

  • Reintroduced supposedly-private URLTypes shortcut. (#2673)

0.27.1 (27th August, 2024)

Added

  • Support for zstd content decoding using the python zstandard package is added. Installable using httpx[zstd]. (#3139)

Fixed

  • Improved error messaging for InvalidURL exceptions. (#3250)
  • Fix app type signature in ASGITransport. (#3109)

0.27.0 (21st February, 2024)

... (truncated)

Commits

Updates pre-commit to 4.2.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.2.0

Features

  • For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.2.0 - 2025-03-18

Features

  • For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.

Fixes

4.1.0 - 2025-01-20

Features

Fixes

4.0.1 - 2024-10-08

Fixes

4.0.0 - 2024-10-05

Features

... (truncated)

Commits
  • aa48766 v4.2.0
  • bf6f11d Merge pull request #3430 from pre-commit/preferential-sys-impl
  • 3e8d0f5 adjust python default_language_version to prefer versioned exe
  • ff7256c Merge pull request #3425 from tusharsadhwani/ambiguous-ref
  • b7eb412 fix: crash on ambiguous ref 'HEAD'
  • 7b88c63 Merge pull request #3404 from pre-commit/pre-commit-ci-update-config
  • 94b97e2 [pre-commit.ci] pre-commit autoupdate
  • 2f93b80 Merge pull request #3401 from pre-commit/pre-commit-ci-update-config
  • 4f90a1e [pre-commit.ci] pre-commit autoupdate
  • aba1ce0 Merge pull request #3396 from pre-commit/all-repos_autofix_all-repos-sed
  • Additional commits viewable in compare view

Updates ruff to 0.11.2

Release notes

Sourced from ruff's releases.

0.11.2

Release Notes

Preview features

  • [syntax-errors] Fix false-positive syntax errors emitted for annotations on variadic parameters before Python 3.11 (#16878)

Contributors

Install ruff 0.11.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.11.2/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/ruff/releases/download/0.11.2/ruff-installer.ps1 | iex"

Download ruff 0.11.2

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
ruff-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
ruff-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
ruff-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
ruff-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
ruff-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
ruff-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
ruff-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
ruff-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.2

Preview features

  • [syntax-errors] Fix false-positive syntax errors emitted for annotations on variadic parameters before Python 3.11 (#16878)

0.11.1

Preview features

  • [airflow] Add chain, chain_linear and cross_downstream for AIR302 (#16647)
  • [syntax-errors] Improve error message and range for pre-PEP-614 decorator syntax errors (#16581)
  • [syntax-errors] PEP 701 f-strings before Python 3.12 (#16543)
  • [syntax-errors] Parenthesized context managers before Python 3.9 (#16523)
  • [syntax-errors] Star annotations before Python 3.11 (#16545)
  • [syntax-errors] Star expression in index before Python 3.11 (#16544)
  • [syntax-errors] Unparenthesized assignment expressions in sets and indexes (#16404)

Bug fixes

  • Server: Allow FixAll action in presence of version-specific syntax errors (#16848)
  • [flake8-bandit] Allow raw strings in suspicious-mark-safe-usage (S308) #16702 (#16770)
  • [refurb] Avoid panicking unwrap in verbose-decimal-constructor (FURB157) (#16777)
  • [refurb] Fix starred expressions fix (FURB161) (#16550)
  • Fix --statistics reporting for unsafe fixes (#16756)

Rule changes

  • [flake8-executables] Allow uv run in shebang line for shebang-missing-python (EXE003) (#16849,#16855)

CLI

  • Add --exit-non-zero-on-format (#16009)

Documentation

  • Update Ruff tutorial to avoid non-existent fix in __init__.py (#16818)
  • [flake8-gettext] Swap format- and printf-in-get-text-func-call examples (INT002, INT003) (#16769)

0.11.0

This is a follow-up to release 0.10.0. Because of a mistake in the release process, the requires-python inference changes were not included in that release. Ruff 0.11.0 now includes this change as well as the stabilization of the preview behavior for PGH004.

Breaking changes

  • Changes to how the Python version is inferred when a target-version is not specified (#16319)

    In previous versions of Ruff, you could specify your Python version with:

    • The target-version option in a ruff.toml file or the [tool.ruff] section of a pyproject.toml file.

... (truncated)

Commits

Updates uvicorn to 0.34.0

Release notes

Sourced from uvicorn's releases.

Version 0.34.0

What's Changed


Full Changelog: Kludex/uvicorn@0.33.0...0.34.0

Changelog

Sourced from uvicorn's changelog.

0.34.0 (December 15, 2024)

Added

  • Add content-length to 500 response in wsproto implementation (#2542)

Removed

  • Drop support for Python 3.8 (#2543)

0.33.0 (December 14, 2024)

Removed

  • Remove WatchGod support for --reload (#2536)

0.32.1 (November 20, 2024)

Fixed

  • Drop ASGI spec version to 2.3 on HTTP scope (#2513)
  • Enable httptools lenient data on httptools >= 0.6.3 (#2488)

0.32.0 (October 15, 2024)

Added

  • Officially support Python 3.13 (#2482)
  • Warn when max_request_limit is exceeded (#2430)

0.31.1 (October 9, 2024)

Fixed

  • Support WebSockets 0.13.1 (#2471)
  • Restore support for [*] in trusted hosts (#2480)
  • Add PathLike[str] type hint for ssl_keyfile (#2481)

0.31.0 (September 27, 2024)

Added

Improve ProxyHeadersMiddleware (#2468) and (#2231):

  • Fix the host for requests from clients running on the proxy server itself.
  • Fallback to host that was already set for empty x-forwarded-for headers.
  • Also allow to specify IP Networks as trusted hosts. This greatly simplifies deployments on docker swarm/kubernetes, where the reverse proxy might have a dynamic IP.
    • This includes support for IPv6 Address/Networks.

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python labels Mar 28, 2025
@dependabot dependabot Bot force-pushed the dependabot/pip/poetry-faac9a73df branch from a44962f to e3f29ef Compare May 5, 2025 01:50
@dependabot dependabot Bot force-pushed the dependabot/pip/poetry-faac9a73df branch 2 times, most recently from 1977442 to 4aea73d Compare May 19, 2025 01:51
@dependabot dependabot Bot force-pushed the dependabot/pip/poetry-faac9a73df branch from 4aea73d to 7687618 Compare May 26, 2025 02:02
Updates the requirements on [cryptography](https://github.com/pyca/cryptography), [httpx](https://github.com/encode/httpx), [pre-commit](https://github.com/pre-commit/pre-commit), [ruff](https://github.com/astral-sh/ruff) and [uvicorn](https://github.com/encode/uvicorn) to permit the latest version.

Updates `cryptography` to 44.0.2
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.2)

Updates `httpx` to 0.28.1
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.27.2...0.28.1)

Updates `pre-commit` to 4.2.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v3.8.0...v4.2.0)

Updates `ruff` to 0.11.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.7...0.11.2)

Updates `uvicorn` to 0.34.0
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.31.0...0.34.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: poetry
- dependency-name: httpx
  dependency-type: direct:production
  dependency-group: poetry
- dependency-name: pre-commit
  dependency-type: direct:production
  dependency-group: poetry
- dependency-name: ruff
  dependency-type: direct:production
  dependency-group: poetry
- dependency-name: uvicorn
  dependency-type: direct:production
  dependency-group: poetry
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/poetry-faac9a73df branch from 7687618 to c49b878 Compare June 9, 2025 01:40
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2025

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 14, 2025
@dependabot dependabot Bot deleted the dependabot/pip/poetry-faac9a73df branch July 14, 2025 01:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants