Because:
- Docker has deprecated `ENV KEY value` syntax and is now complaining
about our usage
This commit:
- updates our usage to the new syntax.
Fixes#11678
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.1 to 0.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.7.0</h2>
<h2>Release Notes</h2>
<p>Check out the <a href="https://astral.sh/blog/ruff-v0.7.0">blog
post</a> for a migration guide and overview of the changes!</p>
<h3>Breaking changes</h3>
<ul>
<li>The pytest rules <code>PT001</code> and <code>PT023</code> now
default to omitting the decorator parentheses when there are no
arguments
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/12838">#12838</a>,
<a
href="https://redirect.github.com/astral-sh/ruff/pull/13292">#13292</a>).
This was a change that we attempted to make in Ruff v0.6.0, but only
partially made due to an error on our part.
See the <a href="https://astral.sh/blog/ruff-v0.7.0">blog post</a> for
more details.</li>
<li>The <code>useless-try-except</code> rule (in our
<code>tryceratops</code> category) has been recoded from
<code>TRY302</code> to
<code>TRY203</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13502">#13502</a>).
This ensures Ruff's code is consistent with
the same rule in the <a
href="https://github.com/guilatrova/tryceratops"><code>tryceratops</code></a>
linter.</li>
<li>The <code>lint.allow-unused-imports</code> setting has been removed
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/13677">#13677</a>).
Use
<a
href="https://docs.astral.sh/ruff/settings/#lint_pyflakes_allowed-unused-imports"><code>lint.pyflakes.allow-unused-imports</code></a>
instead.</li>
</ul>
<h3>Formatter preview style</h3>
<ul>
<li>Normalize implicit concatenated f-string quotes per part (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13539">#13539</a>)</li>
</ul>
<h3>Preview linter features</h3>
<ul>
<li>[<code>refurb</code>] implement
<code>hardcoded-string-charset</code> (FURB156) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13530">#13530</a>)</li>
<li>[<code>refurb</code>] Count codepoints not bytes for
<code>slice-to-remove-prefix-or-suffix (FURB188)</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13631">#13631</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pylint</code>] Mark <code>PLE1141</code> fix as unsafe (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13629">#13629</a>)</li>
<li>[<code>flake8-async</code>] Consider async generators to be
"checkpoints" for <code>cancel-scope-no-checkpoint</code>
(<code>ASYNC100</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13639">#13639</a>)</li>
<li>[<code>flake8-bugbear</code>] Do not suggest setting parameter
<code>strict=</code> to <code>False</code> in <code>B905</code>
diagnostic message (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13656">#13656</a>)</li>
<li>[<code>flake8-todos</code>] Only flag the word "TODO", not
words starting with "todo" (<code>TD006</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13640">#13640</a>)</li>
<li>[<code>pycodestyle</code>] Fix whitespace-related false positives
and false negatives inside type-parameter lists (<code>E231</code>,
<code>E251</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13704">#13704</a>)</li>
<li>[<code>flake8-simplify</code>] Stabilize preview behavior for
<code>SIM115</code> so that the rule can detect files
being opened from a wider range of standard-library functions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/12959">#12959</a>).</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Add explanation of fixable in <code>--statistics</code> command (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13774">#13774</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pyflakes</code>] Allow <code>ipytest</code> cell magic
(<code>F401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13745">#13745</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Fix <code>PTH123</code> false
positive when <code>open</code> is passed a file descriptor (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13616">#13616</a>)</li>
<li>[<code>flake8-bandit</code>] Detect patterns from multi line SQL
statements (<code>S608</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13574">#13574</a>)</li>
<li>[<code>flake8-pyi</code>] - Fix dropped expressions in
<code>PYI030</code> autofix (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13727">#13727</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li><a
href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.7.0</h2>
<p>Check out the <a href="https://astral.sh/blog/ruff-v0.7.0">blog
post</a> for a migration guide and overview of the changes!</p>
<h3>Breaking changes</h3>
<ul>
<li>The pytest rules <code>PT001</code> and <code>PT023</code> now
default to omitting the decorator parentheses when there are no
arguments
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/12838">#12838</a>,
<a
href="https://redirect.github.com/astral-sh/ruff/pull/13292">#13292</a>).
This was a change that we attempted to make in Ruff v0.6.0, but only
partially made due to an error on our part.
See the <a href="https://astral.sh/blog/ruff-v0.7.0">blog post</a> for
more details.</li>
<li>The <code>useless-try-except</code> rule (in our
<code>tryceratops</code> category) has been recoded from
<code>TRY302</code> to
<code>TRY203</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13502">#13502</a>).
This ensures Ruff's code is consistent with
the same rule in the <a
href="https://github.com/guilatrova/tryceratops"><code>tryceratops</code></a>
linter.</li>
<li>The <code>lint.allow-unused-imports</code> setting has been removed
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/13677">#13677</a>).
Use
<a
href="https://docs.astral.sh/ruff/settings/#lint_pyflakes_allowed-unused-imports"><code>lint.pyflakes.allow-unused-imports</code></a>
instead.</li>
</ul>
<h3>Formatter preview style</h3>
<ul>
<li>Normalize implicit concatenated f-string quotes per part (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13539">#13539</a>)</li>
</ul>
<h3>Preview linter features</h3>
<ul>
<li>[<code>refurb</code>] implement
<code>hardcoded-string-charset</code> (FURB156) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13530">#13530</a>)</li>
<li>[<code>refurb</code>] Count codepoints not bytes for
<code>slice-to-remove-prefix-or-suffix (FURB188)</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13631">#13631</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pylint</code>] Mark <code>PLE1141</code> fix as unsafe (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13629">#13629</a>)</li>
<li>[<code>flake8-async</code>] Consider async generators to be
"checkpoints" for <code>cancel-scope-no-checkpoint</code>
(<code>ASYNC100</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13639">#13639</a>)</li>
<li>[<code>flake8-bugbear</code>] Do not suggest setting parameter
<code>strict=</code> to <code>False</code> in <code>B905</code>
diagnostic message (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13656">#13656</a>)</li>
<li>[<code>flake8-todos</code>] Only flag the word "TODO", not
words starting with "todo" (<code>TD006</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13640">#13640</a>)</li>
<li>[<code>pycodestyle</code>] Fix whitespace-related false positives
and false negatives inside type-parameter lists (<code>E231</code>,
<code>E251</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13704">#13704</a>)</li>
<li>[<code>flake8-simplify</code>] Stabilize preview behavior for
<code>SIM115</code> so that the rule can detect files
being opened from a wider range of standard-library functions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/12959">#12959</a>).</li>
</ul>
<h3>CLI</h3>
<ul>
<li>Add explanation of fixable in <code>--statistics</code> command (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13774">#13774</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pyflakes</code>] Allow <code>ipytest</code> cell magic
(<code>F401</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13745">#13745</a>)</li>
<li>[<code>flake8-use-pathlib</code>] Fix <code>PTH123</code> false
positive when <code>open</code> is passed a file descriptor (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13616">#13616</a>)</li>
<li>[<code>flake8-bandit</code>] Detect patterns from multi line SQL
statements (<code>S608</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13574">#13574</a>)</li>
<li>[<code>flake8-pyi</code>] - Fix dropped expressions in
<code>PYI030</code> autofix (<a
href="https://redirect.github.com/astral-sh/ruff/pull/13727">#13727</a>)</li>
</ul>
<h2>0.6.9</h2>
<h3>Preview features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e6de4e0c6"><code>5e6de4e</code></a>
Changelog for Ruff v0.7 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13794">#13794</a>)</li>
<li><a
href="70e5c4a8ba"><code>70e5c4a</code></a>
Recode <code>TRY302</code> to <code>TRY203</code> (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13502">#13502</a>)</li>
<li><a
href="9218d6bedc"><code>9218d6b</code></a>
Remove <code>allow-unused-imports</code> setting from the common lint
options (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13677">#13677</a>)</li>
<li><a
href="1b79ae9817"><code>1b79ae9</code></a>
[ruff-0.7] Stabilise the expansion of
<code>open-file-with-context-handler</code> to wor...</li>
<li><a
href="2b87587ac2"><code>2b87587</code></a>
[<code>flake8-pytest-style</code>] Fix defaults when
<code>lint.flake8-pytest-style</code> config s...</li>
<li><a
href="d1e15f6246"><code>d1e15f6</code></a>
Remove tab-size setting (<a
href="https://redirect.github.com/astral-sh/ruff/issues/12835">#12835</a>)</li>
<li><a
href="89a82158a1"><code>89a8215</code></a>
Remove error messages for removed CLI aliases (<a
href="https://redirect.github.com/astral-sh/ruff/issues/12833">#12833</a>)</li>
<li><a
href="202c6a6d75"><code>202c6a6</code></a>
Remove <code>output-format=text</code> setting (<a
href="https://redirect.github.com/astral-sh/ruff/issues/12836">#12836</a>)</li>
<li><a
href="5c3c0c4705"><code>5c3c0c4</code></a>
[red-knot] Inference for comparison of union types (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13781">#13781</a>)</li>
<li><a
href="6b7a738825"><code>6b7a738</code></a>
Add explanation of fixable in <code>--statistics</code> command (<a
href="https://redirect.github.com/astral-sh/ruff/issues/13774">#13774</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.6.1...0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yashika Khurana <yashikakhuranayashika@gmail.com>
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from
2.15.0 to 2.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's
releases</a>.</em></p>
<blockquote>
<h2>2.16.0</h2>
<h3>Integrations</h3>
<ul>
<li>
<p>Bottle: Add <code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3618">#3618</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
<p>You can now define a set of integers that will determine which status
codes
should be reported to Sentry.</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
BottleIntegration(
failed_request_status_codes={403, *range(500, 600)},
)
]
)
</code></pre>
<p>Examples of valid <code>failed_request_status_codes</code>:</p>
<ul>
<li><code>{500}</code> will only send events on HTTP 500.</li>
<li><code>{400, *range(500, 600)}</code> will send events on HTTP 400 as
well as the 5xx range.</li>
<li><code>{500, 503}</code> will send events on HTTP 500 and 503.</li>
<li><code>set()</code> (the empty set) will not send events for any HTTP
status code.</li>
</ul>
<p>The default is <code>{*range(500, 600)}</code>, meaning that all 5xx
status codes are reported to Sentry.</p>
</li>
<li>
<p>Bottle: Delete never-reached code (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3605">#3605</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>Redis: Remove flaky test (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3626">#3626</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
</li>
<li>
<p>Django: Improve getting <code>psycopg3</code> connection info (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3580">#3580</a>)
by <a href="https://github.com/nijel"><code>@nijel</code></a></p>
</li>
<li>
<p>Django: Add <code>SpotlightMiddleware</code> when Spotlight is
enabled (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3600">#3600</a>)
by <a href="https://github.com/BYK"><code>@BYK</code></a></p>
</li>
<li>
<p>Django: Open relevant error when <code>SpotlightMiddleware</code> is
on (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3614">#3614</a>)
by <a href="https://github.com/BYK"><code>@BYK</code></a></p>
</li>
<li>
<p>Django: Support <code>http_methods_to_capture</code> in ASGI Django
(<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3607">#3607</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
<p>ASGI Django now also supports the
<code>http_methods_to_capture</code> integration option. This is a
configurable tuple of HTTP method verbs that should create a transaction
in Sentry. The default is <code>("CONNECT",
"DELETE", "GET", "PATCH",
"POST", "PUT", "TRACE",)</code>.
<code>OPTIONS</code> and <code>HEAD</code> are not included by
default.</p>
<p>Here's how to use it:</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
DjangoIntegration(
http_methods_to_capture=("GET", "POST"),
),
],
)
</code></pre>
</li>
</ul>
<h3>Miscellaneous</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>2.16.0</h2>
<h3>Integrations</h3>
<ul>
<li>
<p>Bottle: Add <code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3618">#3618</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
<p>You can now define a set of integers that will determine which status
codes
should be reported to Sentry.</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
BottleIntegration(
failed_request_status_codes={403, *range(500, 600)},
)
]
)
</code></pre>
<p>Examples of valid <code>failed_request_status_codes</code>:</p>
<ul>
<li><code>{500}</code> will only send events on HTTP 500.</li>
<li><code>{400, *range(500, 600)}</code> will send events on HTTP 400 as
well as the 5xx range.</li>
<li><code>{500, 503}</code> will send events on HTTP 500 and 503.</li>
<li><code>set()</code> (the empty set) will not send events for any HTTP
status code.</li>
</ul>
<p>The default is <code>{*range(500, 600)}</code>, meaning that all 5xx
status codes are reported to Sentry.</p>
</li>
<li>
<p>Bottle: Delete never-reached code (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3605">#3605</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>Redis: Remove flaky test (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3626">#3626</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
</li>
<li>
<p>Django: Improve getting <code>psycopg3</code> connection info (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3580">#3580</a>)
by <a href="https://github.com/nijel"><code>@nijel</code></a></p>
</li>
<li>
<p>Django: Add <code>SpotlightMiddleware</code> when Spotlight is
enabled (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3600">#3600</a>)
by <a href="https://github.com/BYK"><code>@BYK</code></a></p>
</li>
<li>
<p>Django: Open relevant error when <code>SpotlightMiddleware</code> is
on (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3614">#3614</a>)
by <a href="https://github.com/BYK"><code>@BYK</code></a></p>
</li>
<li>
<p>Django: Support <code>http_methods_to_capture</code> in ASGI Django
(<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3607">#3607</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
<p>ASGI Django now also supports the
<code>http_methods_to_capture</code> integration option. This is a
configurable tuple of HTTP method verbs that should create a transaction
in Sentry. The default is <code>("CONNECT",
"DELETE", "GET", "PATCH",
"POST", "PUT", "TRACE",)</code>.
<code>OPTIONS</code> and <code>HEAD</code> are not included by
default.</p>
<p>Here's how to use it:</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
DjangoIntegration(
http_methods_to_capture=("GET", "POST"),
),
],
)
</code></pre>
</li>
</ul>
<h3>Miscellaneous</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="90986018b8"><code>9098601</code></a>
Fix changelog formatting</li>
<li><a
href="b73191073b"><code>b731910</code></a>
Update CHANGELOG.md</li>
<li><a
href="0df20a76a4"><code>0df20a7</code></a>
release: 2.16.0</li>
<li><a
href="01b468724a"><code>01b4687</code></a>
Remove flaky test (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3626">#3626</a>)</li>
<li><a
href="3945fc118f"><code>3945fc1</code></a>
Add 3.13 to setup.py (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3574">#3574</a>)</li>
<li><a
href="c110ff3843"><code>c110ff3</code></a>
Add 3.13 to basepython (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3589">#3589</a>)</li>
<li><a
href="d0eca65aa1"><code>d0eca65</code></a>
feat(bottle): Add <code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3618">#3618</a>)</li>
<li><a
href="d34c99af36"><code>d34c99a</code></a>
feat: Add opportunistic Brotli compression (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3612">#3612</a>)</li>
<li><a
href="4f79aecf93"><code>4f79aec</code></a>
fix(django): improve getting psycopg3 connection info (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3580">#3580</a>)</li>
<li><a
href="2d2e548817"><code>2d2e548</code></a>
feat: Add <code>__notes__</code> support (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3620">#3620</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-python/compare/2.15.0...2.16.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from
2.14.0 to 2.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's
releases</a>.</em></p>
<blockquote>
<h2>2.15.0</h2>
<h3>Integrations</h3>
<ul>
<li>
<p>Configure HTTP methods to capture in ASGI/WSGI middleware and
frameworks (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3531">#3531</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></p>
<p>We've added a new option to the Django, Flask, Starlette and FastAPI
integrations called <code>http_methods_to_capture</code>. This is a
configurable tuple of HTTP method verbs that should create a transaction
in Sentry. The default is <code>("CONNECT",
"DELETE", "GET", "PATCH",
"POST", "PUT", "TRACE",)</code>.
<code>OPTIONS</code> and <code>HEAD</code> are not included by
default.</p>
<p>Here's how to use it (substitute Flask for your framework
integration):</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
FlaskIntegration(
http_methods_to_capture=("GET", "POST"),
),
],
)
<p></code></pre></p>
</li>
<li>
<p>Django: Allow ASGI to use <code>drf_request</code> in
<code>DjangoRequestExtractor</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3572">#3572</a>)
by <a href="https://github.com/PakawiNz"><code>@PakawiNz</code></a></p>
</li>
<li>
<p>Django: Don't let <code>RawPostDataException</code> bubble up (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3553">#3553</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
</li>
<li>
<p>Django: Add <code>sync_capable</code> to
<code>SentryWrappingMiddleware</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3510">#3510</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>AIOHTTP: Add <code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3551">#3551</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
<p>You can now define a set of integers that will determine which status
codes
should be reported to Sentry.</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
AioHttpIntegration(
failed_request_status_codes={403, *range(500, 600)},
)
]
)
</code></pre>
<p>Examples of valid <code>failed_request_status_codes</code>:</p>
<ul>
<li><code>{500}</code> will only send events on HTTP 500.</li>
<li><code>{400, *range(500, 600)}</code> will send events on HTTP 400 as
well as the 5xx range.</li>
<li><code>{500, 503}</code> will send events on HTTP 500 and 503.</li>
<li><code>set()</code> (the empty set) will not send events for any HTTP
status code.</li>
</ul>
<p>The default is <code>{*range(500, 600)}</code>, meaning that all 5xx
status codes are reported to Sentry.</p>
</li>
<li>
<p>AIOHTTP: Delete test which depends on AIOHTTP behavior (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3568">#3568</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>AIOHTTP: Handle invalid responses (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3554">#3554</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>FastAPI/Starlette: Support new
<code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3563">#3563</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
<p>The format of <code>failed_request_status_codes</code> has changed
from a list</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>2.15.0</h2>
<h3>Integrations</h3>
<ul>
<li>
<p>Configure HTTP methods to capture in ASGI/WSGI middleware and
frameworks (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3531">#3531</a>)
by <a
href="https://github.com/antonpirker"><code>@antonpirker</code></a></p>
<p>We've added a new option to the Django, Flask, Starlette and FastAPI
integrations called <code>http_methods_to_capture</code>. This is a
configurable tuple of HTTP method verbs that should create a transaction
in Sentry. The default is <code>("CONNECT",
"DELETE", "GET", "PATCH",
"POST", "PUT", "TRACE",)</code>.
<code>OPTIONS</code> and <code>HEAD</code> are not included by
default.</p>
<p>Here's how to use it (substitute Flask for your framework
integration):</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
FlaskIntegration(
http_methods_to_capture=("GET", "POST"),
),
],
)
<p></code></pre></p>
</li>
<li>
<p>Django: Allow ASGI to use <code>drf_request</code> in
<code>DjangoRequestExtractor</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3572">#3572</a>)
by <a href="https://github.com/PakawiNz"><code>@PakawiNz</code></a></p>
</li>
<li>
<p>Django: Don't let <code>RawPostDataException</code> bubble up (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3553">#3553</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
</li>
<li>
<p>Django: Add <code>sync_capable</code> to
<code>SentryWrappingMiddleware</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3510">#3510</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>AIOHTTP: Add <code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3551">#3551</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
<p>You can now define a set of integers that will determine which status
codes
should be reported to Sentry.</p>
<pre lang="python"><code>sentry_sdk.init(
integrations=[
AioHttpIntegration(
failed_request_status_codes={403, *range(500, 600)},
)
]
)
</code></pre>
<p>Examples of valid <code>failed_request_status_codes</code>:</p>
<ul>
<li><code>{500}</code> will only send events on HTTP 500.</li>
<li><code>{400, *range(500, 600)}</code> will send events on HTTP 400 as
well as the 5xx range.</li>
<li><code>{500, 503}</code> will send events on HTTP 500 and 503.</li>
<li><code>set()</code> (the empty set) will not send events for any HTTP
status code.</li>
</ul>
<p>The default is <code>{*range(500, 600)}</code>, meaning that all 5xx
status codes are reported to Sentry.</p>
</li>
<li>
<p>AIOHTTP: Delete test which depends on AIOHTTP behavior (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3568">#3568</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>AIOHTTP: Handle invalid responses (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3554">#3554</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
<li>
<p>FastAPI/Starlette: Support new
<code>failed_request_status_codes</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3563">#3563</a>)
by <a
href="https://github.com/szokeasaurusrex"><code>@szokeasaurusrex</code></a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65909ed951"><code>65909ed</code></a>
Update CHANGELOG.md</li>
<li><a
href="97b6d9f345"><code>97b6d9f</code></a>
Fix changelog</li>
<li><a
href="5de346cc90"><code>5de346c</code></a>
Refactor changelog</li>
<li><a
href="7bee75f86d"><code>7bee75f</code></a>
release: 2.15.0</li>
<li><a
href="1c64ff787e"><code>1c64ff7</code></a>
Configure HTTP methods to capture in WSGI middleware and frameworks (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3531">#3531</a>)</li>
<li><a
href="a3ab1ea968"><code>a3ab1ea</code></a>
XFail one of the Lambda tests (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3592">#3592</a>)</li>
<li><a
href="05411ff4ff"><code>05411ff</code></a>
allowing ASGI to use drf_request in DjangoRequestExtractor (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3572">#3572</a>)</li>
<li><a
href="4636afcaaa"><code>4636afc</code></a>
fix(tracing): Fix <code>add_query_source</code> with modules outside of
project root (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3">#3</a>...</li>
<li><a
href="aed18d4738"><code>aed18d4</code></a>
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3585">#3585</a>)</li>
<li><a
href="205591e2ed"><code>205591e</code></a>
Test more integrations on 3.13 (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/3578">#3578</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-python/compare/2.14.0...2.15.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.114.0 to
0.115.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fastapi/fastapi/releases">fastapi's
releases</a>.</em></p>
<blockquote>
<h2>0.115.0</h2>
<h3>Highlights</h3>
<p>Now you can declare <code>Query</code>, <code>Header</code>, and
<code>Cookie</code> parameters with Pydantic models. 🎉</p>
<h4><code>Query</code> Parameter Models</h4>
<p>Use Pydantic models for <code>Query</code> parameters:</p>
<pre lang="python"><code>from typing import Annotated, Literal
<p>from fastapi import FastAPI, Query
from pydantic import BaseModel, Field</p>
<p>app = FastAPI()</p>
<p>class FilterParams(BaseModel):
limit: int = Field(100, gt=0, le=100)
offset: int = Field(0, ge=0)
order_by: Literal["created_at", "updated_at"] =
"created_at"
tags: list[str] = []</p>
<p><a
href="https://github.com/app"><code>@app</code></a>.get("/items/")
async def read_items(filter_query: Annotated[FilterParams, Query()]):
return filter_query
</code></pre></p>
<p>Read the new docs: <a
href="https://fastapi.tiangolo.com/tutorial/query-param-models/">Query
Parameter Models</a>.</p>
<h4><code>Header</code> Parameter Models</h4>
<p>Use Pydantic models for <code>Header</code> parameters:</p>
<pre lang="python"><code>from typing import Annotated
<p>from fastapi import FastAPI, Header
from pydantic import BaseModel</p>
<p>app = FastAPI()</p>
<p>class CommonHeaders(BaseModel):
host: str
save_data: bool
if_modified_since: str | None = None
traceparent: str | None = None
</tr></table>
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="40e33e492d"><code>40e33e4</code></a>
🔖 Release version 0.115.0</li>
<li><a
href="b36047b54a"><code>b36047b</code></a>
📝 Update release notes</li>
<li><a
href="7eadeb69bd"><code>7eadeb6</code></a>
📝 Update release notes</li>
<li><a
href="55035f440b"><code>55035f4</code></a>
✨ Add support for Pydantic models for parameters using
<code>Query</code>, <code>Cookie</code>, `He...</li>
<li><a
href="0903da78c9"><code>0903da7</code></a>
📝 Update release notes</li>
<li><a
href="4b2b14a8e8"><code>4b2b14a</code></a>
⬆ [pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/fastapi/fastapi/issues/12204">#12204</a>)</li>
<li><a
href="35df20c79c"><code>35df20c</code></a>
📝 Update release notes</li>
<li><a
href="8eb3c5621f"><code>8eb3c56</code></a>
🌐 Add Portuguese translation for
`docs/pt/docs/advanced/security/http-basic-a...</li>
<li><a
href="2ada1615a3"><code>2ada161</code></a>
🔖 Release version 0.114.2</li>
<li><a
href="3a5fd71f55"><code>3a5fd71</code></a>
📝 Update release notes</li>
<li>Additional commits viewable in <a
href="https://github.com/fastapi/fastapi/compare/0.114.0...0.115.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.112.0 to
0.114.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fastapi/fastapi/releases">fastapi's
releases</a>.</em></p>
<blockquote>
<h2>0.114.0</h2>
<p>You can restrict form fields to only include those declared in a
Pydantic model and forbid any extra field sent in the request using
Pydantic's <code>model_config = {"extra":
"forbid"}</code>:</p>
<pre lang="python"><code>from typing import Annotated
<p>from fastapi import FastAPI, Form
from pydantic import BaseModel</p>
<p>app = FastAPI()</p>
<p>class FormData(BaseModel):
username: str
password: str
model_config = {"extra": "forbid"}</p>
<p><a
href="https://github.com/app"><code>@app</code></a>.post("/login/")
async def login(data: Annotated[FormData, Form()]):
return data
</code></pre></p>
<p>Read the new docs: <a
href="https://fastapi.tiangolo.com/tutorial/request-form-models/#forbid-extra-form-fields">Form
Models - Forbid Extra Form Fields</a>.</p>
<h3>Features</h3>
<ul>
<li>✨ Add support for forbidding extra form fields with Pydantic models.
PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/12134">#12134</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
</ul>
<h3>Docs</h3>
<ul>
<li>📝 Update docs, Form Models section title, to match config name. PR
<a
href="https://redirect.github.com/fastapi/fastapi/pull/12152">#12152</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
</ul>
<h3>Internal</h3>
<ul>
<li>✅ Update internal tests for latest Pydantic, including CI tweaks to
install the latest Pydantic. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/12147">#12147</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
</ul>
<h2>0.113.0</h2>
<p>Now you can declare form fields with Pydantic models:</p>
<pre lang="python"><code>from typing import Annotated
<p>from fastapi import FastAPI, Form
from pydantic import BaseModel</p>
<p>app = FastAPI()</p>
<p>class FormData(BaseModel):
</tr></table>
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bde12faea2"><code>bde12fa</code></a>
🔖 Release version 0.114.0</li>
<li><a
href="74842f0a60"><code>74842f0</code></a>
📝 Update release notes</li>
<li><a
href="e68d8c60fb"><code>e68d8c6</code></a>
📝 Update release notes</li>
<li><a
href="4ff22a0c41"><code>4ff22a0</code></a>
📝 Update docs, Form Models section title, to match config name (<a
href="https://redirect.github.com/fastapi/fastapi/issues/12152">#12152</a>)</li>
<li><a
href="a11e392f5f"><code>a11e392</code></a>
📝 Update release notes</li>
<li><a
href="4633b1bca9"><code>4633b1b</code></a>
✨ Add support for forbidding extra form fields with Pydantic models (<a
href="https://redirect.github.com/fastapi/fastapi/issues/12134">#12134</a>)</li>
<li><a
href="1b06b53267"><code>1b06b53</code></a>
📝 Update release notes</li>
<li><a
href="c411b81c29"><code>c411b81</code></a>
✅ Update internal tests for latest Pydantic, including CI tweaks to
install t...</li>
<li><a
href="d86f660302"><code>d86f660</code></a>
🔖 Release version 0.113.0</li>
<li><a
href="179f838c36"><code>179f838</code></a>
📝 Update release notes</li>
<li>Additional commits viewable in <a
href="https://github.com/fastapi/fastapi/compare/0.112.0...0.114.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- We have added the support so that QA can use preview mode and can do
the enrollment
This commit
- Adds the information in the telemetry if its a preview mode enrollment
Fixes#11227
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio)
from 0.23.2 to 0.23.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pytest-dev/pytest-asyncio/releases">pytest-asyncio's
releases</a>.</em></p>
<blockquote>
<h2>pytest-asyncio 0.23.8</h2>
<h1>0.23.8 (2024-07-17)</h1>
<ul>
<li>Fixes a bug that caused duplicate markers in async tests <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/813">#813</a></li>
</ul>
<h2>Known issues</h2>
<p>As of v0.23, pytest-asyncio attaches an asyncio event loop to each
item of the test suite (i.e. session, packages, modules, classes,
functions) and allows tests to be run in those loops when marked
accordingly. Pytest-asyncio currently assumes that async fixture scope
is correlated with the new event loop scope. This prevents fixtures from
being evaluated independently from the event loop scope and breaks some
existing test suites (see <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/706">#706</a>).
For example, a test suite may require all fixtures and tests to run in
the same event loop, but have async fixtures that are set up and torn
down for each module. If you're affected by this issue, please continue
using the v0.21 release, until it is resolved.</p>
<h2>pytest-asyncio 0.23.7</h2>
<h1>0.23.7 (2024-05-19)</h1>
<ul>
<li>Silence deprecation warnings about unclosed event loops that
occurred with certain CPython patch releases <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/pull/817">#817</a></li>
</ul>
<h2>Known issues</h2>
<p>As of v0.23, pytest-asyncio attaches an asyncio event loop to each
item of the test suite (i.e. session, packages, modules, classes,
functions) and allows tests to be run in those loops when marked
accordingly. Pytest-asyncio currently assumes that async fixture scope
is correlated with the new event loop scope. This prevents fixtures from
being evaluated independently from the event loop scope and breaks some
existing test suites (see <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/706">#706</a>).
For example, a test suite may require all fixtures and tests to run in
the same event loop, but have async fixtures that are set up and torn
down for each module. If you're affected by this issue, please continue
using the v0.21 release, until it is resolved.</p>
<h2>pytest-asyncio 0.23.6</h2>
<h1>0.23.6 (2024-03-19)</h1>
<ul>
<li>Fix compatibility with pytest 8.2 <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/pull/800">#800</a></li>
</ul>
<h2>Known issues</h2>
<p>As of v0.23, pytest-asyncio attaches an asyncio event loop to each
item of the test suite (i.e. session, packages, modules, classes,
functions) and allows tests to be run in those loops when marked
accordingly. Pytest-asyncio currently assumes that async fixture scope
is correlated with the new event loop scope. This prevents fixtures from
being evaluated independently from the event loop scope and breaks some
existing test suites (see <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/706">#706</a>).
For example, a test suite may require all fixtures and tests to run in
the same event loop, but have async fixtures that are set up and torn
down for each module. If you're affected by this issue, please continue
using the v0.21 release, until it is resolved.</p>
<h2>pytest-asyncio 0.23.5.post1</h2>
<h1>0.23.5 (2024-02-09)</h1>
<ul>
<li>Declare compatibility with pytest 8 <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/737">#737</a></li>
<li>Fix typing errors with recent versions of mypy <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/769">#769</a></li>
<li>Prevent DeprecationWarning about internal use of
<code>asyncio.get_event_loop()</code> from affecting test cases <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/757">#757</a></li>
</ul>
<h2>Known issues</h2>
<p>As of v0.23, pytest-asyncio attaches an asyncio event loop to each
item of the test suite (i.e. session, packages, modules, classes,
functions) and allows tests to be run in those loops when marked
accordingly. Pytest-asyncio currently assumes that async fixture scope
is correlated with the new event loop scope. This prevents fixtures from
being evaluated independently from the event loop scope and breaks some
existing test suites (see <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/706">#706</a>).
For example, a test suite may require all fixtures and tests to run in
the same event loop, but have async fixtures that are set up and torn
down for each module. If you're affected by this issue, please continue
using the v0.21 release, until it is resolved.</p>
<h2>pytest-asyncio 0.23.5</h2>
<h1>0.23.5 (2024-02-09)</h1>
<ul>
<li>Declare compatibility with pytest 8 <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/737">#737</a></li>
<li>Fix typing errors with recent versions of mypy <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/769">#769</a></li>
<li>Prevent DeprecationWarning about internal use of
<code>asyncio.get_event_loop()</code> from affecting test cases <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/757">#757</a></li>
</ul>
<h2>Known issues</h2>
<p>As of v0.23, pytest-asyncio attaches an asyncio event loop to each
item of the test suite (i.e. session, packages, modules, classes,
functions) and allows tests to be run in those loops when marked
accordingly. Pytest-asyncio currently assumes that async fixture scope
is correlated with the new event loop scope. This prevents fixtures from
being evaluated independently from the event loop scope and breaks some
existing test suites (see <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/706">#706</a>).
For example, a test suite may require all fixtures and tests to run in
the same event loop, but have async fixtures that are set up and torn
down for each module. If you're affected by this issue, please continue
using the v0.21 release, until it is resolved.</p>
<h2>pytest-asyncio 0.23.5a0</h2>
<h1>0.23.5 (UNRELEASED)</h1>
<ul>
<li>Declare compatibility with pytest 8 <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/737">#737</a></li>
<li>Fix typing errors with recent versions of mypy <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/769">#769</a></li>
</ul>
<h2>Known issues</h2>
<p>As of v0.23, pytest-asyncio attaches an asyncio event loop to each
item of the test suite (i.e. session, packages, modules, classes,
functions) and allows tests to be run in those loops when marked
accordingly. Pytest-asyncio currently assumes that async fixture scope
is correlated with the new event loop scope. This prevents fixtures from
being evaluated independently from the event loop scope and breaks some
existing test suites (see <a
href="https://redirect.github.com/pytest-dev/pytest-asyncio/issues/706">#706</a>).
For example, a test suite may require all fixtures and tests to run in
the same event loop, but have async fixtures that are set up and torn
down for each module. If you're affected by this issue, please continue
using the v0.21 release, until it is resolved.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4be86a5174"><code>4be86a5</code></a>
docs: Prepare release of v0.23.8.</li>
<li><a
href="74b3a0a205"><code>74b3a0a</code></a>
Build(deps): Bump exceptiongroup in /dependencies/default</li>
<li><a
href="b0009ca36a"><code>b0009ca</code></a>
[build] Declare support for Python 3.13.</li>
<li><a
href="c747c7db78"><code>c747c7d</code></a>
Build(deps): Bump coverage from 7.5.4 to 7.6.0 in
/dependencies/default</li>
<li><a
href="5c40a1cf8b"><code>5c40a1c</code></a>
Build(deps): Bump hypothesis in /dependencies/default</li>
<li><a
href="b735e8a8ef"><code>b735e8a</code></a>
build: Remove development dependency on Docker.</li>
<li><a
href="91171b41c2"><code>91171b4</code></a>
ci: Test with CPython 3.13.</li>
<li><a
href="d572138e09"><code>d572138</code></a>
Build(deps): Bump hypothesis in /dependencies/default</li>
<li><a
href="a89e4d7a89"><code>a89e4d7</code></a>
Build(deps): Bump certifi in /dependencies/docs</li>
<li><a
href="b646cc18a2"><code>b646cc1</code></a>
[fix] Fixed a bug that causes markers to be duplicated for async test
functions.</li>
<li>Additional commits viewable in <a
href="https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.2...v0.23.8">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [setuptools](https://github.com/pypa/setuptools) from 68.2.0 to
70.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's
changelog</a>.</em></p>
<blockquote>
<h1>v70.0.0</h1>
<h2>Features</h2>
<ul>
<li>Emit a warning when <code>[tools.setuptools]</code> is present in
<code>pyproject.toml</code> and will be ignored. -- by
:user:<code>SnoopJ</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4150">#4150</a>)</li>
<li>Improved <code>AttributeError</code> error message if
<code>pkg_resources.EntryPoint.require</code> is called without extras
or distribution
Gracefully "do nothing" when trying to activate a
<code>pkg_resources.Distribution</code> with a <code>None</code>
location, rather than raising a <code>TypeError</code>
-- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4262">#4262</a>)</li>
<li>Typed the dynamically defined variables from
<code>pkg_resources</code> -- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4267">#4267</a>)</li>
<li>Modernized and refactored VCS handling in package_index. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4332">#4332</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>In install command, use super to call the superclass methods. Avoids
race conditions when monkeypatching from _distutils_system_mod occurs
late. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4136">#4136</a>)</li>
<li>Fix finder template for lenient editable installs of implicit nested
namespaces
constructed by using <code>package_dir</code> to reorganise directory
structure. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4278">#4278</a>)</li>
<li>Fix an error with <code>UnicodeDecodeError</code> handling in
<code>pkg_resources</code> when trying to read files in UTF-8 with a
fallback -- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4348">#4348</a>)</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Uses RST substitution to put badges in 1 line. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4312">#4312</a>)</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>
<p>Further adoption of UTF-8 in <code>setuptools</code>.
This change regards mostly files produced and consumed during the build
process
(e.g. metadata files, script wrappers, automatically updated config
files, etc..)
Although precautions were taken to minimize disruptions, some edge cases
might
be subject to backwards incompatibility.</p>
<p>Support for <code>"locale"</code> encoding is now
<strong>deprecated</strong>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4309">#4309</a>)</p>
</li>
<li>
<p>Remove <code>setuptools.convert_path</code> after long deprecation
period.
This function was never defined by <code>setuptools</code> itself, but
rather a
side-effect of an import for internal usage. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4322">#4322</a>)</p>
</li>
<li>
<p>Remove fallback for customisations of <code>distutils</code>'
<code>build.sub_command</code> after long
deprecated period.
Users are advised to import <code>build</code> directly from
<code>setuptools.command.build</code>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4322">#4322</a>)</p>
</li>
<li>
<p>Removed <code>typing_extensions</code> from vendored dependencies --
by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4324">#4324</a>)</p>
</li>
<li>
<p>Remove deprecated <code>setuptools.dep_util</code>.
