build(deps): bump the prod-dependencies group across 1 directory with 31 updates #190

dependabot · 2025-03-31T00:13:40Z

Bumps the prod-dependencies group with 31 updates in the / directory:

Package	From	To
babel	`2.14.0`	`2.17.0`
boto3	`1.34.93`	`1.37.23`
boto3-stubs	`1.34.93`	`1.37.23`
botocore	`1.34.93`	`1.37.23`
botocore-stubs	`1.34.93`	`1.37.23`
build	`1.2.1`	`1.2.2`
charset-normalizer	`3.3.2`	`3.4.1`
coverage	`7.5.0`	`7.8.0`
idna	`3.7`	`3.10`
iniconfig	`2.0.0`	`2.1.0`
jinja2	`3.1.3`	`3.1.6`
keyring	`25.2.0`	`25.6.0`
more-itertools	`10.2.0`	`10.6.0`
mypy-boto3-cognito-identity	`1.34.0`	`1.37.13`
mypy-boto3-cognito-idp	`1.34.93`	`1.37.13`
nh3	`0.2.17`	`0.2.21`
packaging	`24.0`	`24.2`
pkginfo	`1.10.0`	`1.12.1.2`
pygments	`2.17.2`	`2.19.1`
pyproject-hooks	`1.0.0`	`1.2.0`
pytest	`8.2.0`	`8.3.5`
python-dotenv	`1.0.1`	`1.1.0`
requests	`2.31.0`	`2.32.3`
s3transfer	`0.10.1`	`0.11.4`
six	`1.16.0`	`1.17.0`
sphinx-markdown-builder	`0.6.6`	`0.6.8`
sphinxcontrib-htmlhelp	`2.0.5`	`2.1.0`
types-awscrt	`0.20.9`	`0.24.2`
types-s3transfer	`0.10.1`	`0.11.4`
typing-extensions	`4.11.0`	`4.12.2`
zipp	`3.18.1`	`3.21.0`

Updates babel from 2.14.0 to 2.17.0

Release notes

Sourced from babel's releases.

v2.17.0

Happy 2025! This release is being made from FOSDEM 2025, in Brussels, Belgium. 🇧🇪

Thank you to all contributors, new and old, and here's to another great year of internationalization and localization!

The changelog below is auto-generated by GitHub.

Please see CHANGELOG.rst for additional details.

What's Changed

Fix deprecation warnings for datetime.utcnow() by @tomasr8 in python-babel/babel#1119

Enclose white spaces in references by @Dunedan in python-babel/babel#1105

Replace str.index with str.find by @tomasr8 in python-babel/babel#1130

Replace more alternate characters in format_skeleton by @tomasr8 in python-babel/babel#1122

Fix extracted lineno with nested calls by @dylankiss in python-babel/babel#1126

"Deleted duplicate code in test" by @mattdiaz007 in python-babel/babel#1138

Fix of list index out of range error in PoFileParser.add_message when translations is empty by @gabe-sherman in python-babel/babel#1135

Make seconds optional in parse_time time formats by @tomasr8 in python-babel/babel#1141

Mark wraptext deprecated; use TextWrapper directly in write_po by @akx in python-babel/babel#1140

Fix the way obsolete messages are stored by @tomasr8 in python-babel/babel#1132

Replace OrderedDict with just dict by @tomasr8 in python-babel/babel#1149

Use CLDR 46 by @tomasr8 in python-babel/babel#1145

Update CI to use python 3.13 and Ubuntu 24.04 by @tomasr8 in python-babel/babel#1153

Adjust docs/conf.py to add compatibility with sphinx 8 by @hrnciar in python-babel/babel#1155

Allow specifying an explicit format in parse_date/parse_time by @tomasr8 in python-babel/babel#1131

Simplify read_mo logic regarding catalog.charset by @tomasr8 in python-babel/babel#1148

Bump CI/tool versions by @akx in python-babel/babel#1160

fix: check_and_call_extract_file uses the first matching method and options, instead of the first matching method and last matching options by @jpmckinney in python-babel/babel#1121

Prevent wrapping file locations containing white space by @tomasr8 in python-babel/babel#1120

Add tzdata as dev dependency and sync with tox.ini by @wandrew004 in python-babel/babel#1159

Support short and narrow formats for format_timedelta when using add_direction by @akx in python-babel/babel#1163

Improve handling for locale=None by @akx in python-babel/babel#1164

Use pytest.raises(match=...) by @akx in python-babel/babel#1166

Strip extra leading slashes in /etc/localtime by @akx in python-babel/babel#1165

Remove redundant assignment in Catalog.__setitem__ by @tomasr8 in python-babel/babel#1167

Small cleanups by @akx in python-babel/babel#1170

Small test cleanup by @akx in python-babel/babel#1172

Add Message.python_brace_format by @tomasr8 in python-babel/babel#1169

Import Literal from the typing module by @tomasr8 in python-babel/babel#1175

Prefer LC_MONETARY when formatting currencies by @akx in python-babel/babel#1173

Fix dates formatting Y, w and W symbols for week-numbering by @jun66j5 in python-babel/babel#1179

Increase test coverage of the python_format checker by @tomasr8 in python-babel/babel#1176

Prepare for 2.17.0 by @akx in python-babel/babel#1182

New Contributors

@Dunedan made their first contribution in python-babel/babel#1105

... (truncated)

Changelog

Sourced from babel's changelog.

