Deps: Bump the python-packages group across 1 directory with 10 updates

[dependabot]

Bumps the python-packages group with 10 updates in the / directory:

Package	From	To
django	4.2.14	4.2.15
pyyaml	6.0.1	6.0.2
sentry-sdk	2.11.0	2.13.0
black	24.4.2	24.8.0
cffi	1.16.0	1.17.0
coverage	7.6.0	7.6.1
lxml	5.2.2	5.3.0
pyphen	0.15.0	0.16.0
ruff	0.6.1	0.6.2
tomlkit	0.13.0	0.13.2

Updates django from 4.2.14 to 4.2.15

Commits

• 4d32ebc [4.2.x] Bumped version for 4.2.15 release.
• f4af67b [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection att...
• efea1ef [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.htm...
• d0a82e2 [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizet...
• fc76660 [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in flo...
• 7b1a76f [4.2.x] Added stub release notes and release date for 4.2.15.
• 96a3497 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueEr...
• c5d196a [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.
• 8e59e33 [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39...
• 72f6c7d [4.2.x] Post-release version bump.
• See full diff in compare view

Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

• Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

6.0.2rc1

• Support for extension build with Cython 3.x
• Support for Python 3.13
• Added PyPI wheels for musllinux on aarch64

Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

Commits

• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• See full diff in compare view

Updates sentry-sdk from 2.11.0 to 2.13.0

Release notes

Sourced from sentry-sdk's releases.

2.13.0

Various fixes & improvements

• New integration: Ray (#2400) (#2444) by @​glowskir

  Usage: (add the RayIntegration to your sentry_sdk.init() call and make sure it is called in the worker processes)

  import ray
  import sentry_sdk
  from sentry_sdk.integrations.ray import RayIntegration
  def init_sentry():
  sentry_sdk.init(
  dsn="...",
  traces_sample_rate=1.0,
  integrations=[RayIntegration()],
  )
  init_sentry()
  ray.init(
  runtime_env=dict(worker_process_setup_hook=init_sentry),
  )

  For more information, see the documentation for the Ray integration.

• New integration: Litestar (#2413) (#3358) by @​KellyWalker

  Usage: (add the LitestarIntegration to your sentry_sdk.init())

  from litestar import Litestar, get
  import sentry_sdk
  from sentry_sdk.integrations.litestar import LitestarIntegration
  sentry_sdk.init(
  dsn="...",
  traces_sample_rate=1.0,
  integrations=[LitestarIntegration()],
  )
  @​get("/")
  async def index() -> str:
  return "Hello, world!"
  app = Litestar(...)

  For more information, see the documentation for the Litestar integration.

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.13.0

Various fixes & improvements

• New integration: Ray (#2400) (#2444) by @​glowskir

  Usage: (add the RayIntegration to your sentry_sdk.init() call and make sure it is called in the worker processes)

  import ray
  import sentry_sdk
  from sentry_sdk.integrations.ray import RayIntegration
  def init_sentry():
  sentry_sdk.init(
  dsn="...",
  traces_sample_rate=1.0,
  integrations=[RayIntegration()],
  )
  init_sentry()
  ray.init(
  runtime_env=dict(worker_process_setup_hook=init_sentry),
  )

  For more information, see the documentation for the Ray integration.

• New integration: Litestar (#2413) (#3358) by @​KellyWalker

  Usage: (add the LitestarIntegration to your sentry_sdk.init())

  from litestar import Litestar, get
  import sentry_sdk
  from sentry_sdk.integrations.litestar import LitestarIntegration
  sentry_sdk.init(
  dsn="...",
  traces_sample_rate=1.0,
  integrations=[LitestarIntegration()],
  )
  @​get("/")
  async def index() -> str:
  return "Hello, world!"
  app = Litestar(...)

  For more information, see the documentation for the Litestar integration.

... (truncated)

Commits

• 570307c Updated changelog
• 4c1ea7a release: 2.13.0
• 17a6cf0 feat: Add ray integration support (#2400) (#2444)
• 4858996 Expose custom_repr function that precedes safe_repr invocation in serializer ...
• 275c63e ref(sessions): Deprecate hub-based sessions.py logic (#3419)
• 6a4e729 ref(sessions): Deprecate is_auto_session_tracking_enabled (#3428)
• a6cb9b1 Add note to generated yaml files (#3423)
• 19c4069 test(sessions): Remove unnecessary line (#3418)
• da0392f Dramatiq integration from @​jacobsvante (#3397)
• 7d46709 Serialize vars early to avoid living references (#3409)
• Additional commits viewable in compare view

Updates black from 24.4.2 to 24.8.0

Release notes

Sourced from black's releases.

