René's URL Explorer Experiment

Title: Bump the pip group across 3 directories with 7 updates by dependabot[bot] · Pull Request #21 · testfailed/rules_python · GitHub

Open Graph Title: Bump the pip group across 3 directories with 7 updates by dependabot[bot] · Pull Request #21 · testfailed/rules_python

X Title: Bump the pip group across 3 directories with 7 updates by dependabot[bot] · Pull Request #21 · testfailed/rules_python

Description: Bumps the pip group with 4 updates in the /examples/build_file_generation directory: requests, certifi, idna and urllib3. Bumps the pip group with 6 updates in the /examples/pip_parse directory: Package From To requests 2.25.1 2.32.2 certifi 2021.10.8 2023.7.22 idna 2.10 3.7 urllib3 1.26.7 1.26.19 jinja2 3.0.2 3.1.4 setuptools 58.2.0 65.5.1 Bumps the pip group with 1 update in the /examples/pip_repository_annotations directory: wheel. Updates requests from 2.25.1 to 2.32.2 Release notes Sourced from requests's releases. v2.32.2 2.32.2 (2024-05-21) Deprecations To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) v2.32.1 2.32.1 (2024-05-20) Bugfixes Add missing test certs to the sdist distributed on PyPI. v2.32.0 2.32.0 (2024-05-20) 🐍 PYCON US 2024 EDITION 🐍 Security Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56) Improvements verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667) Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702) Bugfixes Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589) Fixed deserialization bug in JSONDecodeError. (#6629) Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644) ... (truncated) Changelog Sourced from requests's changelog. 2.32.2 (2024-05-21) Deprecations To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) 2.32.1 (2024-05-20) Bugfixes Add missing test certs to the sdist distributed on PyPI. 2.32.0 (2024-05-20) Security Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56) Improvements verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667) Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702) Bugfixes Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589) Fixed deserialization bug in JSONDecodeError. (#6629) Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644) Deprecations ... (truncated) Commits 88dce9d v2.32.2 c98e4d1 Merge pull request #6710 from nateprewitt/api_rename 92075b3 Add deprecation warning aa1461b Move _get_connection to get_connection_with_tls_context 970e8ce v2.32.1 d6ebc4a v2.32.0 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667) 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection 555b870 Allow character detection dependencies to be optional in post-packaging steps d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test Additional commits viewable in compare view Updates certifi from 2020.12.5 to 2023.7.22 Commits 8fb96ed 2023.07.22 afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) 44df761 Hash pin Actions and enable dependabot (#228) 8b3d7ba 2023.05.07 53da240 ci: Add Python 3.12-dev to the testing (#224) c2fc3b1 Create a Security Policy (#222) c211ef4 Set up permissions to github workflows (#218) 2087de5 Don't let deprecation warning fail CI (#219) e0b9fc5 remove paragraphs about 1024-bit roots from README Additional commits viewable in compare view Updates idna from 2.10 to 3.7 Release notes Sourced from idna's releases. v3.7 What's Changed Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. Full Changelog: kjd/idna@v3.6...v3.7 Changelog Sourced from idna's changelog. 3.7 (2024-04-11) ++++++++++++++++ Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ Fix regression to include tests in source distribution. 3.5 (2023-11-24) ++++++++++++++++ Update to Unicode 15.1.0 String codec name is now "idna2008" as overriding the system codec "idna" was not working. Fix typing error for codec encoding "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly. Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives. Added security reporting protocol for project Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ Update to Unicode 15.0.0 Migrate to pyproject.toml for build information (PEP 621) Correct another instance where generic exception was raised instead of IDNAError for malformed input Source distribution uses zeroized file ownership for improved reproducibility Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ Update to Unicode 14.0.0 Update to in-line type annotations Throw IDNAError exception correctly for some malformed input Advertise support for Python 3.10 Improve testing regime on Github ... (truncated) Commits 1d365e1 Release v3.7 c1b3154 Merge pull request #172 from kjd/optimize-contextj 0394ec7 Merge branch 'master' into optimize-contextj cd58a23 Merge pull request #152 from elliotwutingfeng/dev 5beb28b More efficient resolution of joiner contexts 1b12148 Update ossf/scorecard-action to v2.3.1 d516b87 Update Github actions/checkout to v4 c095c75 Merge branch 'master' into dev 60a0a4c Fix typo in GitHub Actions workflow key 5918a0e Merge branch 'master' into dev Additional commits viewable in compare view Updates urllib3 from 1.26.5 to 1.26.19 Release notes Sourced from urllib3's releases. 1.26.19 🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul. Thank you for your support. Changes Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. Full Changelog: urllib3/urllib3@1.26.18...1.26.19 Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release. 1.26.18 Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4) 1.26.17 Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f) 1.26.16 Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954) 1.26.15 Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899) Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901) 1.26.14 Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850) Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module. 1.26.13 Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. 1.26.12 Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate. 1.26.11 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier. ... (truncated) Changelog Sourced from urllib3's changelog. 1.26.19 (2024-06-17) Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) __) 1.26.18 (2023-10-17) Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. 1.26.16 (2023-05-23) Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) _) 1.26.15 (2023-03-10) Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) __) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ([#2899](https://github.com/urllib3/urllib3/issues/2899) __) Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) __) 1.26.14 (2023-01-11) Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) __) Removed deprecated getheaders() calls in contrib module. 1.26.13 (2022-11-23) Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. ... (truncated) Commits d9d85c8 Release 1.26.19 8528b63 [1.26] Fix downstream tests (#3409) 40b6d16 Merge pull request from GHSA-34jh-p97f-mpxf 29cfd02 Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405) b600643 [1.26] Bump RECENT_DATE (#3404) 7e2d389 [1.26] Fix running CPython 2.7 tests in CI (#3137) 9c2c230 Release 1.26.18 (#3159) b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4 944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport c9016bf Release 1.26.17 Additional commits viewable in compare view Updates requests from 2.25.1 to 2.32.2 Release notes Sourced from requests's releases. v2.32.2 2.32.2 (2024-05-21) Deprecations To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) v2.32.1 2.32.1 (2024-05-20) Bugfixes Add missing test certs to the sdist distributed on PyPI. v2.32.0 2.32.0 (2024-05-20) 🐍 PYCON US 2024 EDITION 🐍 Security Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56) Improvements verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667) Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702) Bugfixes Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589) Fixed deserialization bug in JSONDecodeError. (#6629) Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644) ... (truncated) Changelog Sourced from requests's changelog. 2.32.2 (2024-05-21) Deprecations To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710) 2.32.1 (2024-05-20) Bugfixes Add missing test certs to the sdist distributed on PyPI. 2.32.0 (2024-05-20) Security Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56) Improvements verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667) Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702) Bugfixes Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589) Fixed deserialization bug in JSONDecodeError. (#6629) Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644) Deprecations ... (truncated) Commits 88dce9d v2.32.2 c98e4d1 Merge pull request #6710 from nateprewitt/api_rename 92075b3 Add deprecation warning aa1461b Move _get_connection to get_connection_with_tls_context 970e8ce v2.32.1 d6ebc4a v2.32.0 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667) 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection 555b870 Allow character detection dependencies to be optional in post-packaging steps d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test Additional commits viewable in compare view Updates certifi from 2021.10.8 to 2023.7.22 Commits 8fb96ed 2023.07.22 afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) 44df761 Hash pin Actions and enable dependabot (#228) 8b3d7ba 2023.05.07 53da240 ci: Add Python 3.12-dev to the testing (#224) c2fc3b1 Create a Security Policy (#222) c211ef4 Set up permissions to github workflows (#218) 2087de5 Don't let deprecation warning fail CI (#219) e0b9fc5 remove paragraphs about 1024-bit roots from README Additional commits viewable in compare view Updates idna from 2.10 to 3.7 Release notes Sourced from idna's releases. v3.7 What's Changed Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. Full Changelog: kjd/idna@v3.6...v3.7 Changelog Sourced from idna's changelog. 3.7 (2024-04-11) ++++++++++++++++ Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ Fix regression to include tests in source distribution. 3.5 (2023-11-24) ++++++++++++++++ Update to Unicode 15.1.0 String codec name is now "idna2008" as overriding the system codec "idna" was not working. Fix typing error for codec encoding "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly. Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives. Added security reporting protocol for project Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ Update to Unicode 15.0.0 Migrate to pyproject.toml for build information (PEP 621) Correct another instance where generic exception was raised instead of IDNAError for malformed input Source distribution uses zeroized file ownership for improved reproducibility Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ Update to Unicode 14.0.0 Update to in-line type annotations Throw IDNAError exception correctly for some malformed input Advertise support for Python 3.10 Improve testing regime on Github ... (truncated) Commits 1d365e1 Release v3.7 c1b3154 Merge pull request #172 from kjd/optimize-contextj 0394ec7 Merge branch 'master' into optimize-contextj cd58a23 Merge pull request #152 from elliotwutingfeng/dev 5beb28b More efficient resolution of joiner contexts 1b12148 Update ossf/scorecard-action to v2.3.1 d516b87 Update Github actions/checkout to v4 c095c75 Merge branch 'master' into dev 60a0a4c Fix typo in GitHub Actions workflow key 5918a0e Merge branch 'master' into dev Additional commits viewable in compare view Updates urllib3 from 1.26.7 to 1.26.19 Release notes Sourced from urllib3's releases. 1.26.19 🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul. Thank you for your support. Changes Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. Full Changelog: urllib3/urllib3@1.26.18...1.26.19 Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release. 1.26.18 Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4) 1.26.17 Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f) 1.26.16 Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954) 1.26.15 Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899) Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901) 1.26.14 Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850) Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module. 1.26.13 Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. 1.26.12 Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate. 1.26.11 If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors. ⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier. ... (truncated) Changelog Sourced from urllib3's changelog. 1.26.19 (2024-06-17) Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) __) 1.26.18 (2023-10-17) Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. 1.26.16 (2023-05-23) Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) _) 1.26.15 (2023-03-10) Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) __) Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ([#2899](https://github.com/urllib3/urllib3/issues/2899) __) Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) __) 1.26.14 (2023-01-11) Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) __) Removed deprecated getheaders() calls in contrib module. 1.26.13 (2022-11-23) Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods. Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. Fixed a deprecation warning when using cryptography v39.0.0. Removed the <4 in the Requires-Python packaging metadata field. ... (truncated) Commits d9d85c8 Release 1.26.19 8528b63 [1.26] Fix downstream tests (#3409) 40b6d16 Merge pull request from GHSA-34jh-p97f-mpxf 29cfd02 Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405) b600643 [1.26] Bump RECENT_DATE (#3404) 7e2d389 [1.26] Fix running CPython 2.7 tests in CI (#3137) 9c2c230 Release 1.26.18 (#3159) b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4 944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport c9016bf Release 1.26.17 Additional commits viewable in compare view Updates jinja2 from 3.0.2 to 3.1.4 Release notes Sourced from jinja2's releases. 3.1.4 This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4 The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj 3.1.3 This is a fix release for the 3.1.x feature branch. Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys. Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3 Milestone: https://github.com/pallets/jinja/milestone/15?closed=1 3.1.2 This is a fix release for the 3.1.0 feature release. Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2 Milestone: https://github.com/pallets/jinja/milestone/13?closed=1 3.1.1 Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1 Milestone: https://github.com/pallets/jinja/milestone/12?closed=1 3.1.0 This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time. Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0 Milestone: https://github.com/pallets/jinja/milestone/8?closed=1 MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1 3.0.3 Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Changelog Sourced from jinja2's changelog. Version 3.1.4 Released 2024-05-05 The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj Version 3.1.3 Released 2024-01-10 Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858 xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95 Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918 Version 3.1.2 Released 2022-04-28 Add parameters to Environment.overlay to match __init__. :issue:1645 Handle race condition in FileSystemBytecodeCache. :issue:1654 Version 3.1.1 Released 2022-03-25 The template filename on Windows uses the primary path separator. :issue:1637 Version 3.1.0 Released 2022-03-24 Drop support for Python 3.6. :pr:1534 Remove previously deprecated code. :pr:1544 ... (truncated) Commits dd4a8b5 release version 3.1.4 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj d655030 disallow invalid characters in keys to xmlattr filter a7863ba add ghsa links b5c98e7 start version 3.1.4 da3a9f0 update project files (#1968) 0ee5eb4 satisfy formatter, linter, and strict mypy 20477c6 update project files (#5457) e491223 update pyyaml dev dependency 36f9885 fix pr link Additional commits viewable in compare view Updates setuptools from 58.2.0 to 65.5.1 Release notes Sourced from setuptools's releases. v65.5.1 No release notes provided. v65.5.0 No release notes provided. v65.4.1 No release notes provided. v65.4.0 No release notes provided. v65.3.0 No release notes provided. v65.2.0 No release notes provided. v65.1.1 No release notes provided. v65.1.0 No release notes provided. v65.0.2 No release notes provided. v65.0.1 No release notes provided. v65.0.0 No release notes provided. v64.0.3 No release notes provided. v64.0.2 No release notes provided. v64.0.1 No release notes provided. v64.0.0 No release notes provided. v63.4.3 No release notes provided. v63.4.2 No release notes provided. ... (truncated) Changelog Sourced from setuptools's changelog. v65.5.1 Misc #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok #3659: Fixed REDoS vector in package_index -- by :user:SCH227 v65.5.0 Changes #3624: Fixed editable install for multi-module/no-package src-layout projects. #3626: Minor refactorings to support distutils using stdlib logging module. Documentation changes #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide. Misc #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning). #3576: Updated version of validate_pyproject. v65.4.1 Misc #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files. #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181. v65.4.0 Changes #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177. v65.3.0 ... (truncated) Commits a462cb5 Bump version: 65.5.0 → 65.5.1 de35d8b Merge pull request #3656 from bmorris3/typos 58e23de Update changelog. Ref #3659. 43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659. 5791343 Add test capturing failed expectation. Ref #3659. 1f97905 ⚫ Fade to black. 6254567 Remove workaround for emacs. 729b180 ⚫ Fade to black. c068081 Typo corrections f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655. Additional commits viewable in compare view Updates wheel from 0.37.1 to 0.38.1 Changelog Sourced from wheel's changelog. Release Notes UNRELEASED Canonicalize requirements in METADATA file (PR by Wim Jeantine-Glenn) 0.43.0 (2024-03-11) Dropped support for Python 3.7 Updated vendored packaging to 24.0 0.42.0 (2023-11-26) Allowed removing build tag with wheel tags --build "" Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert) 0.41.3 (2023-10-30) Updated vendored packaging to 23.2 Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross) 0.41.2 (2023-08-22) Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois) Fixed wheel tags<... Description has been truncated

Open Graph Description: Bumps the pip group with 4 updates in the /examples/build_file_generation directory: requests, certifi, idna and urllib3. Bumps the pip group with 6 updates in the /examples/pip_parse directory: ...

X Description: Bumps the pip group with 4 updates in the /examples/build_file_generation directory: requests, certifi, idna and urllib3. Bumps the pip group with 6 updates in the /examples/pip_parse directory: ...

Opengraph URL: https://github.com/testfailed/rules_python/pull/21

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Links:

Viewport: width=device-width