The provided alternative is <code>setuptools.modified</code>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4360">#4360</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5cbf12a9b6"><code>5cbf12a</code></a>
Workaround for release error in v70</li>
<li><a
href="9c1bcc3417"><code>9c1bcc3</code></a>
Bump version: 69.5.1 → 70.0.0</li>
<li><a
href="4dc0c31644"><code>4dc0c31</code></a>
Remove deprecated <code>setuptools.dep_util</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4360">#4360</a>)</li>
<li><a
href="6c1ef5748d"><code>6c1ef57</code></a>
Remove xfail now that test passes. Ref <a
href="https://redirect.github.com/pypa/setuptools/issues/4371">#4371</a>.</li>
<li><a
href="d14fa0162c"><code>d14fa01</code></a>
Add all site-packages dirs when creating simulated environment for
test_edita...</li>
<li><a
href="6b7f7a18af"><code>6b7f7a1</code></a>
Prevent <code>bin</code> folders to be taken as extern packages when
vendoring (<a
href="https://redirect.github.com/pypa/setuptools/issues/4370">#4370</a>)</li>
<li><a
href="69141f69f8"><code>69141f6</code></a>
Add doctest for vendorised bin folder</li>
<li><a
href="2a53cc1200"><code>2a53cc1</code></a>
Prevent 'bin' folders to be taken as extern packages</li>
<li><a
href="720862807d"><code>7208628</code></a>
Replace call to deprecated <code>validate_pyproject</code> command (<a
href="https://redirect.github.com/pypa/setuptools/issues/4363">#4363</a>)</li>
<li><a
href="96d681aa40"><code>96d681a</code></a>
Remove call to deprecated validate_pyproject command</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/setuptools/compare/v68.2.0...v70.0.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.111.1 to
0.112.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fastapi/fastapi/releases">fastapi's
releases</a>.</em></p>
<blockquote>
<h2>0.112.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>♻️ Add support for <code>pip install
"fastapi[standard]"</code> with standard dependencies and
<code>python -m fastapi</code>. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/11935">#11935</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
</ul>
<h4>Summary</h4>
<p>Install with:</p>
<pre lang="bash"><code>pip install "fastapi[standard]"
</code></pre>
<h4>Other Changes</h4>
<ul>
<li>This adds support for calling the CLI as:</li>
</ul>
<pre lang="bash"><code>python -m python
</code></pre>
<ul>
<li>And it upgrades <code>fastapi-cli[standard] >=0.0.5</code>.</li>
</ul>
<h4>Technical Details</h4>
<p>Before this, <code>fastapi</code> would include the standard
dependencies, with Uvicorn and the <code>fastapi-cli</code>, etc.</p>
<p>And <code>fastapi-slim</code> would not include those standard
dependencies.</p>
<p>Now <code>fastapi</code> doesn't include those standard dependencies
unless you install with <code>pip install
"fastapi[standard]"</code>.</p>
<p>Before, you would install <code>pip install fastapi</code>, now you
should include the <code>standard</code> optional dependencies (unless
you want to exclude one of those): <code>pip install
"fastapi[standard]"</code>.</p>
<p>This change is because having the standard optional dependencies
installed by default was being inconvenient to several users, and having
to install instead <code>fastapi-slim</code> was not being a feasible
solution.</p>
<p>Discussed here: <a
href="https://redirect.github.com/fastapi/fastapi/pull/11522">#11522</a>
and here: <a
href="https://github.com/fastapi/fastapi/discussions/11525">#11525</a></p>
<h3>Docs</h3>
<ul>
<li>✏️ Fix typos in docs. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/11926">#11926</a>
by <a
href="https://github.com/jianghuyiyuan"><code>@jianghuyiyuan</code></a>.</li>
<li>📝 Tweak management docs. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/11918">#11918</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
<li>🚚 Rename GitHub links from tiangolo/fastapi to fastapi/fastapi. PR
<a
href="https://redirect.github.com/fastapi/fastapi/pull/11913">#11913</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
<li>📝 Add docs about FastAPI team and project management. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11908">#11908</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
<li>📝 Re-structure docs main menu. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11904">#11904</a>
by <a
href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li>
<li>📝 Update Speakeasy URL. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11871">#11871</a>
by <a
href="https://github.com/ndimares"><code>@ndimares</code></a>.</li>
</ul>
<h3>Translations</h3>
<ul>
<li>🌐 Update Portuguese translation for
<code>docs/pt/docs/alternatives.md</code>. PR <a
href="https://redirect.github.com/fastapi/fastapi/pull/11931">#11931</a>
by <a href="https://github.com/ceb10n"><code>@ceb10n</code></a>.</li>
<li>🌐 Add Russian translation for
<code>docs/ru/docs/tutorial/dependencies/sub-dependencies.md</code>. PR
<a
href="https://redirect.github.com/tiangolo/fastapi/pull/10515">#10515</a>
by <a
href="https://github.com/AlertRED"><code>@AlertRED</code></a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b2e233867c"><code>b2e2338</code></a>
🔖 Release version 0.112.0</li>
<li><a
href="003d45428f"><code>003d454</code></a>
📝 Update release notes</li>
<li><a
href="450bff65f4"><code>450bff6</code></a>
📝 Update release notes</li>
<li><a
href="a25c92ceb9"><code>a25c92c</code></a>
♻️ Add support for <code>pip install
"fastapi[standard]"</code> with standard dependenci...</li>
<li><a
href="3990a0a510"><code>3990a0a</code></a>
📝 Update release notes</li>
<li><a
href="1f7dcc58de"><code>1f7dcc5</code></a>
🌐 Update Portuguese translation for
<code>docs/pt/docs/alternatives.md</code> (<a
href="https://redirect.github.com/fastapi/fastapi/issues/11931">#11931</a>)</li>
<li><a
href="12a4476c3d"><code>12a4476</code></a>
📝 Update release notes</li>
<li><a
href="efb4a077be"><code>efb4a07</code></a>
🔧 Update sponsors: add liblab (<a
href="https://redirect.github.com/fastapi/fastapi/issues/11934">#11934</a>)</li>
<li><a
href="9d41d6e8a8"><code>9d41d6e</code></a>
📝 Update release notes</li>
<li><a
href="643a87cc84"><code>643a87c</code></a>
👷 Update GitHub Action label-approved permissions (<a
href="https://redirect.github.com/fastapi/fastapi/issues/11933">#11933</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/fastapi/fastapi/compare/0.111.1...0.112.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [black](https://github.com/psf/black) from 24.4.0 to 24.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>24.8.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix crash when <code># fmt: off</code> is used before a closing
parenthesis or bracket. (<a
href="https://redirect.github.com/psf/black/issues/4363">#4363</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Packaging metadata updated: docs are explictly linked, the issue
tracker is now also
linked. This improves the PyPI listing for Black. (<a
href="https://redirect.github.com/psf/black/issues/4345">#4345</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix regression where Black failed to parse a multiline f-string
containing another
multiline string (<a
href="https://redirect.github.com/psf/black/issues/4339">#4339</a>)</li>
<li>Fix regression where Black failed to parse an escaped single quote
inside an f-string
(<a
href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li>Fix bug with Black incorrectly parsing empty lines with a backslash
(<a
href="https://redirect.github.com/psf/black/issues/4343">#4343</a>)</li>
<li>Fix bugs with Black's tokenizer not handling <code>\{</code> inside
f-strings very well (<a
href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li>Fix incorrect line numbers in the tokenizer for certain tokens
within f-strings
(<a
href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve performance when a large directory is listed in
<code>.gitignore</code> (<a
href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix blackd (and all extras installs) for docker container (<a
href="https://redirect.github.com/psf/black/issues/4357">#4357</a>)</li>
</ul>
<h2>24.4.2</h2>
<p>This is a bugfix release to fix two regressions in the new f-string
parser introduced in
24.4.1.</p>
<h3>Parser</h3>
<ul>
<li>Fix regression where certain complex f-strings failed to parse (<a
href="https://redirect.github.com/psf/black/issues/4332">#4332</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix bad performance on certain complex string literals (<a
href="https://redirect.github.com/psf/black/issues/4331">#4331</a>)</li>
</ul>
<h2>24.4.1</h2>
<h3>Highlights</h3>
<ul>
<li>Add support for the new Python 3.12 f-string syntax introduced by
PEP 701 (<a
href="https://redirect.github.com/psf/black/issues/3822">#3822</a>)</li>
</ul>
<h3>Stable style</h3>
<ul>
<li>Fix crash involving indented dummy functions containing newlines (<a
href="https://redirect.github.com/psf/black/issues/4318">#4318</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>24.8.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix crash when <code># fmt: off</code> is used before a closing
parenthesis or bracket. (<a
href="https://redirect.github.com/psf/black/issues/4363">#4363</a>)</li>
</ul>
<h3>Packaging</h3>
<ul>
<li>Packaging metadata updated: docs are explictly linked, the issue
tracker is now also
linked. This improves the PyPI listing for Black. (<a
href="https://redirect.github.com/psf/black/issues/4345">#4345</a>)</li>
</ul>
<h3>Parser</h3>
<ul>
<li>Fix regression where Black failed to parse a multiline f-string
containing another
multiline string (<a
href="https://redirect.github.com/psf/black/issues/4339">#4339</a>)</li>
<li>Fix regression where Black failed to parse an escaped single quote
inside an f-string
(<a
href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li>Fix bug with Black incorrectly parsing empty lines with a backslash
(<a
href="https://redirect.github.com/psf/black/issues/4343">#4343</a>)</li>
<li>Fix bugs with Black's tokenizer not handling <code>\{</code> inside
f-strings very well (<a
href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li>Fix incorrect line numbers in the tokenizer for certain tokens
within f-strings
(<a
href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Improve performance when a large directory is listed in
<code>.gitignore</code> (<a
href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
</ul>
<h3><em>Blackd</em></h3>
<ul>
<li>Fix blackd (and all extras installs) for docker container (<a
href="https://redirect.github.com/psf/black/issues/4357">#4357</a>)</li>
</ul>
<h2>24.4.2</h2>
<p>This is a bugfix release to fix two regressions in the new f-string
parser introduced in
24.4.1.</p>
<h3>Parser</h3>
<ul>
<li>Fix regression where certain complex f-strings failed to parse (<a
href="https://redirect.github.com/psf/black/issues/4332">#4332</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix bad performance on certain complex string literals (<a
href="https://redirect.github.com/psf/black/issues/4331">#4331</a>)</li>
</ul>
<h2>24.4.1</h2>
<h3>Highlights</h3>
<ul>
<li>Add support for the new Python 3.12 f-string syntax introduced by
PEP 701 (<a
href="https://redirect.github.com/psf/black/issues/3822">#3822</a>)</li>
</ul>
<h3>Stable style</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b965c2a502"><code>b965c2a</code></a>
Prepare release 24.8.0 (<a
href="https://redirect.github.com/psf/black/issues/4426">#4426</a>)</li>
<li><a
href="9ccf279a17"><code>9ccf279</code></a>
Document <code>find_project_root</code> ignoring
<code>pyproject.toml</code> without <code>[tool.black]</code>...</li>
<li><a
href="14b6e61970"><code>14b6e61</code></a>
fix: Enhace black efficiently to skip directories listed in .gitignore
(<a
href="https://redirect.github.com/psf/black/issues/4415">#4415</a>)</li>
<li><a
href="b1c4dd96d7"><code>b1c4dd9</code></a>
fix: respect braces better in f-string parsing (<a
href="https://redirect.github.com/psf/black/issues/4422">#4422</a>)</li>
<li><a
href="4b4ae43e8b"><code>4b4ae43</code></a>
Fix incorrect linenos on fstring tokens with escaped newlines (<a
href="https://redirect.github.com/psf/black/issues/4423">#4423</a>)</li>
<li><a
href="7fa1faf83a"><code>7fa1faf</code></a>
docs: fix the installation command of extra for blackd (<a
href="https://redirect.github.com/psf/black/issues/4413">#4413</a>)</li>
<li><a
href="8827accf56"><code>8827acc</code></a>
Bump sphinx from 7.3.7 to 7.4.0 in /docs (<a
href="https://redirect.github.com/psf/black/issues/4404">#4404</a>)</li>
<li><a
href="b0da11d370"><code>b0da11d</code></a>
Bump furo from 2024.5.6 to 2024.7.18 in /docs (<a
href="https://redirect.github.com/psf/black/issues/4409">#4409</a>)</li>
<li><a
href="721dff5493"><code>721dff5</code></a>
fix: avoid formatting backslash strings inside f-strings (<a
href="https://redirect.github.com/psf/black/issues/4401">#4401</a>)</li>
<li><a
href="7e2afc9bfd"><code>7e2afc9</code></a>
Update <code>actions/checkout</code> to v4 to stop node deprecation
warnings (<a
href="https://redirect.github.com/psf/black/issues/4379">#4379</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/24.4.0...24.8.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- Cirrus recorded a lot of duplicate errors when it was not able to find
.env variable it was expecting
This commit
- Update sample rate to control the errors, we will adjust this and see
which one works better for us as per the need
- Also changed the settings on sentry for cirrus prod and stage projects
to limit the reporting i.e 30 events in 5 minutes
<img width="1253" alt="Screenshot 2024-07-31 at 2 07 43 PM"
src="https://github.com/user-attachments/assets/edae487e-52a9-4914-b62d-9d4d7563400c">
Fixes #github_issue_number
Because
- Sentry reports many errors if the remote settings preview URL is not
set.
This commit
- Will not fetch from preview URL if it's not provided
- Will exit the server if remote setting live URL is not provided
Fixes#11123
Because
- QA should be able to test web experiments on the prod of the
implementing application
This commit
- Supports Cirrus to handle the `nimbus_preview` flag so that it should
return a response based on the preview records
Fixes#10953
---------
Co-authored-by: Jared Lockhart <119884+jaredlockhart@users.noreply.github.com>
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.32.0</h2>
<h2>2.32.0 (2024-05-20)</h2>
<h2>🐍 PYCON US 2024 EDITION 🐍</h2>
<p><strong>Security</strong></p>
<ul>
<li>Fixed an issue where setting <code>verify=False</code> on the first
request from a
Session will cause subsequent requests to the <em>same origin</em> to
also ignore
cert verification, regardless of the value of <code>verify</code>.
(<a
href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li><code>verify=True</code> now reuses a global SSLContext which should
improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x. (<a
href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li>
<li>Requests now supports optional use of character detection
(<code>chardet</code> or <code>charset_normalizer</code>) when
repackaged or vendored.
This enables <code>pip</code> and other projects to minimize their
vendoring
surface area. The <code>Response.text()</code> and
<code>apparent_encoding</code> APIs
will default to <code>utf-8</code> if neither library is present. (<a
href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (<a
href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li>
<li>Fixed deserialization bug in JSONDecodeError. (<a
href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li>
<li>Fixed bug where an extra leading <code>/</code> (path separator)
could lead
urllib3 to unnecessarily reparse the request URI. (<a
href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Requests has officially added support for CPython 3.12 (<a
href="https://redirect.github.com/psf/requests/issues/6503">#6503</a>)</li>
<li>Requests has officially added support for PyPy 3.9 and 3.10 (<a
href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li>
<li>Requests has officially dropped support for CPython 3.7 (<a
href="https://redirect.github.com/psf/requests/issues/6642">#6642</a>)</li>
<li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a
href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<p><strong>Packaging</strong></p>
<ul>
<li>Requests has started adopting some modern packaging practices.
The source files for the projects (formerly <code>requests</code>) is
now located
in <code>src/requests</code> in the Requests sdist. (<a
href="https://redirect.github.com/psf/requests/issues/6506">#6506</a>)</li>
<li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517
build system
using <code>hatchling</code>. This should not impact the average user,
but extremely old
versions of packaging utilities may have issues with the new packaging
format.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/matthewarmand"><code>@matthewarmand</code></a>
made their first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6258">psf/requests#6258</a></li>
<li><a href="https://github.com/cpzt"><code>@cpzt</code></a> made their
first contribution in <a
href="https://redirect.github.com/psf/requests/pull/6456">psf/requests#6456</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.32.0 (2024-05-20)</h2>
<p><strong>Security</strong></p>
<ul>
<li>Fixed an issue where setting <code>verify=False</code> on the first
request from a
Session will cause subsequent requests to the <em>same origin</em> to
also ignore
cert verification, regardless of the value of <code>verify</code>.
(<a
href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li><code>verify=True</code> now reuses a global SSLContext which should
improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a
Python
version built with OpenSSL 3.x. (<a
href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li>
<li>Requests now supports optional use of character detection
(<code>chardet</code> or <code>charset_normalizer</code>) when
repackaged or vendored.
This enables <code>pip</code> and other projects to minimize their
vendoring
surface area. The <code>Response.text()</code> and
<code>apparent_encoding</code> APIs
will default to <code>utf-8</code> if neither library is present. (<a
href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li>
</ul>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (<a
href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li>
<li>Fixed deserialization bug in JSONDecodeError. (<a
href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li>
<li>Fixed bug where an extra leading <code>/</code> (path separator)
could lead
urllib3 to unnecessarily reparse the request URI. (<a
href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Requests has officially added support for CPython 3.12 (<a
href="https://redirect.github.com/psf/requests/issues/6503">#6503</a>)</li>
<li>Requests has officially added support for PyPy 3.9 and 3.10 (<a
href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li>
<li>Requests has officially dropped support for CPython 3.7 (<a
href="https://redirect.github.com/psf/requests/issues/6642">#6642</a>)</li>
<li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a
href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li>
</ul>
<p><strong>Documentation</strong></p>
<ul>
<li>Various typo fixes and doc improvements.</li>
</ul>
<p><strong>Packaging</strong></p>
<ul>
<li>Requests has started adopting some modern packaging practices.
The source files for the projects (formerly <code>requests</code>) is
now located
in <code>src/requests</code> in the Requests sdist. (<a
href="https://redirect.github.com/psf/requests/issues/6506">#6506</a>)</li>
<li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517
build system
using <code>hatchling</code>. This should not impact the average user,
but extremely old
versions of packaging utilities may have issues with the new packaging
format.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d6ebc4a2f1"><code>d6ebc4a</code></a>
v2.32.0</li>
<li><a
href="9a40d12778"><code>9a40d12</code></a>
Avoid reloading root certificates to improve concurrent performance (<a
href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li>
<li><a
href="0c030f78d2"><code>0c030f7</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>
from nateprewitt/no_char_detection</li>
<li><a
href="555b870eb1"><code>555b870</code></a>
Allow character detection dependencies to be optional in post-packaging
steps</li>
<li><a
href="d6dded3f00"><code>d6dded3</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6700">#6700</a>
from franekmagiera/update-redirect-to-invalid-uri-test</li>
<li><a
href="bf24b7d8d1"><code>bf24b7d</code></a>
Use an invalid URI that will not cause httpbin to throw 500</li>
<li><a
href="2d5f54779a"><code>2d5f547</code></a>
Pin 3.8 and 3.9 runners back to macos-13 (<a
href="https://redirect.github.com/psf/requests/issues/6688">#6688</a>)</li>
<li><a
href="f1bb07d39b"><code>f1bb07d</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6687">#6687</a>
from psf/dependabot/github_actions/github/codeql-act...</li>
<li><a
href="60047ade64"><code>60047ad</code></a>
Bump github/codeql-action from 3.24.0 to 3.25.0</li>
<li><a
href="31ebb8102c"><code>31ebb81</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6682">#6682</a>
from frenzymadness/pytest8</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.31.0...v2.32.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/releases">jinja2's
releases</a>.</em></p>
<blockquote>
<h2>3.1.4</h2>
<p>This is the Jinja 3.1.4 security release, which fixes security issues
and bugs but does not otherwise change behavior and should not result in
breaking changes.</p>
<p>PyPI: <a
href="https://pypi.org/project/Jinja2/3.1.4/">https://pypi.org/project/Jinja2/3.1.4/</a>
Changes: <a
href="https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4">https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4</a></p>
<ul>
<li>The <code>xmlattr</code> filter does not allow keys with
<code>/</code> solidus, <code>></code> greater-than sign, or
<code>=</code> equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be
used as keys to this filter, or must be separately validated first.