Version 2.17.0

Happy 2025! This release is being made from FOSDEM 2025, in Brussels, Belgium.

Thank you to all contributors, new and old, and here's to another great year of internationalization and localization!

Features

* CLDR: Babel now uses CLDR 46, by @tomasr8 in :gh:`1145` * Dates: Allow specifying an explicit format in parse_date/parse_time by @tomasr8 in :gh:`1131` * Dates: More alternate characters are now supported by `format_skeleton`. By @tomasr8 in :gh:`1122` * Dates: Support short and narrow formats for format_timedelta when using `add_direction`, by @akx in :gh:`1163` * Messages: .po files now enclose white spaces in filenames like GNU gettext does. By @Dunedan in :gh:`1105`, and @tomasr8 in :gh:`1120` * Messages: Initial support for `Message.python_brace_format`, by @tomasr8 in :gh:`1169` * Numbers: LC_MONETARY is now preferred when formatting currencies, by @akx in :gh:`1173`

Bugfixes

Dates: Make seconds optional in parse_time time formats by @tomasr8 in :gh:1141
Dates: Replace str.index with str.find by @tomasr8 in :gh:1130
Dates: Strip extra leading slashes in /etc/localtime by @akx in :gh:1165
Dates: Week numbering and formatting of dates with week numbers was repaired by @jun66j5 in :gh:1179
General: Improve handling for locale=None by @akx in :gh:1164
General: Remove redundant assignment in Catalog.__setitem__ by @tomasr8 in :gh:1167
Messages: Fix extracted lineno with nested calls, by @dylankiss in :gh:1126
Messages: Fix of list index out of range when translations is empty, by @gabe-sherman in :gh:1135
Messages: Fix the way obsolete messages are stored by @tomasr8 in :gh:1132
Messages: Simplify read_mo logic regarding catalog.charset by @tomasr8 in :gh:1148
Messages: Use the first matching method & options, rather than first matching method & last options, by @jpmckinney in :gh:1121

Deprecation and compatibility


* Dates: Fix deprecation warnings for `datetime.utcnow()` by @tomasr8 in :gh:`1119`
* Docs: Adjust docs/conf.py to add compatibility with sphinx 8 by @hrnciar in :gh:`1155`
* General: Import `Literal` from the typing module by @tomasr8 in :gh:`1175`
* General: Replace `OrderedDict` with just `dict` by @tomasr8 in :gh:`1149`
* Messages: Mark `wraptext` deprecated; use `TextWrapper` directly in `write_po` by @akx in :gh:`1140`
Infrastructure

* Add tzdata as dev dependency and sync with tox.ini by @wandrew004 in :gh:`1159`
* Duplicate test code was deleted by @mattdiaz007 in :gh:`1138`
* Increase test coverage of the `python_format` checker by @tomasr8 in :gh:`1176`
* Small cleanups by @akx in :gh:`1160`, :gh:`1166`, :gh:`1170` and :gh:`1172`
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/python-babel/babel/commit/b50a1d2186c20f3359f7e10853d2b2225a46ed40&quot;&gt;&lt;code&gt;b50a1d2&lt;/code&gt;&lt;/a> Prepare for 2.17.0 (<a href="https://redirect.github.com/python-babel/babel/issues/1182&quot;&gt;#1182&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/5f117b2689573aa98acc8a47108c49b99f4d1394&quot;&gt;&lt;code&gt;5f117b2&lt;/code&gt;&lt;/a> Increase test coverage of the <code>python_format</code> checker (<a href="https://redirect.github.com/python-babel/babel/issues/1176&quot;&gt;#1176&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/363ad7531fb5dcdc3e9844573592b0b44afb914b&quot;&gt;&lt;code&gt;363ad75&lt;/code&gt;&lt;/a> Fix dates formatting <code>Y</code>, <code>w</code> and <code>W</code> symbols for week-numbering (<a href="https://redirect.github.com/python-babel/babel/issues/1179&quot;&gt;#1179&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/e9c3ef8d0de3080ca59f7f8dbabf9b52983adc7d&quot;&gt;&lt;code&gt;e9c3ef8&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/1173&quot;&gt;#1173&lt;/a> from python-babel/lc-monetary-2</li>

