Bump the python-packages group across 1 directory with 9 updates

[dependabot]

Bumps the python-packages group with 8 updates in the / directory:

Package	From	To
requests-cache	1.2.0	1.2.1
lxml	5.2.1	5.2.2
boto3	1.34.92	1.34.148
pre-commit	3.7.0	3.7.1
certifi	2024.2.2	2024.7.4
ruff	0.4.2	0.5.4
pytest	8.1.1	8.3.2
pytest-ruff	0.3.1	0.4.1

Updates requests-cache from 1.2.0 to 1.2.1

Changelog

Sourced from requests-cache's changelog.

1.2.1 (2024-06-18)

🪲 Bugfixes:

• Fix normalize_headers not accepting header values in bytes
• Fix inconsistency due to rounding in CachedResponse.expires_unix property
• Fix form boundary used for cached multipart requests to fully comply with RFC 2046
• Fix loading cached JSON content with decode_content=True when the root element is an empty list or object
• Fix usage example with responses library to be compatible with requests 2.32

Commits

• 7f6be31 Merge pull request #993 from requests-cache/fix-empty-array
• 423af82 Fix loading cached JSON content with decode_content=True when the root elemen...
• 28dfa64 Add compatibility tests (for docs/external libraries) to CI and nox config
• 4114cee Merge pull request #992 from requests-cache/fix-responses-test
• f652475 Fix usage example with responses library to be compatible with requests 2.32
• 4dc0a52 Update dependencies
• d002851 Update changelog and contributors
• 1290ae9 Update dependencies
• 08390ee Merge pull request #985 from jcd000/main
• be91e87 Fixes crashes from patched form boundary
• Additional commits viewable in compare view

Updates lxml from 5.2.1 to 5.2.2

Release notes

Sourced from lxml's releases.

lxml-5.2.2

5.2.2 (2024-05-12)

Bugs fixed

• GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

• LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

• If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

Changelog

Sourced from lxml's changelog.

5.2.2 (2024-05-12)

Bugs fixed

• GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

• LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

• If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

Commits

• 8e4b14c Prepare release of lxml 5.2.2.
• ddaa6ed Provide compile time version of libiconv as "etree.ICONV_COMPILED_VERSION".
• 1ab00bd CI: Do not install lxml as dependency of "lxml_html_clean".
• b325054 CI: Stop building LTO wheels to avoid messing with the library build cache.
• 81624c2 CI: Exclude now-unsupported Python versions 3.6/7 from macOS jobs.
• 069fa36 Fix typo.
• e0df2ba Fix typo.
• df55eaf Update changelog.
• f3e77fa Remove dependency on SSE4 instructions, reverting back to "core2" as a target...
• a22e83c Update changelog.
• Additional commits viewable in compare view

Updates boto3 from 1.34.92 to 1.34.148

Commits

• 4c0c448 Merge branch 'release-1.34.148'
• a4c65c8 Bumping version to 1.34.148
• 80606ab Add changelog entries from botocore
• cf616c3 Merge branch 'release-1.34.147'
• a496f69 Merge branch 'release-1.34.147' into develop
• 24baa35 Bumping version to 1.34.147
• 5953105 Add changelog entries from botocore
• 1e6ef77 Merge pull request #4184 from boto/dependabot/github_actions/aws-actions/stal...
• fe9c016 Merge pull request #4190 from boto/dependabot/pip/certifi-2024.7.4
• 38d6688 Updating contributing guide (#4215)
• Additional commits viewable in compare view

Updates pre-commit from 3.7.0 to 3.7.1

Release notes

Sourced from pre-commit's releases.

pre-commit v3.7.1

Fixes

• Fix language: rust default language version check when rust-toolchain.toml is present.
  • issue by @​gaborbernat.
  • #3201 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

3.7.1 - 2024-05-10

Fixes

• Fix language: rust default language version check when rust-toolchain.toml is present.
  • issue by @​gaborbernat.
  • #3201 PR by @​asottile.

Commits

• 9ee0768 v3.7.1
• eeac061 Merge pull request #3201 from pre-commit/rust-default-language-version
• 296f592 determine rust default language version independent of rust-toolchain.toml
• 1602328 Merge pull request #3193 from pre-commit/pre-commit-ci-update-config
• 0142f45 [pre-commit.ci] pre-commit autoupdate
• d7e21cd Merge pull request #3194 from pre-commit/handle-readonly-3-12
• 5c3d006 use a simpler gem for testing additional_dependencies
• 0d4c6da adjust _handle_readonly for typeshed updates
• 85fe182 Merge pull request #3176 from pre-commit/pre-commit-ci-update-config
• 74d05b4 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates ruff from 0.4.2 to 0.5.4

Release notes

Sourced from ruff's releases.

