René's URL Explorer Experiment

Title: Bump the pip group across 3 directories with 7 updates by dependabot[bot] · Pull Request #18 · testfailed/rules_python · GitHub

Open Graph Title: Bump the pip group across 3 directories with 7 updates by dependabot[bot] · Pull Request #18 · testfailed/rules_python

X Title: Bump the pip group across 3 directories with 7 updates by dependabot[bot] · Pull Request #18 · testfailed/rules_python

Description: Bumps the pip group with 4 updates in the /examples/build_file_generation directory: requests, certifi, idna and urllib3. Bumps the pip group with 6 updates in the /examples/pip_parse directory: Package From To requests 2.25.1 2.31.0 certifi 2021.10.8 2023.7.22 idna 2.10 3.7 urllib3 1.26.7 1.26.18 jinja2 3.0.2 3.1.3 setuptools 58.2.0 65.5.1 Bumps the pip group with 1 update in the /examples/pip_repository_annotations directory: wheel. Updates requests from 2.25.1 to 2.31.0 Release notes Sourced from requests's releases. v2.31.0 2.31.0 (2023-05-22) Security Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our Github Security Advisory and CVE-2023-32681. v2.30.0 2.30.0 (2023-05-03) Dependencies ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading. Users who wish to stay on urllib3 1.x can pin to urllib3<2. v2.29.0 2.29.0 (2023-04-26) Improvements Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226) Requests relaxes header component requirements to support bytes/str subclasses. (#6356) ... (truncated) Changelog Sourced from requests's changelog. 2.31.0 (2023-05-22) Security Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our Github Security Advisory and CVE-2023-32681. 2.30.0 (2023-05-03) Dependencies ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading. Users who wish to stay on urllib3 1.x can pin to urllib3<2. 2.29.0 (2023-04-26) Improvements Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226) Requests relaxes header component requirements to support bytes/str subclasses. (#6356) 2.28.2 (2023-01-12) ... (truncated) Commits 147c851 v2.31.0 74ea7cf Merge pull request from GHSA-j8r2-6x86-q33q 3022253 test on pypy 3.8 and pypy 3.9 on windows and macos (#6424) b639e66 test on py3.12 (#6448) d3d5044 Fixed a small typo (#6452) 2ad18e0 v2.30.0 f2629e9 Remove strict parameter (#6434) 87d63de v2.29.0 51716c4 enable the warnings plugin (#6416) a7da1ab try on ubuntu 22.04 (#6418) Additional commits viewable in compare view Updates certifi from 2020.12.5 to 2023.7.22 Commits 8fb96ed 2023.07.22 afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) 44df761 Hash pin Actions and enable dependabot (#228) 8b3d7ba 2023.05.07 53da240 ci: Add Python 3.12-dev to the testing (#224) c2fc3b1 Create a Security Policy (#222) c211ef4 Set up permissions to github workflows (#218) 2087de5 Don't let deprecation warning fail CI (#219) e0b9fc5 remove paragraphs about 1024-bit roots from README Additional commits viewable in compare view Updates idna from 2.10 to 3.7 Release notes Sourced from idna's releases. v3.7 What's Changed Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. Full Changelog: kjd/idna@v3.6...v3.7 Changelog Sourced from idna's changelog. 3.7 (2024-04-11) ++++++++++++++++ Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ Fix regression to include tests in source distribution. 3.5 (2023-11-24) ++++++++++++++++ Update to Unicode 15.1.0 String codec name is now "idna2008" as overriding the system codec "idna" was not working. Fix typing error for codec encoding "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly. Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives. Added security reporting protocol for project Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ Update to Unicode 15.0.0 Migrate to pyproject.toml for build information (PEP 621) Correct another instance where generic exception was raised instead of IDNAError for malformed input Source distribution uses zeroized file ownership for improved reproducibility Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ Update to Unicode 14.0.0 Update to in-line type annotations Throw IDNAError exception correctly for some malformed input Advertise support for Python 3.10 Improve testing regime on Github ... (truncated) Commits 1d365e1 Release v3.7 c1b3154 Merge pull request #172 from kjd/optimize-contextj 0394ec7 Merge branch 'master' into optimize-contextj cd58a23 Merge pull request #152 from elliotwutingfeng/dev 5beb28b More efficient resolution of joiner contexts 1b12148 Update ossf/scorecard-action to v2.3.1 d516b87 Update Github actions/checkout to v4 c095c75 Merge branch 'master' into dev 60a0a4c Fix typo in GitHub Actions workflow key 5918a0e Merge branch 'master' into dev Additional commits viewable in compare view Updates urllib3 from 1.26.5 to 1.26.18 Release notes Sourced from urllib3's releases. 1.26.18 Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4) 1.26.17 Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f) 1.26.16 Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954) 1.26.15 Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899) Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901) 1.26.14 Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850) Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module. 