Bump the dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates in the / directory: requests, sentry-sdk, jupyterhub and pytest.

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Updates sentry-sdk from 2.1.1 to 2.3.1

Release notes

Sourced from sentry-sdk's releases.

2.3.1

Various fixes & improvements

• Handle also byte arras as strings in Redis caches (#3101) by @​antonpirker
• Do not crash exceptiongroup (by patching excepthook and keeping the name of the function) (#3099) by @​antonpirker

2.3.0

Various fixes & improvements

• NEW: Redis integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3073) by @​antonpirker
• NEW: Django integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3009) by @​antonpirker
• Fix cohere testsuite for new release of cohere (#3098) by @​antonpirker
• Fix ClickHouse integration where _sentry_span might be missing (#3096) by @​sentrivana

2.2.1

Various fixes & improvements

• Add conditional check for delivery_info's existence (#3083) by @​cmanallen
• Updated deps for latest langchain version (#3092) by @​antonpirker
• Fixed grpcio extras to work as described in the docs (#3081) by @​antonpirker
• Use pythons venv instead of virtualenv to create virtual envs (#3077) by @​antonpirker
• Celery: Add comment about kwargs_headers (#3079) by @​szokeasaurusrex
• Celery: Queues module producer implementation (#3079) by @​szokeasaurusrex
• Fix N803 flake8 failures (#3082) by @​szokeasaurusrex

2.2.0

New features

• Celery integration now sends additional data to Sentry to enable new features to guage the health of your queues
• Added a new integration for Cohere
• Reintroduced the last_event_id function, which had been removed in 2.0.0

Other fixes & improvements

• Add tags + data passing functionality to @​ai_track (#3071) by @​colin-sentry
• fix(tracing): Only propagate headers from spans within transactions (#3070) by @​szokeasaurusrex
• ref(metrics): Improve type hints for set metrics (#3048) by @​elramen
• ref(scope): Fix get_client typing (#3063) by @​szokeasaurusrex
• Auto-enable Anthropic integration + gate imports (#3054) by @​colin-sentry
• Made MeasurementValue.unit NotRequired (#3051) by @​antonpirker

Changelog

Sourced from sentry-sdk's changelog.

2.3.1

Various fixes & improvements

• Handle also byte arras as strings in Redis caches (#3101) by @​antonpirker
• Do not crash exceptiongroup (by patching excepthook and keeping the name of the function) (#3099) by @​antonpirker

2.3.0

Various fixes & improvements

• NEW: Redis integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3073) by @​antonpirker
• NEW: Django integration supports now Sentry Caches module. See https://docs.sentry.io/product/performance/caches/ (#3009) by @​antonpirker
• Fix cohere testsuite for new release of cohere (#3098) by @​antonpirker
• Fix ClickHouse integration where _sentry_span might be missing (#3096) by @​sentrivana

2.2.1

Various fixes & improvements

• Add conditional check for delivery_info's existence (#3083) by @​cmanallen
• Updated deps for latest langchain version (#3092) by @​antonpirker
• Fixed grpcio extras to work as described in the docs (#3081) by @​antonpirker
• Use pythons venv instead of virtualenv to create virtual envs (#3077) by @​antonpirker
• Celery: Add comment about kwargs_headers (#3079) by @​szokeasaurusrex
• Celery: Queues module producer implementation (#3079) by @​szokeasaurusrex
• Fix N803 flake8 failures (#3082) by @​szokeasaurusrex

2.2.0

New features

• Celery integration now sends additional data to Sentry to enable new features to guage the health of your queues
• Added a new integration for Cohere
• Reintroduced the last_event_id function, which had been removed in 2.0.0

Other fixes & improvements

• Add tags + data passing functionality to @​ai_track (#3071) by @​colin-sentry
• Only propagate headers from spans within transactions (#3070) by @​szokeasaurusrex
• Improve type hints for set metrics (#3048) by @​elramen
• Fix get_client typing (#3063) by @​szokeasaurusrex
• Auto-enable Anthropic integration + gate imports (#3054) by @​colin-sentry
• Made MeasurementValue.unit NotRequired (#3051) by @​antonpirker

Commits

• a0ea6a9 Updated changelog
• f12712f release: 2.3.1
• 35e9bab Handle also byte arras as strings (#3101)
• 45bf880 Do not crash exceptiongroup (by patching excepthook and keeping the name of t...
• 0983f74 Merge branch 'release/2.3.0'
• 4e74f91 Updated Changelog
• fadd277 Update CHANGELOG.md
• 88dd524 release: 2.3.0
• 121aa0e Redis Cache Module - 1 - Prepare Code (#3073)
• 30f72a3 Django caching instrumentation update (#3009)
• Additional commits viewable in compare view

Updates jupyterhub from 4.1.5 to 5.0.0

Commits

• c616ab2 Bump to 5.0.0
• 41090ce Merge pull request #4820 from minrk/rel5
• d7939c1 one last patch
• d93ca55 update nginx ssl url
• 9ff11e6 Merge pull request #4821 from yuvipanda/fix-bootstrap
• 66ddaeb [pre-commit.ci] auto fixes from pre-commit.com hooks
• 2598ac2 Fix missing form-control classes & some padding
• 4ab36e3 final changelog for 5.0.0
• 282cc02 Merge pull request #4815 from minrk/admin-test
• 6912a5a Merge pull request #4817 from minrk/share-code-full-url
• Additional commits viewable in compare view

Updates pytest from 8.2.0 to 8.2.1

Release notes

Sourced from pytest's releases.

8.2.1

pytest 8.2.1 (2024-05-19)

Improvements

• #12334: Support for Python 3.13 (beta1 at the time of writing).

Bug Fixes

• #12120: Fix [PermissionError]{.title-ref} crashes arising from directories which are not selected on the command-line.
• #12191: Keyboard interrupts and system exits are now properly handled during the test collection.
• #12300: Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only.
• #12308: Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x.

Trivial/Internal Changes

• #12333: pytest releases are now attested using the recent Artifact Attestation support from GitHub, allowing users to verify the provenance of pytest's sdist and wheel artifacts.

Commits

• 66ff8df Prepare release version 8.2.1
• 3ffcfd1 Merge pull request #12340 from pytest-dev/backport-12334-to-8.2.x
• 0b28313 [8.2.x] Add Python 3.13 (beta) support
• f3dd93a [8.2.x] Attest package provenance (#12335)
• bb5a125 [8.2.x] Spelling (#12331)
• f179bf2 Merge pull request #12327 from pytest-dev/backport-12325-to-8.2.x
• 2b671b5 [8.2.x] cacheprovider: fix .pytest_cache not being world-readable
• 65ab7cb Merge pull request #12324 from pytest-dev/backport-12320-to-8.2.x
• 4d5fb7d Merge pull request #12319 from pytest-dev/backport-12311-to-8.2.x
• cbe5996 [8.2.x] changelog: document unittest 8.2 change as breaking
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #17.