build(deps): bump the dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the dependencies group with 15 updates in the / directory:

Package	From	To
requests	2.31.0	2.32.3
certifi	2023.11.17	2024.6.2
cryptography	41.0.7	42.0.8
idna	3.6	3.7
pycparser	2.21	2.22
securesystemslib[crypto,pynacl]	0.31.0	1.1.0
urllib3	2.1.0	2.2.2
coverage	7.3.2	7.5.4
build	1.0.3	1.2.1
tox	4.1.2	4.15.1
black	23.11.0	24.4.2
isort	5.13.0	5.13.2
pylint	3.0.2	3.2.3
mypy	1.7.1	1.10.0
bandit	1.7.6	1.7.9

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates certifi from 2023.11.17 to 2024.6.2

Commits

• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
• 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
• 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
• 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
• Additional commits viewable in compare view

Updates cryptography from 41.0.7 to 42.0.8

Changelog

Sourced from cryptography's changelog.

42.0.8 - 2024-06-04

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2.
.. _v42-0-7:
42.0.7 - 2024-05-06

• Restored Windows 7 compatibility for our pre-built wheels. Note that we do not test on Windows 7 and wheels for our next release will not support it. Microsoft no longer provides support for Windows 7 and users are encouraged to upgrade.

.. _v42-0-6:

42.0.6 - 2024-05-04

* Fixed compilation when using LibreSSL 3.9.1.
.. _v42-0-5:
42.0.5 - 2024-02-23

• Limit the number of name constraint checks that will be performed in :mod:X.509 path validation <cryptography.x509.verification> to protect against denial of service attacks.
• Upgrade pyo3 version, which fixes building on PowerPC.

.. _v42-0-4:

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15

• Fixed an initialization issue that caused key loading failures for some

... (truncated)

Commits

• 761ef4b bump for 42.0.8 release (#11072)
• 0cc7fc3 Prepare for 42.0.7 release (#10949)
• cfad004 Prepare backports for 42.0.6 release (#10929)
• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates pycparser from 2.21 to 2.22

Release notes

Sourced from pycparser's releases.

release_v2.22

What's Changed

• Add missing SCHAR limit defines by @​matamegger in eliben/pycparser#449
• Use proper SPDX identifier by @​Shortfinga in eliben/pycparser#474
• Add Python 3.11 as a supported version by @​erlend-aasland in eliben/pycparser#469
• Fix multi-pragma/single statement blocks (#479) by @​ldore in eliben/pycparser#480
• Add an encoding parameter to parse_file by @​jordr in eliben/pycparser#486
• Feature/add pragma support by @​jordr in eliben/pycparser#487
• Set up permissions to ci.yml by @​joycebrum in eliben/pycparser#492
• _build_tables: Invalidate cache before importing generated modules by @​mgorny in eliben/pycparser#494
• Upgrade GitHub Actions by @​cclauss in eliben/pycparser#500
• Create a Security Policy by @​joycebrum in eliben/pycparser#499
• New example to generate AST from scratch by @​Andree37 in eliben/pycparser#507
• Add support for Python 3.12 by @​hugovk in eliben/pycparser#515
• ply: Make generated lextab.py deterministic by @​jackrosenthal in eliben/pycparser#531

New Contributors

• @​matamegger made their first contribution in eliben/pycparser#449
• @​Shortfinga made their first contribution in eliben/pycparser#474
• @​erlend-aasland made their first contribution in eliben/pycparser#469
• @​jordr made their first contribution in eliben/pycparser#486
• @​joycebrum made their first contribution in eliben/pycparser#492
• @​mgorny made their first contribution in eliben/pycparser#494
• @​cclauss made their first contribution in eliben/pycparser#500
• @​Andree37 made their first contribution in eliben/pycparser#507
• @​jackrosenthal made their first contribution in eliben/pycparser#531

Full Changelog: eliben/pycparser@release_v2.21...release_v2.22

Changelog

Sourced from pycparser's changelog.

• Starting with version 2.22, please use the GitHub UI at https://github.com/eliben/pycparser/tags to compare tags in order to find out what changed.