GHSA-h75v-3vvj-5mfj</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.4</h2>
<p>Released 2024-05-05</p>
<ul>
<li>The <code>xmlattr</code> filter does not allow keys with
<code>/</code> solidus, <code>></code>
greater-than sign, or <code>=</code> equals sign, in addition to
disallowing spaces.
Regardless of any validation done by Jinja, user input should never be
used
as keys to this filter, or must be separately validated first.
:ghsa:<code>h75v-3vvj-5mfj</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dd4a8b5466"><code>dd4a8b5</code></a>
release version 3.1.4</li>
<li><a
href="0668239dc6"><code>0668239</code></a>
Merge pull request from GHSA-h75v-3vvj-5mfj</li>
<li><a
href="d655030770"><code>d655030</code></a>
disallow invalid characters in keys to xmlattr filter</li>
<li><a
href="a7863ba9d3"><code>a7863ba</code></a>
add ghsa links</li>
<li><a
href="b5c98e78c2"><code>b5c98e7</code></a>
start version 3.1.4</li>
<li><a
href="da3a9f0b80"><code>da3a9f0</code></a>
update project files (<a
href="https://redirect.github.com/pallets/jinja/issues/1968">#1968</a>)</li>
<li><a
href="0ee5eb41d1"><code>0ee5eb4</code></a>
satisfy formatter, linter, and strict mypy</li>
<li><a
href="20477c6357"><code>20477c6</code></a>
update project files (<a
href="https://redirect.github.com/pallets/jinja/issues/5457">#5457</a>)</li>
<li><a
href="e491223739"><code>e491223</code></a>
update pyyaml dev dependency</li>
<li><a
href="36f98854c7"><code>36f9885</code></a>
fix pr link</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/jinja/compare/3.1.3...3.1.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- Sentry was getting initializing after glean initialization, hence we
were not getting glean error reports on sentry
This commit
- changes the sequence of sentry initialization
Fixes#10614
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.3.0 to 0.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases">ruff's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.1</h2>
<h2>Changes</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>pylint</code>] Implement <code>invalid-hash-returned</code>
(<code>PLE0309</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10961">#10961</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-index-returned</code>
(<code>PLE0305</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10962">#10962</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pylint</code>] Allow <code>NoReturn</code>-like functions for
<code>__str__</code>, <code>__len__</code>, etc. (<code>PLE0307</code>)
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11017">#11017</a>)</li>
<li>Parser: Use empty range when there's "gap" in token source
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11032">#11032</a>)</li>
<li>[<code>ruff</code>] Ignore stub functions in
<code>unused-async</code> (<code>RUF029</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11026">#11026</a>)</li>
<li>Parser: Expect indented case block instead of match stmt (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11033">#11033</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li><a
href="https://github.com/AlexWaygood"><code>@AlexWaygood</code></a></li>
<li><a
href="https://github.com/HenryAsa"><code>@HenryAsa</code></a></li>
<li><a
href="https://github.com/MithicSpirit"><code>@MithicSpirit</code></a></li>
<li><a
href="https://github.com/charliermarsh"><code>@charliermarsh</code></a></li>
<li><a
href="https://github.com/dhruvmanila"><code>@dhruvmanila</code></a></li>
<li><a
href="https://github.com/tibor-reiss"><code>@tibor-reiss</code></a></li>
</ul>
<h2>v0.4.0</h2>
<h2>Changes</h2>
<h3>A new, hand-written parser</h3>
<p>Ruff's new parser is <strong>>2x faster</strong>, which translates
to a <strong>20-40% speedup</strong> for all linting and formatting
invocations. There's a lot to say about this exciting change, so check
out the <a href="https://astral.sh/blog/ruff-v0.4.0">blog post</a> for
more details!</p>
<p>See <a
href="https://redirect.github.com/astral-sh/ruff/pull/10036">#10036</a>
for implementation details.</p>
<h3>A new language server in Rust</h3>
<p>With this release, we also want to highlight our new language server.
<code>ruff server</code> is a Rust-powered language server that comes
built-in with Ruff. It can be used with any editor that supports the <a
href="https://microsoft.github.io/language-server-protocol/">Language
Server Protocol</a> (LSP). It uses a multi-threaded, lock-free
architecture inspired by <code>rust-analyzer</code> and it will open the
door for a lot of exciting features. It’s also faster than our previous
<a href="https://github.com/astral-sh/ruff-lsp">Python-based language
server</a> -- but you probably guessed that already.</p>
<p><code>ruff server</code> is only in alpha, but it has a lot of
features that you can try out today:</p>
<ul>
<li>Lints Python files automatically and shows quick-fixes when
available</li>
<li>Formats Python files, with support for range formatting</li>
<li>Comes with commands for quickly performing actions:
<code>ruff.applyAutofix</code>, <code>ruff.applyFormat</code>, and
<code>ruff.applyOrganizeImports</code></li>
<li>Supports <code>source.fixAll</code> and
<code>source.organizeImports</code> source actions</li>
<li>Automatically reloads your project configuration when you change
it</li>
</ul>
<p>To setup <code>ruff server</code> with your editor, refer to the <a
href="https://github.com/astral-sh/ruff/blob/main/crates/ruff_server/README.md">README.md</a>.</p>
<h3>Preview features</h3>
<ul>
<li>[<code>pycodestyle</code>] Do not trigger <code>E3</code> rules on
<code>def</code>s following a function/method with a dummy body (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10704">#10704</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-bytes-returned</code>
(<code>E0308</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10959">#10959</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.4.1</h2>
<h3>Preview features</h3>
<ul>
<li>[<code>pylint</code>] Implement <code>invalid-hash-returned</code>
(<code>PLE0309</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10961">#10961</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-index-returned</code>
(<code>PLE0305</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10962">#10962</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>[<code>pylint</code>] Allow <code>NoReturn</code>-like functions for
<code>__str__</code>, <code>__len__</code>, etc. (<code>PLE0307</code>)
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11017">#11017</a>)</li>
<li>Parser: Use empty range when there's "gap" in token source
(<a
href="https://redirect.github.com/astral-sh/ruff/pull/11032">#11032</a>)</li>
<li>[<code>ruff</code>] Ignore stub functions in
<code>unused-async</code> (<code>RUF029</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11026">#11026</a>)</li>
<li>Parser: Expect indented case block instead of match stmt (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11033">#11033</a>)</li>
</ul>
<h2>0.4.0</h2>
<h3>A new, hand-written parser</h3>
<p>Ruff's new parser is <strong>>2x faster</strong>, which translates
to a <strong>20-40% speedup</strong> for all linting and formatting
invocations.
There's a lot to say about this exciting change, so check out the <a
href="https://astral.sh/blog/ruff-v0.4.0">blog post</a> for more
details!</p>
<p>See <a
href="https://redirect.github.com/astral-sh/ruff/pull/10036">#10036</a>
for implementation details.</p>
<h3>A new language server in Rust</h3>
<p>With this release, we also want to highlight our new language server.
<code>ruff server</code> is a Rust-powered language
server that comes built-in with Ruff. It can be used with any editor
that supports the <a
href="https://microsoft.github.io/language-server-protocol/">Language
Server Protocol</a> (LSP).
