Deps: Bump the python-packages group with 6 updates

[dependabot]

Bumps the python-packages group with 6 updates:

Package	From	To
coverage	7.6.1	7.6.3
anyio	4.6.0	4.6.2
black	24.8.0	24.10.0
charset-normalizer	3.3.2	3.4.0
markupsafe	2.1.5	3.0.1
uvicorn	0.31.0	0.31.1

Updates coverage from 7.6.1 to 7.6.3

Changelog

Sourced from coverage's changelog.

Version 7.6.3 — 2024-10-13

• Fix: nested context managers could incorrectly be analyzed to flag a missing branch on the last context manager, as described in issue 1876_. This is now fixed.

• Fix: the missing branch message about not exiting a module had an extra "didn't," as described in issue 1873_. This is now fixed.

.. _issue 1873: nedbat/coveragepy#1873 .. _issue 1876: nedbat/coveragepy#1876

.. _changes_7-6-2:

Version 7.6.2 — 2024-10-09

• Dropped support for Python 3.8 and PyPy 3.8.

• Fix: a final wildcard match/case clause assigning to a name (case _ as value) was incorrectly marked as a missing branch. This is now fixed, closing issue 1860_.

• Fewer things are considered branches now. Lambdas, comprehensions, and generator expressions are no longer marked as missing branches if they don't complete execution. Closes issue 1852_.

• Fix: the HTML report didn't properly show multi-line f-strings that end with a backslash continuation. This is now fixed, closing issue 1836, thanks to LiuYinCarl and Marco Ricci <pull 1838_>.

• Fix: the LCOV report now has correct line numbers (fixing issue 1846) and better branch descriptions for BRDA records (fixing issue 1850). There are other changes to lcov also, including a new configuration option :ref:line_checksums <config_lcov_line_checksums> to control whether line checksums are included in the lcov report. The default is false. To keep checksums set it to true. All this work is thanks to Zack Weinberg (pull 1849_ and pull 1851_).

• Fixed the docs for multi-line regex exclusions, closing issue 1863_.

• Fixed a potential crash in the C tracer, closing issue 1835, thanks to Jan Kühle <pull 1843_>.

.. _issue 1835: nedbat/coveragepy#1835 .. _issue 1836: nedbat/coveragepy#1836 .. _pull 1838: nedbat/coveragepy#1838 .. _pull 1843: nedbat/coveragepy#1843

... (truncated)

Commits

• 342a4cb docs: sample HTML for 7.6.3
• df03796 docs: prep for 7.6.3
• 378c321 fix: nested context managers shouldn't cause a phantom missing branch #1876
• c8902ed build: pypy 3.9 doesn't seem to be available nightly
• c59a77b docs(build): put a header on the GitHub releases
• 65ac395 docs: fix a link in the changes
• 2d3e72c docs: add coverage-simple-excludes to the docs
• 474a363 fix: didn't-ectomy. #1873
• 5229fc3 docs: mention 1852 is fixed
• 6a4506f build(docs): upgrade doc dependencies
• Additional commits viewable in compare view

Updates anyio from 4.6.0 to 4.6.2

Release notes

Sourced from anyio's releases.

4.6.2

• Fixed regression caused by (#807) that prevented the use of parametrized async fixtures

4.6.1

This release contains all the changes from both v4.5.1 and v4.6.0, plus:

• Fixed TaskGroup and CancelScope producing cyclic references in tracebacks when raising exceptions (#806) (PR by @​graingert)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.6.2

• Fixed regression caused by ([#807](https://github.com/agronholm/anyio/issues/807) <https://github.com/agronholm/anyio/pull/807>_) that prevented the use of parametrized async fixtures

4.6.1

This release contains all the changes from both v4.5.1 and v4.6.0, plus:

• Fixed TaskGroup and CancelScope producing cyclic references in tracebacks when raising exceptions ([#806](https://github.com/agronholm/anyio/issues/806) <https://github.com/agronholm/anyio/pull/806>_) (PR by @​graingert)

4.6.0

This release is the successor to v4.5.0 with Python 3.8 support dropped, and does not contain the changes from v4.5.1.