<li><a href="https://github.com/python-babel/babel/commit/56ef7c7f578a904917464c187e399abb762bd5e3&quot;&gt;&lt;code&gt;56ef7c7&lt;/code&gt;&lt;/a> Prefer LC_MONETARY when formatting currency</li>

<li><a href="https://github.com/python-babel/babel/commit/aee6d698b541dc50439280d7e093092cc0d4b832&quot;&gt;&lt;code&gt;aee6d69&lt;/code&gt;&lt;/a> <code>default_locale</code>: support multiple keys</li>

<li><a href="https://github.com/python-babel/babel/commit/2d8a808864d1aae5d3d02d4f95917c79740c5d35&quot;&gt;&lt;code&gt;2d8a808&lt;/code&gt;&lt;/a> Import <code>Literal</code> &amp; <code>TypedDict</code> from the typing module (<a href="https://redirect.github.com/python-babel/babel/issues/1175&quot;&gt;#1175&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/98b9562c05e5276038c27ec12c12f3e92dc027b6&quot;&gt;&lt;code&gt;98b9562&lt;/code&gt;&lt;/a> Add basic support for <code>Message.python_brace_format</code> (<a href="https://redirect.github.com/python-babel/babel/issues/1169&quot;&gt;#1169&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/0c1091c9de9543e30bc4b845eb10b5bf84516d7b&quot;&gt;&lt;code&gt;0c1091c&lt;/code&gt;&lt;/a> Small test cleanup (<a href="https://redirect.github.com/python-babel/babel/issues/1172&quot;&gt;#1172&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/db4879136a7fbcef475f26b75dbdd65d0ce488f9&quot;&gt;&lt;code&gt;db48791&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/1170&quot;&gt;#1170&lt;/a> from python-babel/small-cleanup</li>

<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.14.0...v2.17.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates boto3 from 1.34.93 to 1.37.23

Commits

5a2b01c Merge branch 'release-1.37.23'
35a80d1 Bumping version to 1.37.23
97cedaa Add changelog entries from botocore
b08cb7b Merge branch 'release-1.37.22'
a56cf8f Merge branch 'release-1.37.22' into develop
8f2128b Bumping version to 1.37.22
3408c49 Add changelog entries from botocore
81a656a Merge branch 'release-1.37.21'
3247df2 Merge branch 'release-1.37.21' into develop
17e1def Bumping version to 1.37.21
Additional commits viewable in compare view




Updates boto3-stubs from 1.34.93 to 1.37.23

Release notes
Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back
Changed

[services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
[all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
[all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @YHallouard in #340 and @Omri-Ben-Yair in #336)
[all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

[services] Universal input/output shapes were not replaced properly in service subresources
[docs] Simplified doc links rendering for services
[services] Cleaned up unnecessary imports in client.pyi
[builder] Import records with fallback are always rendered




Commits

See full diff in compare view




Updates botocore from 1.34.93 to 1.37.23

Commits

af1cf2a Merge branch 'release-1.37.23'
d205a62 Bumping version to 1.37.23
23c0103 Update endpoints model
9c441b4 Update to latest models
68f24ff Merge customizations for SageMaker
7764f84 Merge branch 'release-1.37.22'
a867a74 Merge branch 'release-1.37.22' into develop
9905a6d Bumping version to 1.37.22
66cebc6 Update endpoints model
b745b9a Update to latest models
Additional commits viewable in compare view




Updates botocore-stubs from 1.34.93 to 1.37.23

Commits

See full diff in compare view




Updates build from 1.2.1 to 1.2.2

Release notes
Sourced from build's releases.

Version 1.2.2

What's Changed

Add editable to builder.get_requries_for_build's static types
(PR #764, fixes issue #763)
Include artifact attestations in our release
(PR #782)
Fix typing compatibility with typed pyproject-hooks
(PR #788)
Mark more tests with network
(PR #808)
Add more intersphinx links to docs
(PR #804)
Make uv optional for tests
(PR #807 and #813)

New Contributors

@carlwgeorge made their first contribution in pypa/build#808
@edgarrmondragon made their first contribution in pypa/build#804

Full Changelog: https://github.com/pypa/build/compare/1.2.1...1.2.2



Changelog
Sourced from build's changelog.

