Build(deps): Bump pdm from 2.12.4 to 2.13.3

[dependabot]

Bumps pdm from 2.12.4 to 2.13.3.

Release notes

Sourced from pdm's releases.

v2.13.3

Bug Fixes

• Per-source configuration for ca-certs and client-cert. #2754
• Remove all caches by removing individual cache types one by one. #2757
• Use the default HTTP client when downloading the pythons, to use the certificates settings. #2759
• Fix a race condition where pth files take effect when multiple packages are installed in parallel. #2762
• Refuse to run recursive composite scripts. #2766

v2.13.2

Bug Fixes

• Fix errors when parsing poetry format that contains special characters in author name. Poetry-specific parse_name_email and NAME_EMAIL_RE moved from pdm.formats.base to pdm.formats.poetry. #2665
• Fix a race condition in cached packages. When a cached package is being created it shouldn't be used for installation. #2739
• Add back PreparedCandidate.build() for backward-compatibility. #2747

Documentation

• Fixed a small non-code typo in docs and prodivded better wording. #2740

v2.13.1

Bug Fixes

• Fix a bug that PDM couldn't find interpreters for global project. #2726
• Make the cache package path shorter to solve the Windows path problem. #2730

Documentation

• Extract "Lock file" doc from "Manage Dependencies" doc. #2725

v2.13.0

Features & Improvements

• Add option to exclude group(s) when running pdm sync/install -G:all by adding flag --without group1,group2,... #2258
• Default to log to user home and make logs directory configurable. #2398
• Add an option keep_going to continue on errors for composite scripts and return the last failing exit code. #2582
• Add an option working_dir for PDM's scripts to set the current working directory. #2620
• Allow updating specific sub-dependencies (i.e., transitive dependencies) in the lock file. #2628
• Add --config-setting option to add/install/sync/update/remove/export commands, the config settings dictionary will be shared by all packages. #2636
• Cache the decompressed contents of wheels for faster access. #2660
• Add configuration for timeout for network requests. #2680
• Reuse the request sesison within the environment. #2697
• Caches can be disabled by using the --no-cache option or setting the PDM_NO_CACHE environment variable. #2702
• Switch to httpx.Client for HTTP requests, drop requests dependency. #2709
• We have timemachine now! You can exclude packages published newer than a certain date via pdm lock --exclude-newer=<date>, allowing reproduction of resolutions regardless of new package releases. #2712

... (truncated)

Changelog

Sourced from pdm's changelog.

Release v2.13.3 (2024-04-08)

Bug Fixes

• Per-source configuration for ca-certs and client-cert. #2754
• Remove all caches by removing individual cache types one by one. #2757
• Use the default HTTP client when downloading the pythons, to use the certificates settings. #2759
• Fix a race condition where pth files take effect when multiple packages are installed in parallel. #2762
• Refuse to run recursive composite scripts. #2766

Release v2.13.2 (2024-03-30)

Bug Fixes

• Fix errors when parsing poetry format that contains special characters in author name. Poetry-specific parse_name_email and NAME_EMAIL_RE moved from pdm.formats.base to pdm.formats.poetry. #2665
• Fix a race condition in cached packages. When a cached package is being created it shouldn't be used for installation. #2739
• Add back PreparedCandidate.build() for backward-compatibility. #2747

Documentation

• Fixed a small non-code typo in docs and prodivded better wording. #2740

Release v2.13.1 (2024-03-29)

Bug Fixes

• Fix a bug that PDM couldn't find interpreters for global project. #2726
• Make the cache package path shorter to solve the Windows path problem. #2730

Documentation

• Extract "Lock file" doc from "Manage Dependencies" doc. #2725

Release v2.13.0 (2024-03-27)

Features & Improvements

• Add option to exclude group(s) when running pdm sync/install -G:all by adding flag --without group1,group2,... #2258
• Default to log to user home and make logs directory configurable. #2398
• Add an option keep_going to continue on errors for composite scripts and return the last failing exit code. #2582
• Add an option working_dir for PDM's scripts to set the current working directory. #2620
• Allow updating specific sub-dependencies (i.e., transitive dependencies) in the lock file. #2628
• Add --config-setting option to add/install/sync/update/remove/export commands, the config settings dictionary will be shared by all packages. #2636
• Cache the decompressed contents of wheels for faster access. #2660
• Add configuration for timeout for network requests. #2680

... (truncated)

Commits

• 4095ac1 chore: Release 2.13.3
• 3a1f830 chore(deps): bump pillow from 10.2.0 to 10.3.0 in /chatbot (#2769)
• c8c0ed9 fix: refuse to run recursive composite scripts (#2766)
• 9d7aabc fix: pdm add requests pip-system-certs fails nondeterministically (#2765)
• f1f50a0 fix: test failure
• ebdeae8 Merge branch 'main' of github.com:pdm-project/pdm
• c2a8b6c fix: use the default http client when downloading python versions
• 9f36ab1 [pre-commit.ci] pre-commit autoupdate (#2756)
• 4d09651 fix(cli): remove all caches like removing individual caches (#2757)
• 82bcc88 feat: per-source config of ca_certs and client_cert (#2754)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)