Sync to 20250612#4
Merged
nickvines merged 4 commits intoverkada:mainfrom Jun 12, 2025
Merged
Conversation
Bumps the python group with 4 updates in the / directory: [requests](https://github.com/psf/requests), [mypy](https://github.com/python/mypy), [ruff](https://github.com/astral-sh/ruff) and [types-jsonschema](https://github.com/typeshed-internal/stub_uploader). Updates `requests` from 2.32.3 to 2.32.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> Updates `mypy` from 1.15.0 to 1.16.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h1>Mypy Release Notes</h1> <h2>Next Release</h2> <h3>Remove Support for targeting Python 3.8</h3> <p>Mypy now requires <code>--python-version 3.9</code> or greater. Support for only Python 3.8 is fully removed now. Given an unsupported version, mypy will default to the oldest supported one, currently 3.9.</p> <p>This change is necessary because typeshed stopped supporting Python 3.8 after it reached its End of Life in October 2024.</p> <p>Contributed by Marc Mueller (PR <a href="https://redirect.github.com/python/mypy/pull/19157">19157</a>, PR <a href="https://redirect.github.com/python/mypy/pull/19162">19162</a>).</p> <h3>Initial Support for Python 3.14</h3> <p>Mypy is now tested on 3.14 and mypyc works with 3.14.0b3 and later. Mypyc compiled wheels of mypy itself will be available for new versions after 3.14.0rc1 is released.</p> <p>Note that not all new features might be supported just yet.</p> <p>Contributed by Marc Mueller (PR <a href="https://redirect.github.com/python/mypy/pull/19164">19164</a>)</p> <h3>Deprecated Flag: --force-uppercase-builtins</h3> <p>Mypy only supports Python 3.9+. The --force-uppercase-builtins flag is now deprecated and a no-op. It will be removed in a future version.</p> <p>Contributed by Marc Mueller (PR <a href="https://redirect.github.com/python/mypy/pull/19176">19176</a>)</p> <h2>Mypy 1.16</h2> <p>We’ve just uploaded mypy 1.16 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <h3>Different Property Getter and Setter Types</h3> <p>Mypy now supports using different types for a property getter and setter:</p> <pre lang="python"><code>class A: _value: int <pre><code>@Property </code></pre> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/mypy/commit/9e72e9601f4c2fb6866cfec98fc40a31c91ccdb0"><code>9e72e96</code></a> Update version to 1.16.0</li> <li><a href="https://github.com/python/mypy/commit/8fe719ff3a8d1e26d3841a48df21ddf7d5b3c94d"><code>8fe719f</code></a> Add changelog for 1.16 (<a href="https://redirect.github.com/python/mypy/issues/19138">#19138</a>)</li> <li><a href="https://github.com/python/mypy/commit/2a036e739f8691576056669371d9f020e95c2603"><code>2a036e7</code></a> Revert "Infer correct types with overloads of <code>Type[Guard | Is]</code> (<a href="https://redirect.github.com/python/mypy/issues/19161">#19161</a>)</li> <li><a href="https://github.com/python/mypy/commit/b6da4fcf97fca9cd28e81a880f818dc364b5a06d"><code>b6da4fc</code></a> Allow enum members to have type objects as values (<a href="https://redirect.github.com/python/mypy/issues/19160">#19160</a>)</li> <li><a href="https://github.com/python/mypy/commit/334469f999c5c777124a123062b4349614447e0d"><code>334469f</code></a> [mypyc] Improve documentation of native and non-native classes (<a href="https://redirect.github.com/python/mypy/issues/19154">#19154</a>)</li> <li><a href="https://github.com/python/mypy/commit/a499d9fdba06732248c07586f2fd95c47a4fa0f7"><code>a499d9f</code></a> Document --allow-redefinition-new (<a href="https://redirect.github.com/python/mypy/issues/19153">#19153</a>)</li> <li><a href="https://github.com/python/mypy/commit/96525a23f0f8a3826d9875fa8b6e8e362cd9525e"><code>96525a2</code></a> Merge commit '9e45dadcf6d8dbab36f83d9df94a706c0b4f9207' into release-1.16</li> <li><a href="https://github.com/python/mypy/commit/9e45dadcf6d8dbab36f83d9df94a706c0b4f9207"><code>9e45dad</code></a> Clear more data in TypeChecker.reset() instead of asserting (<a href="https://redirect.github.com/python/mypy/issues/19087">#19087</a>)</li> <li><a href="https://github.com/python/mypy/commit/772cd0cebed6884636de0019e43caa06dbaa39ba"><code>772cd0c</code></a> Add --strict-bytes to --strict (<a href="https://redirect.github.com/python/mypy/issues/19049">#19049</a>)</li> <li><a href="https://github.com/python/mypy/commit/0b65f215996401264a68a3a06f3fbcd19915a9a5"><code>0b65f21</code></a> Admit that Final variables are never redefined (<a href="https://redirect.github.com/python/mypy/issues/19083">#19083</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/mypy/compare/v1.15.0...v1.16.0">compare view</a></li> </ul> </details> <br /> Updates `ruff` from 0.11.11 to 0.11.13 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.11.13</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>airflow</code>] Add unsafe fix for module moved cases (<code>AIR301</code>,<code>AIR311</code>,<code>AIR312</code>,<code>AIR302</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18367">#18367</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18366">#18366</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18363">#18363</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18093">#18093</a>)</li> <li>[<code>refurb</code>] Add coverage of <code>set</code> and <code>frozenset</code> calls (<code>FURB171</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18035">#18035</a>)</li> <li>[<code>refurb</code>] Mark <code>FURB180</code> fix unsafe when class has bases (<a href="https://redirect.github.com/astral-sh/ruff/pull/18149">#18149</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>perflint</code>] Fix missing parentheses for lambda and ternary conditions (<code>PERF401</code>, <code>PERF403</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18412">#18412</a>)</li> <li>[<code>pyupgrade</code>] Apply <code>UP035</code> only on py313+ for <code>get_type_hints()</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18476">#18476</a>)</li> <li>[<code>pyupgrade</code>] Make fix unsafe if it deletes comments (<code>UP004</code>,<code>UP050</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18393">#18393</a>, <a href="https://redirect.github.com/astral-sh/ruff/pull/18390">#18390</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>fastapi</code>] Avoid false positive for class dependencies (<code>FAST003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18271">#18271</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Update editor setup docs for Neovim and Vim (<a href="https://redirect.github.com/astral-sh/ruff/pull/18324">#18324</a>)</li> </ul> <h3>Other changes</h3> <ul> <li>Support Python 3.14 template strings (t-strings) in formatter and parser (<a href="https://redirect.github.com/astral-sh/ruff/pull/17851">#17851</a>)</li> </ul> <h2>Contributors</h2> <ul> <li><a href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li> <li><a href="https://github.com/BurntSushi"><code>@BurntSushi</code></a></li> <li><a href="https://github.com/InSyncWithFoo"><code>@InSyncWithFoo</code></a></li> <li><a href="https://github.com/Lee-W"><code>@Lee-W</code></a></li> <li><a href="https://github.com/MatthewMckee4"><code>@MatthewMckee4</code></a></li> <li><a href="https://github.com/MichaReiser"><code>@MichaReiser</code></a></li> <li><a href="https://github.com/Viicos"><code>@Viicos</code></a></li> <li><a href="https://github.com/abhijeetbodas2001"><code>@abhijeetbodas2001</code></a></li> <li><a href="https://github.com/carljm"><code>@carljm</code></a></li> <li><a href="https://github.com/chirizxc"><code>@chirizxc</code></a></li> <li><a href="https://github.com/dcreager"><code>@dcreager</code></a></li> <li><a href="https://github.com/dhruvmanila"><code>@dhruvmanila</code></a></li> <li><a href="https://github.com/dylwil3"><code>@dylwil3</code></a></li> <li><a href="https://github.com/github-actions"><code>@github-actions</code></a></li> <li><a href="https://github.com/ibraheemdev"><code>@ibraheemdev</code></a></li> <li><a href="https://github.com/lipefree"><code>@lipefree</code></a></li> <li><a href="https://github.com/mtshiba"><code>@mtshiba</code></a></li> <li><a href="https://github.com/naslundx"><code>@naslundx</code></a></li> <li><a href="https://github.com/ntBre"><code>@ntBre</code></a></li> <li><a href="https://github.com/otakutyrant"><code>@otakutyrant</code></a></li> <li><a href="https://github.com/renovate"><code>@renovate</code></a></li> <li><a href="https://github.com/robsdedude"><code>@robsdedude</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.11.13</h2> <h3>Preview features</h3> <ul> <li>[<code>airflow</code>] Add unsafe