1.2.2 (2024-09-06)

Add editable to builder.get_requries_for_build's static types
(PR :pr:764, fixes issue :issue:763)
Include artifact attestations in our release
(PR :pr:782)
Fix typing compatibility with typed pyproject-hooks
(PR :pr:788)
Mark more tests with network
(PR :pr:808)
Add more intersphinx links to docs
(PR :pr:804)
Make uv optional for tests
(PR :pr:807 and :pr:813)




Commits

3b0b5d0 docs: changelog for 1.2.2 (#812)
b44a886 docs: more info in README
8e19948 build(deps): bump actions/attest-build-provenance in the actions group (#814)
b90956c tests: add module case to uv detection (#813)
e79f1b3 ci: remove bot comments from generated release notes (#810)
f6da25a pre-commit: bump repositories (#801)
9a52c50 tests: optional uv (#807)
553b700 docs: Add a few intersphinx links to the Python Packaging User Guide (#804)
336efcb build(deps): bump actions/attest-build-provenance in the actions group (#802)
73b7213 tests: mark more network tests (#808)
Additional commits viewable in compare view




Updates charset-normalizer from 3.3.2 to 3.4.1

Release notes
Sourced from charset-normalizer's releases.

Version 3.4.1
🚀 We're still raising awareness around HTTP/2, and HTTP/3!
Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...]
Using Requests today is the rough equivalent of using EOL Windows 8!  We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.
It leverages charset-normalizer in a better way! Check it out, you will gain up to being 3X faster and get a real/respectable support with it.
3.4.1 (2024-12-24)
Changed

Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
Enforce annotation delayed loading for a simpler and consistent types in the project.
Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

pre-commit configuration.
noxfile.

Removed

build-requirements.txt as per using pyproject.toml native build configuration.
bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
setup.cfg in favor of pyproject.toml metadata configuration.
Unused utils.range_scan function.

Fixed

Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+

Version 3.4.0
🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!
Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...]
All of this while our community is still struggling to make a firm advancement in HTTP clients. Now, many of you use Requests
as the defacto http client, now, and for many years now, Requests has been frozen. Being left in a vegetative state and not evolving,
this blocked millions of developers from using more advanced features.
We promptly invite Python developers to look at the drop-in replacement for Requests, namely Niquests.
It leverage charset-normalizer in a better way! Check it out, you will be positively surprised! Don't wait another decade.
We are thankful to @microsoft and involved parties for funding our work through the Microsoft FOSS Fund program.
3.4.0 (2024-10-08)
Added

Argument --no-preemptive in the CLI to prevent the detector to search for hints.
Support for Python 3.13 (#512)

Fixed

Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.



... (truncated)


Changelog
Sourced from charset-normalizer's changelog.

3.4.1 (2024-12-24)
Changed

Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
Enforce annotation delayed loading for a simpler and consistent types in the project.
Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

pre-commit configuration.
noxfile.

Removed

build-requirements.txt as per using pyproject.toml native build configuration.
bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
setup.cfg in favor of pyproject.toml metadata configuration.
Unused utils.range_scan function.

Fixed

Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+

3.4.0 (2024-10-08)
Added

Argument --no-preemptive in the CLI to prevent the detector to search for hints.
Support for Python 3.13 (#512)

Fixed

Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)




Commits

ffdf7f5 :wrench: fix long description content-type inferred as rst instead of md
c7197b7 :pencil: fix changelog entries (#582)
c390e1f Merge pull request #581 from jawah/refresh-part-2
f9d6b8c :lock: add CODEOWNERS
7ce1ef1 :wrench: use ubuntu-22.04 for cibuildwheel in continuous deployment workflow
deed205 :wrench: update LICENSE copyright
f11f571 :wrench: include noxfile in sdist
1ec7c06 :wrench: update changelog
14b4649 :bug: output(...) replace declarative mark using non iana compliant encoding ...
1b06bc0 Merge branch 'refresh-part-2' of github.com:jawah/charset_normalizer into ref...
Additional commits viewable in compare view




Updates coverage from 7.5.0 to 7.8.0

Changelog
Sourced from coverage's changelog.

Version 7.8.0 — 2025-03-30


Added a new source_dirs setting for symmetry with the existing
source_pkgs setting. It's preferable to the existing source setting,
because you'll get a clear error when directories don't exist. Fixes issue 1942.  Thanks, Jeremy Fleischman <pull 1943_>.


Fix: the PYTHONSAFEPATH environment variable new in Python 3.11 is properly
supported, closing issue 1696.  Thanks, Philipp A. <pull 1700_>.  This
works properly except for a detail when using the coverage command on
Windows.  There you can use python -m coverage instead if you need exact
emulation.


.. _issue 1696: nedbat/coveragepy#1696
.. _pull 1700: nedbat/coveragepy#1700
.. _issue 1942: nedbat/coveragepy#1942
.. _pull 1943: nedbat/coveragepy#1943
.. _changes_7-7-1:
Version 7.7.1 — 2025-03-21

A few small tweaks to the sys.monitoring support for Python 3.14.  Please
test!

