build(deps): bump the minor-and-patch group with 13 updates

[dependabot]

Bumps the minor-and-patch group with 13 updates:

Package	From	To
pystac-client	0.8.3	0.8.4
stac-check	1.3.3	1.4.0
coverage	7.6.3	7.6.4
mypy	1.12.0	1.12.1
cryptography	43.0.1	43.0.3
markupsafe	3.0.1	3.0.2
marshmallow	3.22.0	3.23.0
orjson	3.10.7	3.10.9
ruamel-yaml-clib	0.2.8	0.2.12
setuptools	75.1.0	75.2.0
starlette	0.39.2	0.41.0
uvicorn	0.31.1	0.32.0
virtualenv	20.26.6	20.27.0

Updates pystac-client from 0.8.3 to 0.8.4

Release notes

Sourced from pystac-client's releases.

v0.8.4

What's Changed

• Remove python 3.9 support by @​gadomski in stac-utils/pystac-client#724
• Collection search by @​hrodmn in stac-utils/pystac-client#735
• Don't use mambaforge by @​gadomski in stac-utils/pystac-client#741
• Release v0.8.4 by @​gadomski in stac-utils/pystac-client#742

New Contributors

• @​hrodmn made their first contribution in stac-utils/pystac-client#735

Full Changelog: stac-utils/pystac-client@v0.8.3...v0.8.4

Changelog

Sourced from pystac-client's changelog.

[v0.8.4] - 2024-10-16

Added

• Support for collection search via CollectionSearch class and associated client methods #735

Removed

• Python 3.9 support #724

Commits

• e666078 Release v0.8.4 (#742)
• 60bf1fa ci: don't use mambaforge (#741)
• 3fe2670 Collection search (#735)
• 44aa3a5 build(deps): update pre-commit requirement from ~=3.2 to ~=4.0 (#738)
• 79a5a0b build(deps): bump ruff from 0.6.8 to 0.6.9 (#739)
• cba02d2 build(deps): update hvplot requirement from ~=0.10.0 to ~=0.11.0 (#737)
• e57a99d build(deps): bump ruff from 0.6.7 to 0.6.8 (#736)
• 0b536ca build(deps): bump ruff from 0.6.5 to 0.6.7 (#734)
• b1fcf2e build(deps): bump ruff from 0.6.4 to 0.6.5 (#733)
• 5d1ae07 build(deps): update types-requests requirement from ~=2.31.0 to ~=2.32.0 (#720)
• Additional commits viewable in compare view

Updates stac-check from 1.3.3 to 1.4.0

Release notes

Sourced from stac-check's releases.

v1.4.0

What's Changed

Added

• Added pre-commit config (#111)
• Added publish.yml to automatically publish new releases to PyPI (#111)

Changed

• Updated stac-validator dependency to ensure STAC v1.1.0 compliance (#111)

Full Changelog: stac-utils/stac-check@v1.3.3...v1.4.0

Changelog

Sourced from stac-check's changelog.

[v1.4.0] - 2024-10-09

Added

• Added pre-commit config (#111)
• Added publish.yml to automatically publish new releases to PyPI (#111)

Changed

• Updated stac-validator dependency to ensure STAC v1.1.0 compliance (#111)

Commits

• 95eaa0a Update CHANGELOG.md
• b3f2597 Merge pull request #111 from stac-utils/update-1.4.0
• 1b604b3 small edit
• 1c5ea82 use token
• b557622 add publish config
• 18f2967 pre-commit
• 1b565a6 add setuptools
• 16d2921 change pre-commit action version
• f423276 add pre-commit to test runner
• e1e4930 unignore W605
• Additional commits viewable in compare view

Updates coverage from 7.6.3 to 7.6.4

Changelog

Sourced from coverage's changelog.

Version 7.6.4 — 2024-10-20

• fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880_). This is now fixed.

.. _issue 1880: nedbat/coveragepy#1880

.. _changes_7-6-3:

Commits

• f24f76b docs: sample HTML for 7.6.4
• 96e10f7 docs: prep for 7.6.4
• b8c236a fix: multi-line with-statements exit correctly. #1880
• 64b7a45 docs: another discord reference
• 68d7427 docs: Python Discord
• 43adcea build: include 3.14 in the usual Pythons
• fb2b49f build: github_releases can update older releases, and pauses to get the sorti...
• ca550ca 3.0b2 wasn't correctly titled
• debcc77 build: bump version
• See full diff in compare view

Updates mypy from 1.12.0 to 1.12.1

Changelog

Sourced from mypy's changelog.

Mypy 1.12.1

• Fix crash when showing partially analyzed type in error message (Ivan Levkivskyi, PR 17961)
• Fix iteration over union (when self type is involved) (Shantanu, PR 17976)
• Fix type object with type var default in union context (Jukka Lehtosalo, PR 17991)
• Revert change to os.path stubs affecting use of os.PathLike[Any] (Shantanu, PR 17995)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Ali Hamdan
• Anders Kaseorg
• Bénédikt Tran
• Brian Schubert
• bzoracler
• Chelsea Durazo
• Danny Yang
• Edgar Ramírez Mondragón
• Eric Mark Martin
• InSync
• Ivan Levkivskyi
• Jordandev678
• Katrina Connors
• Kirill Podoprigora
• Marc Mueller
• Max Muoto
• Max Murin
• Michael Carlstrom
• Michael I Chen
• Pradyun Gedam
• quinn-sasha
• Raphael Krupinski
• Sebastian Rittau
• Shantanu
• sobolevn
• Soubhik Kumar Mitra
• Stanislav Terliakov
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

... (truncated)

Commits

• 050d12f Bump version to 1.12.1
• 346e370 [1.12 backport] revert os.path change (#17995)
• 71e1f05 Fix type object with type var default in union context (#17991)
• 34d8603 Fix iteration over union (when self type is involved) (#17976)
• 2485bed Use kw-only args for member access booleans (#17975)
• a5e9b0b Fix crash when showing partially analyzed type in error message (#17961)
• 4775da1 Bump version to 1.12.1+dev
• See full diff in compare view

Updates cryptography from 43.0.1 to 43.0.3

Changelog

Sourced from cryptography's changelog.

43.0.3 - 2024-10-18

* Fixed release metadata for ``cryptography-vectors``
.. _v43-0-2:
43.0.2 - 2024-10-18

• Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

Commits

• c2afb4f Backport metadata fix for vectors (#11797)
• 9a3cdb5 43.0.2 release: fix libressl 4.0.0 (#11796)
• See full diff in compare view

Updates markupsafe from 3.0.1 to 3.0.2

Release notes

Sourced from markupsafe's releases.

3.0.2

This is the MarkupSafe 3.0.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.2/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-2 Milestone: https://github.com/pallets/markupsafe/milestone/14?closed=1

• Fix compatibility when __str__ returns a str subclass. #472
• Build requires setuptools >= 70.1. #475

Changelog

Sourced from markupsafe's changelog.

Version 3.0.2

Released 2024-10-18

• Fix compatibility when __str__ returns a str subclass. :issue:472
• Build requires setuptools >= 70.1. :issue:475

Commits

• 28ace20 release version 3.0.2
• 6b51fd8 build requires at least setuptools 70.1 (#478)
• 99dda9f build requires at least setuptools 70.1
• 3d8fd8c fix version
• 1933c4b fix version
• e85aff4 relax speedups str check (#477)
• 8cb1691 relax speedups str check
• 4dafb7c start version 3.1.0
• 9c44ecf update docs build
• 275c769 Merge branch '2.1.x' into 3.0.x
• Additional commits viewable in compare view

Updates marshmallow from 3.22.0 to 3.23.0

Changelog

Sourced from marshmallow's changelog.

3.23.0 (2024-10-17)

---

Features:

• Typing: replace "type" with specific metaclass for Schema and Field.

Other changes:

• Officially support Python 3.13 (:pr:2319).
• Drop support for Python 3.8 (:pr:2318).

Commits

• 5e71a04 Bump version and update changelog
• 3cbcc5b Bump sphinx-issues from 4.1.0 to 5.0.0 (#2321)
• 7e902ff Bump sphinx from 8.1.0 to 8.1.3 (#2322)
• 660a34e Bump sphinx from 8.0.2 to 8.1.0 (#2320)
• 7998b4f Update CHANGELOG
• 70f7bbb Merge pull request #2319 from marshmallow-code/py313
• 0eb03c9 Support Python 3.13
• b1418d2 Merge pull request #2318 from marshmallow-code/py38
• 0a7d543 Replace typing.Dict/List/Tuple/Type with dict/list/tuple/type
• 230aa27 Use ZoneInfo instead of pytz
• Additional commits viewable in compare view

Updates orjson from 3.10.7 to 3.10.9

Release notes

Sourced from orjson's releases.

3.10.9

Fixed

• Fix int serialization on 32-bit Python 3.8, 3.9, 3.10. This was introduced in 3.10.8.

3.10.8

Changed

• int serialization no longer chains OverflowError to the the __cause__ attribute of orjson.JSONEncodeError when range exceeded.
• Compatibility with CPython 3.14 alpha 1.
• Improve performance.

Changelog

Sourced from orjson's changelog.

3.10.9

Fixed

• Fix int serialization on 32-bit Python 3.8, 3.9, 3.10. This was introduced in 3.10.8.

3.10.8

Changed

• int serialization no longer chains OverflowError to the the __cause__ attribute of orjson.JSONEncodeError when range exceeded.
• Compatibility with CPython 3.14 alpha 1.
• Improve performance.

