Bump the all group in /localcert with 15 updates

[dependabot]

Bumps the all group in /localcert with 15 updates:

Package	From	To
beautifulsoup4	4.12.2	4.12.3
coverage	7.3.2	7.4.4
dnspython	2.4.2	2.6.1
flake8	6.1.0	7.0.0
asgiref	3.7.2	3.8.1
certifi	2023.7.22	2024.2.2
cryptography	42.0.4	42.0.5
django	4.2.11	5.0.4
django-allauth	0.58.1	0.61.1
django-csp	3.7	3.8
idna	3.4	3.7
pycparser	2.21	2.22
requests-oauthlib	1.3.1	2.0.0
sqlparse	0.4.4	0.5.0
urllib3	2.0.7	2.2.1

Updates beautifulsoup4 from 4.12.2 to 4.12.3

Updates coverage from 7.3.2 to 7.4.4

Changelog

Sourced from coverage's changelog.

Version 7.4.4 — 2024-03-14

• Fix: in some cases, even with [run] relative_files=True, a data file could be created with absolute path names. When combined with other relative data files, it was random whether the absolute file names would be made relative or not. If they weren't, then a file would be listed twice in reports, as detailed in issue 1752_. This is now fixed: absolute file names are always made relative when combining. Thanks to Bruno Rodrigues dos Santos for support.

• Fix: the last case of a match/case statement had an incorrect message if the branch was missed. It said the pattern never matched, when actually the branch is missed if the last case always matched.

• Fix: clicking a line number in the HTML report now positions more accurately.

• Fix: the report:format setting was defined as a boolean, but should be a string. Thanks, Tanaydin Sirin <pull 1754_>_. It is also now documented on the :ref:configuration page <config_report_format>.

.. _issue 1752: nedbat/coveragepy#1752 .. _pull 1754: nedbat/coveragepy#1754

.. _changes_7-4-3:

Version 7.4.3 — 2024-02-23

• Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733_.

.. _issue 1733: nedbat/coveragepy#1733

.. _changes_7-4-2:

Version 7.4.2 — 2024-02-20

• Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade <pull 1747_>_. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: nedbat/coveragepy#1747

.. _changes_7-4-1:

... (truncated)

Commits

• bc5e2d7 docs: sample HTML for 7.4.4
• 9b0008b docs: prep for 7.4.4
• a536161 docs: thanks, Bruno Rodrigues dos Santos
• e06e4f9 chore: make doc_upgrade
• f30818e chore: make upgrade
• 1b19799 fix: ensure absolute paths are relative when combined #1752
• 1ef020d build: more cheats for convenient URLs
• 3d57a07 docs: document the report:format setting
• 8e30221 fix: correct the type of report:format in config.py (#1754)
• 6289be8 refactor: use dataclasses, no namedtuple
• Additional commits viewable in compare view

Updates dnspython from 2.4.2 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.5.0

See the What's New page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

• The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

• As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

  This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

• Added support for the NSID EDNS option.

• Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

• The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

2.5.0

• Dnspython now uses hatchling for builds.

• Asynchronous destinationless sockets now work on Windows.

• Cython is no longer supported due to various typing issues.

• Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary.

• The number of messages in a section can be retrieved with section_count().

• Truncation preferences for messages can be specified.

• The length of a message can be automatically prepended when rendering.

... (truncated)

Commits

• 0a742b9 update CI
• 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
• f12d398 2.6.1 version prep
• cecb853 Further improve CVE fix coverage to 100% for sync and async.
• 7952e31 test IgnoreErrors
• e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
• 3af9f78 2.6.0 versioning
• ca63d95 Require cryptography >=41 instead of 42.
• 902cbf3 Create CODE_OF_CONDUCT.md
• ed9795f github contributing and pull request template
• Additional commits viewable in compare view

Updates flake8 from 6.1.0 to 7.0.0

Commits

• 88a4f9b Release 7.0.0
• 6f3a60d Merge pull request #1906 from PyCQA/upgrade-pyflakes
• cde8570 upgrade pyflakes to 3.2.x
• 2ab9d76 Merge pull request #1903 from PyCQA/pre-commit-ci-update-config
• e27611f [pre-commit.ci] pre-commit autoupdate
• 9d20be1 Merge pull request #1902 from PyCQA/pre-commit-ci-update-config
• 06c1503 [pre-commit.ci] auto fixes from pre-commit.com hooks
• b67ce03 Fix bugbear lints
• c8801c1 [pre-commit.ci] pre-commit autoupdate
• 045f297 Merge pull request #1893 from PyCQA/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates asgiref from 3.7.2 to 3.8.1

Changelog

Sourced from asgiref's changelog.