24.8.0

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)
• Fix regression where Black failed to parse an escaped single quote inside an f-string (#4401)
• Fix bug with Black incorrectly parsing empty lines with a backslash (#4343)
• Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#4422)
• Fix incorrect line numbers in the tokenizer for certain tokens within f-strings (#4423)

Performance

• Improve performance when a large directory is listed in .gitignore (#4415)

Blackd

• Fix blackd (and all extras installs) for docker container (#4357)

Changelog

Sourced from black's changelog.

24.8.0

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)
• Fix regression where Black failed to parse an escaped single quote inside an f-string (#4401)
• Fix bug with Black incorrectly parsing empty lines with a backslash (#4343)
• Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#4422)
• Fix incorrect line numbers in the tokenizer for certain tokens within f-strings (#4423)

Performance

• Improve performance when a large directory is listed in .gitignore (#4415)

Blackd

• Fix blackd (and all extras installs) for docker container (#4357)

Commits

• b965c2a Prepare release 24.8.0 (#4426)
• 9ccf279 Document find_project_root ignoring pyproject.toml without [tool.black]...
• 14b6e61 fix: Enhace black efficiently to skip directories listed in .gitignore (#4415)
• b1c4dd9 fix: respect braces better in f-string parsing (#4422)
• 4b4ae43 Fix incorrect linenos on fstring tokens with escaped newlines (#4423)
• 7fa1faf docs: fix the installation command of extra for blackd (#4413)
• 8827acc Bump sphinx from 7.3.7 to 7.4.0 in /docs (#4404)
• b0da11d Bump furo from 2024.5.6 to 2024.7.18 in /docs (#4409)
• 721dff5 fix: avoid formatting backslash strings inside f-strings (#4401)
• 7e2afc9 Update actions/checkout to v4 to stop node deprecation warnings (#4379)
• Additional commits viewable in compare view

Updates cffi from 1.16.0 to 1.17.0

Release notes

Sourced from cffi's releases.

v1.17.0

• Add support for Python 3.13.
  • Free-threaded CPython builds (i.e. python3.13t and the 3.13t ABI) are not currently supported.
• In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a <cdata 'C-function-type'>. Before version 1.17 you could only call such objects. You could write ffi.addressof(lib, "myfunc") in order to get a real <cdata> object, based on the idea that in these cases in C you'd usually write &myfunc instead of myfunc. In version 1.17, the special object lib.myfunc can now be passed in many places where CFFI expects a regular <cdata> object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.

Full Changelog: python-cffi/cffi@v1.16.0...v1.17.0

v1.17.0rc1

• Add support for Python 3.13.
• In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.
• Build wheels for musllinux aarch64.

Commits

• 74731f9 Release 1.17.0 (#108)
• 181fa00 1.17.0rc1 release (#80)
• 772528e Add 3.13 to trove classifiers (#72)
• e36042d 1.17.0b1 prep (#79)
• 39bdab2 avoid null-pointer-subtraction error (#78)
• d7f750b Mention the systemd issue with old-style callbacks (#74)
• 56f7609 Build aarch64 musllinux wheel (#69)
• e59ec8f Win32: pass the flags from dlopen() to LoadLibraryEx() (#65)
• 0619e5e remove binary cruft (#63)
• 640e89f rearrange code to make PyPy testing happier (#59)
• Additional commits viewable in compare view

Updates coverage from 7.6.0 to 7.6.1

Changelog

Sourced from coverage's changelog.

Version 7.6.1 — 2024-08-04

• Fix: coverage used to fail when measuring code using :func:runpy.run_path <python:runpy.run_path> with a :class:Path <python:pathlib.Path> argument. This is now fixed, thanks to Ask Hjorth Larsen <pull 1819_>_.

• Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to LiuYinCarl <pull 1828_>_.

• Now we publish wheels for Python 3.13, both regular and free-threaded.

.. _pull 1819: nedbat/coveragepy#1819 .. _pull 1828: nedbat/coveragepy#1828

.. _changes_7-6-0:

Commits

• 29f5898 docs: sample HTML for 7.6.1
• 9b829f1 docs: prep for 7.6.1
• ebbb6a2 build: wheels for 3.13rc1
• 3872525 chore: make upgrade
• 7a27f40 test: fix a test on free-threading, use abiflags to get site-packages path co...
• 2b53664 build: include gil/nogil in the version banner
• da1682f docs: changelog and contributor for #1828
• dc819ff test: two tests for #1828
• 9aaa404 fix: properly handle backslash before multi-line string (#1828)
• 9c50270 chore: make upgrade
• Additional commits viewable in compare view

Updates lxml from 5.2.2 to 5.3.0

Changelog

Sourced from lxml's changelog.

5.3.0 (2024-08-10)

Features added

• GH#421: Nested CDATA sections are no longer rejected but split on output to represent ]]> correctly. Patch by Gertjan Klein.

Bugs fixed

• LP#2060160: Attribute values serialised differently in xmlfile.element() and xmlfile.write().

• LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes. Patch by David Lakin.

Other changes

• LP#2067707: The strip_cdata option in HTMLParser() turned out to be useless and is now deprecated.

• Binary wheels use the library versions libxml2 2.12.9 and libxslt 1.1.42.

• Windows binary wheels use the library versions libxml2 2.11.8 and libxslt 1.1.39.

• Built with Cython 3.0.11.

Commits

• 475f4ab Update release date.
• e356a1e Build: Add some debug output.
• 8345680 Build: Retry library downloads on failures.
• 2fe6c90 CI: Test oldest officially supported library versions again (the slightly new...
• 00335a1 Build: Improve download regexes.
• f3da47d Prepare release of lxml 5.3.0.
• 3119703 Add missing global name to "all" in lxml.etree.
• 9de6180 Build: Upgrade cibuildwheel version also for the matrix setup.
• 54e36cb Build: Upgrade libxslt to latest (1.1.42).
• d4f56ee Build: Slightly increase the oldest libxslt version that we test against to w...
• Additional commits viewable in compare view

Updates pyphen from 0.15.0 to 0.16.0

Release notes

Sourced from pyphen's releases.

0.16.0

• Close file when reading encoding
• Update dictionary repository

Changelog

Sourced from pyphen's changelog.

Version 0.16.0

Released on 2024-07-30.

• Close file when reading encoding
• Update dictionary repository

Commits

• a74cae4 Version 0.16.0
• e0623ad Update dictionary repository
• 6f3f769 Close file when reading encoding
• See full diff in compare view

Updates ruff from 0.6.1 to 0.6.2

Release notes

Sourced from ruff's releases.

0.6.2

Release Notes

Preview features

• [flake8-simplify] Extend open-file-with-context-handler to work with other standard-library IO modules (SIM115) (#12959)
• [ruff] Avoid unused-async for functions with FastAPI route decorator (RUF029) (#12938)
• [ruff] Ignore fstring-missing-syntax (RUF027) for fastAPI paths (#12939)
• [ruff] Implement check for Decimal called with a float literal (RUF032) (#12909)

Rule changes

• [flake8-bugbear] Update diagnostic message when expression is at the end of function (B015) (#12944)
• [flake8-pyi] Skip type annotations in string-or-bytes-too-long (PYI053) (#13002)
• [flake8-type-checking] Always recognise relative imports as first-party (#12994)
• [flake8-unused-arguments] Ignore unused arguments on stub functions (ARG001) (#12966)
• [pylint] Ignore augmented assignment for self-cls-assignment (PLW0642) (#12957)

Server

• Show full context in error log messages (#13029)

Bug fixes

• [pep8-naming] Don't flag from imports following conventional import names (N817) (#12946)
• [pylint] - Allow __new__ methods to have cls as their first argument even if decorated with @staticmethod for bad-staticmethod-argument (PLW0211) (#12958)

Documentation

• Add hyperfine installation instructions; update hyperfine code samples (#13034)
• Expand note to use Ruff with other language server in Kate (#12806)
• Update example for PT001 as per the new default behavior (#13019)
• [perflint] Improve docs for try-except-in-loop (PERF203) (#12947)
• [pydocstyle] Add reference to lint.pydocstyle.ignore-decorators setting to rule docs (#12996)

Contributors

• @​AlexWaygood
• @​FinchPowers
• @​InSyncWithFoo
• @​MichaReiser
• @​Skylion007
• @​TomerBin
• @​carljm
• @​charliermarsh
• @​dhruvmanila
• @​diceroll123
• @​dsal3389
• @​dylwil3
• @​kbaskett248
• @​lengau