Commits

• e331c52 3.10.9
• 4ba2c7f inline_int
• 3be7253 3.10.8
• 92f7b8c int uses _PyLong_AsByteArray()
• aec6e70 jiff
• c5af268 cargo update, vendor pyo3-ffi, python3.14
• 3640a30 Fix orjson_manylinux_2_17_amd64_* artifact upload
• See full diff in compare view

Updates ruamel-yaml-clib from 0.2.8 to 0.2.12

Updates setuptools from 75.1.0 to 75.2.0

Changelog

Sourced from setuptools's changelog.

v75.2.0

Features

• Made errors when parsing Distribution data more explicit about the expected type (tuple[str, ...] | list[str]) -- by :user:Avasam (#4578)

Bugfixes

• Fix a TypeError when a Distribution's old included attribute was a tuple -- by :user:Avasam (#4578)
• Add workaround for bdist_wheel --dist-info-dir errors when customisation does not inherit from setuptools. (#4684)

v75.1.1

Bugfixes

• Re-use pre-existing .dist-info dir when creating wheels via the build backend APIs (PEP 517) and the metadata_directory argument is passed -- by :user:pelson. (#1825)
• Changed egg_info command to avoid adding an empty .egg-info directory while iterating over entry-points. This avoids triggering integration problems with importlib.metadata/importlib_metadata (reference: pypa/pyproject-hooks#206). (#4680)

Commits

• 61a5a03 Bump version: 75.1.1 → 75.2.0
• 8ad3ea7 Workaround for bdist_wheel.dist_info_dir problems (#4684)
• 9af0877 Type sequence checks in setuptools/dist.py (#4578)
• 0534fde Add news fragment
• 50b732a Check for more specific error message
• a663287 Add pragma for edge-case code path
• 96be735 Workaround for bdist_wheel.dist_info_dir problems
• 000a413 Deprecate public access to setuptools.dist.sequence
• 00995c1 Use variable msg instead of tmpl in setuptools/dist
• d457d0e Type sequence checks in setuptools/dist.py
• Additional commits viewable in compare view

Updates starlette from 0.39.2 to 0.41.0

Release notes

Sourced from starlette's releases.

Version 0.41.0

Added

• Allow to raise HTTPException before websocket.accept() encode/starlette#2725

Version 0.40.0

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Changelog

Sourced from starlette's changelog.

0.41.0 (October 15, 2024)

Added

• Allow to raise HTTPException before websocket.accept() #2725.

0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Commits

• 46131a1 Version 0.41.0 (#2729)
• 99b6938 Allow to raise HTTPException before websocket.accept() (#2725)
• 4ded4b7 Version 0.40.0 (#2728)
• fd038f3 Merge commit from fork
• e116840 Bump the python-packages group with 6 updates (#2713)
• See full diff in compare view

Updates uvicorn from 0.31.1 to 0.32.0

Release notes

Sourced from uvicorn's releases.

Version 0.32.0

Added

• Officially support Python 3.13 (#2482)
• Warn when max_request_limit is exceeded (#2430)

---

Full Changelog: Kludex/uvicorn@0.31.1...0.32.0

Changelog

Sourced from uvicorn's changelog.

0.32.0 (2024-10-15)

Added

• Officially support Python 3.13 (#2482)
• Warn when max_request_limit is exceeded (#2430)

Commits

• fe39100 Version 0.32.0 (#2485)
• 967a2dc Support Python 3.13 (#2482)
• 079f07a feat(server): log warning when max request limit is exceeded (#2430)
• See full diff in compare view

Updates virtualenv from 20.26.6 to 20.27.0

Release notes

Sourced from virtualenv's releases.

20.27.0

What's Changed

• release 20.26.6 by @​gaborbernat in pypa/virtualenv#2772
• docs: fix the documentation typo on Extend Functionality page. by @​Mr-Sunglasses in pypa/virtualenv#2773
• Fix broken Windows zipapp and drop 3.7 support by @​gaborbernat in pypa/virtualenv#2783
• Skip $PATH entries we cannot check rather than dying with PermissionError by @​hroncok in pypa/virtualenv#2782

New Contributors

• @​Mr-Sunglasses made their first contribution in pypa/virtualenv#2773

Full Changelog: pypa/virtualenv@20.26.5...20.27.0

Changelog

Sourced from virtualenv's changelog.

v20.27.0 (2024-10-17)

Features - 20.27.0

- Drop 3.7 support as the CI environments no longer allow it running - by :user:`gaborbernat`. (:issue:`2758`)
Bugfixes - 20.27.0

• When a $PATH entry cannot be checked for existence, skip it instead of terminating - by :user:hroncok. (:issue:2782)

• Upgrade embedded wheels:

  • setuptools to 75.2.0 from 75.1.0
  • Removed pip of 24.0
  • Removed setuptools of 68.0.0
  • Removed wheel of 0.42.0
  • by :user:gaborbernat. (:issue:2783)

• Fix zipapp is broken on Windows post distlib 0.3.9 - by :user:gaborbernat. (:issue:2784)

Commits

• de4465f release 20.27.0
• 6f16059 Skip $PATH entries we cannot check rather than dying with PermissionError (#2...
• f73a2f3 Fix broken Windows zipapp and drop 3.7 support (#2783)
• 228b615 [pre-commit.ci] pre-commit autoupdate (#2781)
• b56d092 [pre-commit.ci] pre-commit autoupdate (#2779)
• a4dff77 Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3 (#2777)
• da72caa [pre-commit.ci] pre-commit autoupdate (#2775)
• 349eddc docs: fix the documentation typo on Extend Functionality page. (#2773)
• fe8ca14 release 20.26.6 (#2772)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions