Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade: Bump the regression group in /regression_runner with 6 updates #22

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2023

Bumps the regression group in /regression_runner with 6 updates:

Package From To
aiohttp 3.8.5 3.8.6
async-timeout 4.0.2 4.0.3
chardet 5.1.0 5.2.0
click 8.1.6 8.1.7
coverage 7.2.7 7.3.2
typing-extensions 4.7.1 4.8.0

Updates aiohttp from 3.8.5 to 3.8.6

Release notes

Sourced from aiohttp's releases.

3.8.6

Security bugfixes

  • Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer

    Thanks to :user:kenballus for reporting this, see GHSA-pjjw-qhg8-p2p9.

    .. _llhttp: https://llhttp.org

    (#7647)

  • Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer

    Thanks to :user:kenballus for reporting this, see GHSA-gfw2-4jvh-wgfg.

    (#7663)

Deprecation

  • Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function.

    Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.

    (#7561)

Features

  • Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer

    (#7490)

Bugfixes

  • Fixed PermissionError when .netrc is unreadable due to permissions.

    (#7237)

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.8.6 (2023-10-07)

Security bugfixes

  • Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer

    Thanks to :user:kenballus for reporting this, see GHSA-pjjw-qhg8-p2p9.

    .. _llhttp: https://llhttp.org

    [#7647](https://github.com/aio-libs/aiohttp/issues/7647) <https://github.com/aio-libs/aiohttp/issues/7647>_

  • Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer

    Thanks to :user:kenballus for reporting this, see GHSA-gfw2-4jvh-wgfg.

    [#7663](https://github.com/aio-libs/aiohttp/issues/7663) <https://github.com/aio-libs/aiohttp/issues/7663>_

Deprecation

  • Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function.

    Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.

    [#7561](https://github.com/aio-libs/aiohttp/issues/7561) <https://github.com/aio-libs/aiohttp/issues/7561>_

Features

  • Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer

    [#7490](https://github.com/aio-libs/aiohttp/issues/7490) <https://github.com/aio-libs/aiohttp/issues/7490>_

Bugfixes

  • Fixed PermissionError when .netrc is unreadable due to permissions.

... (truncated)

Commits

Updates async-timeout from 4.0.2 to 4.0.3

Release notes

Sourced from async-timeout's releases.

4.0.3

  • Fixed compatibility with asyncio.timeout() on Python 3.11+.
  • Added support for Python 3.11.
  • Dropped support for Python 3.6.
Changelog

Sourced from async-timeout's changelog.

4.0.3 (2023-08-10)

  • Fixed compatibility with asyncio.timeout() on Python 3.11+.
  • Added support for Python 3.11.
  • Dropped support for Python 3.6.
Commits

Updates chardet from 5.1.0 to 5.2.0

Release notes

Sourced from chardet's releases.

chardet 5.2.0

Adds support for running chardet CLI via python -m chardet (0e9b7bc20366163efcc221281201baff4100fe19, @​dan-blanchard)

Commits

Updates click from 8.1.6 to 8.1.7

Release notes

Sourced from click's releases.

8.1.7

This is a fix release for the 8.1.x feature branch.

Changelog

Sourced from click's changelog.

Version 8.1.7

Released 2023-08-17

  • Fix issue with regex flags in shell completion. :issue:2581
  • Bash version detection issues a warning instead of an error. :issue:2574
  • Fix issue with completion script for Fish shell. :issue:2567
Commits
  • 874ca2b release version 8.1.7
  • 6e1f6d3 completion(fish): add back ; as line endings in fish script (#2570)
  • a955c77 update fish enabling script
  • 3c1529e add back semicolons in fish script
  • a260ca6 Replace bash shell completion version error with warning (#2576)
  • d9db70c bash version support shows warning instead of error
  • 22b9b1c Fix incorrect passing of flags to re.sub (#2581)
  • d69d210 fix flake8 finding
  • af2da1e Fix incorrect passing of flags to re.sub
  • bb6a872 start version 8.1.7
  • Additional commits viewable in compare view

Updates coverage from 7.2.7 to 7.3.2

Changelog

Sourced from coverage's changelog.

Version 7.3.2 — 2023-10-02

  • The coverage lcov command ignored the [report] exclude_lines and [report] exclude_also settings (issue 1684). This is now fixed, thanks Jacqueline Lee <pull 1685_>.

  • Sometimes SQLite will create journal files alongside the coverage.py database files. These are ephemeral, but could be mistakenly included when combining data files. Now they are always ignored, fixing issue 1605_. Thanks to Brad Smith for suggesting fixes and providing detailed debugging.

  • On Python 3.12+, we now disable SQLite writing journal files, which should be a little faster.

  • The new 3.12 soft keyword type is properly bolded in HTML reports.

  • Removed the "fullcoverage" feature used by CPython to measure the coverage of early-imported standard library modules. CPython stopped using it <88054_>_ in 2021, and it stopped working completely in Python 3.13.

.. _issue 1605: nedbat/coveragepy#1605 .. _issue 1684: nedbat/coveragepy#1684 .. _pull 1685: nedbat/coveragepy#1685 .. _88054: python/cpython#88054

.. _changes_7-3-1:

Version 7.3.1 — 2023-09-06

  • The semantics of stars in file patterns has been clarified in the docs. A leading or trailing star matches any number of path components, like a double star would. This is different than the behavior of a star in the middle of a pattern. This discrepancy was identified by Sviatoslav Sydorenko <starbad_>, who provided patient detailed diagnosis <pull 1650_> and graciously agreed to a pragmatic resolution.

  • The API docs were missing from the last version. They are now restored <apidocs_>_.

.. _apidocs: https://coverage.readthedocs.io/en/latest/api_coverage.html .. _starbad: nedbat/coveragepy#1407 .. _pull 1650: nedbat/coveragepy#1650

.. _changes_7-3-0:

Version 7.3.0 — 2023-08-12

... (truncated)

Commits
  • a316513 build: fix the pypy wheel arguments
  • 7ec2c62 docs: sample HTML for 7.3.2
  • ffd954f docs: prep for 7.3.2
  • 1ea3907 refactor: don't access frame structs directly
  • 7b8dec9 feat!: remove fullcoverage, it doesn't work in 3.13
  • 1040bce refactor: remove unused interned strings
  • 9ab9e0c fix: 3.12 soft keyword type is bolded in HTML
  • 8624ce9 fix: really turn off SQLite journal files on 3.12+
  • 604aafa chore: make upgrade
  • 7c25ba0 fix: don't combine journal files. #1605
  • Additional commits viewable in compare view

Updates typing-extensions from 4.7.1 to 4.8.0

Release notes

Sourced from typing-extensions's releases.

4.8.0

Changes since 4.7.1:

  • Add typing_extensions.Doc, as proposed by PEP 727. Patch by Sebastián Ramírez.
  • Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
  • Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class. Patch by Alex Waygood (backporting python/cpython#107584, by James Hilton-Balfe).
  • Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11. Patch by James Hilton-Balfe

No changes since 4.8.0rc1.

4.8.0rc1

  • Add typing_extensions.Doc, as proposed by PEP 727. Patch by Sebastián Ramírez.
  • Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
  • Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class. Patch by Alex Waygood (backporting python/cpython#107584, by James Hilton-Balfe).
  • Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11. Patch by James Hilton-Balfe
Changelog

Sourced from typing-extensions's changelog.

Release 4.8.0 (September 17, 2023)

No changes since 4.8.0rc1.

Release 4.8.0rc1 (September 7, 2023)

  • Add typing_extensions.Doc, as proposed by PEP 727. Patch by Sebastián Ramírez.
  • Drop support for Python 3.7 (including PyPy-3.7). Patch by Alex Waygood.
  • Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class. Patch by Alex Waygood (backporting python/cpython#107584, by James Hilton-Balfe).
  • Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11. Patch by James Hilton-Balfe
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the regression group in /regression_runner with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.8.5` | `3.8.6` |
| [async-timeout](https://github.com/aio-libs/async-timeout) | `4.0.2` | `4.0.3` |
| [chardet](https://github.com/chardet/chardet) | `5.1.0` | `5.2.0` |
| [click](https://github.com/pallets/click) | `8.1.6` | `8.1.7` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.2.7` | `7.3.2` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.7.1` | `4.8.0` |


Updates `aiohttp` from 3.8.5 to 3.8.6
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.8.5...v3.8.6)

Updates `async-timeout` from 4.0.2 to 4.0.3
- [Release notes](https://github.com/aio-libs/async-timeout/releases)
- [Changelog](https://github.com/aio-libs/async-timeout/blob/master/CHANGES.rst)
- [Commits](aio-libs/async-timeout@v4.0.2...v4.0.3)

Updates `chardet` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/chardet/chardet/releases)
- [Commits](chardet/chardet@5.1.0...5.2.0)

Updates `click` from 8.1.6 to 8.1.7
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.1.6...8.1.7)

Updates `coverage` from 7.2.7 to 7.3.2
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.2.7...7.3.2)

Updates `typing-extensions` from 4.7.1 to 4.8.0
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.7.1...4.8.0)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: regression
- dependency-name: async-timeout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: regression
- dependency-name: chardet
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: regression
- dependency-name: click
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: regression
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: regression
- dependency-name: typing-extensions
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: regression
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 1, 2023
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 4, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 4, 2024
@dependabot dependabot bot deleted the dependabot/pip/regression_runner/regression-d7297ced64 branch January 4, 2024 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants