Bump the pip group across 1 directory with 11 updates

[dependabot]

Bumps the pip group with 8 updates in the / directory:

Package	From	To
codecov	2.0.15	2.1.13
babel	2.5.3	2.9.1
bleach	2.1.3	3.3.0
eventlet	0.23.0	0.35.2
flask	1.0.2	2.2.5
future	0.16.0	1.0.0
py	1.5.3	1.11.0
virtualenv	15.2.0	20.26.6

Updates codecov from 2.0.15 to 2.1.13

Release notes

Sourced from codecov's releases.

v2.1.13

What's Changed

• Add deprecation notice by @​thomasrockhu-codecov in codecov/codecov-python#325
• Add migration guide link by @​thomasrockhu-codecov in codecov/codecov-python#327

Full Changelog: codecov/codecov-python@v2.1.12...v2.1.13

v2.1.12

2.1.12

Fixes

• #322 Add Cirrus CI

Dependencies and Misc

• #311 Bump coverage from 5.3 to 5.3.1
• #312 Bump coverage from 5.3.1 to 5.4
• #314 Bump coverage from 5.4 to 5.5
• #320 Upgrade to GitHub-native Dependabot

v2.1.11

2.1.11

Fixes

• #305 Added option to disable printing of gcov-out
• #308 Handle exceptions that don't have a returncode

Dependencies and Misc

• #301 Update to Python 3.9

v2.1.10

Fixes

• #148 Output elapsed time with S3 upload
• #153 Improve error reporting in the "try_run" function and correctly include original command output in the error message
• #295 Added sleep between upload retries.
• #297 Ignore emacs lisp files
• #298 Fix error try_to_run using | without shell=True (fix #284)

Dependencies and Misc

• #290 Bump coverage from 4.5.4 to 5.2.1
• #291 Update python versions
• #292 Add license scan report and status
• #294 Update README with accurate links
• #296 Bump coverage from 5.2.1 to 5.3

v2.1.9

• #289 Remove token restrictions

2.1.8

No release notes provided.

Changelog

Sourced from codecov's changelog.

2.1.12

Fixes

• #322 Add Cirrus CI

Dependencies and Misc

• #311 Bump coverage from 5.3 to 5.3.1
• #312 Bump coverage from 5.3.1 to 5.4
• #314 Bump coverage from 5.4 to 5.5
• #320 Upgrade to GitHub-native Dependabot

2.1.11

Fixes

• #305 Added option to disable printing of gcov-out
• #308 Handle exceptions that don't have a returncode

Dependencies and Misc

• #301 Update to Python 3.9

2.1.10

Fixes

• #148 Output elapsed time with S3 upload
• #153 Improve error reporting in the "try_run" function and correctly include original command output in the error message
• #295 Added sleep between upload retries.
• #297 Ignore emacs lisp files
• #298 Fix error try_to_run using | without shell=True (fix #284)

Dependencies and Misc

• #290 Bump coverage from 4.5.4 to 5.2.1
• #291 Update python versions
• #292 Add license scan report and status
• #294 Update README with accurate links
• #296 Bump coverage from 5.2.1 to 5.3

2.1.9

• #289Remove token restriction as it is changed server-side

2.1.8

• #285Add support for CODECOV_FLAGS
• #276Add ability to specify number of upload retries

2.1.7

• #279 Fix pinned coverage version

2.1.6

... (truncated)

Commits

• a78512e chore(release): bump to 3.1.13
• 3766370 Update README.md
• 12c0ddd Add migration guide link (#327)
• 46e1b8c Add deprecation notice (#325)
• fcff439 chore: bump to 2.1.12 (#323)
• 27a9833 Add Cirrus CI (#322)
• 51469b0 Upgrade to GitHub-native Dependabot (#320)
• 158a38e Bump coverage from 5.4 to 5.5 (#314)
• 26fe18b Bump coverage from 5.3.1 to 5.4 (#312)
• 147802d Bump coverage from 5.3 to 5.3.1 (#311)
• Additional commits viewable in compare view

Updates babel from 2.5.3 to 2.9.1

Release notes

Sourced from babel's releases.

Version 2.9.1

Bugfixes

• The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

Version 2.9.0

Upcoming version support changes

• This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

• CLDR: Use CLDR 37 – Aarni Koskela (#734)
• Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (#741)
• Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (#726)

Bugfixes

• Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
• Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
• Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
• Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
• Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
• Tests: fix tests when using Python 3.9 – Felix Schwarz
• Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
• Tests: Support Py.test 6.x – Aarni Koskela
• Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (#724)
• Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation

• Update parse_number comments – Brad Martin (#708)
• Add iter to Catalog documentation – @​CyanNani123

Version 2.8.1

This patch version only differs from 2.8.0 in that it backports in #752.

Version 2.8.0

Improvements

• CLDR: Upgrade to CLDR 36.0 - Aarni Koskela (#679)
• Messages: Don't even open files with the "ignore" extraction method - @​sebleblanc (#678)

Bugfixes

• Numbers: Fix formatting very small decimals when quantization is disabled - Lev Lybin, @​miluChen (#662)
• Messages: Attempt to sort all messages – Mario Frasca (#651, #606)

Docs

... (truncated)

Changelog

Sourced from babel's changelog.

Version 2.9.1

Bugfixes

* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
  allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!
Version 2.9.0
Upcoming version support changes

• This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

* CLDR: Use CLDR 37 – Aarni Koskela (:gh:`734`)
* Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (:gh:`741`)
* Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (:gh:`726`)
Bugfixes

* Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
* Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
* Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
* Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
* Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
* Tests: fix tests when using Python 3.9 – Felix Schwarz
* Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
* Tests: Support Py.test 6.x – Aarni Koskela
* Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (:gh:`724`)
* Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok
Documentation

</code></pre>

<ul>

<li>Update parse_number comments – Brad Martin (:gh:<code>708</code>)</li>

<li>Add <strong>iter</strong> to Catalog documentation – <a href="https://github.com/CyanNani123&quot;&gt;&lt;code&gt;@​CyanNani123&lt;/code&gt;&lt;/a&gt;&lt;/li>

</ul>

<h2>Version 2.8.1</h2>

<p>This is solely a patch release to make running tests on Py.test 6+ possible.</p>

<p>Bugfixes</p>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/python-babel/babel/commit/a99fa2474c808b51ebdabea18db871e389751559&quot;&gt;&lt;code&gt;a99fa24&lt;/code&gt;&lt;/a> Use 2.9.0's setup.py for 2.9.1</li>

<li><a href="https://github.com/python-babel/babel/commit/60b33e083801109277cb068105251e76d0b7c14e&quot;&gt;&lt;code&gt;60b33e0&lt;/code&gt;&lt;/a> Become 2.9.1</li>

<li><a href="https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3&quot;&gt;&lt;code&gt;412015e&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/782&quot;&gt;#782&lt;/a> from python-babel/locale-basename</li>

<li><a href="https://github.com/python-babel/babel/commit/5caf717ceca4bd235552362b4fbff88983c75d8c&quot;&gt;&lt;code&gt;5caf717&lt;/code&gt;&lt;/a> Disallow special filenames on Windows</li>

<li><a href="https://github.com/python-babel/babel/commit/3a700b5b8b53606fd98ef8294a56f9510f7290f8&quot;&gt;&lt;code&gt;3a700b5&lt;/code&gt;&lt;/a> Run locale identifiers through <code>os.path.basename()</code></li>

<li><a href="https://github.com/python-babel/babel/commit/5afe2b2f11dcdd6090c00231d342c2e9cd1bdaab&quot;&gt;&lt;code&gt;5afe2b2&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/754&quot;&gt;#754&lt;/a> from python-babel/github-ci</li>

<li><a href="https://github.com/python-babel/babel/commit/58de8342f865df88697a4a166191e880e3c84d82&quot;&gt;&lt;code&gt;58de834&lt;/code&gt;&lt;/a> Replace Travis + Appveyor with GitHub Actions (WIP)</li>

<li><a href="https://github.com/python-babel/babel/commit/d1bbc08e845d03d8e1f0dfa0e04983d755f39cb5&quot;&gt;&lt;code&gt;d1bbc08&lt;/code&gt;&lt;/a> import_cldr: use logging; add -q option</li>

<li><a href="https://github.com/python-babel/babel/commit/156b7fb9f377ccf58c71cf01dc69fb10c7b69314&quot;&gt;&lt;code&gt;156b7fb&lt;/code&gt;&lt;/a> Quiesce CLDR download progress bar if requested (or not a TTY)</li>

<li><a href="https://github.com/python-babel/babel/commit/613dc1700f91c3d40b081948c0dd6023d8ece057&quot;&gt;&lt;code&gt;613dc17&lt;/code&gt;&lt;/a> Make the import warnings about unsupported number systems less verbose</li>

<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.5.3...v2.9.1&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates bleach from 2.1.3 to 3.3.0

Changelog
Sourced from bleach's changelog.

