Scheduled weekly dependency update for week 45

[pyup-bot]

Update amqp from 5.1.1 to 5.2.0.

Changelog

5.2.0

=====
:release-date: 2023-11-06 10:55 A.M. UTC+6:00
:release-by: Asif Saif Uddin

- Added python 3.12 and drop python 3.7 (423).
- Test vine 5.1.0 (424).
- Set an explicit timeout on SSL handshake to prevent hangs.
- Add MessageNacked to recoverable errors.
- Send heartbeat frames more often.



.. _version-5.1.1:

Links

• PyPI: https://pypi.org/project/amqp
• Changelog: https://data.safetycli.com/changelogs/amqp/
• Repo: http://github.com/celery/py-amqp

Update argh from 0.29.3 to 0.30.4.

Changelog

0.30.4

---------------------------

There were complaints about the lack of a deprecation cycle for the legacy name
mapping policy.  This version addresses the issue:

- The handling introduced in v.0.30.2 (raising an exception for clarity)
is retained for cases when no name mapping policy is specified but function
signature contains defaults in non-kwonly args **and kwonly args are also
defined**::

   def main(alpha, beta=1, *, gamma=2):   error — explicit policy required

In a similar case but when **kwonly args are not defined** Argh now assumes
the legacy name mapping policy (`BY_NAME_IF_HAS_DEFAULT`) and merely issues
a deprecation warning with the same message as the exception mentioned above::

   def main(alpha, beta=2):     `[-b BETA] alpha` + DeprecationWarning

This ensures that most of the old scripts still work the same way despite the
new policy being used by default and enforced in cases when it's impossible
to resolve the mapping conflict.

Please note that this "soft" handling is to be removed in version v0.33
(or v1.0 if the former is not deemed necessary).  The new name mapping policy
will be used by default without warnings, like in v0.30.

0.30.3

---------------------------

Bugs fixed:

- Regression: a positional argument with an underscore used in `arg` decorator
would cause Argh fail on the assembling stage. (208)

0.30.2

---------------------------

Bugs fixed:

- As reported in 204 and 206, the new default name mapping policy in fact
silently changed the CLI API of some scripts: arguments which were previously
translated as CLI options became optional positionals. Although the
instructions were supplied in the release notes, the upgrade may not
necessarily be intentional, so a waste of users' time is quite likely.

To alleviate this, the default value for `name_mapping_policy` in standard
functions has been changed to `None`; if it's not specified, Argh falls back
to the new default policy, but raises `ArgumentNameMappingError` with
detailed instructions if it sees a non-kwonly argument with a default value.

Please specify the policy explicitly in order to avoid this error if you need
to infer optional positionals (``nargs="?"``) from function signature.

0.30.1

---------------------------

Bugs fixed:

- Regression: certain special values in argument default value would cause an
exception (204)

Enhancements:

- Improved the tutorial.
- Added a more informative error message when the reason is likely to be
related to the migration from Argh v0.29 to a version with a new argument
name mapping policy.

Other changes:

- Added `py.typed` marker file for :pep:`561`.

0.30.0

---------------------------

Backwards incompatible changes:

- A new policy for mapping function arguments to CLI arguments is used by
default (see :class:`argh.assembling.NameMappingPolicy`).

The following function does **not** map to ``func foo [--bar]`` anymore::

   def func(foo, bar=None):
       ...

Since this release it maps to ``func foo [bar]`` instead.
Please update the function this way to keep `bar` an "option"::

   def func(foo, *, bar=None):
       ...

If you cannot modify the function signature to use kwonly args for options,
please consider explicitly specifying the legacy name mapping policy::

   set_default_command(
       func, name_mapping_policy=NameMappingPolicy.BY_NAME_IF_HAS_DEFAULT
   )

- The name mapping policy `BY_NAME_IF_HAS_DEFAULT` slightly deviates from the
old behaviour. Kwonly arguments without default values used to be marked as
required options (``--foo FOO``), now they are treated as positionals
(``foo``). Please consider the new default policy (`BY_NAME_IF_KWONLY`) for
a better treatment of kwonly.

- Removed previously deprecated features (184 → 188):

- argument help string in annotations — reserved for type hints;
- `argh.SUPPORTS_ALIASES`;
- `argh.safe_input()`;
- previously renamed arguments for `add_commands()`: `namespace`,
 `namespace_kwargs`, `title`, `description`, `help`;
- `pre_call` argument in `dispatch()`.  The basic usage remains simple but
 more granular functions are now available for more control.

 Instead of this::

   argh.dispatch(..., pre_call=pre_call_hook)

 please use this::

   func, ns = argh.parse_and_resolve(...)
   pre_call_hook(ns)
   argh.run_endpoint_function(func, ns, ...)

Deprecated:

- The `expects_obj` decorator.  Rationale: it used to support the old,
"un-pythonic" style of usage, which essentially lies outside the scope of
Argh.  If you are not using the mapping of function arguments onto CLI, then
you aren't reducing the amount of code compared to vanilla Argparse.

- The `add_help_command` argument in `dispatch()`.
Rationale: it doesn't add much to user experience; it's not much harder to
type ``--help`` than it is to type ``help``; moreover, the option can be
added anywhere, unlike its positional counterpart.

Enhancements:

- Added support for Python 3.12.
- Added type annotations to existing Argh code (185 → 189).
- The `dispatch()` function has been refactored, so in case you need finer
control over the process, two new, more granular functions can be used:

- `endpoint_function, namespace = argh.parse_and_resolve(...)`
- `argh.run_endpoint_function(endpoint_function, namespace, ...)`

Please note that the names may change in the upcoming versions.

- Configurable name mapping policy has been introduced for function argument
to CLI argument translation (191 → 199):

- `BY_NAME_IF_KWONLY` (default and recommended).
- `BY_NAME_IF_HAS_DEFAULT` (close to pre-v.0.30 behaviour);

Please check API docs on :class:`argh.assembling.NameMappingPolicy` for
details.

0.29.4

---------------------------

Bugs fixed:

- Test coverage reported as <100% when argcomplete is installed (187)

Links

• PyPI: https://pypi.org/project/argh
• Changelog: https://data.safetycli.com/changelogs/argh/
• Docs: https://pythonhosted.org/argh/

Update arrow from 1.2.3 to 1.3.0.

Changelog

1.3.0

------------------

- [ADDED] Added official support for Python 3.11 and 3.12.
- [ADDED] Added dependency on ``types-python-dateutil`` to improve Arrow mypy compatibility. `PR 1102 <https://github.com/arrow-py/arrow/pull/1102>`_
- [FIX] Updates to Italian, Romansh, Hungarian, Finish and Arabic locales.
- [FIX] Handling parsing of UTC prefix in timezone strings.
- [CHANGED] Update documentation to improve readability.
- [CHANGED] Dropped support for Python 3.6 and 3.7, which are end-of-life.
- [INTERNAL] Migrate from ``setup.py``/Twine to ``pyproject.toml``/Flit for packaging and distribution.
- [INTERNAL] Adopt ``.readthedocs.yaml`` configuration file for continued ReadTheDocs support.

Links

• PyPI: https://pypi.org/project/arrow
• Changelog: https://data.safetycli.com/changelogs/arrow/

Update astroid from 2.15.6 to 3.0.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/astroid

Update astropy from 5.3.3 to 5.3.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/astropy
• Changelog: https://data.safetycli.com/changelogs/astropy/
• Homepage: http://astropy.org

Update Babel from 2.12.1 to 2.13.1.

Changelog

2.13.1

--------------

This is a patch release to fix a few bugs.

Fixes
~~~~~

* Fix a typo in ``_locales_to_names`` by Dl84 in :gh:`1038` (issue :gh:`1037`)
* Fix ``setuptools`` dependency for Python 3.12 by opryprin in :gh:`1033`

2.13.0

--------------

Upcoming deprecation
~~~~~~~~~~~~~~~~~~~~

* This version, Babel 2.13, is the last version of Babel to support Python 3.7.
Babel 2.14 will require Python 3.8 or newer.

Features
~~~~~~~~

* Add flag to ignore POT-Creation-Date for updates by joeportela in :gh:`999`
* Support 't' specifier in keywords by jeanas in :gh:`1015`
* Add f-string parsing for Python 3.12 (PEP 701) by encukou in :gh:`1027`

Fixes
~~~~~

* Various typing-related fixes by akx in :gh:`979`, in :gh:`978`, :gh:`981`,  :gh:`983`
* babel.messages.catalog: deduplicate _to_fuzzy_match_key logic by akx in :gh:`980`
* Freeze format_time() tests to a specific date to fix test failures by mgorny in :gh:`998`
* Spelling and grammar fixes by scop in :gh:`1008`
* Renovate lint tools by akx in :gh:`1017`, :gh:`1028`
* Use SPDX license identifier by vargenau in :gh:`994`
* Use aware UTC datetimes internally by scop in :gh:`1009`