fix for module moved cases (<code>AIR301</code>,<code>AIR311</code>,<code>AIR312</code>,<code>AIR302</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18367">#18367</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18366">#18366</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18363">#18363</a>,<a href="https://redirect.github.com/astral-sh/ruff/pull/18093">#18093</a>)</li> <li>[<code>refurb</code>] Add coverage of <code>set</code> and <code>frozenset</code> calls (<code>FURB171</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18035">#18035</a>)</li> <li>[<code>refurb</code>] Mark <code>FURB180</code> fix unsafe when class has bases (<a href="https://redirect.github.com/astral-sh/ruff/pull/18149">#18149</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>perflint</code>] Fix missing parentheses for lambda and ternary conditions (<code>PERF401</code>, <code>PERF403</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18412">#18412</a>)</li> <li>[<code>pyupgrade</code>] Apply <code>UP035</code> only on py313+ for <code>get_type_hints()</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18476">#18476</a>)</li> <li>[<code>pyupgrade</code>] Make fix unsafe if it deletes comments (<code>UP004</code>,<code>UP050</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18393">#18393</a>, <a href="https://redirect.github.com/astral-sh/ruff/pull/18390">#18390</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>fastapi</code>] Avoid false positive for class dependencies (<code>FAST003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18271">#18271</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Update editor setup docs for Neovim and Vim (<a href="https://redirect.github.com/astral-sh/ruff/pull/18324">#18324</a>)</li> </ul> <h3>Other changes</h3> <ul> <li>Support Python 3.14 template strings (t-strings) in formatter and parser (<a href="https://redirect.github.com/astral-sh/ruff/pull/17851">#17851</a>)</li> </ul> <h2>0.11.12</h2> <h3>Preview features</h3> <ul> <li>[<code>airflow</code>] Revise fix titles (<code>AIR3</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18215">#18215</a>)</li> <li>[<code>pylint</code>] Implement <code>missing-maxsplit-arg</code> (<code>PLC0207</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/17454">#17454</a>)</li> <li>[<code>pyupgrade</code>] New rule <code>UP050</code> (<code>useless-class-metaclass-type</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18334">#18334</a>)</li> <li>[<code>flake8-use-pathlib</code>] Replace <code>os.symlink</code> with <code>Path.symlink_to</code> (<code>PTH211</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18337">#18337</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-bugbear</code>] Ignore <code>__debug__</code> attribute in <code>B010</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18357">#18357</a>)</li> <li>[<code>flake8-async</code>] Fix <code>anyio.sleep</code> argument name (<code>ASYNC115</code>, <code>ASYNC116</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18262">#18262</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB129</code> autofix generating invalid syntax (<a href="https://redirect.github.com/astral-sh/ruff/pull/18235">#18235</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-implicit-str-concat</code>] Add autofix for <code>ISC003</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18256">#18256</a>)</li> <li>[<code>pycodestyle</code>] Improve the diagnostic message for <code>E712</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18328">#18328</a>)</li> <li>[<code>flake8-2020</code>] Fix diagnostic message for <code>!=</code> comparisons (<code>YTT201</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18293">#18293</a>)</li> <li>[<code>pyupgrade</code>] Make fix unsafe if it deletes comments (<code>UP010</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18291">#18291</a>)</li> </ul> <h3>Documentation</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/5faf72a4d9b50c6e330165685e57fae14ca68b73"><code>5faf72a</code></a> Bump 0.11.13 (<a href="https://redirect.github.com/astral-sh/ruff/issues/18484">#18484</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/28dbc5c51eeb167f5e28308d77dbc697f19bdb10"><code>28dbc5c</code></a> [ty] Fix completion order in playground (<a