Version 3.3.0 (February 1st, 2021)
Backwards incompatible changes

clean escapes HTML comments even when strip_comments=False

Security fixes

Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.

Features
None
Bug fixes
None
Version 3.2.3 (January 26th, 2021)
Security fixes
None
Features
None
Bug fixes

fix clean and linkify raising ValueErrors for certain inputs. Thank you @​Google-Autofuzz.

Version 3.2.2 (January 20th, 2021)
Security fixes
None
Features

Migrate CI to Github Actions. Thank you @​hugovk.

Bug fixes

fix linkify raising an IndexError on certain inputs. Thank you @​Google-Autofuzz.



... (truncated)


Commits

79b7a3c Merge pull request from GHSA-vv2x-vrpj-qqpq
842fcb4 Update for v3.3.0 release
1334134 sanitizer: escape HTML comments
c045a8b Merge pull request #581 from mozilla/nit-fixes
491abb0 fix typo s/vnedoring/vendoring/
10b1c5d vendor: add html5lib-1.1.dist-info/REQUESTED
cd838c3 Merge pull request #579 from mozilla/validate-convert-entity-code-points
612b808 Update for v3.2.3 release
6879f6a html5lib_shim: validate unicode points for convert_entity
90cb80b Update for v3.2.2 release
Additional commits viewable in compare view




Updates eventlet from 0.23.0 to 0.35.2

Changelog
Sourced from eventlet's changelog.

0.35.2

[fix] Fix tool.setuptools/packages list eventlet/eventlet#921
[security] Dnspython 2.6.1 - Address DoS via the Tudoor mechanism (CVE-2023-29483) eventlet/eventlet#916
[doc] add asyncio into the doc hub page eventlet/eventlet#918
[clean] clean obsolete python 2 code from the ssl module eventlet/eventlet#915
[fix] Add get_server_info to db_pool.py eventlet/eventlet#324
[fix] wsgi: Handle Timeouts from applications eventlet/eventlet#911
[fix] shrinks window before connecting eventlet/eventlet#905

0.35.1

[fix] Do not allow failed patching to stop execution eventlet/eventlet#907

0.35.0

[doc] Basic documentation for asyncio migration eventlet/eventlet#892
[tests] add minimal linting eventlet/eventlet#894
[doc] officially host docs on readthedocs eventlet/eventlet#899
[fix] fix truncate size nullable eventlet/eventlet#789
[fix] Handle transport endpoint shutdown in conditions eventlet/eventlet#884
[fix] Rework reject_bad_requests option eventlet/eventlet#890
[fix] Fix NameError introduced by #826 eventlet/eventlet#890
[feature] Support awaiting GreenThread in an async def context eventlet/eventlet#889
[infra] Extend test cert to 2049 eventlet/eventlet#643
[feature] Asyncio hub support for Python 3.7 to 3.9 eventlet/eventlet#886
[infra] Modernize doc generation eventlet/eventlet#880
[fix] Fix bad exceptions handlings eventlet/eventlet#883
[feature] Support using asyncio coroutines from inside greenlets eventlet/eventlet#877
[removal] Remove deprecated CGIHTTPServer and SimpleHTTPServer eventlet/eventlet#881
[governance] Update maintenance goals eventlet/eventlet#850
[feature] Add an asyncio hub for eventlet eventlet/eventlet#870

0.34.3

Fix security issue in the wsgi module related to RFC 9112 eventlet/eventlet#826
Fix segfault, a new approach for greening existing locks eventlet/eventlet#866
greendns: fix getaddrinfo parameter name eventlet/eventlet#809
Fix deprecation warning on ssl.PROTOCOL_TLS eventlet/eventlet#872
Pytests, fix error at teardown of TestGreenSocket.test_full_duplex eventlet/eventlet#871
Skip test which uses Py cgi module eventlet/eventlet#865
Drop old code based on python < 3.7

0.34.2


... (truncated)


Commits

edd9e7e Update changelog for version 0.35.2 (#920)
a23fd0e Fix tool.setuptools/packages list (#921)
51e3c49 Dnspython 2.6.1 - Address DoS via the Tudoor mechanism (CVE-2023-29483)
b6f6e7c add asyncio into the doc hub page (#918)
96a3940 clean obsolete python 2 code from the ssl module (#915)
06ec630 Add get_server_info to db_pool.py (#324)
dfcc939 wsgi: Handle Timeouts from applications (#911)
799dabc [Fix] shrinks window before connecting (#905)
3f8c9e4 Do not allow failed patching to stop execution (#907)
d467343 Add Python 3.7 to pyproject classifiers (#904)
Additional commits viewable in compare view




Updates flask from 1.0.2 to 2.2.5

Release notes
Sourced from flask's releases.

