René's URL Explorer Experiment

Title: Bump the pip group across 1 directory with 7 updates by dependabot[bot] · Pull Request #1 · hypervanse/python · GitHub

Open Graph Title: Bump the pip group across 1 directory with 7 updates by dependabot[bot] · Pull Request #1 · hypervanse/python

X Title: Bump the pip group across 1 directory with 7 updates by dependabot[bot] · Pull Request #1 · hypervanse/python

Description: Bumps the pip group with 7 updates in the / directory: Package From To aiohttp 3.8.1 3.12.14 black 22.6.0 24.3.0 certifi 2022.6.15 2024.7.4 idna 3.3 3.7 requests 2.28.1 2.32.4 urllib3 1.26.11 2.5.0 wheel 0.37.1 0.38.1 Updates aiohttp from 3.8.1 to 3.12.14 Release notes Sourced from aiohttp's releases. 3.12.14 Bug fixes Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:9110#section-15.4.3-3.1 -- by :user:bdraco. Related issues and pull requests on GitHub: #11270. Fixed :py:meth:ClientSession.close() hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:bdraco. Related issues and pull requests on GitHub: #11273. Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:Dreamsorcerer. Related issues and pull requests on GitHub: #11280. Features Added initial trailer parsing logic to Python HTTP parser -- by :user:Dreamsorcerer. Related issues and pull requests on GitHub: #11269. Improved documentation Clarified exceptions raised by WebSocketResponse.send_frame et al. -- by :user:DoctorJohn. Related issues and pull requests on GitHub: #11234. ... (truncated) Changelog Sourced from aiohttp's changelog. 3.12.14 (2025-07-10) Bug fixes Fixed file uploads failing with HTTP 422 errors when encountering 307/308 redirects, and 301/302 redirects for non-POST methods, by preserving the request body when appropriate per :rfc:9110#section-15.4.3-3.1 -- by :user:bdraco. Related issues and pull requests on GitHub: :issue:11270. Fixed :py:meth:ClientSession.close() hanging indefinitely when using HTTPS requests through HTTP proxies -- by :user:bdraco. Related issues and pull requests on GitHub: :issue:11273. Bumped minimum version of aiosignal to 1.4+ to resolve typing issues -- by :user:Dreamsorcerer. Related issues and pull requests on GitHub: :issue:11280. Features Added initial trailer parsing logic to Python HTTP parser -- by :user:Dreamsorcerer. Related issues and pull requests on GitHub: :issue:11269. Improved documentation Clarified exceptions raised by WebSocketResponse.send_frame et al. -- by :user:DoctorJohn. ... (truncated) Commits 90b6cf6 Release 3.12.14 (#11298) 13b20a1 [PR #11290/16703bb9 backport][3.12] Fix file uploads failing with HTTP 422 on... edf2abd [PR #11289/e38220fc backport][3.12] Fix ClientSession.close() hanging with HT... e8d774f Add trailer parsing logic (#11269) (#11287) 0389371 [PR #11280/91108c90 backport][3.12] Bump the minimum supported version of aio... ce3c0a7 Bump aiosignal from 1.3.2 to 1.4.0 (#11267) (#11279) 133e254 [PR #11234/a83597fa backport][3.12] Document exceptions raised by send_frame ... 4ad78b3 Increment version to 3.12.14.dev0 (#11216) 2ff9b61 Release 3.12.13 (#11214) fc9b720 [PR #11198/b151d3fc backport][3.12] Fix auto-created TCPConnector not using s... Additional commits viewable in compare view Updates black from 22.6.0 to 24.3.0 Release notes Sourced from black's releases. 24.3.0 Highlights This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503. This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher. Stable style Don't move comments along with delimiters, which could cause crashes (#4248) Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270) Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273) Performance Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278) Documentation Note what happens when --check is used with --quiet (#4236) 24.2.0 Stable style Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218) Preview style Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198) Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154) Checking for newline before adding one on docstring that is almost at the line limit (#4185) Remove redundant parentheses in case statement if guards (#4214). Configuration ... (truncated) Changelog Sourced from black's changelog. 24.3.0 Highlights This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503. This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher. Stable style Don't move comments along with delimiters, which could cause crashes (#4248) Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270) Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273) Performance Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278) Documentation Note what happens when --check is used with --quiet (#4236) 24.2.0 Stable style Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218) Preview style Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198) Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154) Checking for newline before adding one on docstring that is almost at the line limit (#4185) Remove redundant parentheses in case statement if guards (#4214). ... (truncated) Commits 552baf8 Prepare release 24.3.0 (#4279) f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278) 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273) 1abcffc Use regex where we ignore case on windows (#4252) 719e674 Fix 4227: Improve documentation for --quiet --check (#4236) e5510af update plugin url for Thonny (#4259) 6af7d11 Fix AST safety check false negative (#4270) f03ee11 Ensure blib2to3.pygram is initialized before use (#4224) e4bfedb fix: Don't move comments while splitting delimiters (#4248) d0287e1 Make trailing comma logic more concise (#4202) Additional commits viewable in compare view Updates certifi from 2022.6.15 to 2024.7.4 Commits bd81538 2024.07.04 (#295) 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294) 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293) e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292) 124f4ad 2024.06.02 (#291) c2196ce --- (#290) fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289) 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286) 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287) 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288) Additional commits viewable in compare view Updates idna from 3.3 to 3.7 Release notes Sourced from idna's releases. v3.7 What's Changed Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. Full Changelog: kjd/idna@v3.6...v3.7 Changelog Sourced from idna's changelog. 3.7 (2024-04-11) ++++++++++++++++ Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ Fix regression to include tests in source distribution. 3.5 (2023-11-24) ++++++++++++++++ Update to Unicode 15.1.0 String codec name is now "idna2008" as overriding the system codec "idna" was not working. Fix typing error for codec encoding "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly. Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives. Added security reporting protocol for project Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ Update to Unicode 15.0.0 Migrate to pyproject.toml for build information (PEP 621) Correct another instance where generic exception was raised instead of IDNAError for malformed input Source distribution uses zeroized file ownership for improved reproducibility Thanks to Seth Michael Larson for contributions to this release. Commits 1d365e1 Release v3.7 c1b3154 Merge pull request #172 from kjd/optimize-contextj 0394ec7 Merge branch 'master' into optimize-contextj cd58a23 Merge pull request #152 from elliotwutingfeng/dev 5beb28b More efficient resolution of joiner contexts 1b12148 Update ossf/scorecard-action to v2.3.1 d516b87 Update Github actions/checkout to v4 c095c75 Merge branch 'master' into dev 60a0a4c Fix typo in GitHub Actions workflow key 5918a0e Merge branch 'master' into dev Additional commits viewable in compare view Updates requests from 2.28.1 to 2.32.4 Release notes Sourced from requests's releases. v2.32.4 2.32.4 (2025-06-10) Security CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965) Improvements Numerous documentation improvements Deprecations Added support for pypy 3.11 for Linux and macOS. (#6926) Dropped support for pypy 3.9 following its end of support. (#6926) v2.32.3 2.32.3 (2024-05-29) Bugfixes Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716) Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724) v2.32.2 2.32.2 (2024-05-21) Deprecations To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) v2.32.1 2.32.1 (2024-05-20) Bugfixes Add missing test certs to the sdist distributed on PyPI. v2.32.0 2.32.0 (2024-05-20) ... (truncated) Changelog Sourced from requests's changelog. 2.32.4 (2025-06-10) Security CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. Improvements Numerous documentation improvements Deprecations Added support for pypy 3.11 for Linux and macOS. Dropped support for pypy 3.9 following its end of support. 2.32.3 (2024-05-29) Bugfixes Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716) Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724) 2.32.2 (2024-05-21) Deprecations To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) 2.32.1 (2024-05-20) Bugfixes Add missing test certs to the sdist distributed on PyPI. 2.32.0 (2024-05-20) Security ... (truncated) Commits 021dc72 Polish up release tooling for last manual release 821770e Bump version and add release notes for v2.32.4 59f8aa2 Add netrc file search information to authentication documentation (#6876) 5b4b64c Add more tests to prevent regression of CVE 2024 47081 7bc4587 Add new test to check netrc auth leak (#6962) 96ba401 Only use hostname to do netrc lookup instead of netloc 7341690 Merge pull request #6951 from tswast/patch-1 6716d7c remove links a7e1c74 Update docs/conf.py c799b81 docs: fix dead links to kenreitz.org Additional commits viewable in compare view Updates urllib3 from 1.26.11 to 2.5.0 Release notes Sourced from urllib3's releases. 2.5.0 🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul. Thank you for your support. Security issues urllib3 2.5.0 fixes two moderate security issues: Pool managers now properly control redirects when retries is passed — CVE-2025-50181 reported by @​sandumjacob (5.3 Medium, GHSA-pq67-6m6q-mj2v) Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5) Features Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 for more information. (#3610) Added support for version 0.5 of hatch-vcs (#3612) Bugfixes Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#3581) Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#3615) 2.4.0 🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul. Thank you for your support. Features Applied PEP 639 by specifying the license fields in pyproject.toml. (#3522) Updated exceptions to save and restore more properties during the pickle/serialization process. (#3567) Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#3571) Bugfixes Fixed a bug with partial reads of streaming data in Emscripten. (#3555) Misc Switched to uv for installing development dependecies. (#3550) Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#3566) 2.3.0 ... (truncated) Changelog Sourced from urllib3's changelog. 