New Contributors
~~~~~~~~~~~~~~~~

* mgorny made their first contribution in :gh:`998`
* vargenau made their first contribution in :gh:`994`
* joeportela made their first contribution in :gh:`999`
* encukou made their first contribution in :gh:`1027`

Links

• PyPI: https://pypi.org/project/babel
• Changelog: https://data.safetycli.com/changelogs/babel/
• Homepage: https://babel.pocoo.org/
• Docs: https://pythonhosted.org/Babel/

Update billiard from 4.1.0 to 4.2.0.

Changelog

4.2.0

--------------------
- Update process.py to close during join only if process has completed.
- Adjust the __repr__ in ApplyResult.
- Remove python 3.7 from CI.
- Added Python 3.12 support.
- Fixed (co_positions): resolve issue caused by absence co_positions (395).
- Fixed: Replaced mktemp usage for Python 3 from python 2.
- Changed nose test to pytest (397) in Integration test.
- Changed nose dependency for unit test (383).

Links

• PyPI: https://pypi.org/project/billiard
• Changelog: https://data.safetycli.com/changelogs/billiard/
• Repo: https://github.com/celery/billiard

Update bitarray from 2.8.1 to 2.8.2.

Changelog

2.8.2

-------------------
* update cibuildwheel to 2.16.1 in order to provide cp312 wheels on PyPI
* improve error messages for masked assignment
* simplify test collection
* added `pytest.ini` to allow running pytest with no additional arguments,
 see 208
* `util.sc_encode()`: avoid writing empty blocks at end of compressed
 stream, ie. skip encoding when total population count is reached

Links

• PyPI: https://pypi.org/project/bitarray
• Changelog: https://data.safetycli.com/changelogs/bitarray/
• Repo: https://github.com/ilanschnell/bitarray

Update black from 23.9.1 to 23.10.1.

Changelog

23.10.1

Highlights

- Maintanence release to get a fix out for GitHub Action edge case (3957)

Preview style

- Fix merging implicit multiline strings that have inline comments (3956)
- Allow empty first line after block open before a comment or compound statement (3967)

Packaging

- Change Dockerfile to hatch + compile black (3965)

Integrations

- The summary output for GitHub workflows is now suppressible using the `summary`
parameter. (3958)
- Fix the action failing when Black check doesn't pass (3957)

Documentation

- It is known Windows documentation CI is broken
https://github.com/psf/black/issues/3968

23.10.0

Stable style

- Fix comments getting removed from inside parenthesized strings (3909)

Preview style

- Fix long lines with power operators getting split before the line length (3942)
- Long type hints are now wrapped in parentheses and properly indented when split across
multiple lines (3899)
- Magic trailing commas are now respected in return types. (3916)
- Require one empty line after module-level docstrings. (3932)
- Treat raw triple-quoted strings as docstrings (3947)

Configuration

- Fix cache versioning logic when `BLACK_CACHE_DIR` is set (3937)

Parser

- Fix bug where attributes named `type` were not accepted inside `match` statements
(3950)
- Add support for PEP 695 type aliases containing lambdas and other unusual expressions
(3949)

Output

- Black no longer attempts to provide special errors for attempting to format Python 2
code (3933)
- Black will more consistently print stacktraces on internal errors in verbose mode
(3938)

Integrations

- The action output displayed in the job summary is now wrapped in Markdown (3914)

Links

• PyPI: https://pypi.org/project/black
• Changelog: https://data.safetycli.com/changelogs/black/

Update bleach from 6.0.0 to 6.1.0.

Changelog

6.1.0

---------------------------------

**Backwards incompatible changes**

* Dropped support for Python 3.7. (709)

**Security fixes**

None

**Bug fixes**

* Add support for Python 3.12. (710)
* Fix linkify with arrays in querystring (436)
* Handle more cases with < followed by character data (705)
* Fix entities inside a tags in linkification (704)
* Update cap for tinycss2 to <1.3 (702)
* Updated Sphinx requirement
* Add dependabot for github actions and update github actions

Links

• PyPI: https://pypi.org/project/bleach
• Changelog: https://data.safetycli.com/changelogs/bleach/
• Repo: https://github.com/mozilla/bleach
• Docs: https://pythonhosted.org/bleach/

Update bokeh from 3.2.2 to 3.3.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/bokeh

Update cachetools from 5.3.1 to 5.3.2.

Changelog

5.3.2

===================

- Add support for Python 3.12.

- Various documentation improvements.

Links

• PyPI: https://pypi.org/project/cachetools
• Changelog: https://data.safetycli.com/changelogs/cachetools/
• Repo: https://github.com/tkem/cachetools/

Update cffi from 1.15.1 to 1.16.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/cffi
• Docs: http://cffi.readthedocs.org

Update charset-normalizer from 3.2.0 to 3.3.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/charset-normalizer
• Repo: https://github.com/Ousret/charset_normalizer

Update cloudpickle from 2.2.1 to 3.0.0.

Changelog

3.0.0

=====

- Officially support Python 3.12 and drop support for Python 3.6 and 3.7.
Dropping support for older Python versions made it possible to simplify the
code base signficantly, hopefully making it easier to contribute to and
maintain the project.
([PR 515](https://github.com/cloudpipe/cloudpickle/pull/515))

- Fix pickling of dataclasses and their instances.
([issue 386](https://github.com/cloudpipe/cloudpickle/issues/386),
[PR 513](https://github.com/cloudpipe/cloudpickle/pull/513))

- Any color you like as long as it's black.
([PR 521](https://github.com/cloudpipe/cloudpickle/pull/521))

- Drop `setup.py` and `setuptools` in favor of `pyproject.toml` and `flit`.
([PR 521](https://github.com/cloudpipe/cloudpickle/pull/521))

Links

• PyPI: https://pypi.org/project/cloudpickle
• Changelog: https://data.safetycli.com/changelogs/cloudpickle/
• Repo: https://github.com/cloudpipe/cloudpickle

Update constantly from 15.1.0 to 23.10.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/constantly

Update construct from 2.10.68 to 2.10.69.

Changelog

2.10.69

Took a long time to get here... apologies...

Links

• PyPI: https://pypi.org/project/construct
• Changelog: https://data.safetycli.com/changelogs/construct/
• Docs: http://construct.readthedocs.org

Update cookiecutter from 2.3.0 to 2.4.0.

Changelog

2.4.0

Minor Changes

* Gracefully handle files with mixed lined endings (1942) EricHripko
* Implement a pre_prompt hook that will run before prompts (1950) ericof

Documentation updates

* Implement a pre_prompt hook that will run before prompts (1950) ericof
* update main docstrings to include overwrite_if_exists and skip_if_file_exists (1947) david-abn

This release is made by wonderful contributors:

EricHripko, david-abn and ericof

2.3.1

Minor Changes

* add checkout details to the context (fixes 1759) (1923) JonZeolla

CI/CD and QA changes

* Update the black pre-commit hook URL and version (1934) kurtmckee
* Use UTF-8 for file reading/writing (1937) rmartin16

Documentation updates

* Add missing "parent dir" symbol in tutorial 2 (1932) tvoirand
* Remove colons from exemplary prompt messages (1912) paduszyk
* docs: add install instruction for Void Linux (1917) tranzystorek-io

Bugfixes

* Fix nested templates in Git repository (1922) BTatlock
* Fix prompt counter. (1940) ericof
* Fix variables with null default not being required (1919) (1920) limtis0

This release is made by wonderful contributors:

BTatlock, JonZeolla, ericof, kurtmckee, limtis0, paduszyk, rmartin16, tranzystorek-io and tvoirand

Links

• PyPI: https://pypi.org/project/cookiecutter
• Changelog: https://data.safetycli.com/changelogs/cookiecutter/
• Repo: https://github.com/cookiecutter/cookiecutter

Update cryptography from 41.0.3 to 41.0.5.

Changelog

41.0.5

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL`` release.

.. _v41-0-4:

41.0.4

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3.

.. _v41-0-3:

Links

• PyPI: https://pypi.org/project/cryptography
• Changelog: https://data.safetycli.com/changelogs/cryptography/

Update cycler from 0.11.0 to 0.12.1.

Changelog

0.12.1

This is the second release of Cycler 0.12.

This fixes the previous release not shipping the `py.typed` file.

0.12.0

This is the first release of Cycler 0.12.

The major new feature in this release is the addition of type hints.
Furthermore, the minimum supported version of Python is now 3.8.

0.12.0rc1

This is the first release candidate for Cycler 0.12.0.

The major new feature in this release is the addition of type hints.
Furthermore, the minimum supported version of Python is now 3.8.

Links

• PyPI: https://pypi.org/project/cycler
• Changelog: https://data.safetycli.com/changelogs/cycler/

Update Cython from 3.0.2 to 3.0.5.

Changelog

3.0.5

==================

Bugs fixed
----------

* A compiler crash was fixed.
(Github issue :issue:`5771`)

* A typo in the ``always_allow_keywords`` directive for Python code was fixed.
Patch by lk-1984.  (Github issue :issue:`5772`)

3.0.4

==================

Features added
--------------

* A new compiler directive ``show_performance_hints`` was added to disable the
newly added performance hint output.
(Github issue :issue:`5748`)

Bugs fixed
----------

* cythonize` required ``distutils`` even for operations that did not build binaries.
(Github issue :issue:`5751`)

* A regression in 3.0.3 was fixed that prevented calling inline functions
from another inline function in ``.pxd`` files.
(Github issue :issue:`5748`)

* Some C compiler warnings were resolved.
Patch by Pierre Jolivet.  (Github issue :issue:`5756`)

3.0.3

==================

Features added
--------------

* More warnings were added to help users migrate and avoid bugs.
(Github issue :issue:`5650`)

* A warning-like category for performance hints was added that bypasses ``-Werror``.
(Github issue :issue:`5673`)

* FastGIL now uses standard ``thread_local`` in C++.
(Github issue :issue:`5640`)

* ``reference_wrapper`` was added to ``libcpp.functional``.
Patch by Vyas Ramasubramani.  (Github issue :issue:`5671`)

* The ``cythonize`` command now supports the ``--cplus`` option known from the ``cython`` command.
(Github issue :issue:`5736`)

Bugs fixed
----------

* Performance regressions where the GIL was needlessly acquired were fixed.
(Github issues :issue:`5670`, :issue:`5700`)

* A reference leak for exceptions in Python 3.12 was resolved.
Patch by Eric Johnson.  (Github issue :issue:`5724`)

* ``fastcall`` calls with keyword arguments generated incorrect C code.
(Github issue :issue:`5665`)

* Assigning the type converted result of a conditional (if-else) expression
to ``int`` or ``bool`` variables could lead to incorrect C code.
(Github issue :issue:`5731`)

* Early (unlikely) failures in Python function wrappers no longer set a
traceback in order to simplify the C code flow.  Being mostly memory