• Dropped support for Python 3.8 (as [#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_ cannot be resolved without cancel message support)
• Fixed 100% CPU use on asyncio while waiting for an exiting task group to finish while said task group is within a cancelled cancel scope ([#695](https://github.com/agronholm/anyio/issues/695) <https://github.com/agronholm/anyio/issues/695>_)
• Fixed cancel scopes on asyncio not propagating CancelledError on exit when the enclosing cancel scope has been effectively cancelled ([#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_)
• Fixed asyncio task groups not yielding control to the event loop at exit if there were no child tasks to wait on
• Fixed inconsistent task uncancellation with asyncio cancel scopes belonging to a task group when said task group has child tasks running

4.5.1

As Python 3.8 support was dropped in v4.6.0, this interim release was created to bring a regression fix to Python 3.8, and adds a few other fixes also present in v4.6.1.

• Fixed acquring a lock twice in the same task on asyncio hanging instead of raising a RuntimeError ([#798](https://github.com/agronholm/anyio/issues/798) <https://github.com/agronholm/anyio/issues/798>_)
• Fixed an async fixture's self being different than the test's self in class-based tests ([#633](https://github.com/agronholm/anyio/issues/633) <https://github.com/agronholm/anyio/issues/633>_) (PR by @​agronholm and @​graingert)
• Fixed TypeError with TLSStream on Windows when a certificate verification error occurs when using a truststore <https://github.com/sethmlarson/truststore>_ SSL certificate ([#795](https://github.com/agronholm/anyio/issues/795) <https://github.com/agronholm/anyio/issues/795>_)

... (truncated)

Commits

• 5861355 Bumped up the version
• f6ddfc8 Fixed a regression in the pytest plugin that broke parametrized async fixtures
• 4ecc963 Bumped up the version
• 5489fbd Fixed tox configuration
• 77b94df Updated Path documentation and made is_junction() conditional (#800)
• bf130dc Fixed TypeError when TLS handshake fails with truststore SSLContext (#801)
• 4cb89a5 Migrated to native TOML configuration for Tox
• 6bebf18 Made test_start_task_soon_cancel_immediately() less flaky
• e8546bd Rebind instance method fixtures to the same instance as the test (#807)
• 57bcbc9 Updated macOS and Windows to test on Python 3.13 by default
• Additional commits viewable in compare view

Updates black from 24.8.0 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Changelog

Sourced from black's changelog.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Commits

• 1b2427a Prepare release 24.10.0 (#4471)
• a22b1eb Add mypyc 3.13 wheel build (#4449)
• b7d0e72 Bump AndreMiras/coveralls-python-action from 65c1672f0b8a201702d86c81b79187df...
• f1a2f92 Include --unstable in cache key (#4466)
• 8d9d18c Fix skipping Jupyter cells with unknown %% magic (#4462)
• bbfdba3 Fix docs CI: use venv for uv to fix 'failed to create directory' (#4460)
• 8fb2add Use builtin generics (#4458)
• 2a45cec Fix crashes with comments in parentheses (#4453)
• b4d6d86 Drop Python 3.8 support (#4452)
• ac018c1 Require newer aiohttp for blackd (#4451)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.3.2 to 3.4.0

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.0

🚀 charset-normalizer is raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] All of this while our community is still struggling to make a firm advancement in HTTP clients. Now, many of you use Requests as the defacto http client, now, and for many years now, Requests has been frozen. Being left in a vegetative state and not evolving, this blocked millions of developers from using more advanced features.

We promptly invite Python developers to look at the drop-in replacement for Requests, namely Niquests. It leverage charset-normalizer in a better way! Check it out, you will be positively surprised! Don't wait another decade.

We are thankful to @​microsoft and involved parties for funding our work through the Microsoft FOSS Fund program.

3.4.0 (2024-10-08)

Added

• Argument --no-preemptive in the CLI to prevent the detector to search for hints.
• Support for Python 3.13 (#512)

Fixed

• Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
• Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
• Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)

Changelog

Sourced from charset-normalizer's changelog.

