Deps: Bump the python-packages group with 15 updates

[dependabot]

Bumps the python-packages group with 15 updates:

Package	From	To
lxml	4.9.3	5.1.0
coverage	7.4.0	7.4.1
autohooks	23.10.0	24.1.0
black	23.12.1	24.1.1
pontos	24.1.0	24.1.2
alabaster	0.7.15	0.7.16
beautifulsoup4	4.12.2	4.12.3
cryptography	41.0.7	42.0.1
dill	0.3.7	0.3.8
markupsafe	2.1.3	2.1.4
sphinxcontrib-applehelp	1.0.7	1.0.8
sphinxcontrib-devhelp	1.0.5	1.0.6
sphinxcontrib-htmlhelp	2.0.4	2.0.5
sphinxcontrib-qthelp	1.0.6	1.0.7
sphinxcontrib-serializinghtml	1.1.9	1.1.10

Updates lxml from 4.9.3 to 5.1.0

Changelog

Sourced from lxml's changelog.

5.1.0 (2024-01-05)

Features added

• Parsing ASCII strings is slightly faster.

Bugs fixed

• GH#349: The HTML Cleaner() interpreted an accidentally provided string parameter for the host_whitelist as list of characters and silently failed to reject any hosts. Passing a non-collection is now rejected.

Other changes

• Support for Python 2.7 and Python versions < 3.6 was removed.

• The wheel build was migrated to use cibuildwheel. Patch by Primož Godec.

5.0.1 (2024-01-05)

Bugs fixed

• LP#2046208: Parsing non-BMP Python Unicode strings could fail on macOS.

• LP#2044225: When incrementally parsing broken HTML, reporting start events on missing structural tags failed and could lead to subsequent exceptions.

• LP#2045435: Some (not all) issues with stricter C compilers were resolved.

• The binary wheels in the 5.0.0 release did not validate cleanly (but installed ok).

.. _latest_release:

5.0.0 (2023-12-29)

Features added

• Character escaping in C14N2 serialisation now uses a single pass over the text instead of searching for each unescaped character separately.

... (truncated)

Commits

• 82a4260 Prepare release of 5.1.0.
• 3eafa61 Merge branch 'lxml-5.0'
• eb5cd98 Prepare release of 5.0.1.
• f4b8be5 docs: Shorten the list of old versions on the main website.
• 9496a79 Update changelog.
• c13c5af Remove some dead Py2 code.
• 5bba8c4 Remove some dead Py2 code.
• 5fa0cd5 Cleaner: Validate that host_whitelist is not a string (GH-349)
• ff88377 Remove accidentally duplicated code.
• 7244b43 Merge branch 'lxml-5.0'
• Additional commits viewable in compare view

Updates coverage from 7.4.0 to 7.4.1

Changelog

Sourced from coverage's changelog.

Version 7.4.1 — 2024-01-26

• Python 3.13.0a3 is supported.

• Fix: the JSON report now includes an explicit format version number, closing issue 1732_.

.. _issue 1732: nedbat/coveragepy#1732

.. _changes_7-4-0:

Commits

• 07588ea test: give hypothesis a little more time
• 2c96518 build: tags should be signed
• 8d1857f docs: sample HTML for 7.4.1
• ddc88f7 docs: prep for 7.4.1
• 98cd671 docs: correct two library urls
• 498b8c9 build: coverage runs have to skip windows pypy too
• 75b22f0 test: ignore color in tracebacks
• b7c41a2 build: show action environment variables for debugging
• f8be865 build: run actions on 3.13 since a3 came out.
• de60a6d build(deps): bump actions/dependency-review-action from 3 to 4
• Additional commits viewable in compare view

Updates autohooks from 23.10.0 to 24.1.0

Release notes

Sourced from autohooks's releases.

autohooks 24.1.0

24.1.0 - 2024-01-26

Added

• Ignore ruff_cache from git 7542c15

Removed

• Remove unused settings file for pylint 6faf4d1
• Replace isort with ruff b6fcbed

