Upgrade: Bump the dependencies-pip group across 1 directory with 12 updates

[dependabot]

Bumps the dependencies-pip group with 12 updates in the / directory:

Package	From	To
blinker	1.7.0	1.8.2
certifi	2024.2.2	2024.6.2
flask	3.0.2	3.0.3
idna	3.6	3.7
importlib-metadata	7.0.1	8.0.0
itsdangerous	2.1.2	2.2.0
jinja2	3.1.3	3.1.4
requests	2.31.0	2.32.3
sentry-sdk	1.40.6	2.7.1
urllib3	2.2.1	2.2.2
werkzeug	3.0.1	3.0.3
zipp	3.17.0	3.19.2

Updates blinker from 1.7.0 to 1.8.2

Release notes

Sourced from blinker's releases.

1.8.2

This is the Blinker 1.8.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/blinker/1.8.2/ Changes: https://blinker.readthedocs.io/en/latest/#version-1-8-2

• Simplify type for _async_wrapper and _sync_wrapper arguments. #156

1.8.1

This is the Blinker 1.8.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/blinker/1.8.1/ Changes: https://blinker.readthedocs.io/en/latest/#version-1-8-1

• Restore identity handling for str and int senders. #148
• Fix deprecated blinker.base.WeakNamespace import. #149
• Fix deprecated blinker.base.receiver_connected import. #153
• Use types from collections.abc instead of typing. #150
• Fully specify exported types as reported by pyright. #152

1.8.0

This is the Blinker 1.8.0 feature release, which may include new features, remove previously deprecated code, or add new deprecations. The 1.8.x line is now the supported fix branch, support has ended for the 1.7.x line. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/blinker/1.8.0/ Changes: https://blinker.readthedocs.io/en/latest/#version-1-8-0

• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("blinker"), instead. #128
• Specify that the deprecated temporarily_connected_to will be removed in the next version.
• Show a deprecation warning for the deprecated global receiver_connected signal and specify that it will be removed in the next version.
• Show a deprecation warning for the deprecated WeakNamespace and specify that it will be removed in the next version.
• Greatly simplify how the library uses weakrefs. This is a significant change internally but should not affect any public API. #144
• Expose the namespace used by signal() as default_namespace. #145

Changelog

Sourced from blinker's changelog.

Version 1.8.2

Released 2024-05-06

• Simplify type for _async_wrapper and _sync_wrapper arguments. :pr:156

Version 1.8.1

Released 2024-04-28

• Restore identity handling for str and int senders. :pr:148
• Fix deprecated blinker.base.WeakNamespace import. :pr:149
• Fix deprecated blinker.base.receiver_connected import. :pr:153
• Use types from collections.abc instead of typing. :pr:150
• Fully specify exported types as reported by pyright. :pr:152

Version 1.8.0

Released 2024-04-27

• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("blinker"), instead. :issue:128
• Specify that the deprecated temporarily_connected_to will be removed in the next version.
• Show a deprecation warning for the deprecated global receiver_connected signal and specify that it will be removed in the next version.
• Show a deprecation warning for the deprecated WeakNamespace and specify that it will be removed in the next version.
• Greatly simplify how the library uses weakrefs. This is a significant change internally but should not affect any public API. :pr:144
• Expose the namespace used by signal() as default_namespace. :pr:145

Commits

• 0a6be69 release version 1.8.2
• 952a97b Merge pull request #156 from pallets-eco/wrapper-type
• 6c15fa8 simplify type for wrapper arguments
• 76dcca4 Merge pull request #155 from pallets-eco/dependabot/pip/requirements/python-r...
• 7ab94c1 Bump the python-requirements group in /requirements with 3 updates
• 9779aa1 Merge pull request #154 from pallets-eco/release-1.8.1
• 26f65bd release version 1.8.1
• 793f8be Merge pull request #153 from pallets-eco/deprecated-import
• 4313260 fix deprecated receiver_connected import
• d15107c Merge pull request #152 from pallets-eco/pyright-export
• Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.6.2

Commits

• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• ad52dce Bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 (#283)
• 651904f Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#284)
• 84fcfba Bump actions/download-artifact from 4.1.4 to 4.1.6 (#285)
• 46b8057 Bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 (#282)
• Additional commits viewable in compare view

Updates flask from 3.0.2 to 3.0.3

Release notes

Sourced from flask's releases.

