Title: Bump the pip group across 1 directory with 6 updates by dependabot[bot] · Pull Request #4 · SherfeyInv/setup-python · GitHub
Open Graph Title: Bump the pip group across 1 directory with 6 updates by dependabot[bot] · Pull Request #4 · SherfeyInv/setup-python
X Title: Bump the pip group across 1 directory with 6 updates by dependabot[bot] · Pull Request #4 · SherfeyInv/setup-python
Description: Bumps the pip group with 6 updates in the /tests/data directory:
Package
From
To
certifi
2020.6.20
2024.7.4
idna
2.9
3.7
requests
2.24.0
2.32.2
urllib3
1.25.9
1.26.19
future
0.18.2
0.18.3
pillow
7.2
10.3.0
Updates certifi from 2020.6.20 to 2024.7.4
Commits
bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view
Updates idna from 2.9 to 3.7
Release notes
Sourced from idna's releases.
v3.7
What's Changed
Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]
Thanks to Guido Vranken for reporting the issue.
Full Changelog: kjd/idna@v3.6...v3.7
Changelog
Sourced from idna's changelog.
3.7 (2024-04-11)
++++++++++++++++
Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
++++++++++++++++
Fix regression to include tests in source distribution.
3.5 (2023-11-24)
++++++++++++++++
Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.
3.4 (2022-09-14)
++++++++++++++++
Update to Unicode 15.0.0
Migrate to pyproject.toml for build information (PEP 621)
Correct another instance where generic exception was raised instead of
IDNAError for malformed input
Source distribution uses zeroized file ownership for improved
reproducibility
Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13)
++++++++++++++++
Update to Unicode 14.0.0
Update to in-line type annotations
Throw IDNAError exception correctly for some malformed input
Advertise support for Python 3.10
Improve testing regime on Github
... (truncated)
Commits
1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view
Updates requests from 2.24.0 to 2.32.2
Release notes
Sourced from requests's releases.
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
v2.32.0
2.32.0 (2024-05-20)
🐍 PYCON US 2024 EDITION 🐍
Security
Fixed an issue where setting verify=False on the first request from a
Session will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of verify.
(GHSA-9wx4-h78v-vm56)
Improvements
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Bugfixes
Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
... (truncated)
Changelog
Sourced from requests's changelog.
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
Add missing test certs to the sdist distributed on PyPI.
2.32.0 (2024-05-20)
Security
Fixed an issue where setting verify=False on the first request from a
Session will cause subsequent requests to the same origin to also ignore
cert verification, regardless of the value of verify.
(GHSA-9wx4-h78v-vm56)
Improvements
verify=True now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (#6667)
Requests now supports optional use of character detection
(chardet or charset_normalizer) when repackaged or vendored.
This enables pip and other projects to minimize their vendoring
surface area. The Response.text() and apparent_encoding APIs
will default to utf-8 if neither library is present. (#6702)
Bugfixes
Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (#6589)
Fixed deserialization bug in JSONDecodeError. (#6629)
Fixed bug where an extra leading / (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (#6644)
Deprecations
... (truncated)
Commits
88dce9d v2.32.2
c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
92075b3 Add deprecation warning
aa1461b Move _get_connection to get_connection_with_tls_context
970e8ce v2.32.1
d6ebc4a v2.32.0
9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
555b870 Allow character detection dependencies to be optional in post-packaging steps
d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
Additional commits viewable in compare view
Updates urllib3 from 1.25.9 to 1.26.19
Release notes
Sourced from urllib3's releases.
1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
Full Changelog: urllib3/urllib3@1.26.18...1.26.19
Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.
1.26.18
Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)
1.26.17
Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)
1.26.16
Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954)
1.26.15
Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645)
Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899)
Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901)
1.26.14
Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850)
Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module.
1.26.13
Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.
Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
Fixed a deprecation warning when using cryptography v39.0.0.
Removed the <4 in the Requires-Python packaging metadata field.
1.26.12
Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.
1.26.11
If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors.
⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.
... (truncated)
Changelog
Sourced from urllib3's changelog.
1.26.19 (2024-06-17)
Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405)
Open Graph Description: Bumps the pip group with 6 updates in the /tests/data directory: Package From To certifi 2020.6.20 2024.7.4 idna 2.9 3.7 requests 2.24.0 2.32.2 urllib3 1.25.9 1.26.19 future 0.18.2 0...
X Description: Bumps the pip group with 6 updates in the /tests/data directory: Package From To certifi 2020.6.20 2024.7.4 idna 2.9 3.7 requests 2.24.0 2.32.2 urllib3 1.25.9 1.26.19 future 0.18.2 0...
Opengraph URL: https://github.com/SherfeyInv/setup-python/pull/4
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:fb71801f-1540-ef87-155e-69c1589e9c53 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 86C8:1C80C7:39A956:4FC1DA:6A511D37 |
| html-safe-nonce | 24f0292d9bd3702acc34f54f12373333827f83436216b15a9e81cf3da4bc9a3a |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4NkM4OjFDODBDNzozOUE5NTY6NEZDMURBOjZBNTExRDM3IiwidmlzaXRvcl9pZCI6IjEzNTUxODI5MTA5MDc0MjQwNTUiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 5dd6110ef9ca86b5e4449eb507647d73c182147b761dccf1fb4207106d939459 |
| hovercard-subject-tag | pull_request:2113215694 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/SherfeyInv/setup-python/pull/4/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps the pip group with 6 updates in the /tests/data directory: Package From To certifi 2020.6.20 2024.7.4 idna 2.9 3.7 requests 2.24.0 2.32.2 urllib3 1.25.9 1.26.19 future 0.18.2 0... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | f0f0f3a40c5b69803a8255a8e44323880bf9c4db54d5c076f2130bedf2a1dde5 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/SherfeyInv/setup-python git https://github.com/SherfeyInv/setup-python.git |
| octolytics-dimension-user_id | 153985591 |
| octolytics-dimension-user_login | SherfeyInv |
| octolytics-dimension-repository_id | 844806731 |
| octolytics-dimension-repository_nwo | SherfeyInv/setup-python |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 192625525 |
| octolytics-dimension-repository_parent_nwo | actions/setup-python |
| octolytics-dimension-repository_network_root_id | 192625525 |
| octolytics-dimension-repository_network_root_nwo | actions/setup-python |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 44909533816f7f99ff04e7a0fe692733af67ed84 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width