3.8.1 (2024-03-22)

• Fixes a regression in 3.8.0 affecting nested task cancellation inside sync_to_async.

3.8.0 (2024-03-20)

• Adds support for Python 3.12.

• Drops support for (end-of-life) Python 3.7.

• Fixes task cancellation propagation to subtasks when using synchronous Django middleware.

• Allows nesting sync_to_async via asyncio.wait_for.

• Corrects WSGI adapter handling of root path.

• Handles case where "client" is None in WsgiToAsgi adapter.

Commits

• e38d3c3 Releasing 3.8.1
• 8769434 Raise exception if exec_coro is done.
• 852344e Add tox.ini to MANIFEST.in
• f710647 Fix a rST problem in the pathsend extension documentation
• 4c28385 Releasing 3.8.0
• 4209b6c Correct WSGI adapter handling of root path.
• 8cf847a Update error-on-send text in main spec
• 8108512 Move variable initialization in AsyncToSync from init to call (#440)
• 6f02daa Clarify send error behaviour more clearly
• 0503c2c Fix task cancellation propagation to subtasks when using sync middleware (#435)
• Additional commits viewable in compare view

Updates certifi from 2023.7.22 to 2024.2.2

Commits

• 45eb611 2024.02.02 (#266)
• 83f4f04 fix leaking certificate issue (#265)
• bbf2208 Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#264)
• 9e837a5 Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#262)
• 05d071b Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#261)
• 2a3088a Bump actions/download-artifact from 4.1.0 to 4.1.1 (#260)
• d4ca66e Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#258)
• 5d15663 Bump actions/download-artifact from 3.0.2 to 4.1.0 (#257)
• d66ef9d Bump actions/setup-python from 4.7.1 to 5.0.0 (#256)
• 8f0d412 Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (#255)
• Additional commits viewable in compare view

Updates cryptography from 42.0.4 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23

* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:

Commits

• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• See full diff in compare view

Updates django from 4.2.11 to 5.0.4

Commits

• 476d7c5 [5.0.x] Bumped version for 5.0.4 release.
• e4a0644 [5.0.x] Added release date for 5.0.4.
• fead2dd [5.0.x] Fixed #35336 -- Addressed crash when adding a GeneratedField with % l...
• 14ab15d [5.0.x] Fixed #35344, Refs #34838 -- Corrected output_field of resolved colum...
• 7b144e7 [5.0.x] Restored django.db.models.F import in final code snippet added at the...
• 3264e88 [5.0.x] Fixed typo in docs/topics/signals.txt.
• 345e3cf [5.0.x] Fixed #35329 -- Fixed migrations crash when adding partial unique con...
• 71368b6 [5.0.x] Added RowNumber() link in Rank() docs.
• 8fd953f [5.0.x] Fixed #35273 -- Fixed rendering AdminFileWidget's attributes.
• 710ca57 [5.0.x] Fixed #25595 -- Doc'd that URLValidator rejects file:// URIs without ...
• Additional commits viewable in compare view

Updates django-allauth from 0.58.1 to 0.61.1

Changelog

Sourced from django-allauth's changelog.

0.61.1 (2024-02-09)

---

Fixes

• Fixed a RuntimeWarning that could occur when running inside an async environment ('SyncToAsync' was never awaited).

Security notice

• As part of the Google OAuth handshake, an ID token is obtained by direct machine to machine communication between the server running django-allauth and Google. Because of this direct communication, we are allowed to skip checking the token signature according to the OpenID Connect Core 1.0 specification <https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation>_. However, as django-allauth is used and built upon by third parties, this is an implementation detail with security implications that is easily overlooked. To mitigate potential issues, verifying the signature is now only skipped if it was django-allauth that actually fetched the access token.

0.61.0 (2024-02-07)

---

Note worthy changes

• Added support for account related security notifications. When ACCOUNT_EMAIL_NOTIFICATIONS = True, email notifications such as "Your password was changed", including information on user agent / IP address from where the change originated, will be emailed.

• Google: Starting from 0.52.0, the id_token is being used for extracting user information. To accommodate for scenario's where django-allauth is used in contexts where the id_token is not posted, the provider now looks up the required information from the /userinfo endpoint based on the access token if the id_token is absent.

