Bump the python group in /tests with 10 updates

[dependabot]

Bumps the python group in /tests with 10 updates:

Package	From	To
cachetools	5.3.2	5.3.3
cryptography	42.0.4	42.0.5
google-auth	2.27.0	2.28.1
grpcio	1.60.1	1.62.0
grpcio-tools	1.60.1	1.62.0
protobuf	4.25.2	4.25.3
pytest	8.0.0	8.0.2
pytest-metadata	3.1.0	3.1.1
python-dateutil	2.8.2	2.9.0.post0
urllib3	2.2.0	2.2.1

Updates cachetools from 5.3.2 to 5.3.3

Changelog

Sourced from cachetools's changelog.

v5.3.3 (2024-02-26)

• Documentation improvements.

• Update CI environment.

Commits

• 1fcadea Bump copyright year and version.
• 2b0a7cb Bump copyright year.
• d566834 LICENSE: update the year
• 4a284ca Merge branch 'kuraga-get-rid-of-operator-usage'
• 86ff2f0 Merge branch 'get-rid-of-operator-usage' of https://github.com/kuraga/cacheto...
• 2862109 Bump actions/setup-python from 4.7.1 to 5.0.0
• 4c5d179 Bump actions/checkout from 4.1.0 to 4.1.1
• 98453e8 Get rid of operator usage
• d991ac7 Add cacheing reference.
• See full diff in compare view

Updates cryptography from 42.0.4 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23

* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:

Commits

• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• See full diff in compare view

Updates google-auth from 2.27.0 to 2.28.1

Release notes

Sourced from google-auth's releases.

v2.28.1

2.28.1 (2024-02-21)

Bug Fixes

• Typo when setting the state for the pickle deserializer. (#1479) (08b5cc3)

v2.28.0

2.28.0 (2024-02-15)

Features

• Adding universe domain support for downscroped credentials (#1463) (fa8b7b2)

Bug Fixes

• Change log level to debug for return_none_for_not_found_error (#1473) (a036b47)
• Make requests import conditional for gce universe domain (#1476) (9bb64c8)

Changelog

Sourced from google-auth's changelog.

2.28.1 (2024-02-21)

Bug Fixes

• Typo when setting the state for the pickle deserializer. (#1479) (08b5cc3)

2.28.0 (2024-02-15)

Features

• Adding universe domain support for downscroped credentials (#1463) (fa8b7b2)

Bug Fixes

• Change log level to debug for return_none_for_not_found_error (#1473) (a036b47)
• Make requests import conditional for gce universe domain (#1476) (9bb64c8)

Commits

• 3c3bfd7 chore(main): release 2.28.1 (#1482)
• 08b5cc3 fix: Typo when setting the state for the pickle deserializer. (#1479)
• 32ed601 chore(main): release 2.28.0 (#1471)
• 9bb64c8 fix: make requests import conditional for gce universe domain (#1476)
• 30743b0 chore: refresh sys test cred (#1477)
• 46b9569 chore: refactoring common used constant from the same source (#1472)
• 4e927ab chore: token update (#1474)
• a036b47 fix: Change log level to debug for return_none_for_not_found_error (#1473)
• fa8b7b2 feat: adding universe domain support for downscroped credentials (#1463)
• 2c3304b Token update (#1470)
• Additional commits viewable in compare view

Updates grpcio from 1.60.1 to 1.62.0

Release notes

Sourced from grpcio's releases.

Release v1.62.0

This is release 1.62.0 (guardian) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [metadata] Allow non application/grpc content-type values. (#35824)
• [BoringSSL] Update third_party/boringssl-with-bazel. (#35768)
• [GPR] Removed GPR_BACKWARDS_COMPATIBILITY_MODE. (#35602)

Python

• [Build] Strip armv7 artifacts. (#35832)
• [Python AIO] Handle DeprecationWarnings when get current loop. (#35583)
• [Python AIO] Raise resource_exhausted error in case of concurrent RPC limit exceeded. (#35376)
• [Python O11y] Build and distrib O11y package. (#35578)
• [Python setuptools] Import error from distutils for lower version of setuptools. (#35561)
• [ruby] Fix use-after-free for post-fork channel recreation. (#35488)

Ruby

• [ruby] Build/test ruby 3.3 and build native gems with Ruby 3.3 support. (#35399)

Release v1.62.0-pre1

This is a prerelease of gRPC Core 1.62.0 (guardian).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Python

• grpcio_observability package is not published in this release due to an issue in packaging.

