Bump the pip-dependencies group with 2 updates

[dependabot]

Bumps the pip-dependencies group with 2 updates: flask and pymupdf.

Updates flask from 2.3.3 to 3.0.1

Release notes

Sourced from flask's releases.

3.0.1

This is a fix release for the 3.0.x feature release branch.

Fixes an issue where using other JSON providers, such as flask-orjson, previously caused loaded session data to have an incorrect format in some cases.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-1
• Milestone: https://github.com/pallets/flask/milestone/32?closed=1
• PyPI: https://pypi.org/project/Flask/3.0.1/

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-0
• Milestone: https://github.com/pallets/flask/milestone/20?closed=1

Changelog

Sourced from flask's changelog.

Version 3.0.1

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5230
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads object_hook. This allows other JSON providers that don't implement that. :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

Version 3.0.0

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

Commits

• f622b1c release version 3.0.1
• 5fcc999 fix create release action
• da3a0dd fix slsa generator version
• 5e059be update actions versions
• bae6ee8 address mypy strict findings (#5383)
• 81b3c85 update requirements
• 08d3185 update pre-commit hooks
• 6000e80 address mypy strict findings
• 5a48a0f untag without object_hook (#5382)
• 700fc7d untag without object_hook
• Additional commits viewable in compare view

Updates pymupdf from 1.23.19 to 1.23.20

Release notes

Sourced from pymupdf's releases.

PyMuPDF-1.23.20 released

PyMuPDF-1.23.20 has been released.

Wheels for Windows, Linux and MacOS, and the sdist, are available on pypi.org and can be installed in the usual way, for example:

python -m pip install --upgrade pymupdf

[Linux-aarch64 wheels will be built and uploaded later.]

Changes in version 1.23.20 (2024-01-29)

• Bug fixes:

  • Fixed #3100

• Other:

  • Significantly improved speed of Document.get_toc().

Changelog

Sourced from pymupdf's changelog.

Change Log

Changes in version ? (?)

• Fixed issues:

• Other:

  • Fixed bug in set_xml_metadata(), PR 3112 https://github.com/pymupdf/PyMuPDF/pull/3112>_: Fix pdf_add_stream metadata error
  • Fixed lack of .parent member in TextPage from Annot.get_textpage().
  • Fixed bug in Page.add_widget().

Changes in version 1.23.20 (2024-01-29)

• Bug fixes:

  • Fixed 3100 <https://github.com/pymupdf/PyMuPDF/issues/3100>_: Wrong internal property accessed in get_xml_metadata

• Other:

  • Significantly improved speed of Document.get_toc().

Changes in version 1.23.19 (2024-01-25)

• Bug fixes:

  • Fixed 3087 <https://github.com/pymupdf/PyMuPDF/issues/3087>_: Exception in insert_image with mask specified
  • Fixed 3094 <https://github.com/pymupdf/PyMuPDF/issues/3094>_: TypeError: '<' not supported between instances of 'FzLocation' and 'int' in doc.delete_pages

• Other:

  • When finding tables:

    • Allow addition of user-defined "virtual" vector graphics when finding tables.
    • Confirm that the enveloping bboxes of vector graphics are inside the clip rectangle.
    • Avoid slow finding of rectangle intersections.

  • Added Font.bbox property.

Changes in version 1.23.18 (2024-01-23)

• Bug fixes:

  • Fixed 3081 <https://github.com/pymupdf/PyMuPDF/issues/3081>_: doc.close() not closing the document

... (truncated)

Commits

• 0a63b9c Updated version, changelog, and dates for release 1.23.20.
• fc405f7 address #3100, fix for Document.get_xml_metadata().
• 7959684 src/init.py: simplified Page.insert_image() with mask and mupdf >= 1.24.0.
• 7511fac Resolve get_toc speed issue
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.