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.2

Preview features

• [flake8-simplify] Extend open-file-with-context-handler to work with other standard-library IO modules (SIM115) (#12959)
• [ruff] Avoid unused-async for functions with FastAPI route decorator (RUF029) (#12938)
• [ruff] Ignore fstring-missing-syntax (RUF027) for fastAPI paths (#12939)
• [ruff] Implement check for Decimal called with a float literal (RUF032) (#12909)

Rule changes

• [flake8-bugbear] Update diagnostic message when expression is at the end of function (B015) (#12944)
• [flake8-pyi] Skip type annotations in string-or-bytes-too-long (PYI053) (#13002)
• [flake8-type-checking] Always recognise relative imports as first-party (#12994)
• [flake8-unused-arguments] Ignore unused arguments on stub functions (ARG001) (#12966)
• [pylint] Ignore augmented assignment for self-cls-assignment (PLW0642) (#12957)

Server

• Show full context in error log messages (#13029)

Bug fixes

• [pep8-naming] Don't flag from imports following conventional import names (N817) (#12946)
• [pylint] - Allow __new__ methods to have cls as their first argument even if decorated with @staticmethod for bad-staticmethod-argument (PLW0211) (#12958)

Documentation

• Add hyperfine installation instructions; update hyperfine code samples (#13034)
• Expand note to use Ruff with other language server in Kate (#12806)
• Update example for PT001 as per the new default behavior (#13019)
• [perflint] Improve docs for try-except-in-loop (PERF203) (#12947)
• [pydocstyle] Add reference to lint.pydocstyle.ignore-decorators setting to rule docs (#12996)

Commits

• 02c4373 Bump version to 0.6.2 (#13056)
• d37e2e5 [flake8-simplify] Extend open-file-with-context-handler to work with other ...
• d1d0678 [red-knot] Remove notebook support from the server (#13040)
• 93f9023 Add hyperfine installation instructions; update hyperfine code samples (#...
• 8144a11 [red-knot] Add definition for with items (#12920)
• dce87c2 Eagerly validate typeshed versions (#12786)
• f873d2a Revert "Use the system allocator for codspeed benchmarks" (#13035)
• ecd9e6a [red-knot] Improve the unresolved-import check (#13007)
• 785c399 Use ZIP file size metadata to allocate string (#13032)
• a35cdbb Fix various panicks when linting black/src (#13033)
• Additional commits viewable in compare view

Updates tomlkit from 0.13.0 to 0.13.2

Release notes

Sourced from tomlkit's releases.

0.13.2

What's Changed

• fix: delete keys from out of order table by @​frostming in python-poetry/tomlkit#379

Full Changelog: python-poetry/tomlkit@0.13.1...0.13.2

0.13.1

What's Changed

• chore(deps-dev): bump setuptools from 68.0.0 to 70.0.0 by @​dependabot in python-poetry/tomlkit#367
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in python-poetry/tomlkit#368
• [docs] Add tomlkit.dump() example by @​sburris0 in python-poetry/tomlkit#370
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in python-poetry/tomlkit#369
• fix: Table header missing by @​frostming in python-poetry/tomlkit#375
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in python-poetry/tomlkit#372
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in python-poetry/tomlkit#376
• fix: Empty table dumped when number of subtables > 1 by @​frostming in python-poetry/tomlkit#378

New Contributors

• @​sburris0 made their first contribution in python-poetry/tomlkit#370

Full Changelog: python-poetry/tomlkit@0.13.0...0.13.1

Changelog

Sourced from tomlkit's changelog.

[0.13.2] - 2024-08-14

Fixed

• Fix deleting keys from an out-of-order table does not remove all table parts. (#379)

[0.13.1] - 2024-08-14

Fixed

• Fix the Table.is_super_table() check for tables with dotted key as the only child. (#374)
• Count table as a super table if it has children and all children are either tables or arrays of tables. (#377)

Commits

• e6e5d38 fix: delete keys from out of order table (#379)
• 8c1671a chore: bump version to 0.13.1
• 28fe6ec fix: Empty table dumped when number of subtables > 1 (#378)
• 168cb22 [pre-commit.ci] pre-commit autoupdate (#376)
• 3594bdf [pre-commit.ci] pre-commit autoupdate (#372)
• 8b288a5 fix: Table header missing (#375)
• b1b38b3 Merge branch 'master' of github.com:python-poetry/tomlkit
• 507ca76 doc: upgrade docs requirements
• c35ab33 [pre-commit.ci] pre-commit autoupdate (#369)
• 2344a42 Add tomlkit.dump() example (#370)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
django	[>= 3.a, < 4]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.