Commits

• 129d32e Prepare for release 2.22
• c3e2644 update CHANGES file for future changes
• c500fb6 ply: Make generated lextab.py deterministic (#531)
• f740995 Add support for Python 3.12 (#515)
• 6cf69df New example to generate AST from scratch (#507)
• 50a26ac Remove unneeded import in an example
• d86a9e5 Remove from future imports from all files in this repo
• a9f073e Remove from future imports in examples
• 670979b Update SECURITY.md
• 9e8cd29 Create a Security Policy (#499)
• Additional commits viewable in compare view

Updates securesystemslib[crypto,pynacl] from 0.31.0 to 1.1.0

Release notes

Sourced from securesystemslib[crypto,pynacl]'s releases.

v1.1.0

See CHANGELOG.md for details.

v1.0.0

See CHANGELOG.md for details.

Changelog

Sourced from securesystemslib[crypto,pynacl]'s changelog.

securesystemslib v1.1.0

This is a small release that only re-enables the use of SigstoreSigner. Note that SigstoreSigner and SigstoreKey are still not part of the default set of supported signers & keys but now they can be enabled.

Changed

• SigstoreSigner: Re-enable compatibility with Sigstore (#781)

securesystemslib v1.0.0

Securesystemslib API is now considered stable. The core functionality is provided in the Signer interface and the half a dozen integrated Signer implementations that can be found in the signer module. Smaller helper modules dsse, formats, hash and storage are also part of the API. Several legacy modules have been removed.

Added

• Signer: add public_key attribute to interface (#756)
• VaultSigner: Signer implementation for HashiCorp Vault (#800)
• CryptoSigner: support ecdsa keytype that is no longer in spec (#711)
• CryptoSigner: add private_bytes property (#799)
• CryptoSigner: add "file2" signer uri (#759)
• test: use localstack to test AWSSigner (#777)

Removed

• CryptoSigner: remove "file" signer uri (#759)
• migration script for legacy keys (#770)
• SSlibSigner class and *_securesystemslib_key methods (#771)
• legacy key key*, interface, util and schema modules (#772, #773, #776)
• unused functions in hash, and formats module (#774, #776)
• unused global key constants (#806)

Changed

• SSlibKey: strengthen input validation (#780, #795)
• AWSSigner: support default scheme and add stronger input validation (#724, #778)
• dsse: change Envelope.signatures type to dict (#743)
• vendor: update ed25519 copy (#793)
• docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796)
• test: improve and temporarily disable SigstoreSigner test (#779, #785)
• ci: use dependabot groups, update weekly (#735)
• ci: test macOS and Windows on latest Python only (#797)
• Make securessystemslib.gpg internal (#792)

Fixed

• Fix check-upstream-ed25519 workflow permission (#706)
• SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794)

Commits

• c70d7be Merge pull request #821 from jku/release-v1.1.0
• 9d4a99e Prepare v1.1
• 08e64be Merge pull request #819 from secure-systems-lab/dependabot/pip/dependencies-2...
• 7058f55 Bump the dependencies group across 1 directory with 4 updates
• 5e734e4 Merge pull request #813 from jku/upgrade-sigstore
• bc6f882 Merge pull request #814 from secure-systems-lab/dependabot/pip/test-and-lint-...
• f61cf1a GCPSigner: Add exception for unsupported keys
• 323d572 Merge pull request #816 from secure-systems-lab/dependabot/github_actions/act...
• 3b7b7e6 ---
• 603b461 ---
• Additional commits viewable in compare view

Updates urllib3 from 2.1.0 to 2.2.2

Release notes

Sourced from urllib3's releases.

2.2.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
• Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. (#3122)
• Fixed return types representing copying actions to use typing.Self. (#3363)

Full Changelog: urllib3/urllib3@2.2.1...2.2.2

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
• Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

2.2.0

🖥️ urllib3 now works in the browser

🎉 This release adds experimental support for using urllib3 in the browser with Pyodide! 🎉

Thanks to Joe Marshall (@​joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
• Added support for HTTPResponse.read1() method. (#3186)
• Added rudimentary support for HTTP/2. (#3284)
• Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
• Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. (#3130)

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.2.2 (2024-06-17)

• Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
• Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. ([#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122>__)
• Fixed return types representing copying actions to use typing.Self. ([#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363>__)

2.2.1 (2024-02-16)

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>__)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>__)
• Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>__)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>__)

2.2.0 (2024-01-30)