Security notice

• MFA: It was possible to reuse a valid TOTP code within its time window. This has now been addressed. As a result, a user can now only login once per 30 seconds (MFA_TOTP_PERIOD).

... (truncated)

Commits

• da3fe9b chore: Release 0.61.1
• 2fa4294 tests(google): python 3.7 compatibility
• 4037177 fix(account/middleware): SyncToAsync never awaited
• a2a051d feat(google): Verify id_token signature
• 701bcc6 refactor(socialaccount): Extract JWT verification
• 9c08094 chore: Opening 0.61.1-dev
• 6123cca chore: Release 0.61.0
• c3b0af2 fix(account): Don't check redirect url if there's no redirect
• 93d47fd fix(google): Gracefully handle cases where id_token is absent
• 48a661a fix(mfa): Prevent reuse of TOTP codes
• Additional commits viewable in compare view

Updates django-csp from 3.7 to 3.8

Release notes

Sourced from django-csp's releases.

3.8

Please note that 3.8 is Python-code-identical to 3.8rc1, and there were no regressions or problems noted or reported with 3.8rc0 nor 3.8rc1

django-csp lives!

It's been more than a year since the last release and the project needed some refreshing before we can move forward with it.

This release aims to be functionally equivalent to 3.7, but with formal support for more modern Django and Python versions, all the way up to Django 5 on Python 3.12

Please see https://github.com/mozilla/django-csp/blob/main/CHANGES for a short summary of changes.

Feedback and bug reports are very welcome. 🙇

What's Changed

• Update installation.rst by @​Jesus805 in mozilla/django-csp#163
• Fix 164 migrate ci by @​g-k in mozilla/django-csp#165
• Update test configuration to cover up to Py3.9 and Django 3.2 by @​mkoistinen in mozilla/django-csp#172
• Remove deprecation warning for child-src by @​rik in mozilla/django-csp#154
• add project_urls to setup.py by @​pawl in mozilla/django-csp#171
• Drop old Django and Python versions by @​g-k in mozilla/django-csp#175
• rename default branch by @​g-k in mozilla/django-csp#176
• Update CI badge to CircleCI by @​g-k in mozilla/django-csp#177
• fix unwrap script re by @​g-k in mozilla/django-csp#178
• Tweak configuration docs by @​jaap3 in mozilla/django-csp#146
• docs: add note about nonce value visibility by @​g-k in mozilla/django-csp#180
• GH-182 Update docs to clarify when nonce will not be added to headers by @​DylanYoung in mozilla/django-csp#185
• Remove outdated docs reference to MIDDLEWARE_CLASSES by @​mlazar-endear in mozilla/django-csp#193
• updating csp_replace decorator doc by @​chestnutcone in mozilla/django-csp#183
• Wrap the test install with quotes. by @​tim-schilling in mozilla/django-csp#200
• Reawaken development by @​stevejalim in mozilla/django-csp#204
• Add readthedocs config and slightly update Sphinx config by @​stevejalim in mozilla/django-csp#205
• Ensure docs building has access to django_csp itself by @​stevejalim in mozilla/django-csp#206
• Add Sphinx RTD theme by @​stevejalim in mozilla/django-csp#207
• Improve themeing in RTD by @​stevejalim in mozilla/django-csp#208
• Update settings documentation to move deprecated-within-csp settings to their own section, at the bottom by @​stevejalim in mozilla/django-csp#210
• MiddlewareMixin is always present in django>=3.2 by @​asottile-sentry in mozilla/django-csp#211
• Bring codebase up to modern Python using pyupgrade by @​stevejalim in mozilla/django-csp#213
• Update GH actions helpers to use Node 20-based versions by @​stevejalim in mozilla/django-csp#214
• Prepare for 3.8rc release by @​stevejalim in mozilla/django-csp#215
• Tomlify setup.py by @​hmpf in mozilla/django-csp#216
• Prepare for 3.8 final release by @​stevejalim in mozilla/django-csp#217

New Contributors

• @​Jesus805 made their first contribution in mozilla/django-csp#163
• @​mkoistinen made their first contribution in mozilla/django-csp#172
• @​pawl made their first contribution in mozilla/django-csp#171
• @​DylanYoung made their first contribution in mozilla/django-csp#185
• @​mlazar-endear made their first contribution in mozilla/django-csp#193
• @​chestnutcone made their first contribution in mozilla/django-csp#183

... (truncated)

Changelog

Sourced from django-csp's changelog.

