Bump the python-dependencies group with 4 updates

[dependabot]

Bumps the python-dependencies group with 4 updates: httpx, cryptography, pytest and coverage.

Updates httpx from 0.26.0 to 0.27.0

Release notes

Sourced from httpx's releases.

Version 0.27.0

0.27.0 (21st February, 2024)

Deprecated

• The app=... shortcut has been deprecated. Use the explicit style of transport=httpx.WSGITransport() or transport=httpx.ASGITransport() instead.

Fixed

• Respect the http1 argument while configuring proxy transports. (#3023)
• Fix RFC 2069 mode digest authentication. (#3045)

Changelog

Sourced from httpx's changelog.

0.27.0 (21st February, 2024)

Deprecated

• The app=... shortcut has been deprecated. Use the explicit style of transport=httpx.WSGITransport() or transport=httpx.ASGITransport() instead.

Fixed

• Respect the http1 argument while configuring proxy transports. (#3023)
• Fix RFC 2069 mode digest authentication. (#3045)

Commits

• 326b943 Version 0.27.0 (#3095)
• 3faa4a8 Improve 'Custom transports' docs (#3081)
• c51af4b Extensions docs (#3080)
• cabd1c0 Deprecate app=... in favor of explicit WSGITransport/ASGITransport. (#3...
• 6f46152 Bump the python-packages group with 6 updates (#3077)
• 37a2901 Mention NO_PROXY environment variable on Advanced Usage page (#3066)
• 371b6e9 Use __future__.annotations (#3068)
• 4f6edf3 test parse_header_links via public api (#3061)
• c7cd6aa test obfuscate_sensitive_headers via public api (#3063)
• 15f9253 Drop outdated section (#3057)
• Additional commits viewable in compare view

Updates cryptography from 42.0.3 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23

* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:
42.0.4 - 2024-02-20

• Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130
• Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370.

.. _v42-0-3:

Commits

• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• See full diff in compare view

Updates pytest from 8.0.1 to 8.0.2

Release notes

Sourced from pytest's releases.

8.0.2

pytest 8.0.2 (2024-02-24)

Bug Fixes

• #11895: Fix collection on Windows where initial paths contain the short version of a path (for example c:\PROGRA~1\tests).
• #11953: Fix an IndexError crash raising from getstatementrange_ast.
• #12021: Reverted a fix to [--maxfail]{.title-ref} handling in pytest 8.0.0 because it caused a regression in pytest-xdist whereby session fixture teardowns may get executed multiple times when the max-fails is reached.

Commits

• 31afeeb Prepare release version 8.0.2
• 1b00a2f Merge pull request #12025 from pytest-dev/backport-12022-to-8.0.x
• ff2f66d [8.0.x] Revert "Fix teardown error reporting when --maxfail=1 (#11721)"
• 8a8eed6 [8.0.x] Fix collection of short paths on Windows (#12024)
• 74346f0 [8.0.x] Allow Sphinx 7.x (#12005)
• b7657b4 [8.0.x] Disallow Sphinx 6 and 7 (#12001)
• feb7c5e Merge pull request #11999 from pytest-dev/backport-11996-to-8.0.x
• 0909655 [8.0.x] code: fix IndexError crash in getstatementrange_ast
• 68524d4 Merge pull request #11993 from pytest-dev/release-8.0.1
• See full diff in compare view

Updates coverage from 7.4.1 to 7.4.3

Changelog

Sourced from coverage's changelog.

Version 7.4.3 — 2024-02-23

• Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733_.

.. _issue 1733: nedbat/coveragepy#1733

.. _changes_7-4-2:

Version 7.4.2 — 2024-02-20

• Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade <pull 1747_>_. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: nedbat/coveragepy#1747

.. _changes_7-4-1:

Commits

• 1af3624 docs: sample HTML for 7.4.3
• f06c5e4 docs: prep for 7.4.3
• 08fc997 fix: get atomic copies of iterables when flushing data. #1733
• 4e34571 build: put a time limit on the Python nightly tests
• a1d8d29 build: make targets should use underscores not dashes
• f7d40a0 build: tweak the release instructions
• 0f19b82 build: bump version
• 5d69334 test: if a test fails randomly, let it retry with @​flaky
• 65d686c docs: sample HTML for 7.4.2
• 026dca7 docs: prep for 7.4.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions