chore: bump the python group across 2 directories with 14 updates

[dependabot]

Bumps the python group with 13 updates in the / directory:

Package	From	To
python-gitlab	4.5.0	4.11.1
gunicorn	22.0.0	23.0.0
pyyaml	6.0.1	6.0.2
urllib3	2.2.2	2.2.3
sentry-sdk	2.5.1	2.14.0
webargs	8.4.0	8.6.0
pyjwt	2.8.0	2.9.0
marshmallow	3.21.3	3.22.0
importlib-metadata	7.1.0	8.5.0
cryptography	42.0.8	43.0.1
pytest	8.2.2	8.3.3
pre-commit	3.7.1	3.8.0
ruff	0.4.9	0.6.5

Bumps the python group with 8 updates in the /git_services directory:

Package	From	To
gunicorn	22.0.0	23.0.0
pyyaml	6.0.1	6.0.2
urllib3	1.26.19	1.26.20
sentry-sdk	2.5.1	2.14.0
marshmallow	3.21.3	3.22.0
importlib-metadata	7.1.0	8.5.0
ruff	0.4.9	0.6.5
renku	2.9.2	2.9.4

Updates python-gitlab from 4.5.0 to 4.11.1

Release notes

Sourced from python-gitlab's releases.

v4.11.1 (2024-09-13)

Fix

• fix(client): ensure type evaluations are postponed (b41b2de)

v4.11.0 (2024-09-13)

Chore

• chore(pre-commit): add deps (fe5e608)

• chore(deps): update all non-major dependencies (fac8bf9)

• chore(deps): update dependency types-setuptools to v74 (bdfaddb)

• chore(deps): update all non-major dependencies (88c7529)

Documentation

• docs(objects): fix typo in get latest pipeline (b9f5c12)

Feature

• feat(client): make retries configurable in GraphQL (145870e)

• feat(client): add retry handling to GraphQL client (8898c38)

• feat(api): add exclusive GET attrs for /projects/:id/members (e637808)

• feat: add a minimal GraphQL client (d6b1b0a)

• feat(api): add exclusive GET attrs for /groups/:id/members (d44ddd2)

Refactor

• refactor(client): move retry logic into utility (3235c48)

v4.10.0 (2024-08-28)

Chore

• chore(release): track tags for renovate (d600444)

• chore(deps): update python-semantic-release/upload-to-gh-release digest to 17c75b7 (12caaa4)

• chore(deps): update dependency types-setuptools to v73 (d55c045)

• chore(deps): update all non-major dependencies (2ade0d9)

... (truncated)

Changelog

Sourced from python-gitlab's changelog.

v4.11.1 (2024-09-13)

Fix

• fix(client): ensure type evaluations are postponed (b41b2de)

v4.11.0 (2024-09-13)

Chore

• chore(pre-commit): add deps (fe5e608)

• chore(deps): update all non-major dependencies (fac8bf9)

• chore(deps): update dependency types-setuptools to v74 (bdfaddb)

• chore(deps): update all non-major dependencies (88c7529)

Documentation

• docs(objects): fix typo in get latest pipeline (b9f5c12)

Feature

• feat(client): make retries configurable in GraphQL (145870e)

• feat(client): add retry handling to GraphQL client (8898c38)

• feat(api): add exclusive GET attrs for /projects/:id/members (e637808)

• feat: add a minimal GraphQL client (d6b1b0a)

• feat(api): add exclusive GET attrs for /groups/:id/members (d44ddd2)

Refactor

• refactor(client): move retry logic into utility (3235c48)

v4.10.0 (2024-08-28)

Chore

• chore(release): track tags for renovate (d600444)

• chore(deps): update python-semantic-release/upload-to-gh-release digest to 17c75b7 (12caaa4)

• chore(deps): update dependency types-setuptools to v73 (d55c045)

• chore(deps): update all non-major dependencies (2ade0d9)

... (truncated)