3.8

Please note: this release folds in a number of fixups, upgrades and documentation tweaks, but is functionally the same as 3.7. New features will come with 3.9+

• Update Python syntax for modern versions with pyupgrade
• Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12
• Switch to ruff instead of pep8 and flake8
• Move from CircleCI to Github Actions for CI
• Add support for using pre-commit with the project
• Remove deprecation warning for child-src
• Fix capturing brackets in script template tags
• Update docs to clarify when nonce will not be added to headers
• Move from setup.py and setup.cfg to pyproject.toml (#209)

Note: identical other than release packaging to 3.8rc1

3.8rc1

• Move from setup.py and setup.cfg to pyproject.toml (#209)

3.8rc

Please note: this release folds in a number of fixups, upgrades and documentation tweaks, but is functionally the same as 3.7. New features will come with 3.9+

• Update Python syntax for modern versions with pyupgrade
• Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12
• Switch to ruff instead of pep8 and flake8
• Move from CircleCI to Github Actions for CI
• Add support for using pre-commit with the project
• Remove deprecation warning for child-src
• Fix capturing brackets in script template tags
• Update docs to clarify when nonce will not be added to headers

Commits

• 4899179 Prepare for 3.8 final release
• 684b12a Prepare for 3.8rc1 release - just one packaging change
• b1dd37e Tomlify setup.py (#216)
• 7200b16 Prepare for 3.8rc release (#215)
• 4be512c Update GH actions helpers to use Node 20-based versions (#214)
• 371da46 Bring codebase up to modern Python using pyupgrade (#213)
• 9698258 MiddlewareMixin is always present in django>=3.2
• 12116dc Update settings documentation to move deprecated-within-csp settings to their...
• 61f3124 Update README.rst
• 58113ef Fix sphinx theme installation (#208)
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates pycparser from 2.21 to 2.22

Release notes

Sourced from pycparser's releases.

release_v2.22

What's Changed

• Add missing SCHAR limit defines by @​matamegger in eliben/pycparser#449
• Use proper SPDX identifier by @​Shortfinga in eliben/pycparser#474
• Add Python 3.11 as a supported version by @​erlend-aasland in eliben/pycparser#469
• Fix multi-pragma/single statement blocks (#479) by @​ldore in eliben/pycparser#480
• Add an encoding parameter to parse_file by @​jordr in eliben/pycparser#486
• Feature/add pragma support by @​jordr in eliben/pycparser#487
• Set up permissions to ci.yml by @​joycebrum in eliben/pycparser#492
• _build_tables: Invalidate cache before importing generated modules by @​mgorny in eliben/pycparser#494
• Upgrade GitHub Actions by @​cclauss in eliben/pycparser#500
• Create a Security Policy by @​joycebrum in eliben/pycparser#499
• New example to generate AST from scratch by @​Andree37 in eliben/pycparser#507
• Add support for Python 3.12 by @​hugovk in eliben/pycparser#515
• ply: Make generated lextab.py deterministic by @​jackrosenthal in eliben/pycparser#531

New Contributors

• @​matamegger made their first contribution in eliben/pycparser#449
• @​Shortfinga made their first contribution in eliben/pycparser#474
• @​erlend-aasland made their first contribution in eliben/pycparser#469
• @​jordr made their first contribution in eliben/pycparser#486
• @​joycebrum made their first contribution in eliben/pycparser#492
• @​mgorny made their first contribution in eliben/pycparser#494
• @​cclauss made their first contribution in eliben/pycparser#500
• @​Andree37 made their first contribution in eliben/pycparser#507
• @​jackrosenthal made their first contribution in eliben/pycparser#531

Full Changelog: eliben/pycparser@release_v2.21...release_v2.22

Changelog

Sourced from pycparser's changelog.

• Starting with version 2.22, please use the GitHub UI at https://github.com/eliben/pycparser/tags to compare tags in order to find out what changed.

Commits

• 129d32e Prepare for release 2.22
• c3e2644 update CHANGES file for future changes
• c500fb6 ply: Make generated lextab.py deterministic (#531)
• f740995 Add support for Python 3.12 (#515)
• 6cf69df New example to generate AST from scratch (#507)
• 50a26ac Remove unneeded import in an example
• d86a9e5 Remove from future imports from all files in this repo
• a9f073e Remove from future imports in examples
• 670979b Update SECURITY.md
• 9e8cd29 Create a Security Policy (#499)
• Additional commits viewable in compare view

Updates requests-oauthlib from 1.3.1 to 2.0.0

Changelog

Sourced from requests-oauthlib's changelog.

v2.0.0 (22 March 2024) ++++++++++++++++++++++++

Full set of changes are in github.