Release v1.61.1

This is release gRPC Core 1.61.1 (grand).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

... (truncated)

Commits

• f78a54c Bump release version 202402201104 (#35951)
• bc4f834 [Python Otel] Fix packaging issue (v1.62.x backport) (#35936)
• ef03a26 [ObjC] Backport #35893 1.62.x, upgrade abseil to 1.20240116.1 (#35909)
• acb1a55 [experiments] Disable chaotic good test in 1.62 branch (#35902)
• 6d7c638 [Release] Bump version to 1.62.0-pre1 (on v1.62.x branch) (#35901)
• 97733ce [experiments] Set call_status_override_on_cancellation default to false fro...
• 86d4155 [Release] Bump core version to 39.0.0 for upcoming release (#35889)
• 6df52f8 [test] Increase test timeout (#35887)
• c75d5c9 [chaotic-good] Credential implementation (#35884)
• 2b3f21d Internal change
• Additional commits viewable in compare view

Updates grpcio-tools from 1.60.1 to 1.62.0

Release notes

Sourced from grpcio-tools's releases.

Release v1.62.0

This is release 1.62.0 (guardian) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [metadata] Allow non application/grpc content-type values. (#35824)
• [BoringSSL] Update third_party/boringssl-with-bazel. (#35768)
• [GPR] Removed GPR_BACKWARDS_COMPATIBILITY_MODE. (#35602)

Python

• [Build] Strip armv7 artifacts. (#35832)
• [Python AIO] Handle DeprecationWarnings when get current loop. (#35583)
• [Python AIO] Raise resource_exhausted error in case of concurrent RPC limit exceeded. (#35376)
• [Python O11y] Build and distrib O11y package. (#35578)
• [Python setuptools] Import error from distutils for lower version of setuptools. (#35561)
• [ruby] Fix use-after-free for post-fork channel recreation. (#35488)

Ruby

• [ruby] Build/test ruby 3.3 and build native gems with Ruby 3.3 support. (#35399)

Release v1.62.0-pre1

This is a prerelease of gRPC Core 1.62.0 (guardian).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Python

• grpcio_observability package is not published in this release due to an issue in packaging.

Release v1.61.1

This is release gRPC Core 1.61.1 (grand).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

... (truncated)

Commits

• f78a54c Bump release version 202402201104 (#35951)
• bc4f834 [Python Otel] Fix packaging issue (v1.62.x backport) (#35936)
• ef03a26 [ObjC] Backport #35893 1.62.x, upgrade abseil to 1.20240116.1 (#35909)
• acb1a55 [experiments] Disable chaotic good test in 1.62 branch (#35902)
• 6d7c638 [Release] Bump version to 1.62.0-pre1 (on v1.62.x branch) (#35901)
• 97733ce [experiments] Set call_status_override_on_cancellation default to false fro...
• 86d4155 [Release] Bump core version to 39.0.0 for upcoming release (#35889)
• 6df52f8 [test] Increase test timeout (#35887)
• c75d5c9 [chaotic-good] Credential implementation (#35884)
• 2b3f21d Internal change
• Additional commits viewable in compare view

Updates protobuf from 4.25.2 to 4.25.3

Commits

• 4a2aef5 Updating version.json and repo version numbers to: 25.3
• 7c6ba83 Merge pull request #15814 from protocolbuffers/cp-ruby-3.3
• 25b1e81 Update Ruby GHA to test against Ruby 3.3.
• 70e459f Merge pull request #15802 from protocolbuffers/cp-25.x
• 17ec19d Bump python version to 3.9 for gcloud 460.0.0
• 9dc736d [ObjC] Use a local to avoid warnings in 32bit builds.
• 9d1bc10 [CPP] Add the privacy manifest to the C++ CocoaPod.
• cec08dc [ObjC] Add the privacy manifest to the ObjC CocoaPod.
• cf87faa Add PrivacyInfo.xcprivacy (#15557)
• 76d05d4 remove use of mach_absolute_time (#15554)
• Additional commits viewable in compare view

Updates pytest from 8.0.0 to 8.0.2

Release notes

Sourced from pytest's releases.

8.0.2

pytest 8.0.2 (2024-02-24)

Bug Fixes

• #11895: Fix collection on Windows where initial paths contain the short version of a path (for example c:\PROGRA~1\tests).
• #11953: Fix an IndexError crash raising from getstatementrange_ast.
• #12021: Reverted a fix to [--maxfail]{.title-ref} handling in pytest 8.0.0 because it caused a regression in pytest-xdist whereby session fixture teardowns may get executed multiple times when the max-fails is reached.

8.0.1

pytest 8.0.1 (2024-02-16)

Bug Fixes

• #11875: Correctly handle errors from getpass.getuser{.interpreted-text role="func"} in Python 3.13.
• #11879: Fix an edge case where ExceptionInfo._stringify_exception could crash pytest.raises{.interpreted-text role="func"}.
• #11906: Fix regression with pytest.warns{.interpreted-text role="func"} using custom warning subclasses which have more than one parameter in their [__init__]{.title-ref}.
• #11907: Fix a regression in pytest 8.0.0 whereby calling pytest.skip{.interpreted-text role="func"} and similar control-flow exceptions within a pytest.warns(){.interpreted-text role="func"} block would get suppressed instead of propagating.
• #11929: Fix a regression in pytest 8.0.0 whereby autouse fixtures defined in a module get ignored by the doctests in the module.
• #11937: Fix a regression in pytest 8.0.0 whereby items would be collected in reverse order in some circumstances.