3.4.0 (2024-10-08)

Added

• Argument --no-preemptive in the CLI to prevent the detector to search for hints.
• Support for Python 3.13 (#512)

Fixed

• Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch.
• Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) (#537)
• Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. (#381)

Commits

• f3118e3 🔧 change download/upload artifact version to last working version
• 33e67e8 🔧 set compile-generator in generator_generic_slsa3 action
• 73dd24c 🔧 add explicit build deps to setuptools
• 78f1e9b 🔧 attempt to fix cd.yml *3
• 56ae702 🔧 attempt to fix cd.yml *2
• 9720055 🔧 attempt to fix cd.yml (macos part)
• 1e10d06 Update CHANGELOG.md
• 36c103a 🔖 Release 3.4.0 (#545)
• 7658dfc ⬆️ Bump github/codeql-action from 3.26.11 to 3.26.12 (#544)
• ca2535d ⬆️ Bump github/codeql-action from 3.26.9 to 3.26.11 (#542)
• Additional commits viewable in compare view

Updates markupsafe from 2.1.5 to 3.0.1

Release notes

Sourced from markupsafe's releases.

3.0.1

This is the MarkupSafe 3.0.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.1/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-1 (pending a fix to the docs build) Milestone: https://github.com/pallets/markupsafe/milestone/13?closed=1

• Address compiler warnings that became errors in GCC 14. #466
• Fix compatibility with proxy objects. #467

3.0.0

This is the MarkupSafe 3.0.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. The 3.0.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/MarkupSafe/3.0.0/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-0 (pending a fix to the docs build) Milestone: https://github.com/pallets/markupsafe/milestone/10?closed=1

• Support Python 3.13 and its experimental free-threaded build. #461
• Drop support for Python 3.7 and 3.8.
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. #348
• Change distutils imports to setuptools. #399
• Use deferred evaluation of annotations. #400
• Update signatures for Markup methods to match str signatures. Use positional-only arguments. #400
• Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. #401
• The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. #402
• Speed up escaping plain strings by 40%. #434
• Simplify speedups implementation. #437

Changelog

Sourced from markupsafe's changelog.

Version 3.0.1

Released 2024-10-08

• Address compiler warnings that became errors in GCC 14. :issue:466
• Fix compatibility with proxy objects. :issue:467

Version 3.0.0

Released 2024-10-07

• Support Python 3.13 and its experimental free-threaded build. :pr:461
• Drop support for Python 3.7 and 3.8.
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:348
• Change distutils imports to setuptools. :pr:399
• Use deferred evaluation of annotations. :pr:400
• Update signatures for Markup methods to match str signatures. Use positional-only arguments. :pr:400
• Some str methods on Markup no longer escape their argument: strip, lstrip, rstrip, removeprefix, removesuffix, partition, and rpartition; replace only escapes its new argument. These methods are conceptually linked to search methods such as in, find, and index, which already do not escape their argument. :issue:401
• The __version__ attribute is deprecated. Use feature detection, or importlib.metadata.version("markupsafe"), instead. :pr:402
• Speed up escaping plain strings by 40%. :pr:434
• Simplify speedups implementation. :pr:437

Commits

• ef0b95e release version 3.0.1
• 54bb00b fix exact str check (#469)
• 7add29c fix exact str check
• b529164 cast to PyUnicodeObject (#468)
• cf4fc43 cast to PyUnicodeObject
• 2c60930 start version 3.0.1
• 85813f1 release version 3.0.0 (#465)
• 7643710 release version 3.0.0
• 44a54cd Build Python 3.13 wheels (#461)
• 0a00cfe style changes
• Additional commits viewable in compare view

Updates uvicorn from 0.31.0 to 0.31.1

Release notes

Sourced from uvicorn's releases.

Version 0.31.1

Fixed

• Support WebSockets 0.13.1 #2471
• Restore support for [*] in trusted hosts #2480
• Add PathLike[str] type hint for ssl_keyfile #2481

---

Full Changelog: encode/uvicorn@0.31.0...0.31.1

Changelog

Sourced from uvicorn's changelog.

0.31.1 (2024-10-09)

Fixed

• Support WebSockets 0.13.1 (#2471)
• Restore support for [*] in trusted hosts (#2480)
• Add PathLike[str] type hint for ssl_keyfile (#2481)

Commits

• 137f88e Version 0.31.1 (#2483)
• 27d976a Add PathLike[str] type hint for ssl_keyfile (#2481)
• 1ddd250 Bump the python-packages group with 10 updates (#2478)
• 108b1c9 docs: fix configuration option for trusting forwarded IPs (#2479)
• a1783d8 Add support for [*] in trusted hosts (#2480)
• 6ffaaf7 Update link to Hypercorn project (#2474)
• c7668ce Upgrade websockets to 0.13.1 (#2471)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.