3.0.3

This is a fix release for the 3.0.x feature branch.

PyPI: https://pypi.org/project/Flask/3.0.3/ Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/flask/milestone/35?closed=1

• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. #5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. #5270

Changelog

Sourced from flask's changelog.

Version 3.0.3

Released 2024-04-07

• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in the Flask concrete class. :pr:5270

Commits

• c12a5d8 release version 3.0.3
• 5e22cc9 Don't set the cli attribute in the sansio scaffold (#5270)
• 5fdce4c Don't set the cli attribute in the sansio scaffold
• adb7dd9 don't access app.logger when configuring app.logger
• b739390 support FIPS builds without SHA-1 (#5460)
• db46111 access sha1 lazily
• 7320e31 start version 3.0.3
• 87d5f5b update project files (#5457)
• d5e321b release version 3.0.2 (#5403)
• See full diff in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates importlib-metadata from 7.0.1 to 8.0.0

Changelog

Sourced from importlib-metadata's changelog.

v8.0.0

Deprecations and Removals

• Message.getitem now raises a KeyError on missing keys. (#371)
• Removed deprecated support for Distribution subclasses not implementing abstract methods.

v7.2.1

Bugfixes

• When reading installed files from an egg, use relative_to(walk_up=True) to honor files installed outside of the installation root. (#455)

v7.2.0

Features

• python/cpython#109829
• Updated fixtures for python/cpython#120801.

v7.1.0

Features

• python/cpython#114664

Bugfixes

• Make MetadataPathFinder.find_distributions a classmethod for consistency with CPython. Closes #484. (#484)
• Allow MetadataPathFinder.invalidate_caches to be called as a classmethod.

v7.0.2

No significant changes.

Commits

• f390168 Finalize
• c3bae1e Merge pull request #491 from python/debt/remove-legacy
• a970a49 Message.getitem now raises a KeyError on missing keys.
• 32c14aa Removed deprecated support for Distribution subclasses not implementing abstr...
• b76931d Finalize
• 48d2a85 Merge pull request #482 from dan-blanchard/fix-relative-to
• b94b42e Add news fragment
• e4d1dcc Remove additional method in SimplePath.
• 07a2a44 Revert "Fix mypy failure that has nothing to do with this PR"
• b815aee Mark compat code as uncovered.
• Additional commits viewable in compare view

Updates itsdangerous from 2.1.2 to 2.2.0

Release notes

Sourced from itsdangerous's releases.

2.2.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.2.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

Changes: https://itsdangerous.palletsprojects.com/en/2.2.x/changes/#version-2-2-0 Milestone: https://github.com/pallets/itsdangerous/milestone/8?closed=1

• Drop support for Python 3.7.
• Use modern packaging metadata with pyproject.toml instead of setup.cfg.
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead.
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method.
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default.

Changelog

Sourced from itsdangerous's changelog.

Version 2.2.0

Released 2024-04-16

• Drop support for Python 3.7. :pr:372
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:326
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead. :issue:371
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method. :issue:347
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:375

Commits

• 096c8d4 release version 2.2.0
• 7f4dcf8 access sha1 lazily
• 93ae366 change entry for generic serializer
• 135eb23 Generic serializer (#377)
• 999ce7a Improve generic typing further
• 52890d7 improve generic typing
• 385c0eb type Serializer as generic (#374)
• 01001c6 type Serializer as generic
• bc88e94 improve typing (#373)
• 69a3bca improve typing
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates sentry-sdk from 1.40.6 to 2.7.1

Release notes

Sourced from sentry-sdk's releases.

2.7.1

Various fixes & improvements

• fix(otel): Fix missing baggage (#3218) by @​sentrivana
• This is the config file of asdf-vm which we do not use. (#3215) by @​antonpirker
• Added option to disable middleware spans in Starlette (#3052) by @​antonpirker
• build: Update tornado version in setup.py to match code check. (#3206) by @​aclemons

2.7.0

• Add origin to spans and transactions (#3133) by @​antonpirker
• OTel: Set up typing for OTel (#3168) by @​sentrivana
• OTel: Auto instrumentation skeleton (#3143) by @​sentrivana
• OpenAI: If there is an internal error, still return a value (#3192) by @​colin-sentry
• MongoDB: Add MongoDB collection span tag (#3182) by @​0Calories
• MongoDB: Change span operation from db.query to db (#3186) by @​0Calories
• MongoDB: Remove redundant command name in query description (#3189) by @​0Calories
• Apache Spark: Fix spark driver integration (#3162) by @​seyoon-lim
• Apache Spark: Add Spark test suite to tox.ini and to CI (#3199) by @​sentrivana
• Codecov: Add failed test commits in PRs (#3190) by @​antonpirker
• Update library, Python versions in tests (#3202) by @​sentrivana
• Remove Hub from our test suite (#3197) by @​antonpirker
• Use env vars for default CA cert bundle location (#3160) by @​DragoonAethis
• Create a separate test group for AI (#3198) by @​sentrivana
• Add additional stub packages for type checking (#3122) by @​Daverball
• Proper naming of requirements files (#3191) by @​antonpirker
• Pinning pip because new version does not work with some versions of Celery and Httpx (#3195) by @​antonpirker
• build(deps): bump supercharge/redis-github-action from 1.7.0 to 1.8.0 (#3193) by @​dependabot
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#3171) by @​dependabot
• build(deps): update pytest-asyncio requirement (#3087) by @​dependabot

2.6.0

• Introduce continuous profiling mode (#2830) by @​Zylphrex
• Profiling: Add deprecation comment for profiler internals (#3167) by @​sentrivana
• Profiling: Move thread data to trace context (#3157) by @​Zylphrex
• Explicitly export cron symbols for typecheckers (#3072) by @​spladug
• Cleaning up ASGI tests for Django (#3180) by @​antonpirker
• Celery: Add Celery receive latency (#3174) by @​antonpirker
• Metrics: Update type hints for tag values (#3156) by @​elramen
• Django: Fix psycopg3 reconnect error (#3111) by @​szokeasaurusrex
• Tracing: Keep original function signature when decorated (#3178) by @​sentrivana
• Reapply "Refactor the Celery Beat integration (#3105)" (#3144) (#3175) by @​antonpirker
• Added contributor image to readme (#3183) by @​antonpirker
• bump actions/checkout from 4.1.4 to 4.1.6 (#3147) by @​dependabot
• bump checkouts/data-schemas from 59f9683 to 8c13457 (#3146) by @​dependabot

2.5.1

This change fixes a regression in our cron monitoring feature, which caused cron checkins not to be sent. The regression appears to have been introduced in version 2.4.0.

We recommend that all users, who use Cron monitoring and are currently running sentry-python ≥2.4.0, upgrade to this release as soon as possible!

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.7.1

Various fixes & improvements

• fix(otel): Fix missing baggage (#3218) by @​sentrivana
• This is the config file of asdf-vm which we do not use. (#3215) by @​antonpirker
• Added option to disable middleware spans in Starlette (#3052) by @​antonpirker
• build: Update tornado version in setup.py to match code check. (#3206) by @​aclemons