• Added support for Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>, including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951) <https://github.com/urllib3/urllib3/issues/2951>)
• Added support for HTTPResponse.read1() method. ([#3186](https://github.com/urllib3/urllib3/issues/3186) <https://github.com/urllib3/urllib3/issues/3186>__)
• Added rudimentary support for HTTP/2. ([#3284](https://github.com/urllib3/urllib3/issues/3284) <https://github.com/urllib3/urllib3/issues/3284>__)
• Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. ([#2244](https://github.com/urllib3/urllib3/issues/2244) <https://github.com/urllib3/urllib3/issues/2244>__)
• Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. ([#3130](https://github.com/urllib3/urllib3/issues/3130) <https://github.com/urllib3/urllib3/issues/3130>__)
• Fixed an issue where headers passed in a request with json= would be mutated ([#3203](https://github.com/urllib3/urllib3/issues/3203) <https://github.com/urllib3/urllib3/issues/3203>__)
• Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. ([#3267](https://github.com/urllib3/urllib3/issues/3267) <https://github.com/urllib3/urllib3/issues/3267>__)
• Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([#3268](https://github.com/urllib3/urllib3/issues/3268) <https://github.com/urllib3/urllib3/issues/3268>__)
• Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([#3325](https://github.com/urllib3/urllib3/issues/3325) <https://github.com/urllib3/urllib3/issues/3325>__)
• Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the --integration pytest flag. ([#3181](https://github.com/urllib3/urllib3/issues/3181) <https://github.com/urllib3/urllib3/issues/3181>__)

Commits

• 27e2a5c Release 2.2.2 (#3406)
• accff72 Merge pull request from GHSA-34jh-p97f-mpxf
• 34be4a5 Pin CFFI to a new release candidate instead of a Git commit (#3398)
• da41058 Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)
• b07a669 Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)
• b8589ec Measure coverage with v4 of artifact actions (#3394)
• f3bdc55 Allow triggering CI manually (#3391)
• 5239265 Fix HTTP version in debug log (#3316)
• b34619f Bump actions/checkout to 4.1.4 (#3387)
• 9961d14 Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)
• Additional commits viewable in compare view

Updates coverage from 7.3.2 to 7.5.4

Changelog

Sourced from coverage's changelog.

Version 7.5.4 — 2024-06-22

• If you attempt to combine statement coverage data with branch coverage data, coverage.py used to fail with the message "Can't combine arc data with line data" or its reverse, "Can't combine line data with arc data." These messages used internal terminology, making it hard for people to understand the problem. They are now changed to mention "branch coverage data" and "statement coverage data."

• Fixed a minor branch coverage problem with wildcard match/case cases using names or guard clauses.

• Started testing on 3.13 free-threading (nogil) builds of Python. I'm not claiming full support yet. Closes issue 1799_.

.. _issue 1799: nedbat/coveragepy#1799

.. _changes_7-5-3:

Version 7.5.3 — 2024-05-28

• Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix.

• Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791_. Thanks to Daniel Diniz for helping to diagnose the problem.

.. _issue 1791: nedbat/coveragepy#1791

.. _changes_7-5-2:

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

... (truncated)

Commits

• 22c09c6 docs: sample HTML for 7.5.4
• 9e16381 docs: prep for 7.5.4
• fba9b9e docs: link issue 1799 from the changelog
• f124de8 build: no longer download kits to upload them
• 9516cf6 build: hash-pin all actions
• c6e0985 build: finish up the publish action
• 4a49458 build: get the latest dist run id for publishing
• fb15efa build: pin hashes for publishing actions
• c20af95 build: use the correct item: github.event.action
• ccbab15 build: dump all the github actions data
• Additional commits viewable in compare view

Updates build from 1.0.3 to 1.2.1

Release notes

Sourced from build's releases.

Version 1.2.1

What's Changed

• Avoid error when terminal width is undetectable on Python < 3.11 (PR #761)

Full Changelog: pypa/build@1.2.0...1.2.1

Version 1.2.0

What's Changed

• Add --installer option, supporting pip and uv. Added uv extra. (PR #751)
• Improve console output and provide -v for dependency installation (PR #749)
• Avoid compiling unused bytecode when using pip (PR #752)
• Dropped support for Python 3.7 (PR #743)

Full Changelog: pypa/build@1.1.1...1.2.0

Version 1.1.1

What's Changed

• Fixed invoking outer pip from user site packages (PR #746, fixes issue #745)
• Corrected the minimum pip version required to use an outer pip (PR #746, fixes issue #745)