2.5.0 (2025-06-18) Features Added support for the compression.zstd module that is new in Python 3.14. See PEP 784 _ for more information. ([#3610](https://github.com/urllib3/urllib3/issues/3610) __) Added support for version 0.5 of hatch-vcs ([#3612](https://github.com/urllib3/urllib3/issues/3612) __) Bugfixes Fixed a security issue where restricting the maximum number of followed redirects at the urllib3.PoolManager level via the retries parameter did not work. Made the Node.js runtime respect redirect parameters such as retries and redirects. Raised exception for HTTPResponse.shutdown on a connection already released to the pool. ([#3581](https://github.com/urllib3/urllib3/issues/3581) __) Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ([#3615](https://github.com/urllib3/urllib3/issues/3615) __) 2.4.0 (2025-04-10) Features Applied PEP 639 by specifying the license fields in pyproject.toml. ([#3522](https://github.com/urllib3/urllib3/issues/3522) __) Updated exceptions to save and restore more properties during the pickle/serialization process. ([#3567](https://github.com/urllib3/urllib3/issues/3567) __) Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. ([#3571](https://github.com/urllib3/urllib3/issues/3571) __) Bugfixes Fixed a bug with partial reads of streaming data in Emscripten. ([#3555](https://github.com/urllib3/urllib3/issues/3555) __) Misc Switched to uv for installing development dependecies. ([#3550](https://github.com/urllib3/urllib3/issues/3550) __) Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. ([#3566](https://github.com/urllib3/urllib3/issues/3566) __) 2.3.0 (2024-12-22) ... (truncated) Commits aaab4ec Release 2.5.0 7eb4a2a Merge commit from fork f05b132 Merge commit from fork d03fe32 Fix HTTP tunneling with IPv6 in older Python versions 11661e9 Bump github/codeql-action from 3.28.0 to 3.29.0 (#3624) 6a0ecc6 Update v2 migration guide to 2.4.0 (#3621) 8e32e60 Raise exception for shutdown on a connection already released to the pool (#3... 9996e0f Fix emscripten CI for Chrome 137+ (#3599) 4fd1a99 Bump RECENT_DATE (#3617) c4b5917 Add support for the new compression.zstd module in Python 3.14 (#3611) Additional commits viewable in compare view Updates wheel from 0.37.1 to 0.38.1 Changelog Sourced from wheel's changelog. Release Notes UNRELEASED Restored the bdist_wheel command for compatibility with setuptools older than v70.1 Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning 0.46.1 (2025-04-08) Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) _) 0.46.0 (2025-04-03) Dropped support for Python 3.8 Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import. Removed vendored packaging in favor of a run-time dependency on it Made the wheel.metadata module private (with a deprecation warning if it's imported Made the wheel.cli package private (no deprecation warning) Fixed an exception when calling the convert command with an empty description field 0.45.1 (2024-11-23) Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name 0.45.0 (2024-11-08) Refactored the convert command to not need setuptools to be installed Don't configure setuptools logging unless running bdist_wheel Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes. Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri) 0.44.0 (2024-08-04) Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn) Deprecated the bdist_wheel module, as the code was migrated to setuptools itself ... (truncated) Commits 6f1608d Created a new release cf8f5ef Moved news item from PR #484 to its proper place 9ec2016 Removed install dependency on setuptools (#483) 747e1f6 Fixed PyPy SOABI parsing (#484) 7627548 [pre-commit.ci] pre-commit autoupdate (#480) 7b9e8e1 Test on Python 3.11 final a04dfef Updated the pypi-publish action 94bb62c Fixed docs not building due to code style changes d635664 Updated the codecov action to the latest version fcb94cd Updated version to match the release Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) @dependabot ignore minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) @dependabot ignore will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) @dependabot unignore will remove all of the ignore conditions of the specified dependency @dependabot unignore will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.

Open Graph Description: Bumps the pip group with 7 updates in the / directory: Package From To aiohttp 3.8.1 3.12.14 black 22.6.0 24.3.0 certifi 2022.6.15 2024.7.4 idna 3.3 3.7 requests 2.28.1 2.32.4 urll...

X Description: Bumps the pip group with 7 updates in the / directory: Package From To aiohttp 3.8.1 3.12.14 black 22.6.0 24.3.0 certifi 2022.6.15 2024.7.4 idna 3.3 3.7 requests 2.28.1 2.32.4 urll...

Opengraph URL: https://github.com/hypervanse/python/pull/1

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Links:

Viewport: width=device-width