2.7.0

• Add origin to spans and transactions (#3133) by @​antonpirker
• OTel: Set up typing for OTel (#3168) by @​sentrivana
• OTel: Auto instrumentation skeleton (#3143) by @​sentrivana
• OpenAI: If there is an internal error, still return a value (#3192) by @​colin-sentry
• MongoDB: Add MongoDB collection span tag (#3182) by @​0Calories
• MongoDB: Change span operation from db.query to db (#3186) by @​0Calories
• MongoDB: Remove redundant command name in query description (#3189) by @​0Calories
• Apache Spark: Fix spark driver integration (#3162) by @​seyoon-lim
• Apache Spark: Add Spark test suite to tox.ini and to CI (#3199) by @​sentrivana
• Codecov: Add failed test commits in PRs (#3190) by @​antonpirker
• Update library, Python versions in tests (#3202) by @​sentrivana
• Remove Hub from our test suite (#3197) by @​antonpirker
• Use env vars for default CA cert bundle location (#3160) by @​DragoonAethis
• Create a separate test group for AI (#3198) by @​sentrivana
• Add additional stub packages for type checking (#3122) by @​Daverball
• Proper naming of requirements files (#3191) by @​antonpirker
• Pinning pip because new version does not work with some versions of Celery and Httpx (#3195) by @​antonpirker
• build(deps): bump supercharge/redis-github-action from 1.7.0 to 1.8.0 (#3193) by @​dependabot
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#3171) by @​dependabot
• build(deps): update pytest-asyncio requirement (#3087) by @​dependabot

2.6.0

• Introduce continuous profiling mode (#2830) by @​Zylphrex
• Profiling: Add deprecation comment for profiler internals (#3167) by @​sentrivana
• Profiling: Move thread data to trace context (#3157) by @​Zylphrex
• Explicitly export cron symbols for typecheckers (#3072) by @​spladug
• Cleaning up ASGI tests for Django (#3180) by @​antonpirker
• Celery: Add Celery receive latency (#3174) by @​antonpirker
• Metrics: Update type hints for tag values (#3156) by @​elramen
• Django: Fix psycopg3 reconnect error (#3111) by @​szokeasaurusrex
• Tracing: Keep original function signature when decorated (#3178) by @​sentrivana
• Reapply "Refactor the Celery Beat integration (#3105)" (#3144) (#3175) by @​antonpirker
• Added contributor image to readme (#3183) by @​antonpirker
• bump actions/checkout from 4.1.4 to 4.1.6 (#3147) by @​dependabot
• bump checkouts/data-schemas from 59f9683 to 8c13457 (#3146) by @​dependabot

2.5.1

... (truncated)

Commits

• 1ab1fa9 release: 2.7.1
• dc57972 fix(otel): Fix missing baggage (#3218)
• 0629094 This is the config file of asdf-vm which we do not use.
• c210ad6 Added option to disable middleware spans in Starlette (#3052)
• 168600f build: Update tornado version in setup.py to match code check. (#3206)
• a0c836b Merge branch 'release/2.7.0'
• 3314307 updated changelog
• e60c0b6 release: 2.7.0
• 9506913 Do not raise error when channels is not installed (#3203)
• 7c1685e Set up typing for OTel (#3168)
• Additional commits viewable in compare view

Updates urllib3 from 2.2.1 to 2.2.2

Release notes

Sourced from urllib3's releases.

2.2.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
• Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. (#3122)
• Fixed return types representing copying actions to use typing.Self. (#3363)

Full Changelog: urllib3/urllib3@2.2.1...2.2.2

Changelog

Sourced from urllib3's changelog.

2.2.2 (2024-06-17)

• Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
• Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. ([#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122>__)
• Fixed return types representing copying actions to use typing.Self. ([#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363>__)

Commits

• 27e2a5c Release 2.2.2 (#3406)
• accff72 Merge pull request from GHSA-34jh-p97f-mpxf
• 34be4a5 Pin CFFI to a new release candidate instead of a Git commit (#3398)
• da41058 Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)
• b07a669 Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)
• b8589ec Measure coverage with v4 of artifact actions (#3394)
• f3bdc55 Allow triggering CI manually (#3391)
• 5239265 Fix HTTP version in debug log (#3316)
• b34619f Bump actions/checkout to 4.1.4 (#3387)
• 9961d14 Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)
• Additional commits viewable in compare view

Updates werkzeug from 3.0.1 to 3.0.3

Release notes

Sourced from werkzeug's releases.

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

• Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
• Make reloader more robust when "" is in sys.path. #2823
• Better TLS cert format with adhoc dev certs. #2891
• Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be pass...

  Description has been truncated