Full Changelog: pypa/build@v1.1.0...1.1.1

Version 1.1.0

What's Changed

• Use external pip if available instead of installing, speeds up environment setup with virtualenv slightly and venv significantly. (PR #736)
• Stopped injecting wheel as a build dependency automatically, in the case of missing pyproject.toml -- by @​webknjaz. (PR #716)
• Use importlib_metadata on Python <3.10.2 for bugfixes not present in those CPython standard libraries (not required when bootstrapping) -- by @​GianlucaFicarelli. (PR #693, fixes issue #692)

New Contributors

• @​MichaReiser made their first contribution in pypa/build#697
• @​GianlucaFicarelli made their first contribution in pypa/build#693

Full Changelog: pypa/build@1.0.3...v1.1.0

Changelog

Sourced from build's changelog.

1.2.1 (2024-03-28)

• Avoid error when terminal width is undetectable on Python < 3.11 (PR :pr:761)

1.2.0 (2024-03-27)

• Add --installer option, supporting pip and uv. Added uv extra. (PR :pr:751)
• Improve console output and provide -v for dependency installation (PR :pr:749)
• Avoid compiling unused bytecode when using pip (PR :pr:752)
• Dropped support for Python 3.7 (PR :pr:743)

1.1.1 (2024-02-29)

• Fixed invoking outer pip from user site packages (PR :pr:746, fixes issue :issue:745)
• Corrected the minimum pip version required to use an outer pip (PR :pr:746, fixes issue :issue:745)

1.1.0 (2024-02-29)

• Use external pip if available instead of installing, speeds up environment setup with virtualenv slightly and venv significantly. (PR :pr:736)
• Stopped injecting wheel as a build dependency automatically, in the case of missing pyproject.toml -- by :user:webknjaz. (PR :pr:716)
• Use importlib_metadata on Python <3.10.2 for bugfixes not present in those CPython standard libraries (not required when bootstrapping) -- by :user:GianlucaFicarelli. (PR :pr:693, fixes issue :issue:692)

Commits

• 1e67c06 chore: bump version number to 1.2.1
• e5072e3 fix: support min width not detectable (#761)
• d5fb6fb chore: prepare for 1.2.0 (#758)
• 1ae6eb1 pre-commit: bump repositories (#757)
• a1f005d pre-commit: bump repositories (#756)
• 5076a56 uv: support double verbosity flag
• 5662669 chore: bump mypy
• 24c513d chore: reformat using Black 2024 style
• 08cdb76 ruff: bump version and update config
• 97ea57b perf: avoid compiling unused bytecode (#752)
• Additional commits viewable in compare view

Updates tox from 4.1.2 to 4.15.1

Release notes

Sourced from tox's releases.

4.15.1

What's Changed

• fix skip with package = wheel by @​MarcinKonowalczyk in tox-dev/tox#3269
• Fixed typo in user guide. by @​carltongibson in tox-dev/tox#3277
• Fix broad build privileges @ GHA release workflow by @​webknjaz in tox-dev/tox#3281
• Allow ConfigSet.add_config to receive parameterized generics for of_type. by @​ssbarnea in tox-dev/tox#3288
• Fix section substitution with setenv by @​JJLLWW in tox-dev/tox#3289

New Contributors

• @​MarcinKonowalczyk made their first contribution in tox-dev/tox#3269
• @​carltongibson made their first contribution in tox-dev/tox#3277
• @​JJLLWW made their first contribution in tox-dev/tox#3289

Full Changelog: tox-dev/tox@4.15.0...4.15.1

4.15.0

What's Changed

• Remove duplicated and misleading configuration section by @​jugmac00 in tox-dev/tox#3251
• Fix dropped leading characters c from constraints' packages by @​jugmac00 in tox-dev/tox#3250
• Fix type-checking by @​stefanor in tox-dev/tox#3260
• Update installation.rst by @​shenxianpeng in tox-dev/tox#3257
• Allow appending to deps with the command line by @​stefanor in tox-dev/tox#3259
• Support multiple override appends by @​amitschang in tox-dev/tox#3261
• Add bang to invert exit code by @​sillydan1 in tox-dev/tox#3271
• fix(parser): Fix --discover parsed incorrectly from env by @​mimre25 in tox-dev/tox#3274

New Contributors

• @​shenxianpeng made their first contribution in

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.