2.2.5
This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

Security advisory: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4
This is a fix release for the 2.2.x release branch.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
Milestone: https://github.com/pallets/flask/milestone/27?closed=1

2.2.3
This is a fix release for the 2.2.x release branch.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
Milestone: https://github.com/pallets/flask/milestone/26?closed=1

2.2.2
This is a fix release for the 2.2.0 feature release.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
Milestone: https://github.com/pallets/flask/milestone/25?closed=1

2.2.1
This is a fix release for the 2.2.0 feature release.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
Milestone: https://github.com/pallets/flask/milestone/23?closed=1

2.2.0
This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
Milestone: https://github.com/pallets/flask/milestone/19?closed=1

2.1.3

Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-3
Milestone: https://github.com/pallets/flask/milestone/22?closed=1

2.1.2
This is a fix release for the 2.1.0 feature release.

Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
Milestone: https://github.com/pallets/flask/milestone/21?closed=1

2.1.1
This is a fix release for the 2.1.0 feature release.


... (truncated)


Changelog
Sourced from flask's changelog.

Version 2.2.5
Released 2023-05-02

Update for compatibility with Werkzeug 2.3.3.
Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4
Released 2023-04-25

Update for compatibility with Werkzeug 2.3.

Version 2.2.3
Released 2023-02-15

Autoescape is enabled by default for .svg template files. :issue:4831
Fix the type of template_folder to accept pathlib.Path. :issue:4892
Add --debug option to the flask run command. :issue:4777

Version 2.2.2
Released 2022-08-08

Update Werkzeug dependency to >= 2.2.2. This includes fixes related
to the new faster router, header parsing, and the development
server. :pr:4754
Fix the default value for app.env to be "production". This
attribute remains deprecated. :issue:4740

Version 2.2.1
Released 2022-08-03

Setting or accessing json_encoder or json_decoder raises a
deprecation warning. :issue:4732

Version 2.2.0


... (truncated)


Commits

47af817 release version 2.2.5
afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
8646edc set Vary: Cookie header consistently for session
a6367da Merge pull request #5108 from pallets/werkzeug-compat
3fbfbad werkzeug 2.3.3 compatibility
726d3f4 start version 2.2.5
ddc7acc Merge pull request #5081 from pallets/release-2.2.4
74e0329 release version 2.2.4
2d46068 update dev env
64bc458 update dev dependencies
Additional commits viewable in compare view




Updates future from 0.16.0 to 1.0.0

Release notes
Sourced from future's releases.

v1.0.0
The new version number of 1.0.0 indicates that the python-future project, like
Python 2, is now done.
The most important change in this release is adding support for Python 3.12
(ba1cc50 and a6222d2 and bcced95).
This release also includes these fixes:

Small updates to the docs
Add SECURITY.md describing security policy (0598d1b)
Fix pasteurize: NameError: name 'unicode' is not defined (de68c10)
Move CI to GitHub Actions (8cd11e8)
Add setuptools to requirements for building docs (0c347ff)
Fix typos in docs (350e87a)
Make the fix_unpacking fixer more robust (de68c10)
Small improvements to shell scripts according to shellcheck (6153844)

v0.18.3
This is a minor bug-fix release containing a number of fixes:

Backport fix for bpo-38804 (c91d70b)
Fix bug in fix_print.py fixer (dffc579)
Fix bug in fix_raise.py fixer (3401099)
Fix newint bool in py3 (fe645ba)
Fix bug in super() with metaclasses (6e27aac)
docs: fix simple typo, reqest -> request (974eb1f)
Correct eq (c780bf5)
Pass if lint fails (2abe00d)
Update docker image and parcel out to constant variable.  Add comment to update version constant (45cf382)
fix order (f96a219)
Add flake8 to image (046ff18)
Make lint.sh executable (58cc984)
Add docker push to optimize CI (01e8440)
Build System (42b3025)
Add docs build status badge to README.md (3f40bd7)
Use same docs requirements in tox (18ecc5a)
Add docs/requirements.txt (5f9893f)
Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
fix 2.6 test, better comment (ddedcb9)
fix 2.6 test (3f1ff7e)
remove nan test (4dbded1)
include list test values (e3f1a12)
fix other python2 test issues (c051026)
fix missing subTest (f006cad)
import from old imp library on older python versions (fc84fa8)
replace fstrings with format for python 3.4,3.5 (4a687ea)
minor style/spelling fixes (8302d8c)
improve cmp function, add unittest (0d95a40)
Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)



... (truncated)


Changelog
Sourced from future's changelog.

.. _whats-old:
Changes in previous versions

Changes in the most recent major version are here: :ref:whats-new.
Changes in version 0.18.3 (2023-01-13)
This is a minor bug-fix release containing a number of fixes:

Backport fix for bpo-38804 (c91d70b)
Fix bug in fix_print.py fixer (dffc579)
Fix bug in fix_raise.py fixer (3401099)
Fix newint bool in py3 (fe645ba)
Fix bug in super() with metaclasses (6e27aac)
docs: fix simple typo, reqest -> request (974eb1f)
Correct eq (c780bf5)
Pass if lint fails (2abe00d)
Update docker image and parcel out to constant variable.  Add comment to update version constant (45cf382)
fix order (f96a219)
Add flake8 to image (046ff18)
Make lint.sh executable (58cc984)
Add docker push to optimize CI (01e8440)
Build System (42b3025)
Add docs build status badge to README.md (3f40bd7)
Use same docs requirements in tox (18ecc5a)
Add docs/requirements.txt (5f9893f)
Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
fix 2.6 test, better comment (ddedcb9)
fix 2.6 test (3f1ff7e)
remove nan test (4dbded1)
include list test values (e3f1a12)
fix other python2 test issues (c051026)
fix missing subTest (f006cad)
import from old imp library on older python versions (fc84fa8)
replace fstrings with format for python 3.4,3.5 (4a687ea)
minor style/spelling fixes (8302d8c)
improve cmp function, add unittest (0d95a40)
Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
Fix various py26 unit test failures (9ca5a14)
Add initial contributing guide with docs build instruction (e55f915)
Add docs building to tox.ini (3ee9e7f)
Support NumPy's specialized int types in builtins.round (b4b54f0)
Added r""" to the docstring to avoid warnings in python3 (5f94572)
Add subclasscheck for past.types.basestring (c9bc0ff)
Correct example in README (681e78c)
Add simple documentation (6c6e3ae)
Add pre-commit hooks (a9c6a37)
Handling of next and next by future.utils.get_next was reversed (52b0ff9)



... (truncated)


Commits

2bdbfa5 Tidy up README
a7097f8 Update docs
e32250e Update docs pointing to changelog
dde60ad Move old "What's New" entries to the change log
b2ea420 Remove hacky logo from docs
a10a78b Update "What's New"
9f87630 Update the FAQ entries on compatibility and contributing
f4a1f04 Docs: replace http links with https
30c525e Merge branch 'master' of https://github.com/PythonCharmers/python-future
70b36a8 Disable Python 2.6 CI tests for now
Additional commits viewable in compare view




Updates jinja2 from 2.10 to 3.1.6

Release notes
Sourced from jinja2's releases.

3.1.6
This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.6/
Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

3.1.5
This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.5/
Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5
Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence types. #2032
Calling sync render for an async template uses asyncio.run. #1952
Avoid unclosed auto_aiter warnings. #1960
Return an aclose-able AsyncGenerator from Template.generate_async. #1960
Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
Avoid leaving async generators unclosed in blocks, includes and extends. #1960
The runtime uses the correct concat function for the current environment when calling block references. #1701
Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
|int filter handles OverflowError from scientific notation. #1921
Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
Fix copy/pickle support for the internal missing object. #2027
Environment.overlay(enable_async) is applied correctly. #2061
The error message from FileSystemLoader includes the paths that were searched. #1661
PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
Improve annotations for methods returning copies. #1880
urlize does not add mailto: to values like @a@b. #1870
Tests decorated with @pass_context can be used with the |select filter. #1624
Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/
Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3
This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.



... (truncated)


Changelog
Sourced from jinja2's changelog.