.. _changes_7-7-0:
Version 7.7.0 — 2025-03-16


The Coverage object has a new method, :meth:.Coverage.branch_stats for
getting simple branch information for a module.  Closes issue 1888_.


The :class:Coverage constructor<.Coverage> now has a plugins parameter
for passing in plugin objects directly, thanks to Alex Gaynor <pull 1919_>_.


Many constant tests in if statements are now recognized as being optimized
away.  For example, previously if 13: would have been considered a branch
with one path not taken.  Now it is understood as always true and no coverage
is missing.


The experimental sys.monitoring support now works for branch coverage if you
are using Python 3.14.0 alpha 6 or newer.  This should reduce the overhead
coverage.py imposes on your test suite. Set the environment variable
COVERAGE_CORE=sysmon to try it out.




... (truncated)


Commits

6d5ced9 docs: sample HTML for 7.8.0
49c194f docs: prep for 7.8.0
38782cb docs: finish up source_dirs. bump to 7.8.0
7aea2f3 feat: add new source_dirs option (#1943)
f464155 test: some simple bytecode tests
cf1dec0 refactor: these pypy modules are available in all our versions
a876052 test: a general helper for iterating over our own source files
82cff3e perf: sets are better than lists
a66bd61 refactor: move bytecode code into bytecode.py
d64ce5f chore: bump the action-dependencies group with 3 updates (#1940)
Additional commits viewable in compare view




Updates idna from 3.7 to 3.10

Release notes
Sourced from idna's releases.

v3.10
No release notes provided.
v3.9
No release notes provided.
v3.8
What's Changed

Fix regression where IDNAError exception was not being produced for certain inputs.
Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
Documentation improvements
Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.
Full Changelog: https://github.com/kjd/idna/compare/v3.7...v3.8



Changelog
Sourced from idna's changelog.

3.10 (2024-09-15)
+++++++++++++++++

Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes
to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13)
++++++++++++++++

Update to Unicode 16.0.0
Deprecate setup.cfg in favour of pyproject.toml
Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.
3.8 (2024-08-23)
++++++++++++++++

Fix regression where IDNAError exception was not being produced for
certain inputs.
Add support for Python 3.13, drop support for Python 3.5 as it is no
longer testable.
Documentation improvements
Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.



Commits

729225d Release v3.10
3eef168 Merge pull request #194 from kjd/revert-unicode-16
ceca619 Revert Unicode 16.0.0 data updates
c43ac75 Merge pull request #191 from kjd/release-3.9
1b8800a Release v3.9
a1fd168 Merge pull request #190 from kjd/unicode-16
7732c61 Merge branch 'master' into unicode-16
4ed183d Refactor membership test
762216b Format with ruff
580ece9 Implement changes to UTS46 algorithm
Additional commits viewable in compare view




Updates iniconfig from 2.0.0 to 2.1.0

Release notes
Sourced from iniconfig's releases.

v2.1.0
What's Changed

fix #26 - list individuals in license file by @RonnyPfannschmidt in pytest-dev/iniconfig#52
Run tests in CI by @nicoddemus in pytest-dev/iniconfig#53
Use pypa/gh-action-pypi-publish@release/v1 @ GHA by @webknjaz in pytest-dev/iniconfig#54
Add support for Python 3.12-3.13 and drop EOL 3.7 by @hugovk in pytest-dev/iniconfig#56

New Contributors

@nicoddemus made their first contribution in pytest-dev/iniconfig#53
@webknjaz made their first contribution in pytest-dev/iniconfig#54

Full Changelog: https://github.com/pytest-dev/iniconfig/compare/v2.0.0...v2.1.0



Changelog
Sourced from iniconfig's changelog.

2.1.0

fix artifact building - pin minimal version of hatch
drop eol python 3.8
add python 3.12 and 3.13




Commits

34793a6 pre-commit
136435d update changelog
0bb99ad fix #62: require a minimal hatch version with correct metadata
16793ea Merge pull request #56 from hugovk/add-3.12
3dc2b2d Add support for Python 3.13
2eb8abf Bump GitHub Actions
8c4bb5b Set python-version for pre-commit to remove CI warning
58b22b2 Drop support for EOL Python 3.7
4a53042 Add support for Python 3.12
9cae431 Merge pull request #54 from webknjaz/patch-1
Additional commits viewable in compare view




Updates jinja2 from 3.1.3 to 3.1.6

Release notes
Sourced from jinja2's releases.

3.1.6
This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.6/
Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

3.1.5
This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.5/
Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5
Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence types. #2032
Calling sync render for an async template uses asyncio.run. #1952
Avoid unclosed auto_aiter warnings. #1960
Return an aclose-able AsyncGenerator from Template.generate_async. #1960
Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
Avoid leaving async generators unclosed in blocks, includes and extends. #1960
The runtime uses the correct concat function for the current environment when calling block references. #1701
Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
|int filter handles OverflowError from scientific notation. #1921
Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
Fix copy/pickle support for the internal missing object. #2027
Environment.overlay(enable_async) is applied correctly. #2061
The error message from FileSystemLoader includes the paths that were searched. #1661
PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
Improve annotations for methods returning copies. #1880
urlize does not add mailto: to values like @a@b. #1870
Tests decorated with @pass_context can be used with the |select filter. #1624
Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/
Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj




Changelog
Sourced from jinja2's changelog.

Version 3.1.6
Released 2025-03-05

The |attr filter does not bypass the environment's attribute lookup,
allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5
Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as
by passing a stored reference to a filter that calls its argument.
:ghsa:q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid
issues with names that contain f-string syntax.
:issue:1792, :ghsa:gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence
types. :issue:2032
Calling sync render for an async template uses asyncio.run.
:pr:1952
Avoid unclosed auto_aiter warnings. :pr:1960
Return an aclose-able AsyncGenerator from
Template.generate_async. :pr:1960
Avoid leaving root_render_func() unclosed in
Template.generate_async. :pr:1960
Avoid leaving async generators unclosed in blocks, includes and extends.
:pr:1960
The runtime uses the correct concat function for the current environment
when calling block references. :issue:1701
Make |unique async-aware, allowing it to be used after another
async-aware filter. :issue:1781
|int filter handles OverflowError from scientific notation.
:issue:1921
Make compiling deterministic for tuple unpacking in a {% set ... %}
call. :issue:2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined
objects. :issue:2025
Fix copy/pickle support for the internal missing object.
:issue:2027
Environment.overlay(enable_async) is applied correctly. :pr:2061
The error message from FileSystemLoader includes the paths that were
searched. :issue:1661
PackageLoader shows a clearer error message when the package does not
contain the templates directory. :issue:1705
Improve annotations for methods returning copies. :pr:1880
urlize does not add mailto: to values like @a@b. :pr:1870



... (truncated)


Commits

1520688 release version 3.1.6
90457bb Merge commit from fork
065334d attr filter uses env.getattr
033c200 start version 3.1.6
bc68d4e use global contributing guide (#2070)
247de5e use global contributing guide
ab8218c use project advisory link instead of global
b4ffc8f release version 3.1.5 (#2066)
877f6e5 release version 3.1.5
8d58859 remove test pypi
Additional commits viewable in compare view




Updates keyring from 25.2.0 to 25.6.0

Changelog
Sourced from keyring's changelog.

v25.6.0
Features

Avoid logging a warning when config does not specify a backend. (#682)

v25.5.0
Features

When parsing keyring_path from the config, the home directory is now expanded from ~. (#696)

Bugfixes

In get_credential, now returns None when the indicated username is not found. (#698)

v25.4.1
Bugfixes

Fixed ValueError for AnonymousCredentials in CLI. (#694)

v25.4.0
Features

Refined type spec and interfaces on credential objects. Introduced AnonymousCredential to model a secret without a username. (#689)

v25.3.0
Features

Deprecated support for empty usernames. Now all backends will reject an empty string as input for the 'username' field when setting a password. Later this deprecation will become a more visible user warning and even later an error. If this warning is triggered in your environment, please consider using a static value (even 'username') or comment in the issue and describe the use-case that demands support for empty usernames. (#668)



... (truncated)


Commits

a9a7624 Finalize
21680c6 Merge pull request #702 from jfly/issue-682
bf80b69 Add news fragment.
1526c17 Don't log a warning when the backend config section is missing
edaa964 Merge https://github...
Description has been truncated