1.26.13 Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. 1.26.12 Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate. 1.26.11 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier. 1.26.10 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap 🔐 This is the first release to be signed with Sigstore! You can verify the distributables using the .sig and .crt files included on this release. Removed support for Python 3.5 Fixed an issue where a ProxyError recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. 1.26.9 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ... (truncated) Changelog Sourced from urllib3's changelog. 1.26.18 (2023-10-17) Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) _) 1.26.16 (2023-05-23) Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) _) 1.26.15 (2023-03-10) Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) __) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ([#2899](https://github.com/urllib3/urllib3/issues/2899) __) Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) __) 1.26.14 (2023-01-11) Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) __) Removed deprecated getheaders() calls in contrib module. Fixed the type hint of PoolKey.key_retries by adding bool to the union. ([#2865](https://github.com/urllib3/urllib3/issues/2865) __) 1.26.13 (2022-11-23) Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. 1.26.12 (2022-08-22) Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue _ for justification and info on how to migrate. 1.26.11 (2022-07-25) Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would ... (truncated) Commits 9c2c230 Release 1.26.18 (#3159) b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4 944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport c9016bf Release 1.26.17 0122035 Backport GHSA-v845-jxx5-vc9f (#3139) e63989f Fix installing brotli extra on Python 2.7 2e7a24d [1.26] Configure OS for RTD to fix building docs 57181d6 [1.26] Improve error message when calling urllib3.request() (#3058) 3c01480 [1.26] Run coverage even with failed jobs d94029b Release 1.26.16 Additional commits viewable in compare view Updates requests from 2.25.1 to 2.31.0 Release notes Sourced from requests's releases. v2.31.0 2.31.0 (2023-05-22) Security Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our Github Security Advisory and CVE-2023-32681. v2.30.0 2.30.0 (2023-05-03) Dependencies ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading. Users who wish to stay on urllib3 1.x can pin to urllib3<2. v2.29.0 2.29.0 (2023-04-26) Improvements Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226) Requests relaxes header component requirements to support bytes/str subclasses. (#6356) ... (truncated) Changelog Sourced from requests's changelog. 2.31.0 (2023-05-22) Security Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our Github Security Advisory and CVE-2023-32681. 2.30.0 (2023-05-03) Dependencies ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading. Users who wish to stay on urllib3 1.x can pin to urllib3<2. 2.29.0 (2023-04-26) Improvements Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226) Requests relaxes header component requirements to support bytes/str subclasses. (#6356) 2.28.2 (2023-01-12) ... (truncated) Commits 147c851 v2.31.0 74ea7cf Merge pull request from GHSA-j8r2-6x86-q33q 3022253 test on pypy 3.8 and pypy 3.9 on windows and macos (#6424) b639e66 test on py3.12 (#6448) d3d5044 Fixed a small typo (#6452) 2ad18e0 v2.30.0 f2629e9 Remove strict parameter (#6434) 87d63de v2.29.0 51716c4 enable the warnings plugin (#6416) a7da1ab try on ubuntu 22.04 (#6418) Additional commits viewable in compare view Updates certifi from 2021.10.8 to 2023.7.22 Commits 8fb96ed 2023.07.22 afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) 44df761 Hash pin Actions and enable dependabot (#228) 8b3d7ba 2023.05.07 53da240 ci: Add Python 3.12-dev to the testing (#224) c2fc3b1 Create a Security Policy (#222) c211ef4 Set up permissions to github workflows (#218) 2087de5 Don't let deprecation warning fail CI (#219) e0b9fc5 remove paragraphs about 1024-bit roots from README Additional commits viewable in compare view Updates idna from 2.10 to 3.7 Release notes Sourced from idna's releases. v3.7 What's Changed Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. Full Changelog: kjd/idna@v3.6...v3.7 Changelog Sourced from idna's changelog. 3.7 (2024-04-11) ++++++++++++++++ Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ Fix regression to include tests in source distribution. 3.5 (2023-11-24) ++++++++++++++++ Update to Unicode 15.1.0 String codec name is now "idna2008" as overriding the system codec "idna" was not working. Fix typing error for codec encoding "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly. Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives. Added security reporting protocol for project Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ Update to Unicode 15.0.0 Migrate to pyproject.toml for build information (PEP 621) Correct another instance where generic exception was raised instead of IDNAError for malformed input Source distribution uses zeroized file ownership for improved reproducibility Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ Update to Unicode 14.0.0 Update to in-line type annotations Throw IDNAError exception correctly for some malformed input Advertise support for Python 3.10 Improve testing regime on Github ... (truncated) Commits 1d365e1 Release v3.7 c1b3154 Merge pull request #172 from kjd/optimize-contextj 0394ec7 Merge branch 'master' into optimize-contextj cd58a23 Merge pull request #152 from elliotwutingfeng/dev 5beb28b More efficient resolution of joiner contexts 1b12148 Update ossf/scorecard-action to v2.3.1 d516b87 Update Github actions/checkout to v4 c095c75 Merge branch 'master' into dev 60a0a4c Fix typo in GitHub Actions workflow key 5918a0e Merge branch 'master' into dev Additional commits viewable in compare view Updates urllib3 from 1.26.7 to 1.26.18 Release notes Sourced from urllib3's releases. 1.26.18 Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4) 1.26.17 Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f) 1.26.16 Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954) 1.26.15 Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899) Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901) 1.26.14 Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850) Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module. 1.26.13 Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. 1.26.12 Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate. 1.26.11 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier. 1.26.10 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap 🔐 This is the first release to be signed with Sigstore! You can verify the distributables using the .sig and .crt files included on this release. Removed support for Python 3.5 Fixed an issue where a ProxyError recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. 1.26.9 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ... (truncated) Changelog Sourced from urllib3's changelog. 1.26.18 (2023-10-17) Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) _) 1.26.16 (2023-05-23) Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) _) 1.26.15 (2023-03-10) Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) __) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ([#2899](https://github.com/urllib3/urllib3/issues/2899) __) Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) __) 1.26.14 (2023-01-11) Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) __) Removed deprecated getheaders() calls in contrib module. Fixed the type hint of PoolKey.key_retries by adding bool to the union. ([#2865](https://github.com/urllib3/urllib3/issues/2865) __) 1.26.13 (2022-11-23) Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. 1.26.12 (2022-08-22) Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue _ for justification and info on how to migrate. 1.26.11 (2022-07-25) Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would ... (truncated) Commits 9c2c230 Release 1.26.18 (#3159) b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4 944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport c9016bf Release 1.26.17 0122035 Backport GHSA-v845-jxx5-vc9f (#3139) e63989f Fix installing brotli extra on Python 2.7 2e7a24d [1.26] Configure OS for RTD to fix building docs 57181d6 [1.26] Improve error message when calling urllib3.request() (#3058) 3c01480 [1.26] Run coverage even with failed jobs d94029b Release 1.26.16 Additional commits viewable in compare view Updates jinja2 from 3.0.2 to 3.1.3 Release notes Sourced from jinja2's releases. 3.1.3 This is a fix release for the 3.1.x feature branch. Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys. Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3 Milestone: https://github.com/pallets/jinja/milestone/15?closed=1 3.1.2 This is a fix release for the 3.1.0 feature release. Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2 Milestone: https://github.com/pallets/jinja/milestone/13?closed=1 3.1.1 Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1 Milestone: https://github.com/pallets/jinja/milestone/12?closed=1 3.1.0 This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time. Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0 Milestone: https://github.com/pallets/jinja/milestone/8?closed=1 MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1 3.0.3 Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Changelog Sourced from jinja2's changelog. Version 3.1.3 Released 2024-01-10 Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858 xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95 Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918 Version 3.1.2 Released 2022-04-28 Add parameters to Environment.overlay to match __init__. :issue:1645 Handle race condition in FileSystemBytecodeCache. :issue:1654 Version 3.1.1 Released 2022-03-25 The template filename on Windows uses the primary path separator. :issue:1637 Version 3.1.0 Released 2022-03-24 Drop support for Python 3.6. :pr:1534 Remove previously deprecated code. :pr:1544 WithExtension and AutoEscapeExtension are built-in now. contextfilter and contextfunction are replaced by pass_context. evalcontextfilter and evalcontextfunction are replaced by pass_eval_context. environmentfilter and environmentfunction are replaced by pass_environment. Markup and escape should be imported from MarkupSafe. Compiled templates from very old Jinja versions may need to be recompiled. Legacy resolve mode for Context subclasses is no longer supported. Override resolve_or_missing instead of ... (truncated) Commits d9de4bb release version 3.1.3 50124e1 skip test pypi 9ea7222 use trusted publishing da703f7 use trusted publishing bce1746 use trusted publishing 7277d80 update pre-commit hooks 5c8a105 Make nested-trans-block exceptions nicer (#1918) 19a55db Make nested-trans-block exceptions nicer 7167953 Merge pull request from GHSA-h5c8-rqwp-cp95 7dd3680 xmlattr filter disallows keys with spaces Additional commits viewable in compare view Updates setuptools from 58.2.0 to 65.5.1 Release notes Sourced from setuptools's releases. v65.5.1 No release notes provided. v65.5.0 No release notes provided. v65.4.1 No release notes provided. v65.4.0 No release notes provided. v65.3.0 No release notes provided. v65.2.0 No release notes provided. v65.1.1 No release notes provided. v65.1.0 No release notes provided. v65.0.2 No release notes provided. v65.0.1 No release notes provided. v65.0.0 No release notes provided. v64.0.3 No release notes provided. v64.0.2 No release notes provided. v64.0.1 No release notes provided. v64.0.0 No release notes provided. v63.4.3 No release notes provided. v63.4.2 No release notes provided. ... (truncated) Changelog Sourced from setuptools's changelog. v65.5.1 Misc #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok #3659: Fixed REDoS vector in package_index -- by :user:SCH227 v65.5.0 Changes #3624: Fixed editable install for multi-module/no-package src-layout projects. #3626: Minor refactorings to support distutils using stdlib logging module. Documentation changes #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide. Misc #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning). #3576: Updated version of validate_pyproject. v65.4.1 Misc #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files. #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181. v65.4.0 Changes #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177. v65.3.0 ... (truncated) Commits a462cb5 Bump version: 65.5.0 → 65.5.1 de35d8b Merge pull request #3656 from bmorris3/typos 58e23de Update changelog. Ref #3659. 43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659. 5791343 Add test capturing failed expectation. Ref #3659. 1f97905 ⚫ Fade to black. 6254567 Remove workaround for emacs. 729b180 ⚫ Fade to black. c068081 Typo corrections f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655. Additional commits viewable in compare view Updates wheel from 0.37.1 to 0.38.1 Changelog Sourced from wheel's changelog. Release Notes 0.43.0 (2024-03-11) Dropped support for Python 3.7 Updated vendored packaging to 24.0 0.42.0 (2023-11-26) Allowed removing build tag with wheel tags --build "" Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert) 0.41.3 (2023-10-30) Updated vendored packaging to 23.2 Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross) 0.41.2 (2023-08-22) Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois) Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves) Fixed ABI tag generation for GraalPy (PR by Michael Simacek) 0.41.1 (2023-08-05) Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri) Fixed version specifiers in Requires-Dist being wrapped in parentheses 0.41.0 (2023-07-22) Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag) Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner) Support testing on Python 3.12 betas (PR by Ewout ter Hoeven) 0.40.0 (2023-03-14) Added a wheel tags command to modify tags on an existing wheel (PR by Henry Schreiner) Updated vendored packaging to 23.0 wheel unpack now preserves the executable attribute of extracted files ... (truncated) Commits 6f1608d Created a new release cf8f5ef Moved news item from PR #484 to its proper place 9ec2016 Removed install dependency on setuptools (#483) 747e1f6 Fixed PyPy SOABI parsing (#484) 7627548 [pre-commit.ci] pre-commit autoupdate (#480) 7b9e8e1 Test on Python 3.11 final a04dfef Updated the pypi-publish action 94bb62c Fixed docs not building due to code style changes d635664 Updated the codecov action to the latest version fcb94cd Updated vers... Description has been truncated

Open Graph Description: Bumps the pip group with 4 updates in the /examples/build_file_generation directory: requests, certifi, idna and urllib3. Bumps the pip group with 6 updates in the /examples/pip_parse directory: ...

X Description: Bumps the pip group with 4 updates in the /examples/build_file_generation directory: requests, certifi, idna and urllib3. Bumps the pip group with 6 updates in the /examples/pip_parse directory: ...

Opengraph URL: https://github.com/testfailed/rules_python/pull/18

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Links:

Viewport: width=device-width