Commits

• 10c7aee chore: release v4.11.1
• b41b2de fix(client): ensure type evaluations are postponed
• 7669d4d chore: release v4.11.0
• b9f5c12 docs(objects): fix typo in get latest pipeline
• 145870e feat(client): make retries configurable in GraphQL
• 8898c38 feat(client): add retry handling to GraphQL client
• 3235c48 refactor(client): move retry logic into utility
• fe5e608 chore(pre-commit): add deps
• fac8bf9 chore(deps): update all non-major dependencies
• e637808 feat(api): add exclusive GET attrs for /projects/:id/members
• Additional commits viewable in compare view

Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

• Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

6.0.2rc1

• Support for extension build with Cython 3.x
• Support for Python 3.13
• Added PyPI wheels for musllinux on aarch64

Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

Commits

• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• See full diff in compare view

Updates urllib3 from 2.2.2 to 2.2.3

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

• Added support for Python 3.13. (#3473)

Bugfixes

• Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)
• Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)
• Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)
• Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)
• Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

• Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)
• Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)
• Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)
• Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: urllib3/urllib3@2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

• Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

• Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)
• Fixed ResourceWarning on CONNECT with Python `__)
• Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)
• Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)
• Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

• Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

• Added version checking for h2 (https://pypi.org/project/h2/) usage.

  Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

• Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

• Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

• Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)
• Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)

Commits

• 2458bfc Release 2.2.3
• 9b25db6 Only attempt to publish for upstream
• b9adeef Drop support for EOL PyPy3.8 and PyPy3.9
• b1d4649 Add explicit support for Python 3.13
• cc42860 Bump cryptography from 42.0.4 to 43.0.1 (#3470)
• 3dae2e9 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3469)
• 1e94feb Revert "Add TLS settings for HTTP/2 (#3456)" (#3466)
• aa73abc Bump actions/setup-python from 5.1.0 to 5.2.0 (#3468)
• abbfbcb Add 1.26.20 to changelog and make the publish workflow the same (#3464)
• d480615 Add TLS settings for HTTP/2 (#3456)
• Additional commits viewable in compare view

Updates sentry-sdk from 2.5.1 to 2.14.0

Release notes

Sourced from sentry-sdk's releases.

2.14.0

Various fixes & improvements

• New SysExitIntegration (#3401) by @​szokeasaurusrex

  For more information, see the documentation for the SysExitIntegration.

• Add SENTRY_SPOTLIGHT env variable support (#3443) by @​BYK

• Support Strawberry 0.239.2 (#3491) by @​szokeasaurusrex

• Add separate pii_denylist to EventScrubber and run it always (#3463) by @​sl0thentr0py

• Celery: Add wrapper for Celery().send_task to support behavior as Task.apply_async (#2377) by @​divaltor

• Django: SentryWrappingMiddleware.init fails if super() is object (#2466) by @​cameron-simpson

• Fix data_category for sessions envelope items (#3473) by @​sl0thentr0py

• Fix non-UTC timestamps (#3461) by @​szokeasaurusrex

• Remove obsolete object as superclass (#3480) by @​sentrivana

• Replace custom TYPE_CHECKING with stdlib typing.TYPE_CHECKING (#3447) by @​dev-satoshi

• Refactor tracing_utils.py (#3452) by @​rominf

• Explicitly export symbol in subpackages instead of ignoring (#3400) by @​hartungstenio

• Better test coverage reports (#3498) by @​antonpirker

• Fixed config for old coverage versions (#3504) by @​antonpirker

• Fix AWS Lambda tests (#3495) by @​antonpirker

• Remove broken Bottle tests (#3505) by @​sentrivana

2.13.0

Various fixes & improvements

• New integration: Ray (#2400) (#2444) by @​glowskir

  Usage: (add the RayIntegration to your sentry_sdk.init() call and make sure it is called in the worker processes)

  import ray
  import sentry_sdk
  from sentry_sdk.integrations.ray import RayIntegration
  def init_sentry():
  sentry_sdk.init(
  dsn="...",
  traces_sample_rate=1.0,
  integrations=[RayIntegration()],
  )
  init_sentry()
  ray.init(
  runtime_env=dict(worker_process_setup_hook=init_sentry),
  )

  For more information, see the documentation for the Ray integration.

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.14.0

Various fixes & improvements

• New SysExitIntegration (#3401) by @​szokeasaurusrex

  For more information, see the documentation for the SysExitIntegration.

• Add SENTRY_SPOTLIGHT env variable support (#3443) by @​BYK

• Support Strawberry 0.239.2 (#3491) by @​szokeasaurusrex

• Add separate pii_denylist to EventScrubber and run it always (#3463) by @​sl0thentr0py

• Celery: Add wrapper for Celery().send_task to support behavior as Task.apply_async (#2377) by @​divaltor

• Django: SentryWrappingMiddleware.init fails if super() is object (#2466) by @​cameron-simpson

• Fix data_category for sessions envelope items (#3473) by @​sl0thentr0py

• Fix non-UTC timestamps (#3461) by @​szokeasaurusrex

• Remove obsolete object as superclass (#3480) by @​sentrivana

• Replace custom TYPE_CHECKING with stdlib typing.TYPE_CHECKING (#3447) by @​dev-satoshi

• Refactor tracing_utils.py (#3452) by @​rominf

• Explicitly export symbol in subpackages instead of ignoring (#3400) by @​hartungstenio

• Better test coverage reports (#3498) by @​antonpirker

• Fixed config for old coverage versions (#3504) by @​antonpirker

• Fix AWS Lambda tests (#3495) by @​antonpirker

• Remove broken Bottle tests (#3505) by @​sentrivana

2.13.0

Various fixes & improvements

• New integration: Ray (#2400) (#2444) by @​glowskir

  Usage: (add the RayIntegration to your sentry_sdk.init() call and make sure it is called in the worker processes)

  import ray
  import sentry_sdk
  from sentry_sdk.integrations.ray import RayIntegration
  def init_sentry():
  sentry_sdk.init(
  dsn="...",
  traces_sample_rate=1.0,
  integrations=[RayIntegration()],
  )
  init_sentry()
  ray.init(
  runtime_env=dict(worker_process_setup_hook=init_sentry),
  )

... (truncated)

Commits

• 1e73ce9 Updated changelog
• 3d0edfd release: 2.14.0
• 6814df9 tests: Remove broken bottle tests (#3505)
• 0934e04 Fixed config for old coverage versions (#3504)
• 9fc3bd2 Fix AWS Lambda tests (#3495)
• e99873d Better test coverage reports (#3498)
• 0fb9606 feat(celery): Add wrapper for Celery().send_task to support behavior as `Ta...
• 16d05f4 fix(django): SentryWrappingMiddleware.init fails if super() is object
• 9df2b21 feat(strawberry): Support Strawberry 0.239.2 (#3491)
• cd15bff ref: Remove obsolete object as superclass (#3480)
• Additional commits viewable in compare view

Updates webargs from 8.4.0 to 8.6.0

Changelog

Sourced from webargs's changelog.

8.6.0 (2024-09-11)

---

Bug fixes:

• Fix the handling of invalid JSON bodies in the bottle parser to support bottle versions >=0.13.

Other changes:

• MultiDictProxy now inherits from MutableMapping rather than Mapping.

8.5.0 (2024-04-25)

---

Other changes:

• Test against Python 3.12.

• Async location loading now supports loader functions which are not themselves async, but which return an awaitable result. This means that users who are already handling awaitable objects can return them from non-async loaders and expect webargs to await them. This allows some async interactions with supported frameworks, where the webargs-provided parser returns a framework object and the framework can be set to return awaitables, e.g., the Falcon parser. Thanks :user:j0k2r for the PR! (:pr:935)

Commits

• 841100d Bump version and update changelog
• 9e7ec13 Merge pull request #974 from sirosen/update-for-bottle
• 716723b Fix for invalid JSON handling on latest 'bottle'
• 75839eb Bump webtest from 3.0.0 to 3.0.1 (#971)
• 95b41eb [pre-commit.ci] pre-commit autoupdate
• dcab6e4 Consolidate pre-commit.ci settings (#970)
• e967ed4 Reduce pre-commit.ci updates to monthly (#968)
• 13c74bc [pre-commit.ci] pre-commit autoupdate
• 2b7ade2 Merge pull request #966 from marshmallow-code/pre-commit-ci-update-config
• 1db4841 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates pyjwt from 2.8.0 to 2.9.0

Release notes

Sourced from pyjwt's releases.