allocation errors, they probably would never have created a traceback anyway.
(Github issue :issue:`5681`)

* Relative cimports from packages with ``__init__.py`` files could fail.
(Github issue :issue:`5715`)

* Several issues with the Limited API support were resolved.
(Github issues :issue:`5641`, :issue:`5648`, :issue:`5689`)

* The code generated for special-casing both Cython functions and PyCFunctions was cleaned up
to avoid calling C-API functions that were not meant for the other type respectively.
This could previously trigger assertions in CPython debug builds and now also plays better
with the Limited API.
(Github issues :issue:`4804`, :issue:`5739`)

* Fix some C compiler warnings.
Patches by Ralf Gommers, Oleksandr Pavlyk, Sebastian Koslowski et al.
(Github issues :issue:`5651`, :issue:`5663`, :issue:`5668`, :issue:`5717`, :issue:`5726`, :issue:`5734`)

* Generating gdb debugging information failed when using generator expressions.
Patch by Oleksandr Pavlyk.  (Github issue :issue:`5552`)

* Passing a ``setuptools.Extension`` into ``cythonize()`` instead of a
``distutils.Extension`` could make it miss the matching extensions.

* ``cython -M`` needlessly required ``distutils``, which made it fail in Python 3.12.
(Github issue :issue:`5681`)

Other changes
-------------

* The visible deprecation warning for ``DEF`` was removed again since it proved
difficult for some users to migrate away from it.  The statement is still
meant to be removed at some point (and thus, like ``IF``, should not be
used in new code), but the time for sunset is probably not around the corner.
(Github issue :issue:`4310`)

* The ``np_pythran`` option raise a ``DeprecationWarning`` if it receives other values
than ``True`` and ``False``.  This will eventually be disallowed (in line with all
other boolean options).

Links

• PyPI: https://pypi.org/project/cython
• Changelog: https://data.safetycli.com/changelogs/cython/
• Homepage: https://cython.org/

Update dask from 2023.9.1 to 2023.10.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/dask

Update debugpy from 1.7.0 to 1.8.0.

Changelog

1.8.0

Fixes 1379.

Drops Python 3.7 support. Please use [debugpy v1.7.0](https://github.com/microsoft/debugpy/releases/tag/v1.7.0) if you need to debug Python 3.7.

Links

• PyPI: https://pypi.org/project/debugpy
• Changelog: https://data.safetycli.com/changelogs/debugpy/
• Homepage: https://aka.ms/debugpy

Update distributed from 2023.9.1 to 2023.10.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/distributed

Update Django from 4.2.5 to 4.2.7.

Changelog

4.2.7

==========================

*November 1, 2023*

Django 4.2.7 fixes a security issue with severity "moderate" and several bugs
in 4.2.6.

CVE-2023-46695: Potential denial of service vulnerability in ``UsernameField`` on Windows
=========================================================================================

The :func:`NFKC normalization <python:unicodedata.normalize>` is slow on
Windows. As a consequence, ``django.contrib.auth.forms.UsernameField`` was
subject to a potential denial of service attack via certain inputs with a very
large number of Unicode characters.

In order to avoid the vulnerability, invalid values longer than
``UsernameField.max_length`` are no longer normalized, since they cannot pass
validation anyway.

Bugfixes
========

* Fixed a regression in Django 4.2 that caused a crash of
``QuerySet.aggregate()`` with aggregates referencing expressions containing
subqueries (:ticket:`34798`).

* Restored, following a regression in Django 4.2, creating
``varchar/text_pattern_ops`` indexes on ``CharField`` and ``TextField`` with
deterministic collations on PostgreSQL (:ticket:`34932`).


==========================

4.2.6

==========================

*October 4, 2023*

Django 4.2.6 fixes a security issue with severity "moderate" and several bugs
in 4.2.5.

CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator``
================================================================================

Following the fix for :cve:`2019-14232`, the regular expressions used in the
implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()``
methods (with ``html=True``) were revised and improved. However, these regular
expressions still exhibited linear backtracking complexity, so when given a
very long, potentially malformed HTML input, the evaluation would still be
slow, leading to a potential denial of service vulnerability.

The ``chars()`` and ``words()`` methods are used to implement the
:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template
filters, which were thus also vulnerable.

The input processed by ``Truncator``, when operating in HTML mode, has been
limited to the first five million characters in order to avoid potential
performance and memory issues.

Bugfixes
========

* Fixed a regression in Django 4.2.5 where overriding the deprecated
``DEFAULT_FILE_STORAGE`` and ``STATICFILES_STORAGE`` settings in tests caused
the main ``STORAGES`` to mutate (:ticket:`34821`).

* Fixed a regression in Django 4.2 that caused unnecessary casting of string
based fields (``CharField``, ``EmailField``, ``TextField``, ``CICharField``,
``CIEmailField``, and ``CITextField``) used with the ``__isnull`` lookup on
PostgreSQL. As a consequence, indexes using an ``__isnull`` expression or
condition created before Django 4.2 wouldn't be used by the query planner,
leading to a performance regression (:ticket:`34840`).

You may need to recreate such indexes created in your database with Django
4.2 to 4.2.5, as they contain unnecessary ``::text`` casting. Find candidate
indexes with this query:

.. code-block:: sql

     SELECT indexname, indexdef
     FROM pg_indexes
     WHERE indexdef LIKE '%::text IS %NULL';


==========================

Links

• PyPI: https://pypi.org/project/django
• Changelog: https://data.safetycli.com/changelogs/django/
• Homepage: https://www.djangoproject.com/

Update django-allauth from 0.56.1 to 0.58.2.

Changelog

0.58.2

*******************

Fixes
-----

- Added rate limiting to the MFA login form.

0.58.1

*******************

Fixes
-----

- Fixed missing ``{% load allauth %}`` in the login cancelled and verified email
required template.

0.58.0

*******************

Note worthy changes
-------------------

- The ``SocialAccount.exra_data`` field was a custom JSON field that used
``TextField`` as the underlying implementation. It was once needed because
Django had no ``JSONField`` support. Now, this field is changed to use the
official ``JSONField()``. Migrations are in place.

- Officially support Django 5.0.

- In previous versions, users could never remove their primary email address.
This is constraint is now relaxed. In case the email address is not required,
for example, because the user logs in by username, removal of the email
address is allowed.

- Added a new setting ``ACCOUNT_REAUTHENTICATION_REQUIRED`` that, when enabled,
requires the user to reauthenticate before changes (such as changing the
primary email address, adding a new email address, etc.) can be performed.


Backwards incompatible changes
------------------------------

- Refactored the built-in templates, with the goal of being able to adjust the
look and feel of the whole project by only overriding a few core templates.
This approach allows you to achieve visual results fast, but is of course more
limited compared to styling all templates yourself. If your project provided
its own templates then this change will not affect anything, but if you rely
on (some of) the built-in templates your project may be affected.

- The Azure provider has been removed in favor of keeping the Microsoft
provider. Both providers were targeting the same goal.


Security notice
---------------

- Facebook: Using the JS SDK flow, it was possible to post valid access tokens
originating from other apps. Facebook user IDs are scoped per app. By default
that user ID (not the email address) is used as key while
authenticating. Therefore, such access tokens can not be abused by
default. However, in case ``SOCIALACCOUNT_EMAIL_AUTHENTICATION`` was
explicitly enabled for the Facebook provider, these tokens could be used to
login.

0.57.0

*******************

Note worthy changes
-------------------

- Added Django password validation help text to ``password1`` on
set/change/signup forms.

- Microsoft: the tenant parameter can now be configured per app.

- SAML: Added support for additional configuration parameters, such as contacts,
and support for certificate rotation.

- The enumeration prevention behavior at signup is now configurable. Whether or
not enumeration can be prevented during signup depends on the email
verification method. In case of mandatory verification, enumeration can be
properly prevented because the case where an email address is already taken is
indistinguishable from the case where it is not.  However, in case of optional
or disabled email verification, enumeration can only be prevented by allowing
the signup to go through, resulting in multiple accounts sharing same email
address (although only one of the accounts can ever have it verified). When
enumeration is set to ``True``, email address uniqueness takes precedence over
enumeration prevention, and the issue of multiple accounts having the same
email address will be avoided, thus leaking information. Set it to
``"strict"`` to allow for signups to go through.


Fixes
=====

- Fixed ``?next=`` URL handling in the SAML provider.

- During 2FA, pending logins were incorrectly removed when e.g. Django was asked
to serve a ``/favicon.ico`` URL.

Links

• PyPI: https://pypi.org/project/django-allauth
• Changelog: https://data.safetycli.com/changelogs/django-allauth/
• Homepage: https://www.intenct.nl/projects/django-allauth/

Update django-crispy-forms from 2.0 to 2.1.

Changelog

2.1

* Added support for Django 5.0.
* Dropped support for Django 3.2, 4.0 and 4.1.
* Added support for Python 3.12.
* Dropped support for Python 3.7.

See the [2.1 Milestone](https://github.com/django-crispy-forms/django-crispy-forms/milestone/20?closed=1) for the full change
list.

Links

• PyPI: https://pypi.org/project/django-crispy-forms
• Changelog: https://data.safetycli.com/changelogs/django-crispy-forms/

Update django-elasticsearch-dsl from 7.3 to 8.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/django-elasticsearch-dsl
• Changelog: https://data.safetycli.com/changelogs/django-elasticsearch-dsl/
• Repo: https://github.com/sabricot/django-elasticsearch-dsl

Update django-filter from 23.2 to 23.3.

Changelog

23.3

------------------------

* Adds initial compatibility with Django 5.0, prior to Django 5.0a1.

* Updates packaging to use pyproject.toml and Flit.

Links

• PyPI: https://pypi.org/project/django-filter
• Changelog: https://data.safetycli.com/changelogs/django-filter/

Update django-modelcluster from 6.0 to 6.1.

Changelog

6.1