Changed

• Update headers of all Python files f03fc7b
• Update formatting with black 24.1.0 73f48bc
• Unify release workflow (file) name 64a1d24
• Merge coverage config into pyproject.toml 0e70f9b
• Make ruff more prominent in the README 4fe01c5
• Use trusted publisher upload for PyPI d2f2c7d

Bug Fixes

• Fix README and package meta data for supported Python versions b4d92f6

Dependencies

• Bump the dependencies group with 7 updates a52e2f7
• Bump the dependencies group with 10 updates e7c1165
• Bump jinja2 from 3.1.2 to 3.1.3 8055e30
• Bump the dependencies group with 5 updates 90c623e
• Bump the dependencies group with 8 updates 3022f81
• Bump the dependencies group with 1 update c2d5c35
• Bump the dependencies group with 8 updates bc4d28a
• Bump the dependencies group with 6 updates 61c0201
• Bump the dependencies group with 2 updates 8bdb3bd
• Bump the dependencies group with 7 updates 863cd39
• Bump the dependencies group with 7 updates 2cea7c7
• Bump the dependencies group with 6 updates 86411da
• Bump the dependencies group with 6 updates aa4e1e0
• Bump the dependencies group with 4 updates c930d52
• Bump the dependencies group with 4 updates (#620) 4ca79cf

Commits

• bff00fe Automatic release to 24.1.0
• f03fc7b Change: Update headers of all Python files
• 73f48bc Change: Update formatting with black 24.1.0
• 64a1d24 Change: Unify release workflow (file) name
• 7542c15 Add: Ignore ruff_cache from git
• 0e70f9b Change: Merge coverage config into pyproject.toml
• 6faf4d1 Remove: Remove unused settings file for pylint
• b6fcbed Remove: Replace isort with ruff
• ae201e7 Update copyright in README for 2024
• b4d92f6 Fix: Fix README and package meta data for supported Python versions
• Additional commits viewable in compare view

Updates black from 23.12.1 to 24.1.1

Release notes

Sourced from black's releases.

24.1.1

Bugfix release to fix a bug that made Black unusable on certain file systems with strict limits on path length.

Preview style

• Consistently add trailing comma on typed parameters (#4164)

Configuration

• Shorten the length of the name of the cache file to fix crashes on file systems that do not support long paths (#4176)

24.1.0

Highlights

This release introduces the new 2024 stable style (#4106), stabilizing the following changes:

• Add parentheses around if-else expressions (#2278)
• Dummy class and function implementations consisting only of ... are formatted more compactly (#3796)
• If an assignment statement is too long, we now prefer splitting on the right-hand side (#3368)
• Hex codes in Unicode escape sequences are now standardized to lowercase (#2916)
• Allow empty first lines at the beginning of most blocks (#3967, #4061)
• Add parentheses around long type annotations (#3899)
• Enforce newline after module docstrings (#3932, #4028)
• Fix incorrect magic trailing comma handling in return types (#3916)
• Remove blank lines before class docstrings (#3692)
• Wrap multiple context managers in parentheses if combined in a single with statement (#3489)
• Fix bug in line length calculations for power operations (#3942)
• Add trailing commas to collection literals even if there's a comment after the last entry (#3393)
• When using --skip-magic-trailing-comma or -C, trailing commas are stripped from subscript expressions with more than 1 element (#3209)
• Add extra blank lines in stubs in a few cases (#3564, #3862)
• Accept raw strings as docstrings (#3947)
• Split long lines in case blocks (#4024)
• Stop removing spaces from walrus operators within subscripts (#3823)
• Fix incorrect formatting of certain async statements (#3609)
• Allow combining # fmt: skip with other comments (#3959)

There are already a few improvements in the --preview style, which are slated for the 2025 stable style. Try them out and share your feedback. In the past, the preview style has included some features that we were not able to stabilize. This year, we're

... (truncated)

Changelog

Sourced from black's changelog.

24.1.1

Bugfix release to fix a bug that made Black unusable on certain file systems with strict limits on path length.

Preview style

• Consistently add trailing comma on typed parameters (#4164)

Configuration

• Shorten the length of the name of the cache file to fix crashes on file systems that do not support long paths (#4176)

24.1.0

Highlights

This release introduces the new 2024 stable style (#4106), stabilizing the following changes:

• Add parentheses around if-else expressions (#2278)
• Dummy class and function implementations consisting only of ... are formatted more compactly (#3796)
• If an assignment statement is too long, we now prefer splitting on the right-hand side (#3368)
• Hex codes in Unicode escape sequences are now standardized to lowercase (#2916)
• Allow empty first lines at the beginning of most blocks (#3967, #4061)
• Add parentheses around long type annotations (#3899)
• Enforce newline after module docstrings (#3932, #4028)
• Fix incorrect magic trailing comma handling in return types (#3916)
• Remove blank lines before class docstrings (#3692)
• Wrap multiple context managers in parentheses if combined in a single with statement (#3489)
• Fix bug in line length calculations for power operations (#3942)
• Add trailing commas to collection literals even if there's a comment after the last entry (#3393)
• When using --skip-magic-trailing-comma or -C, trailing commas are stripped from subscript expressions with more than 1 element (#3209)
• Add extra blank lines in stubs in a few cases (#3564, #3862)
• Accept raw strings as docstrings (#3947)
• Split long lines in case blocks (#4024)
• Stop removing spaces from walrus operators within subscripts (#3823)
• Fix incorrect formatting of certain async statements (#3609)
• Allow combining # fmt: skip with other comments (#3959)

There are already a few improvements in the --preview style, which are slated for the 2025 stable style. Try them out and share your feedback. In the past, the preview style has included some features that we were not able to stabilize. This year, we're

... (truncated)

Commits

• e026c93 Prepare release 24.1.1 (#4186)
• 79fc115 chore: ignore node_modules (produced by a pre-commit check) (#4184)
• 8bf0454 Consistently add trailing comma on typed parameters (#4164)
• 1607e9a Fix missing space in option description (#4182)
• ed770ba Fix cache file length (#4176)
• 659c29a New changelog
• 0e6e46b Prepare release 24.1.0 (#4170)
• 4f47cac Add --unstable flag (#4096)
• bccec8a Show warning on invalid toml configuration (#4165)
• 7d78946 Describe 2024 module docstring more accurately (#4168)
• Additional commits viewable in compare view

Updates pontos from 24.1.0 to 24.1.2

Release notes

Sourced from pontos's releases.

pontos 24.1.2

24.1.2 - 2024-01-18

Added

• Export all relevant git classes from pontos.git 42ff071

Changed

• Cleanup pontos.version module API 53ddf6b
• Mark pontos.git.status as private module explicitly db91dbe
• Mark pontos.git.git as private module explicitly a73513e
• Use trusted publisher process to deploy on PyPI 6aefbab

Bug Fixes

• Fix versioning_scheme type of Project constructor 123db56
• Fix return type of CMakeVErsionParser._tokenize method 38479f9

Dependencies

• Bump the python-packages group with 9 updates bcb3e86

pontos 24.1.1

24.1.1 - 2024-01-12

Changed

• Improve CLI help for pontos-changelog and pontos-release 2fa927b
• Include changes from pre-releases in non pre-releases 0ddbb3c

Bug Fixes

• Ignore invalid versions in tag when determining last release 84ecc39

Dependencies

• Bump jinja2 from 3.1.2 to 3.1.3 415878e
• Bump the python-packages group with 4 updates 4a6f56a

Commits

• c7b8ece Automatic release to 24.1.2
• 123db56 Fix: Fix versioning_scheme type of Project constructor
• 38479f9 Fix: Fix return type of CMakeVErsionParser._tokenize method
• 53ddf6b Change: Cleanup pontos.version module API
• db91dbe Change: Mark pontos.git.status as private module explicitly
• a73513e Change: Mark pontos.git.git as private module explicitly
• 42ff071 Add: Export all relevant git classes from pontos.git
• 6aefbab Change: Use trusted publisher process to deploy on PyPI
• bcb3e86 Deps: Bump the python-packages group with 9 updates
• 4d127c7 Automatic adjustments after release
• Additional commits viewable in compare view

Updates alabaster from 0.7.15 to 0.7.16

Release notes

Sourced from alabaster's releases.

Alabaster 0.7.16

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Changelog

Sourced from alabaster's changelog.

:git_tag:0.7.16 -- 2024-01-10

• 🐛215 Do not display logo_name if it is set to False.

Commits

• f3fdc04 Bump to 0.7.16
• 39cbbc1 Do not display logo_name == 'false'
• See full diff in compare view

Updates beautifulsoup4 from 4.12.2 to 4.12.3

Updates cryptography from 41.0.7 to 42.0.1

Changelog

Sourced from cryptography's changelog.

42.0.1 - 2024-01-24

* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public keys in
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`.
.. _v42-0-0:
42.0.0 - 2024-01-22

• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
• BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field using :func:~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates or :func:~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates will now raise a ValueError rather than return an empty list.
• Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0.
• Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
• We now publish both py37 and py39 abi3 wheels. This should resolve some errors relating to initializing a module multiple times per process.
• Support :class:~cryptography.hazmat.primitives.asymmetric.padding.PSS for X.509 certificate signing requests and certificate revocation lists with the keyword-only argument rsa_padding on the sign methods for :class:~cryptography.x509.CertificateSigningRequestBuilder and :class:~cryptography.x509.CertificateRevocationListBuilder.
• Added support for obtaining X.509 certificate signing request signature algorithm parameters (including PSS) via :meth:~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters.
• Added support for obtaining X.509 certificate revocation list signature algorithm parameters (including PSS) via :meth:~cryptography.x509.CertificateRevocationList.signature_algorithm_parameters.
• Added mgf property to :class:~cryptography.hazmat.primitives.asymmetric.padding.PSS.
• Added algorithm and mgf properties to :class:~cryptography.hazmat.primitives.asymmetric.padding.OAEP.
• Added the following properties that return timezone-aware datetime objects: :meth:~cryptography.x509.Certificate.not_valid_before_utc, :meth:~cryptography.x509.Certificate.not_valid_after_utc, :meth:~cryptography.x509.RevokedCertificate.revocation_date_utc, :meth:~cryptography.x509.CertificateRevocationList.next_update_utc, :meth:~cryptography.x509.CertificateRevocationList.last_update_utc. These are timezone-aware variants of existing properties that return naïve datetime objects.
• Deprecated the following properties that return naïve datetime objects:

... (truncated)

Commits

• 337437d 42.0.1 bump (#10252)
• 56255de allow SPKI RSA keys to be parsed even if they have an incorrect delimiter (#1...
• 12f038b fixes #10237 -- correct EC sign parameter name (#10239) (#10240)
• 4e64baf 42.0.0 version bump (#10232)
• 7cb13a3 we'll ship 3.2.0 for 42 (#9951)
• 605c74e Bump x509-limbo and/or wycheproof in CI (#10231)
• 97578b9 Bump BoringSSL and/or OpenSSL in CI (#10230)
• 972a7b5 verification: add test_verify_tz_aware (#10229)
• 41daf2d Migrate PKCS7 backend to Rust (#10228)
• d54093e Remove some skips in tests that aren't needed anymore (#10223)
• Additional commits viewable in compare view

Updates dill from 0.3.7 to 0.3.8

Commits

• a0a8e86 tag: 0.3.8
• 6f83208 skip BufferedRandomType on pyodide (#644)
• 72f6523 Bump readthedocs-sphinx-search from 0.3.1 to 0.3.2 in /docs (#642)
• db56c29 update sphinx to 6.2.1 (#641)
• 21bd82b import submodule properly when there is an attribute of the module with the s...
• cce8ac7 Bump jinja2 from 3.1.1 to 3.1.3 in /docs (#640)
• 5ed40d5 updated copyright for 2024 (#638)
• 8d209d4 add guard for math.log in size calculation (#637)
• 6343f44 add build to rtfd config (#632)
• 4b24b6d formal support for 3.12, initial support for 3.13 (#630)
• Additional commits viewable in compare view

Updates markupsafe from 2.1.3 to 2.1.4

Release notes

Sourced from markupsafe's releases.

2.1.4

This is a fix release for the 2.1.x feature release branch. It fixes bugs but does not otherwise change behavior and should not result in breaking changes.

• Improves performance of the Markup.striptags method for large input.

• Changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-4

• Milestone: https://github.com/pallets/markupsafe/milestone/11?closed=1

• PyPI: https://pypi.org/project/MarkupSafe/2.1.4/

Changelog

Sourced from markupsafe's changelog.

Version 2.1.4

Released 2024-01-19

• Don't use regular expressions for striptags, avoiding a performance issue. :pr:413

Commits

• b7cd652 release version 2.1.4
• 3bead8e update cibuildwheel for 3.12 wheels
• a24df39 improve striptags performance (#413)
• 750e22b improve striptags performance
• 4c397ef start version 2.1.4
• bc0cb5c [pre-commit.ci] pre-commit autoupdate (#387)
• 35ab8a0 [pre-commit.ci] pre-commit autoupdate
• f5a40c7 [pre-commit.ci] pre-commit autoupdate (#386)
• 8dd8dac [pre-commit.ci] pre-commit autoupdate
• e2fd390 update dependencies
• Additional commits viewable in compare view

Updates sphinxcontrib-applehelp from 1.0.7 to 1.0.8

Release notes

Sourced from sphinxcontrib-applehelp's releases.

sphinxcontrib-applehelp 1.0.8

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinxcontrib-applehelp's changelog.

Release 1.0.8 (2024-01-13)

• Remove Sphinx as a required dependency, as circular dependencies may cause failure with package managers that expect a directed acyclic graph (DAG) of dependencies.

Commits

• cadf870 Bump to 1.0.8 final
• ccc77c8 Remove Sphinx as a required dependency (#15)
• See full diff in compare view

Updates sphinxcontrib-devhelp from 1.0.5 to 1.0.6

Release notes

Sourced from sphinxcontrib-devhelp's releases.

sphinxcontrib-devhelp 1.0.6

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinxcontrib-devhelp's changelog.

Release 1.0.6 (2024-01-13)

• Remove Sphinx as a required dependency, as circular dependencies may cause failure with package managers that expect a directed acyclic graph (DAG) of dependencies.

Commits

• 1ace65f Bump to 1.0.6 final
• ff26d1f Remove Sphinx as a required dependency (#11)
• 6401cf7 Use Node.findall over Node.traverse (#10)
• See full diff in compare view

Updates sphinxcontrib-htmlhelp from 2.0.4 to 2.0.5

Release notes

Sourced from sphinxcontrib-htmlhelp's releases.

sphinxcontrib-htmlhelp 2.0.5

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinxcontrib-htmlhelp's changelog.

Release 2.0.5 (2024-01-13)

• Remove Sphinx as a required dependency, as circular dependencies may cause failure with package managers that expect a directed acyclic graph (DAG) of dependencies.

Commits

• 244375f Bump to 2.0.5 final
• 25f9218 Remove Sphinx as a required dependency (#18)
• See full diff in compare view

Updates sphinxcontrib-qthelp from 1.0.6 to 1.0.7

Release notes

Sourced from sphinxcontrib-qthelp's releases.

sphinxcontrib-qthelp 1.0.7

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinxcontrib-qthelp's changelog.

Release 1.0.7 (2024-01-13)

• Remove Sphinx as a required dependency, as circular dependencies may cause failure with package managers that expect a directed acyclic graph (DAG) of dependencies.

Commits

• 79f0780 Bump to 1.0.7 final
• b4d64f5 Remove Sphinx as a required dependency (#15)
• See full diff in compare view

Updates sphinxcontrib-serializinghtml from 1.1.9 to 1.1.10

Release notes

Sourced from sphinxcontrib-serializinghtml's releases.

sphinxcontrib-serializinghtml 1.1.10

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinxcontrib-serializinghtml's changelog.

Release 1.1.10 (2024-01-13)

• Remove Sphinx as a required dependency, as circular dependencies may cause failure with package managers that expect a directed acyclic graph (DAG) of dependencies.

Commits

• 941e0e8 Bump to 1.0.10 final
• f0b7604 Remove Sphinx as a required dependency (#10)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[bjoernricks]

@dependabot rebase

[dependabot]

Looks like these dependencies are up-to-date now, so this is no longer needed.