2.9.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#905
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#909
• Add support for Python 3.12 by @​hugovk in jpadilla/pyjwt#910
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#911
• Fix an unnecessary str concat by @​sirosen in jpadilla/pyjwt#904
• Update jwt-api to accept either a string or list of strings for issuer validation by @​mattpollak in jpadilla/pyjwt#913
• Bump actions/checkout from 3 to 4 by @​dependabot in jpadilla/pyjwt#916
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#917
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#922
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#926
• Bump actions/setup-python from 4 to 5 by @​dependabot in jpadilla/pyjwt#931
• Bump hynek/build-and-inspect-python-package from 1 to 2 by @​dependabot in jpadilla/pyjwt#935
• docs/api: document strict_aud on decode_complete by @​woodruffw in jpadilla/pyjwt#923
• chore: fix docs step by @​jpadilla in jpadilla/pyjwt#950
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#953
• Add coverage and improve performance of is_ssh_key by @​bdraco in jpadilla/pyjwt#940
• Decode with PyJWK by @​luhn in jpadilla/pyjwt#886
• Remove an unused variable from an example code block by @​kenkoooo in jpadilla/pyjwt#958
• Handle load_pem_public_key ValueError by @​CollinEMac in jpadilla/pyjwt#952
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#960
• Raise exception when required cryptography dependency is missing by @​tobloef in jpadilla/pyjwt#963
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#965
• Add 2.9.0 changelog. Fixes #949 by @​benvdh in jpadilla/pyjwt#967

New Contributors

• @​mattpollak made their first contribution in jpadilla/pyjwt#913
• @​bdraco made their first contribution in jpadilla/pyjwt#940
• @​luhn made their first contribution in jpadilla/pyjwt#886
• @​kenkoooo made their first contribution in jpadilla/pyjwt#958
• @​CollinEMac made their first contribution in jpadilla/pyjwt#952
• @​tobloef made their first contribution in jpadilla/pyjwt#963
• @​benvdh made their first contribution in jpadilla/pyjwt#967

Full Changelog: jpadilla/pyjwt@2.8.0...2.9.0

Changelog

Sourced from pyjwt's changelog.

v2.9.0 <https://github.com/jpadilla/pyjwt/compare/2.8.0...2.9.0>__

Changed

- Drop support for Python 3.7 (EOL) by @hugovk in `[#910](https://github.com/jpadilla/pyjwt/issues/910) <https://github.com/jpadilla/pyjwt/pull/910>`__
- Allow JWT issuer claim validation to accept a list of strings too by @mattpollak in `[#913](https://github.com/jpadilla/pyjwt/issues/913) <https://github.com/jpadilla/pyjwt/pull/913>`__
Fixed

- Fix unnecessary string concatenation by @sirosen in `[#904](https://github.com/jpadilla/pyjwt/issues/904) &lt;https://github.com/jpadilla/pyjwt/pull/904&gt;`__
- Fix docs for ``jwt.decode_complete`` to include ``strict_aud`` option by @woodruffw in `[#923](https://github.com/jpadilla/pyjwt/issues/923) &lt;https://github.com/jpadilla/pyjwt/pull/923&gt;`__
- Fix docs step by @jpadilla in `[#950](https://github.com/jpadilla/pyjwt/issues/950) &lt;https://github.com/jpadilla/pyjwt/pull/950&gt;`__
- Fix: Remove an unused variable from example code block by @kenkoooo in `[#958](https://github.com/jpadilla/pyjwt/issues/958) &lt;https://github.com/jpadilla/pyjwt/pull/958&gt;`__
Added



Add support for Python 3.12 by @​hugovk in [#910](https://github.com/jpadilla/pyjwt/issues/910) &lt;https://github.com/jpadilla/pyjwt/pull/910&gt;__
Improve performance of is_ssh_key + add unit test by @​bdraco in [#940](https://github.com/jpadilla/pyjwt/issues/940) &lt;https://github.com/jpadilla/pyjwt/pull/940&gt;__
Allow jwt.decode() to accept a PyJWK object by @​luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) &lt;https://github.com/jpadilla/pyjwt/pull/886&gt;__
Make algorithm_name attribute available on PyJWK by @​luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) &lt;https://github.com/jpadilla/pyjwt/pull/886&gt;__
Raise InvalidKeyError on invalid PEM keys to be compatible with cryptography 42.x.x by @​CollinEMac in [#952](https://github.com/jpadilla/pyjwt/issues/952) &lt;https://github.com/jpadilla/pyjwt/pull/952&gt;__
Raise an exception when required cryptography dependency is missing by @​tobloef in &lt;https://github.com/jpadilla/pyjwt/pull/963&gt;__

Commits

• 868cf4a Add 2.9.0 changelog. Fixes #949 (#967)
• 304a3df [pre-commit.ci] pre-commit autoupdate (#965)
• 527fec2 Raise exception when required cryptography dependency is missing (#963)
• 18a50be [pre-commit.ci] pre-commit autoupdate (#960)
• 4703f87 Handle load_pem_public_key ValueError (#952)
• 9dc732f Update usage.rst (#958)
• ab8176a Decode with PyJWK (#886)
• c0a071d chore: update actions/download-artifact
• 2afbe32 Add coverage and improve performance of is_ssh_key (#940)
• 97345a7 [pre-commit.ci] pre-commit autoupdate (#953)
• Additional commits viewable in compare view

Updates marshmallow from 3.21.3 to 3.22.0

Changelog

Sourced from marshmallow's changelog.

3.22.0 (2024-08-20)

---

Features:

• Add many Meta option to Schema so it expects a collection by default (:issue:2270). Thanks :user:himalczyk for reporting and :user:deckar01 for the PR.
• Refactor hooks (:pr:2279). Thanks :user:deckar01 for the PR.

Commits

• fbad345 Bump version and update changelog
• 78cbc09 Merge pull request #2271 from deckar01/2270-meta-many
• 7609530 Merge pull request #2279 from deckar01/simplify-hooks
• bbbd7af Reduce pre-commit.ci updates to monthly (#2300)
• 1d21132 [pre-commit.ci] pre-commit autoupdate
• 8ceb4b3 [pre-commit.ci] pre-commit autoupdate (#2298)
• ac13e0d Add sponsors to docs
• 7ebdc7b Fix logo image for pypi rendering
• 7c2f1ca Add Route4Me as sponsor
• 01f8432 Bump alabaster from 0.7.16 to 1.0.0 (#2292)
• Additional commits viewable in compare view

Updates importlib-metadata from 7.1.0 to 8.5.0

Changelog

Sourced from importlib-metadata's changelog.

v8.5.0

Features

• Deferred import of zipfile.Path (#502)
• Deferred import of json (#503)
• Rely on zipp overlay for zipfile.Path.

v8.4.0

Features

• Deferred import of inspect for import performance. (#499)

v8.3.0

Features

• Disallow passing of 'dist' to EntryPoints.select.

v8.2.0

Features

• Add SimplePath to importlib_metadata.all. (#494)

v8.1.0

Features

• Prioritize valid dists to invalid dists when retrieving by name. (#489)

v8.0.0

... (truncated)

Commits

• b34810b Finalize
• 8c1d1fa Merge pull request #501 from Avasam/Pass-mypy-and-link-issues
• afa39e8 Back out changes to tests._path
• 8b909f9 Merge pull request #503 from danielhollas/defer-json
• 2a3f50d Add news fragment.
• 3f78dc1 Add comment to protect the deferred import.
• 18eb2da Revert "Defer platform import"
• 58832f2 Merge pull request #502 from danielhollas/defer-zipp
• e3ce33b Add news fragment.
• d11b67f Add comment to protect the deferred import.
• Additional commits viewable in compare view

Updates cryptography from 42.0.8 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20

• BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.
• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
• Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
• :func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.
• :func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.
• Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.
• Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
• Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)
• Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.
• Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
• Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.
• Added support for parsing empty DN string in

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.