Commits

• 31afeeb Prepare release version 8.0.2
• 1b00a2f Merge pull request #12025 from pytest-dev/backport-12022-to-8.0.x
• ff2f66d [8.0.x] Revert "Fix teardown error reporting when --maxfail=1 (#11721)"
• 8a8eed6 [8.0.x] Fix collection of short paths on Windows (#12024)
• 74346f0 [8.0.x] Allow Sphinx 7.x (#12005)
• b7657b4 [8.0.x] Disallow Sphinx 6 and 7 (#12001)
• feb7c5e Merge pull request #11999 from pytest-dev/backport-11996-to-8.0.x
• 0909655 [8.0.x] code: fix IndexError crash in getstatementrange_ast
• 68524d4 Merge pull request #11993 from pytest-dev/release-8.0.1
• d7d320a Prepare release version 8.0.1
• Additional commits viewable in compare view

Updates pytest-metadata from 3.1.0 to 3.1.1

Changelog

Sourced from pytest-metadata's changelog.

3.1.1 (2024-02-08)

• Add environment variables for AWS CodeBuild CI.

  • Thanks to @dougch <https://github.com/dougch>_ for the PR.

Commits

• 16b39d2 feat: Add environment variables for AWS CodeBuild CI. (#88)
• See full diff in compare view

Updates python-dateutil from 2.8.2 to 2.9.0.post0

Release notes

Sourced from python-dateutil's releases.

2.9.0.post0

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

2.9.0

Version 2.9.0 (2024-02-29)

Data updates

• Updated tzdata version to 2024a. (gh pr #1342)

Features

• Made all dateutil submodules lazily imported using PEP 562. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

• Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

• Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Changelog

Sourced from python-dateutil's changelog.

Version 2.9.0.post0 (2024-03-01)

Bugfixes

• Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

Version 2.9.0 (2024-02-29)

Data updates

• Updated tzdata version to 2024a. (gh pr #1342)

Features

• Made all dateutil submodules lazily imported using PEP 562 <https://www.python.org/dev/peps/pep-0562/>_. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

• Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

• Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @​hawkEye-01 (gh issue #1167). Fixed by @​Mifrill (gh pr #1168)

Commits

• 1ae8077 Merge pull request #1346 from pganssle/release_2.9.0.post0
• ee6de9d Update news to prepare for release
• 9780d32 Pin setuptools_scm to <8
• db9d018 Merge pull request #1343 from pganssle/release_2.9.0
• 423ca2f Run updatezinfo before build
• edd3fd4 Update NEWS file
• fe02d02 Run towncrier with Python 3.11
• 9c7524a Fix MANIFEST.in pattern
• 6de58f5 Update classifiers to include Python 3.12
• 8fe0cab Merge pull request #1342 from pganssle/update_zoneinfo
• Additional commits viewable in compare view

Updates urllib3 from 2.2.0 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
• Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

Changelog

Sourced from urllib3's changelog.

2.2.1 (2024-02-16)

• Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>__)
• Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>__)
• Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>__)
• Changed ProtocolError to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>__)

Commits

• 54d6edf Release 2.2.1
• 49b2dda Stop casting request headers to HTTPHeaderDict (#3344)
• e22f651 Fix docstring of retries parameter
• fa54179 Distinguish between truncated and excess content in response (#3273)
• cfe52f9 Fix InsecureRequestWarning for HTTPS Emscripten requests (#3333)
• 25155d7 Ensure no remote connections during testing (#3328)
• 12f9233 Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (#3340)
• 9929d3c Add nox session to start local Pyodide console
• aa8d3dd Fix ssl_version tests for upcoming migration to pytest 8
• 23f2287 Remove TODO about informational responses (#3319)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

License Issues

tests/requirements.txt

Package	Version	License	Issue Type
pytest-metadata	3.1.1	MPL-2.0	Incompatible License

Allowed Licenses: Apache-1.1, Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, ISC, MIT, NCSA, OpenSSL, Python-2.0, X11

Excluded from license check: pkg:githubactions/fossas/fossa-action, pkg:golang/github.com/shoenig/go-m1cpu

Scanned Manifest Files

tests/requirements.txt

• cachetools@5.3.3
• cryptography@42.0.5
• google-auth@2.28.1
• grpcio@1.62.0
• grpcio-tools@1.62.0
• protobuf@4.25.3
• pytest@8.0.2
• pytest-metadata@3.1.1
• python-dateutil@2.9.0.post0
• urllib3@2.2.1
• cachetools@5.3.2
• cryptography@42.0.4
• google-auth@2.27.0
• grpcio@1.60.1
• grpcio-tools@1.60.1
• protobuf@4.25.2
• pytest@8.0.0
• pytest-metadata@3.1.0
• python-dateutil@2.8.2
• urllib3@2.2.0