href="https://redirect.github.com/astral-sh/ruff/issues/18480">#18480</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/ce216c79cc853181694439a5f6175bd25fd0d56d"><code>ce216c7</code></a> Remove <code>Message::to_rule</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18447">#18447</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/33468cc8cc74c2bbbbe8602db9f31dd7d39e0723"><code>33468cc</code></a> [<code>pyupgrade</code>] Apply <code>UP035</code> only on py313+ for <code>get_type_hints()</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18476">#18476</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/8531f4b3ca23b1bc877ddd3a4204832673851468"><code>8531f4b</code></a> [ty] Add infrastructure for AST garbage collection (<a href="https://redirect.github.com/astral-sh/ruff/issues/18445">#18445</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/55100209c781b35e22b38d22bd7a732ac6b1cc5c"><code>5510020</code></a> [ty] IDE: add support for <code>object.\<CURSOR></code> completions (<a href="https://redirect.github.com/astral-sh/ruff/issues/18468">#18468</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/c0bb83b88279f5ea21a3b9e8910d23e8437c89b5"><code>c0bb83b</code></a> [<code>perflint</code>] fix missing parentheses for lambda and ternary conditions (PERF4...</li> <li><a href="https://github.com/astral-sh/ruff/commit/74a4e9af3d52142247be218bd4b524d58b1c56e5"><code>74a4e9a</code></a> Combine lint and syntax error handling (<a href="https://redirect.github.com/astral-sh/ruff/issues/18471">#18471</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/8485dbb324212dab0e26d2afb5929097af129bbf"><code>8485dbb</code></a> [ty] Fix <code>--python</code> argument for Windows, and improve error messages for bad ...</li> <li><a href="https://github.com/astral-sh/ruff/commit/0858896bc434bb7666b7230bde52d2113f328ac9"><code>0858896</code></a> [ty] type narrowing by attribute/subscript assignments (<a href="https://redirect.github.com/astral-sh/ruff/issues/18041">#18041</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.11.11...0.11.13">compare view</a></li> </ul> </details> <br /> Updates `types-jsonschema` from 4.23.0.20250516 to 4.24.0.20250528 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.4</h2> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (<a href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> <li>Dropped support for pypy 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.4 (2025-06-10)</h2> <p><strong>Security</strong></p> <ul> <li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Numerous documentation improvements</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Added support for pypy 3.11 for Linux and macOS.</li> <li>Dropped support for pypy 3.9 following its end of support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a> Polish up release tooling for last manual release</li> <li><a href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a> Bump version and add release notes for v2.32.4</li> <li><a href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a> Add netrc file search information to authentication documentation (<a href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li> <li><a href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a> Add more tests to prevent regression of CVE 2024 47081</li> <li><a href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a> Add new test to check netrc auth leak (<a href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li> <li><a href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a> Only use hostname to do netrc lookup instead of netloc</li> <li><a href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6951">#6951</a> from tswast/patch-1</li> <li><a href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a> remove links</li> <li><a href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a> Update docs/conf.py</li> <li><a href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a> docs: fix dead links to kenreitz.org</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.3...v2.32.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/astral-sh/python-build-standalone/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
juanzolotoochin
approved these changes
Jun 12, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.