… 31 updates Bumps the prod-dependencies group with 31 updates in the / directory: | Package | From | To | | --- | --- | --- | | [babel](https://github.com/python-babel/babel) | `2.14.0` | `2.17.0` | | [boto3](https://github.com/boto/boto3) | `1.34.93` | `1.37.23` | | [boto3-stubs](https://github.com/youtype/mypy_boto3_builder) | `1.34.93` | `1.37.23` | | [botocore](https://github.com/boto/botocore) | `1.34.93` | `1.37.23` | | [botocore-stubs](https://github.com/youtype/botocore-stubs) | `1.34.93` | `1.37.23` | | [build](https://github.com/pypa/build) | `1.2.1` | `1.2.2` | | [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.3.2` | `3.4.1` | | [coverage](https://github.com/nedbat/coveragepy) | `7.5.0` | `7.8.0` | | [idna](https://github.com/kjd/idna) | `3.7` | `3.10` | | [iniconfig](https://github.com/pytest-dev/iniconfig) | `2.0.0` | `2.1.0` | | [jinja2](https://github.com/pallets/jinja) | `3.1.3` | `3.1.6` | | [keyring](https://github.com/jaraco/keyring) | `25.2.0` | `25.6.0` | | [more-itertools](https://github.com/more-itertools/more-itertools) | `10.2.0` | `10.6.0` | | [mypy-boto3-cognito-identity](https://github.com/youtype/mypy_boto3_builder) | `1.34.0` | `1.37.13` | | [mypy-boto3-cognito-idp](https://github.com/youtype/mypy_boto3_builder) | `1.34.93` | `1.37.13` | | [nh3](https://github.com/messense/nh3) | `0.2.17` | `0.2.21` | | [packaging](https://github.com/pypa/packaging) | `24.0` | `24.2` | | [pkginfo](https://code.launchpad.net/~tseaver/pkginfo/trunk) | `1.10.0` | `1.12.1.2` | | [pygments](https://github.com/pygments/pygments) | `2.17.2` | `2.19.1` | | [pyproject-hooks](https://github.com/pypa/pyproject-hooks) | `1.0.0` | `1.2.0` | | [pytest](https://github.com/pytest-dev/pytest) | `8.2.0` | `8.3.5` | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.1.0` | | [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.3` | | [s3transfer](https://github.com/boto/s3transfer) | `0.10.1` | `0.11.4` | | [six](https://github.com/benjaminp/six) | `1.16.0` | `1.17.0` | | [sphinx-markdown-builder](https://github.com/liran-funaro/sphinx-markdown-builder) | `0.6.6` | `0.6.8` | | [sphinxcontrib-htmlhelp](https://github.com/sphinx-doc/sphinxcontrib-htmlhelp) | `2.0.5` | `2.1.0` | | [types-awscrt](https://github.com/youtype/types-awscrt) | `0.20.9` | `0.24.2` | | [types-s3transfer](https://github.com/youtype/types-s3transfer) | `0.10.1` | `0.11.4` | | [typing-extensions](https://github.com/python/typing_extensions) | `4.11.0` | `4.12.2` | | [zipp](https://github.com/jaraco/zipp) | `3.18.1` | `3.21.0` | Updates `babel` from 2.14.0 to 2.17.0 - [Release notes](https://github.com/python-babel/babel/releases) - [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst) - [Commits](python-babel/babel@v2.14.0...v2.17.0) Updates `boto3` from 1.34.93 to 1.37.23 - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.34.93...1.37.23) Updates `boto3-stubs` from 1.34.93 to 1.37.23 - [Release notes](https://github.com/youtype/mypy_boto3_builder/releases) - [Commits](https://github.com/youtype/mypy_boto3_builder/commits) Updates `botocore` from 1.34.93 to 1.37.23 - [Commits](boto/botocore@1.34.93...1.37.23) Updates `botocore-stubs` from 1.34.93 to 1.37.23 - [Release notes](https://github.com/youtype/botocore-stubs/releases) - [Commits](https://github.com/youtype/botocore-stubs/commits) Updates `build` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/pypa/build/releases) - [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst) - [Commits](pypa/build@1.2.1...1.2.2) Updates `charset-normalizer` from 3.3.2 to 3.4.1 - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](jawah/charset_normalizer@3.3.2...3.4.1) Updates `coverage` from 7.5.0 to 7.8.0 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.5.0...7.8.0) Updates `idna` from 3.7 to 3.10 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.7...v3.10) Updates `iniconfig` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/pytest-dev/iniconfig/releases) - [Changelog](https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG) - [Commits](pytest-dev/iniconfig@v2.0.0...v2.1.0) Updates `jinja2` from 3.1.3 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.3...3.1.6) Updates `keyring` from 25.2.0 to 25.6.0 - [Release notes](https://github.com/jaraco/keyring/releases) - [Changelog](https://github.com/jaraco/keyring/blob/main/NEWS.rst) - [Commits](jaraco/keyring@v25.2.0...v25.6.0) Updates `more-itertools` from 10.2.0 to 10.6.0 - [Release notes](https://github.com/more-itertools/more-itertools/releases) - [Commits](more-itertools/more-itertools@v10.2.0...v10.6.0) Updates `mypy-boto3-cognito-identity` from 1.34.0 to 1.37.13 - [Release notes](https://github.com/youtype/mypy_boto3_builder/releases) - [Commits](https://github.com/youtype/mypy_boto3_builder/commits) Updates `mypy-boto3-cognito-idp` from 1.34.93 to 1.37.13 - [Release notes](https://github.com/youtype/mypy_boto3_builder/releases) - [Commits](https://github.com/youtype/mypy_boto3_builder/commits) Updates `nh3` from 0.2.17 to 0.2.21 - [Release notes](https://github.com/messense/nh3/releases) - [Commits](messense/nh3@v0.2.17...v0.2.21) Updates `packaging` from 24.0 to 24.2 - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](pypa/packaging@24.0...24.2) Updates `pkginfo` from 1.10.0 to 1.12.1.2 Updates `pygments` from 2.17.2 to 2.19.1 - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.17.2...2.19.1) Updates `pyproject-hooks` from 1.0.0 to 1.2.0 - [Changelog](https://github.com/pypa/pyproject-hooks/blob/main/docs/changelog.rst) - [Commits](pypa/pyproject-hooks@v1.0.0...v1.2.0) Updates `pytest` from 8.2.0 to 8.3.5 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.2.0...8.3.5) Updates `python-dotenv` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.0.1...v1.1.0) Updates `requests` from 2.31.0 to 2.32.3 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.3) Updates `s3transfer` from 0.10.1 to 0.11.4 - [Changelog](https://github.com/boto/s3transfer/blob/develop/CHANGELOG.rst) - [Commits](boto/s3transfer@0.10.1...0.11.4) Updates `six` from 1.16.0 to 1.17.0 - [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES) - [Commits](benjaminp/six@1.16.0...1.17.0) Updates `sphinx-markdown-builder` from 0.6.6 to 0.6.8 - [Commits](liran-funaro/sphinx-markdown-builder@0.6.6...0.6.8) Updates `sphinxcontrib-htmlhelp` from 2.0.5 to 2.1.0 - [Release notes](https://github.com/sphinx-doc/sphinxcontrib-htmlhelp/releases) - [Changelog](https://github.com/sphinx-doc/sphinxcontrib-htmlhelp/blob/master/CHANGES.rst) - [Commits](sphinx-doc/sphinxcontrib-htmlhelp@2.0.5...2.1.0) Updates `types-awscrt` from 0.20.9 to 0.24.2 - [Release notes](https://github.com/youtype/types-awscrt/releases) - [Commits](https://github.com/youtype/types-awscrt/commits) Updates `types-s3transfer` from 0.10.1 to 0.11.4 - [Release notes](https://github.com/youtype/types-s3transfer/releases) - [Commits](https://github.com/youtype/types-s3transfer/commits) Updates `typing-extensions` from 4.11.0 to 4.12.2 - [Release notes](https://github.com/python/typing_extensions/releases) - [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md) - [Commits](python/typing_extensions@4.11.0...4.12.2) Updates `zipp` from 3.18.1 to 3.21.0 - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.18.1...v3.21.0) --- updated-dependencies: - dependency-name: babel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: boto3-stubs dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: botocore dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: botocore-stubs dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: build dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: idna dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: iniconfig dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: keyring dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: more-itertools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: mypy-boto3-cognito-identity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: mypy-boto3-cognito-idp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: nh3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: pkginfo dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: pygments dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: pyproject-hooks dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: python-dotenv dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: s3transfer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: six dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: sphinx-markdown-builder dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-dependencies - dependency-name: sphinxcontrib-htmlhelp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: types-awscrt dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: types-s3transfer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: typing-extensions dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-04-21T00:58:15Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 31, 2025

dependabot bot closed this Apr 21, 2025

dependabot bot deleted the dependabot/pip/prod-dependencies-bb29093ea6 branch April 21, 2025 00:58

build(deps): bump the prod-dependencies group across 1 directory with 31 updates #190

build(deps): bump the prod-dependencies group across 1 directory with 31 updates #190

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 31, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.17.0

What's Changed

New Contributors

Version 2.17.0

8.8.0 - Python 3.8 runtime is back

Changed

Fixed

Version 1.2.2

What's Changed

New Contributors

1.2.2 (2024-09-06)

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

3.4.1 (2024-12-24)

Changed

Added

Removed

Fixed

Version 3.4.0

🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!

3.4.0 (2024-10-08)

Added

Fixed

3.4.1 (2024-12-24)

Changed

Added

Removed

Fixed

3.4.0 (2024-10-08)

Added

Fixed

Version 7.8.0 — 2025-03-30

Version 7.7.1 — 2025-03-21

Version 7.7.0 — 2025-03-16

v3.10

v3.9

v3.8

What's Changed

v2.1.0

What's Changed

New Contributors

2.1.0

3.1.6

3.1.5

3.1.4

Version 3.1.6

Version 3.1.5

v25.6.0

Features

v25.5.0

Features

Bugfixes

v25.4.1

Bugfixes

v25.4.0

Features

v25.3.0

Features

Uh oh!

dependabot bot commented on behalf of github Apr 21, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 31, 2025 •

edited

Loading