Additions & changes:

• OAuth2Session now correctly uses the self.verify value if verify is not overridden in fetch_token and refresh_token. Fixes [#404](https://github.com/requests/requests-oauthlib/issues/404) <https://github.com/requests/requests-oauthlib/issues/404>_.
• OAuth2Session constructor now uses its client.scope when a client is provided and scope is not overridden. Fixes [#408](https://github.com/requests/requests-oauthlib/issues/408) <https://github.com/requests/requests-oauthlib/issues/408>_
• Add refresh_token_request and access_token_request compliance hooks
• Add PKCE support and Auth0 example
• Add support for Python 3.8-3.12
• Remove support of Python 2.x, <3.7
• Migrated to Github Action
• Updated dependencies
• Cleanup some docs and examples

v1.4.0 (27 Feb 2024) ++++++++++++++++++++++++

• Version 2.0.0 published initially as 1.4.0, it was yanked eventually.

Commits

• 7af9125 Merge pull request #534 from iliakur/patch-1
• 90352e4 Merge pull request #537 from requests/2.0.0
• a09d0ab Update 1.4.0 into 2.0.0 to be semver compliant.
• d96b740 Added package file
• 3109c26 simplify python_requires expression
• 1c5cea7 python_requires gt 2.7
• a53457e Drop py2 support from the wheel
• eee74a2 Merge pull request #529 from dosisod/drop-python2-support
• ed578f1 Merge pull request #530 from requests/autotest
• 6cdf982 Automated tests for examples in docs
• Additional commits viewable in compare view

Updates sqlparse from 0.4.4 to 0.5.0

Changelog

Sourced from sqlparse's changelog.

Release 0.5.0 (Apr 13, 2024)

Notable Changes

• Drop support for Python 3.5, 3.6, and 3.7.
• Python 3.12 is now supported (pr725, by hugovk).
• IMPORTANT: Fixes a potential denial of service attack (DOS) due to recursion error for deeply nested statements. Instead of recursion error a generic SQLParseError is raised. See the security advisory for details: GHSA-2m57-hf25-phgg The vulnerability was discovered by @​uriyay-jfrog. Thanks for reporting!

Enhancements:

• Splitting statements now allows to remove the semicolon at the end. Some database backends love statements without semicolon (issue742).
• Support TypedLiterals in get_parameters (pr649, by Khrol).
• Improve splitting of Transact SQL when using GO keyword (issue762).
• Support for some JSON operators (issue682).
• Improve formatting of statements containing JSON operators (issue542).
• Support for BigQuery and Snowflake keywords (pr699, by griffatrasgo).
• Support parsing of OVER clause (issue701, pr768 by r33s3n6).

Bug Fixes

• Ignore dunder attributes when creating Tokens (issue672).
• Allow operators to precede dollar-quoted strings (issue763).
• Fix parsing of nested order clauses (issue745, pr746 by john-bodley).
• Thread-safe initialization of Lexer class (issue730).
• Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on pr719 by josuc1, thanks for bringing this up!).
• Fix parsing of PRIMARY KEY (issue740).

Other

• Optimize performance of matching function (pr799, by admachainz).

Commits

• ddbd0ec Bump version.
• 29f2e0a Raise recursion limit for tests.
• b4a39d9 Raise SQLParseError instead of RecursionError.
• f1bcf2f Update AUHTORS and Changelog.
• e03b74e Fix Function.get_parameters(), add Funtion.get_window()
• 617b8f6 Add OVER clause, and group it into Function (fixes #701)
• d8f8147 Update AUHTORS and Changelog.
• 012c9f1 Optimize sqlparse.utils.imt().
• 46971e5 Fix parsing of PRIMARY KEY (fixes #740).
• fc4b0be Code cleanup.
• Additional commits viewable in compare view

Updates urllib3 from 2.0.7 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
• Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

2.2.0

🖥️ urllib3 now works in the browser

🎉 This release adds experimental support for using urllib3 in the browser with Pyodide! 🎉

Thanks to Joe Marshall (@​joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
• Added support for HTTPResponse.read1() method. (#3186)
• Added rudimentary support for HTTP/2. (#3284)
• Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
• Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. (

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.