Version 3.1.6
Released 2025-03-05

The |attr filter does not bypass the environment's attribute lookup,
allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5
Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as
by passing a stored reference to a filter that calls its argument.
:ghsa:q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid
issues with names that contain f-string syntax.
:issue:1792, :ghsa:gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence
types. :issue:2032
Calling sync render for an async template uses asyncio.run.
:pr:1952
Avoid unclosed auto_aiter warnings. :pr:1960
Return an aclose-able AsyncGenerator from
Template.generate_async. :pr:1960
Avoid leaving root_render_func() unclosed in
Template.generate_async. :pr:1960
Avoid leaving async generators unclosed in blocks, includes and extends.
:pr:1960
The runtime uses the correct concat function for the current environment
when calling block references. :issue:1701
Make |unique async-aware, allowing it to be used after another
async-aware filter. :issue:1781
|int filter handles OverflowError from scientific notation.
:issue:1921
Make compiling deterministic for tuple unpacking in a {% set ... %}
call. :issue:2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined
objects. :issue:2025
Fix copy/pickle support for the internal missing object.
:issue:2027
Environment.overlay(enable_async) is applied correctly. :pr:2061
The error message from FileSystemLoader includes the paths that were
searched. :issue:1661
PackageLoader shows a clearer error message when the package does not
contain the templates directory. :issue:1705
Improve annotations for methods returning copies. :pr:1880
urlize does not add mailto: to values like @a@b. :pr:1870



... (truncated)


Commits

1520688 release version 3.1.6
90457bb Merge commit from fork
065334d attr filter uses env.getattr
033c200 start version 3.1.6
bc68d4e use global contributing guide (#2070)
247de5e use global contributing guide
ab8218c use project advisory link instead of global
b4ffc8f release version 3.1.5 (#2066)
877f6e5 release version 3.1.5
8d58859 remove test pypi
Additional commits viewable in compare view




Updates py from 1.5.3 to 1.11.0

Changelog
Sourced from py's changelog.

1.11.0 (2021-11-04)

Support Python 3.11
Support NO_COLOR environment variable
Update vendored apipkg: 1.5 => 2.0

1.10.0 (2020-12-12)

Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)
Update vendored apipkg: 1.4 => 1.5
Update vendored iniconfig: 1.0.0 => 1.1.1

1.9.0 (2020-06-24)


Add type annotation stubs for the following modules:

py.error
py.iniconfig
py.path (not including SVN paths)
py.io
py.xml

There are no plans to type other modules at this time.
The type annotations are provided in external .pyi files, not inline in the
code, and may therefore contain small errors or omissions. If you use py
in conjunction with a type checker, and encounter any type errors you believe
should be accepted, please report it in an issue.


1.8.2 (2020-06-15)

On Windows, py.path.locals which differ only in case now have the same
Python hash value. Previously, such paths were considered equal but had
different hashes, which is not allowed and breaks the assumptions made by
dicts, sets and other users of hashes.

1.8.1 (2019-12-27)


Handle FileNotFoundError when trying to import pathlib in path.common
on Python 3.4 (#207).


py.path.local.samefile now works correctly in Python 3 on Windows when dealing with symlinks.


1.8.0 (2019-02-21)


... (truncated)


Commits

447bac5 Update CHANGELOG.rst
6d003d9 Update CHANGELOG.rst
9cf613f Declare support for Python 3.8-3.10
d831150 Update python_requires: Python 3.4 was already dropped
e68532e Update CHANGELOG for 1.11.0
2f03e5a Merge pull request #258 from blueyed/NO_COLOR
e116b2b Merge pull request #275 from pytest-dev/upgrade-vendor-libs
f3a1a59 remove build pin again
f6cbf28 try to use pipx tox
3fe9ad7 try to use preinstalled tox
Additional commits viewable in compare view




Updates requests from 2.18.4 to 2.32.5

Release notes
Sourced from requests's releases.

v2.32.5
2.32.5 (2025-08-18)
Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.
Dropped support for Python 3.8 following its end of support.

v2.32.4
2.32.4 (2025-06-10)
Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)
Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3
2.32.3 (2024-05-29)
Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)

v2.32.2
2.32.2 (2024-05-21)
Deprecations

To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.



... (truncated)


Changelog
Sourced from requests's changelog.

2.32.5 (2025-08-18)
Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.
Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)
Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.
Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)
Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.