~~~~~~~~~~~~~~~~
* Removed Django 2.2, 3.0, 3.1 & 4.0 support
* Added Django 4.2 support (Irtaza Akram)
* Fixed deprecation warning for removal of `django.utils.timezone.utc` (John-Scott Atlakson)
* Fix: Avoid unnecessary call to localtime for timestamps already in UTC (Stefan Hammer)
* Removed Python 3.7 support
* Add Python 3.11 and 3.12 support

Links

• PyPI: https://pypi.org/project/django-modelcluster
• Changelog: https://data.safetycli.com/changelogs/django-modelcluster/
• Repo: https://github.com/wagtail/django-modelcluster

Update django-mptt from 0.14.0 to 0.15.0.

Changelog

0.15

====

- **Since I unfortunately still depend on django-mptt in prehistoric projects I
took it upon me to make it runnable again. This doesn't mean I want to
maintain the package.**
- Added Django 4.2.
- Dropped Python < 3.9, Django < 3.2.
- Started using ruff and more rules.
- Dropped the ``index_together`` check on Django 5 and better. Django 5 only
supports ``Meta.indexes``.
- Optimized tree rebuilding.
- Added support for the Django admin theme switcher.
- Switched to hatchling.

Links

• PyPI: https://pypi.org/project/django-mptt
• Changelog: https://data.safetycli.com/changelogs/django-mptt/

Update django-notifications-hq from 1.8.2 to 1.8.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/django-notifications-hq
• Repo: http://github.com/django-notifications/django-notifications

Update django-phonenumber-field from 7.1.0 to 7.2.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/django-phonenumber-field
• Changelog: https://data.safetycli.com/changelogs/django-phonenumber-field/

Update django-taggit from 4.0.0 to 5.0.1.

Changelog

5.0.1

~~~~~~~~~~~~~~~~~~

* Fix the package metadata to properly reflect the right Django and Python version requirements
Release 5.0.0 improperly stated its Django bounds as >=3.2, so people installing without bounds will end up on a version that won't work.

5.0.0

~~~~~~~~~~~~~~~~~~
* **Backwards icompatible:** Rename the (``content_type``, ``object_id``) index on ``TaggedItem``.
It is very unlikely for this to affect your code itself, and a migration will rename the index. This should not cause any downtime according to my research (Postgres does not lock the table for index renames, and Oracle holds a tiny lock to do it, and the change is only to the metadata, so is not dependent on table size).