0.5.4

Release Notes

Rule changes

• [ruff] Rename RUF007 to zip-instead-of-pairwise (#12399)

Bug fixes

• [flake8-builtins] Avoid shadowing diagnostics for @override methods (#12415)
• [flake8-comprehensions] Insert parentheses for multi-argument generators (#12422)
• [pydocstyle] Handle escaped docstrings within docstring (D301) (#12192)

Documentation

• Fix GitHub link to Neovim setup (#12410)
• Fix output-format default in settings reference (#12409)

Install ruff 0.5.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.5.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/astral-sh/ruff/releases/download/0.5.4/ruff-installer.ps1 | iex"

Download ruff 0.5.4

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
ruff-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
ruff-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
ruff-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
ruff-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
ruff-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
ruff-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.4

Rule changes

• [ruff] Rename RUF007 to zip-instead-of-pairwise (#12399)

Bug fixes

• [flake8-builtins] Avoid shadowing diagnostics for @override methods (#12415)
• [flake8-comprehensions] Insert parentheses for multi-argument generators (#12422)
• [pydocstyle] Handle escaped docstrings within docstring (D301) (#12192)

Documentation

• Fix GitHub link to Neovim setup (#12410)
• Fix output-format default in settings reference (#12409)

0.5.3

Ruff 0.5.3 marks the stable release of the Ruff language server and introduces revamped documentation, including setup guides for your editor of choice and the language server itself.

Preview features

• Formatter: Insert empty line between suite and alternative branch after function/class definition (#12294)
• [pyupgrade] Implement unnecessary-default-type-args (UP043) (#12371)

Rule changes

• [flake8-bugbear] Detect enumerate iterations in loop-iterator-mutation (B909) (#12366)
• [flake8-bugbear] Remove discard, remove, and pop allowance for loop-iterator-mutation (B909) (#12365)
• [pylint] Allow repeated-equality-comparison for mixed operations (PLR1714) (#12369)
• [pylint] Ignore self and cls when counting arguments (PLR0913) (#12367)
• [pylint] Use UTF-8 as default encoding in unspecified-encoding fix (PLW1514) (#12370)

Server

• Build settings index in parallel for the native server (#12299)
• Use fallback settings when indexing the project (#12362)
• Consider --preview flag for server subcommand for the linter and formatter (#12208)

Bug fixes

• [flake8-comprehensions] Allow additional arguments for sum and max comprehensions (C419) (#12364)
• [pylint] Avoid dropping extra boolean operations in repeated-equality-comparison (PLR1714) (#12368)
• [pylint] Consider expression before statement when determining binding kind (PLR1704) (#12346)

Documentation

... (truncated)

Commits

• 53b84ab Cleanup redundant spaces from changelog (#12424)
• 3664f85 Bump version to v0.5.4 (#12423)
• 2c1926b Insert parentheses for multi-argument generators (#12422)
• 4bcc96a Avoid shadowing diagnostics for @override methods (#12415)
• c0a2b49 Fix the Github link error for Neovim in the setup for editors in the docs. (#...
• ca22248 Update docs Settings output-format default (#12409)
• d8cf8ac [red-knot] Resolve symbols from builtins.pyi in the stdlib if they cannot b...
• 1c7b840 [red-knot] fix incremental benchmark (#12400)
• f82bb67 [red-knot] trace file when inferring types (#12401)
• 5f96f69 [red-knot] Fix bug where module resolution would not be invalidated if an ent...
• Additional commits viewable in compare view

Updates pytest from 8.1.1 to 8.3.2

Release notes

Sourced from pytest's releases.

8.3.2

pytest 8.3.2 (2024-07-24)

Bug fixes

• #12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.

  -- by RonnyPfannschmidt{.interpreted-text role="user"}

8.3.1

pytest 8.3.1 (2024-07-20)

The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.

8.3.0

pytest 8.3.0 (2024-07-20)

New features

• #12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.

  • If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
  • The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
  • Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.

  Some history:

  With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.

  This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.

• #12281: Added support for keyword matching in marker expressions.

  Now tests can be selected by marker keyword arguments. Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.

  See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.

  -- by lovetheguitar{.interpreted-text role="user"}

• #12567: Added --no-fold-skipped command line option.

  If this option is set, then skipped tests in short summary are no longer grouped by reason but all tests are printed individually with their nodeid in the same way as other statuses.

  -- by pbrezina{.interpreted-text role="user"}

... (truncated)

Commits

• bbcec9c Prepare release version 8.3.2
• 78fe8b6 Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...
• 238bad2 Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-env
• ae6034a Merge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...
• 31337ab Merge pull request #12640 from pytest-dev/update-user
• ca3070b Merge pull request #12637 from pytest-dev/release-8.3.1
• de98446 Prepare release version 8.3.1
• bd0a042 Merge pull request #12636 from pytest-dev/update-release-notes
• 664325b doc/changelog: update 8.3.0 notes
• 19d225d Merge pull request #12635 from pytest-dev/release-8.3.0
• Additional commits viewable in compare view

Updates pytest-ruff from 0.3.1 to 0.4.1

Release notes

Sourced from pytest-ruff's releases.

v0.4.1

What's Changed

• Fix pytest without cache -pno:cacheprovider by @​iurisilvio in businho/pytest-ruff#29

Full Changelog: businho/pytest-ruff@v0.4.0...v0.4.1

v0.4.0

What's Changed

• Replace --show-source with --output-format by @​iurisilvio in businho/pytest-ruff#24
• Handle ruff config error by @​iurisilvio in businho/pytest-ruff#25

Full Changelog: businho/pytest-ruff@v0.3.2...v0.4.0

Cleaner test error output

Full stack trace is not relevant for us, it was removed in #18. Thanks to @​lexi-k.

Commits

• 0a0794e Fix pytest without cache -pno:cacheprovider (#29)
• 759cacd Handle ruff config error (#25)
• fd4c1e9 Replace --show-source with --output-format (#24)
• cb1685e Stop printing whole pytest traceback on error (#18)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #252.