* **Backwards incompatible:** Remove the ``.indexed_together`` and ``.unique_together`` attributes on ``TaggedItem``

We are instead using ``constraints`` and ``indexes`` to set up these properties.
* Remove support for Django 3.2.
* Remove usage of deprecated APIs for Django 4.2
* Remove support for Python 3.7 (no code changes involved)
* Fix ``tag_kwargs`` and ``TAGGIT_CASE_INSENSITIVE=True`` discrepency.

Links

• PyPI: https://pypi.org/project/django-taggit
• Changelog: https://data.safetycli.com/changelogs/django-taggit/
• Repo: https://github.com/jazzband/django-taggit

Update drf-haystack from 1.8.12 to 1.8.13.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/drf-haystack
• Repo: https://github.com/rhblind/drf-haystack.git

Update elasticsearch from 8.9.0 to 8.10.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/elasticsearch
• Repo: https://github.com/elastic/elasticsearch-py

Update filelock from 3.12.3 to 3.13.1.

Changelog

3.13.1

<!-- Release notes generated using configuration in .github/release.yml at main -->

What's Changed
* Allow users to subclass FileLock with custom keyword arguments by hmaarrfk in https://github.com/tox-dev/filelock/pull/284

New Contributors
* hmaarrfk made their first contribution in https://github.com/tox-dev/filelock/pull/284

**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.13.0...3.13.1

3.13.0

<!-- Release notes generated using configuration in .github/release.yml at 3.13.0 -->

What's Changed
* Support reentrant locking on lock file path via optional singleton instance by nefrob in https://github.com/tox-dev/filelock/pull/283

New Contributors
* nefrob made their first contribution in https://github.com/tox-dev/filelock/pull/283

**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.12.4...3.13.0

3.12.4

<!-- Release notes generated using configuration in .github/release.yml at main -->

What's Changed
* change typing-extensions to be installed only with the [typing] extra by asottile in https://github.com/tox-dev/filelock/pull/276

New Contributors
* asottile made their first contribution in https://github.com/tox-dev/filelock/pull/276

**Full Changelog**: https://github.com/tox-dev/filelock/compare/3.12.3...3.12.4

Links

• PyPI: https://pypi.org/project/filelock
• Changelog: https://data.safetycli.com/changelogs/filelock/

Update Flask from 2.3.3 to 3.0.0.

Changelog

3.0.0

-------------

Released 2023-09-30

-   Remove previously deprecated code. :pr:`5223`
-   Deprecate the ``__version__`` attribute. Use feature detection, or
 ``importlib.metadata.version("flask")``, instead. :issue:`5230`
-   Restructure the code such that the Flask (app) and Blueprint
 classes have Sans-IO bases. :pr:`5127`
-   Allow self as an argument to url_for. :pr:`5264`
-   Require Werkzeug >= 3.0.0.

Links

• PyPI: https://pypi.org/project/flask
• Changelog: https://data.safetycli.com/changelogs/flask/

Update fonttools from 4.42.1 to 4.44.0.

Changelog

4.44.0

----------------------------

- [instancer] Recalc OS/2 AvgCharWidth after instancing if default changes (3317).
- [otlLib] Make ClassDefBuilder class order match varLib.merger's, i.e. large
classes first, then glyph lexicographic order (3321, 3324).
- [instancer] Allow not specifying any of min:default:max values and let be filled
up with fvar's values (3322, 3323).
- [instancer] When running --update-name-table ignore axes that have no STAT axis
values (3318, 3319).
- [Debg] When dumping to ttx, write the embedded JSON as multi-line string with
indentation (92cbfee0d).
- [varStore] Handle > 65535 items per encoding by splitting VarData subtable (3310).
- [subset] Handle null-offsets in MarkLigPos subtables.
- [subset] Keep East Asian spacing fatures vhal, halt, chws, vchw by default (3305).
- [instancer.solver] Fixed case where axisDef < lower and upper < axisMax (3304).
- [glyf] Speed up compilation, mostly around ``recalcBounds`` (3301).
- [varLib.interpolatable] Speed it up when working on variable fonts, plus various
micro-optimizations (3300).
- Require unicodedata2 >= 15.1.0 when installed with 'unicode' extra, contains UCD 15.1.

4.43.1

----------------------------

- [EBDT] Fixed TypeError exception in `_reverseBytes` method triggered when dumping
some bitmap fonts with `ttx -z bitwise` option (3162).
- [v/hhea] Fixed UnboundLocalError exception in ``recalc`` method when no vmtx or hmtx
tables are present (3290).
- [bezierTools] Fixed incorrectly typed cython local variable leading to TypeError when
calling ``calcQuadraticArcLength`` (3288).
- [feaLib/otlLib] Better error message when building Coverage table with missing glyph (3286).

4.43.0

----------------------------

- [subset] Set up lxml ``XMLParser(resolve_entities=False)`` when parsing OT-SVG documents
to prevent XML External Entity (XXE) attacks (9f61271dc):
https://codeql.github.com/codeql-query-help/python/py-xxe/
- [varLib.iup] Added workaround for a Cython bug in ``iup_delta_optimize`` that was
leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas
(60126435d, cython/cython5732).
- [varLib] Added new command-line entry point ``fonttools varLib.avar`` to add an
``avar`` table to an existing VF from axes mappings in a .designspace file (0a3360e52).
- [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned
after VarData optimization (3268).
- Added support for Python 3.12 (3283).

Links

• PyPI: https://pypi.org/project/fonttools
• Changelog: https://data.safetycli.com/changelogs/fonttools/
• Repo: http://github.com/fonttools/fonttools

Update fsspec from 2023.9.0 to 2023.10.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/fsspec
• Repo: https://github.com/fsspec/filesystem_spec

Update gevent from 23.9.0.post1 to 23.9.1.

Changelog

23.9.1

===================


Bugfixes
--------

- Require greenlet 3.0 on Python 3.11 and Python 3.12; greenlet 3.0 is
recommended for all platforms. This fixes a number of obscure crashes
on all versions of Python, as well as fixing a fairly common problem
on Python 3.11+ that could manifest as either a crash or as a
``SystemError``.
See :issue:`1985`.


----

Links

• PyPI: https://pypi.org/project/gevent
• Changelog: https://data.safetycli.com/changelogs/gevent/
• Homepage: http://www.gevent.org/

Update google-api-core from 2.11.1 to 2.12.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/google-api-core
• Repo: https://github.com/googleapis/python-api-core

Update google-api-python-client from 2.98.0 to 2.106.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/google-api-python-client
• Changelog: https://data.safetycli.com/changelogs/google-api-python-client/
• Repo: https://github.com/googleapis/google-api-python-client/

Update google-auth from 2.23.0 to 2.23.4.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/google-auth
• Changelog: https://data.safetycli.com/changelogs/google-auth/
• Repo: https://github.com/googleapis/google-auth-library-python

Update google-cloud-firestore from 2.11.1 to 2.13.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/google-cloud-firestore
• Repo: https://github.com/googleapis/python-firestore

Update google-cloud-storage from 2.10.0 to 2.13.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/google-cloud-storage
• Repo: https://github.com/googleapis/python-storage

Update googleapis-common-protos from 1.60.0 to 1.61.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/googleapis-common-protos
• Repo: https://github.com/googleapis/python-api-common-protos

Update greenlet from 2.0.2 to 3.0.1.

Changelog

3.0.1

==================

- Fix a potential crash on Python 3.8 at interpreter shutdown time.
This was a regression from earlier 3.0.x releases. Reported by Matt
Wozniski in `issue 376 <https://github.com/python-greenlet/greenlet/issues/376>`_.

3.0.0

==================

- No changes from 3.0rc3 aside from the version number.

3.0.0rc3

=====================

- Fix an intermittent error during process termination on some
platforms (GCC/Linux/libstdc++).

3.0.0rc2

=====================

- Fix some potential bugs (assertion failures and memory leaks) in
previously-untested error handling code. In some cases, this means
that the process will execute a controlled ``abort()`` after severe
trouble when previously the process might have continued for some
time with a corrupt state. It is unlikely those errors occurred in
practice.
- Fix some assertion errors and potential bugs with re-entrant
switches.
- Fix a potential crash when certain compilers compile greenlet with
high levels of optimization. The symptom would be that switching to
a greenlet for the first time immediately crashes.
- Fix a potential crash when the callable object passed to the
greenlet constructor (or set as the ``greenlet.run`` attribute) has
a destructor attached to it that switches. Typically, triggering
this issue would require an unlikely subclass of
``greenlet.greenlet``.
- Python 3.11+: Fix rare switching errors that could occur when a
garbage collection was triggered during the middle of a switch, and
Python-level code in ``__del__`` or weakref callbacks switched to a
different greenlet and ultimately switched back to the original
greenlet. This often manifested as a ``SystemError``: "switch
returned NULL without an exception set."

For context on the fixes, see `gevent issue 1985
<https://github.com/gevent/gevent/issues/1985>`_.

3.0.0rc1

=====================

- Windows wheels are linked statically to the C runtime in an effort
to prevent import errors on systems without the correct C runtime
installed. It's not clear if this will make the situation better or
worse, so please share your experiences in `issue 346
<https://github.com/python-greenlet/greenlet/issues/346>`_.

Note that this only applies to the binary wheels found on PyPI.
Building greenlet from source defaults to the shared library. Set
the environment variable ``GREENLET_STATIC_RUNTIME=1`` at build time
to change that.
- Build binary wheels for Python 3.12 on macOS.
- Fix compiling greenlet on a debug build of CPython 3.12. There is
`one known issue
<https://github.com/python-greenlet/greenlet/issues/368>`_ that
leads to an interpreter crash on debug builds.
- Python 3.12: Fix walking the frame stack of suspended greenlets.
Previously accessing ``glet.gr_frame.f_back`` would crash due to
`changes in CPython's undocumented internal frame handling <https://github.com/python/cpython/commit/1e197e63e21f77b102ff2601a549dda4b6439455>`_.

Platforms
---------
- Now, greenlet *may* compile and work on Windows ARM64 using
llvm-mingw, but this is untested and unsupported. See `PR
<https://github.com/python-greenlet/greenlet/pull/224>`_ by Adrian
Vladu.
- Now, greenlet *may* compile and work on LoongArch64 Linux systems,
but this is untested and unsupported. See `PR 257
<https://github.com/python-greenlet/greenlet/pull/257/files>`_ by merore.

Known Issues
------------

- There may be (very) subtle issues with tracing on Python 3.12, which
has redesigned the entire tracing infrastructure.

3.0.0a1

====================

- Build binary wheels for S390x Linux. See `PR 358
<https://github.com/python-greenlet/greenlet/pull/358>`_ from Steven
Silvester.
- Fix a rare crash on shutdown seen in uWSGI deployments. See `issue
330 <https://github.com/python-greenlet/greenlet/issues/330>`_ and `PR 356
<https://github.com/python-greenlet/greenlet/pull/356>`_ from Andrew
Wason.
- Make the platform-specific low-level C/assembly snippets stop using
the ``register`` storage class. Newer versions of standards remove
this storage class, and it has been generally ignored by many
compilers for some time. See `PR 347
<https://github.com/python-greenlet/greenlet/pull/347>`_ from Khem
Raj.
- Add initial support for Python 3.12. See `issue
<https://github.com/python-greenlet/greenlet/issues/323>`_ and `PR
<https://github.com/python-greenlet/greenlet/pull/327>`_; thanks go
to (at least) Michael Droettboom, Andreas Motl, Thomas A Caswell,
raphaelauv, Hugo van Kemenade, Mark Shannon, and Petr Viktorin.
- Remove support for end-of-life Python versions, including Python
2.7, Python 3.5 and Python 3.6.
- Require a compiler that supports ``noinline`` directives. See
`issue 271
<https://github.com/python-greenlet/greenlet/issues/266>`_.
- Require a compiler that supports C++11.

Links

• PyPI: https://pypi.org/project/greenlet
• Changelog: https://data.safetycli.com/changelogs/greenlet/
• Docs: https://greenlet.readthedocs.io/

Update grpcio from 1.58.0 to 1.59.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/grpcio
• Homepage: https://grpc.io

Update grpcio-status from 1.58.0 to 1.59.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/grpcio-status
• Homepage: https://grpc.io

Update h5py from 3.9.0 to 3.10.0.

Changelog

Links

• PyPI: https://pypi.org/project/h5py
• Changelog: https://data.safetycli.com/changelogs/h5py/

Update httpcore from 0.18.0 to 1.0.1.

Changelog

1.0.1

- Fix pool timeout to account for the total time spent retrying. (823)
- Raise a neater RuntimeError when the correct async deps are not installed. (826)
- Add support for synchronous TLS-in-TLS streams. (840)

1.0.0

From version 1.0 our async support is now optional, as the package has minimal dependencies by default.

For async support use either `pip install 'httpcore[asyncio]'` or `pip install 'httpcore[trio]'`.

The project versioning policy is now explicitly governed by SEMVER. See https://semver.org/.

- Async support becomes fully optional. (809)
- Add support for Python 3.12. (807)

Links

• PyPI: https://pypi.org/project/httpcore
• Changelog: https://data.safetycli.com/changelogs/httpcore/

Update httpx from 0.25.0 to 0.25.1.

Changelog

0.25.1

* Add support for Python 3.12. (2854)
* Add support for httpcore 1.0 (2885)

Fixed

* Raise `ValueError` on `Response.encoding` being set after `Response.text` has been accessed. (2852)

Links

• PyPI: https://pypi.org/project/httpx
• Changelog: https://data.safetycli.com/changelogs/httpx/

Update imagecodecs from 2023.9.4 to 2023.9.18.

Changelog

2023.9.18

- Pass 7110 tests.
- Rebuild with updated dependencies fixes CVE-2023-4863.

Links

• PyPI: https://pypi.org/project/imagecodecs
• Changelog: https://data.safetycli.com/changelogs/imagecodecs/
• Homepage: https://www.cgohlke.com

Update imageio from 2.31.3 to 2.32.0.

Changelog

2.32.0

Feature

* Add support for HEIF format ([1042](https://github.com/imageio/imageio/issues/1042)) ([`ab9653b`](https://github.com/imageio/imageio/commit/ab9653bd86b34002ce5526259dbfc6a860bfb843))

2.31.6

Fix

* Pin pillow below v10.1 to avoid breaking changes ([1046](https://github.com/imageio/imageio/issues/1046)) ([`c97aa5e`](https://github.com/imageio/imageio/commit/c97aa5e3b2006f4dfdbd6005cc664f5ae2646f92))

2.31.5

Fix

* Raise warning instead of error when using `fps` in pillow ([1039](https://github.com/imageio/imageio/issues/1039)) ([`520fe62`](https://github.com/imageio/imageio/commit/520fe62f02f3c566bb46ab3121eed38b379dc1b9))

2.31.4

Fix

* Consistently load GIF frames using the same pixel format ([1036](https://github.com/imageio/imageio/issues/1036)) ([`f4fc7f5`](https://github.com/imageio/imageio/commit/f4fc7f5c49c10cc6da809acc470a70e69ca35248))

Links

• PyPI: https://pypi.org/project/imageio
• Changelog: https://data.safetycli.com/changelogs/imageio/
• Repo: https://github.com/imageio/imageio

Update ipykernel from 6.25.2 to 6.26.0.

Changelog

6.26.0

([Full Changelog](https://github.com/ipython/ipykernel/compare/v6.25.2...966e0a41fc61e7850378ae672e28202eb29b10b0))

Maintenance and upkeep improvements

- Update lint deps and add more typing [1156](https://github.com/ipython/ipykernel/pull/1156) ([blink1073](https://github.com/blink1073))
- Update typing for traitlets 5.11 [1154](https://github.com/ipython/ipykernel/pull/1154) ([blink1073](https://github.com/blink1073))
- chore: update pre-commit hooks [1153](https://github.com/ipython/ipykernel/pull/1153) ([pre-commit-ci](https://github.com/pre-commit-ci))
- Update IPython Typing Usage [1152](https://github.com/ipython/ipykernel/pull/1152) ([blink1073](https://github.com/blink1073))
- Update typing [1150](https://github.com/ipython/ipykernel/pull/1150) ([blink1073](https://github.com/blink1073))
- Use sp-repo-review [1146](https://github.com/ipython/ipykernel/pull/1146) ([blink1073](https://github.com/blink1073))
- Bump actions/checkout from 3 to 4 [1144](https://github.com/ipython/ipykernel/pull/1144) ([dependabot](https://github.com/dependabot))

Contributors to this release

([GitHub contributors page for this release](https://github.com/ipython/ipykernel/graphs/contributors?from=2023-09-04&to=2023-10-24&type=c))

[blink1073](https://github.com/search?q=repo%3Aipython%2Fipykernel+involves%3Ablink1073+updated%3A2023-09-04..2023-10-24&type=Issues) | [dependabot](https://github.com/search?q=repo%3Aipython%2Fipykernel+involves%3Adependabot+updated%3A2023-09-04..2023-10-24&type=Issues) | [pre-commit-ci](https://github.com/search?q=repo%3Aipython%2Fipykernel+involves%3Apre-commit-ci+updated%3A2023-09-04..2023-10-24&type=Issues)

<!-- <END NEW CHANGELOG ENTRY> -->

Links

• PyPI: https://pypi.org/project/ipykernel
• Changelog: https://data.safetycli.com/changelogs/ipykernel/

Update ipython from 8.15.0 to 8.17.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/ipython
• Changelog: https://data.safetycli.com/changelogs/ipython/
• Homepage: https://ipython.org

Update ipywidgets from 8.1.0 to 8.1.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/ipywidgets
• Changelog: https://data.safetycli.com/changelogs/ipywidgets/
• Homepage: http://jupyter.org

Update jedi from 0.19.0 to 0.19.1.

Changelog

0.19.1

Changed

- `jedi>=0.17.2`

Links

• PyPI: https://pypi.org/project/jedi
• Changelog: https://data.safetycli.com/changelogs/jedi/
• Repo: https://github.com/davidhalter/jedi

Update jsonschema from 4.19.0 to 4.19.2.

Changelog

4.19.2

=======

* Fix the error message for additional items when used with heterogeneous arrays.
* Don't leak the ``additionalItems`` keyword into JSON Schema draft 2020-12, where it was replaced by ``items``.

4.19.1

=======

* Single label hostnames are now properly considered valid according to the ``hostname`` format.
This is the behavior specified by the relevant RFC (1123).
IDN hostname behavior was already correct.

</

[sweep-ai]

Apply Sweep Rules to your PR?

• Apply: All new business logic should have corresponding unit tests.
• Apply: Refactor large functions to be more modular.

[pyup-bot]

Closing this in favor of #169