It uses a multi-threaded, lock-free architecture inspired by
<code>rust-analyzer</code> and it will open the door for a lot
of exciting features. It’s also faster than our previous <a
href="https://github.com/astral-sh/ruff-lsp">Python-based language
server</a>
-- but you probably guessed that already.</p>
<p><code>ruff server</code> is only in alpha, but it has a lot of
features that you can try out today:</p>
<ul>
<li>Lints Python files automatically and shows quick-fixes when
available</li>
<li>Formats Python files, with support for range formatting</li>
<li>Comes with commands for quickly performing actions:
<code>ruff.applyAutofix</code>, <code>ruff.applyFormat</code>, and
<code>ruff.applyOrganizeImports</code></li>
<li>Supports <code>source.fixAll</code> and
<code>source.organizeImports</code> source actions</li>
<li>Automatically reloads your project configuration when you change
it</li>
</ul>
<p>To setup <code>ruff server</code> with your editor, refer to the <a
href="https://github.com/astral-sh/ruff/blob/main/crates/ruff_server/README.md">README.md</a>.</p>
<h3>Preview features</h3>
<ul>
<li>[<code>pycodestyle</code>] Do not trigger <code>E3</code> rules on
<code>def</code>s following a function/method with a dummy body (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10704">#10704</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-bytes-returned</code>
(<code>E0308</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10959">#10959</a>)</li>
<li>[<code>pylint</code>] Implement <code>invalid-length-returned</code>
(<code>E0303</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/10963">#10963</a>)</li>
<li>[<code>pylint</code>] Implement <code>self-cls-assignment</code>
(<code>W0642</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/9267">#9267</a>)</li>
<li>[<code>pylint</code>] Omit stubs from <code>invalid-bool</code> and
<code>invalid-str-return-type</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/11008">#11008</a>)</li>
<li>[<code>ruff</code>] New rule <code>unused-async</code>
(<code>RUF029</code>) to detect unneeded <code>async</code> keywords on
functions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/9966">#9966</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ff25a540c"><code>0ff25a5</code></a>
Bump version to 0.4.1 (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11035">#11035</a>)</li>
<li><a
href="34873ec009"><code>34873ec</code></a>
Add a script to fuzz the parser (courtesy of
<code>pysource-codegen</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11015">#11015</a>)</li>
<li><a
href="d3cd61f804"><code>d3cd61f</code></a>
Use empty range when there's "gap" in token source (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11032">#11032</a>)</li>
<li><a
href="9b80cc09ee"><code>9b80cc0</code></a>
Select fewer ruff rules when linting Python files in
<code>scripts/</code> (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11034">#11034</a>)</li>
<li><a
href="9bb23b0a38"><code>9bb23b0</code></a>
Expect indented case block instead of match stmt (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11033">#11033</a>)</li>
<li><a
href="06c248a126"><code>06c248a</code></a>
[<code>ruff]</code> Ignore stub functions in <code>unused-async</code>
(<code>RUF029</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11026">#11026</a>)</li>
<li><a
href="27902b7130"><code>27902b7</code></a>
[<code>pylint</code>] Implement <code>invalid-index-returned</code>
(<code>PLE0305</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/10962">#10962</a>)</li>
<li><a
href="97acf1d59b"><code>97acf1d</code></a>
ENH: Bump <code>ruff</code> dependency versions to support the latest
release of `v0.4.0...</li>
<li><a
href="adf63d9013"><code>adf63d9</code></a>
[<code>pylint</code>] Implement <code>invalid-hash-returned</code>
(<code>PLE0309</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/issues/10961">#10961</a>)</li>
<li><a
href="5d3c9f2637"><code>5d3c9f2</code></a>
<code>ruff server</code>: fix Neovim setup guide command (<a
href="https://redirect.github.com/astral-sh/ruff/issues/11021">#11021</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/v0.3.0...v0.4.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- We recently added support for non root user for the cirrus docker
image, but non root user is having difficulty to work with glean data
directories
This commit
- Give appropriate permission to the user
Fixes#10594
Bumps [black](https://github.com/psf/black) from 24.3.0 to 24.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>24.4.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix unwanted crashes caused by AST equivalency check (<a
href="https://redirect.github.com/psf/black/issues/4290">#4290</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li><code>if</code> guards in <code>case</code> blocks are now wrapped
in parentheses when the line is too long.
(<a
href="https://redirect.github.com/psf/black/issues/4269">#4269</a>)</li>
<li>Stop moving multiline strings to a new line unless inside brackets
(<a
href="https://redirect.github.com/psf/black/issues/4289">#4289</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Add a new option <code>use_pyproject</code> to the GitHub Action
<code>psf/black</code>. This will read the
Black version from <code>pyproject.toml</code>. (<a
href="https://redirect.github.com/psf/black/issues/4294">#4294</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>24.4.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fix unwanted crashes caused by AST equivalency check (<a
href="https://redirect.github.com/psf/black/issues/4290">#4290</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li><code>if</code> guards in <code>case</code> blocks are now wrapped
in parentheses when the line is too long.
(<a
href="https://redirect.github.com/psf/black/issues/4269">#4269</a>)</li>
<li>Stop moving multiline strings to a new line unless inside brackets
(<a
href="https://redirect.github.com/psf/black/issues/4289">#4289</a>)</li>
</ul>
<h3>Integrations</h3>
<ul>
<li>Add a new option <code>use_pyproject</code> to the GitHub Action
<code>psf/black</code>. This will read the
Black version from <code>pyproject.toml</code>. (<a
href="https://redirect.github.com/psf/black/issues/4294">#4294</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8fe627072f"><code>8fe6270</code></a>
Prepare release 24.4.0 (<a
href="https://redirect.github.com/psf/black/issues/4307">#4307</a>)</li>
<li><a
href="6b25e7cdab"><code>6b25e7c</code></a>
Bump peter-evans/find-comment from 3.0.0 to 3.1.0 (<a
href="https://redirect.github.com/psf/black/issues/4304">#4304</a>)</li>
<li><a
href="07fe1ca88a"><code>07fe1ca</code></a>
docs: remove repetitive word (<a
href="https://redirect.github.com/psf/black/issues/4303">#4303</a>)</li>
<li><a
href="3383f531bc"><code>3383f53</code></a>
GitHub Action: Allow reading version from pyproject.toml (<a
href="https://redirect.github.com/psf/black/issues/4294">#4294</a>)</li>
<li><a
href="c8f1a5542c"><code>c8f1a55</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/psf/black/issues/4297">#4297</a>)</li>
<li><a
href="836acad863"><code>836acad</code></a>
Improve AST safety check (<a
href="https://redirect.github.com/psf/black/issues/4290">#4290</a>)</li>
<li><a
href="13bd0925eb"><code>13bd092</code></a>
fix: Stop moving multiline strings to a new line unless inside brackets
(<a
href="https://redirect.github.com/psf/black/issues/4289">#4289</a>)</li>
<li><a
href="c9d2635b55"><code>c9d2635</code></a>
Remove mocking from tests (<a
href="https://redirect.github.com/psf/black/issues/4287">#4287</a>)</li>
<li><a
href="bf1195612c"><code>bf11956</code></a>
Fix two logging calls in the test helper (<a
href="https://redirect.github.com/psf/black/issues/4286">#4286</a>)</li>
<li><a
href="97993f997f"><code>97993f9</code></a>
Bump pypa/cibuildwheel from 2.16.5 to 2.17.0 (<a
href="https://redirect.github.com/psf/black/issues/4283">#4283</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/24.3.0...24.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from
1.44.0 to 1.45.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's
releases</a>.</em></p>
<blockquote>
<h2>1.45.0</h2>
<p>This is the final 1.x release for the forseeable future. Development
will continue on the 2.x release line. The first 2.x version will be
available in the next few weeks.</p>
<h3>Various fixes & improvements</h3>
<ul>
<li>
<p>Allow to upsert monitors (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2929">#2929</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
<p>It's now possible to provide <code>monitor_config</code> to the
<code>monitor</code> decorator/context manager directly:</p>
<pre lang="python"><code>from sentry_sdk.crons import monitor
<h1>All keys except <code>schedule</code> are optional</h1>
<p>monitor_config = {
"schedule": {"type": "crontab",
"value": "0 0 * * *"},
"timezone": "Europe/Vienna",
"checkin_margin": 10,
"max_runtime": 10,
"failure_issue_threshold": 5,
"recovery_threshold": 5,
}</p>
<p><a
href="https://github.com/monitor"><code>@monitor</code></a>(monitor_slug='<monitor-slug>',
monitor_config=monitor_config)
def tell_the_world():
print('My scheduled task...')
</code></pre></p>
<p>Check out <a
href="https://docs.sentry.io/platforms/python/crons/">the cron docs</a>
for details.</p>
</li>
<li>
<p>Add Django <code>signals_denylist</code> to filter signals that are
attached to by <code>signals_spans</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2758">#2758</a>)
by <a href="https://github.com/lieryan"><code>@lieryan</code></a></p>
<p>If you want to exclude some Django signals from performance tracking,
you can use the new <code>signals_denylist</code> Django option:</p>
<pre lang="python"><code>import django.db.models.signals
import sentry_sdk
<p>sentry_sdk.init(
...
integrations=[
DjangoIntegration(
...
signals_denylist=[
django.db.models.signals.pre_init,
django.db.models.signals.post_init,
],
),
],
)
</code></pre></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>1.45.0</h2>
<p>This is the final 1.x release for the forseeable future. Development
will continue on the 2.x release line. The first 2.x version will be
available in the next few weeks.</p>
<h3>Various fixes & improvements</h3>
<ul>
<li>
<p>Allow to upsert monitors (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2929">#2929</a>)
by <a
href="https://github.com/sentrivana"><code>@sentrivana</code></a></p>
<p>It's now possible to provide <code>monitor_config</code> to the
<code>monitor</code> decorator/context manager directly:</p>
<pre lang="python"><code>from sentry_sdk.crons import monitor
<h1>All keys except <code>schedule</code> are optional</h1>
<p>monitor_config = {
"schedule": {"type": "crontab",
"value": "0 0 * * *"},
"timezone": "Europe/Vienna",
"checkin_margin": 10,
"max_runtime": 10,
"failure_issue_threshold": 5,
"recovery_threshold": 5,
}</p>
<p><a
href="https://github.com/monitor"><code>@monitor</code></a>(monitor_slug='<monitor-slug>',
monitor_config=monitor_config)
def tell_the_world():
print('My scheduled task...')
</code></pre></p>
<p>Check out <a
href="https://docs.sentry.io/platforms/python/crons/">the cron docs</a>
for details.</p>
</li>
<li>
<p>Add Django <code>signals_denylist</code> to filter signals that are
attached to by <code>signals_spans</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2758">#2758</a>)
by <a href="https://github.com/lieryan"><code>@lieryan</code></a></p>
<p>If you want to exclude some Django signals from performance tracking,
you can use the new <code>signals_denylist</code> Django option:</p>
<pre lang="python"><code>import django.db.models.signals
import sentry_sdk
<p>sentry_sdk.init(
...
integrations=[
DjangoIntegration(
...
signals_denylist=[
django.db.models.signals.pre_init,
django.db.models.signals.post_init,
],
),
],
)
</code></pre></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="51a906c1b7"><code>51a906c</code></a>
Update CHANGELOG.md</li>
<li><a
href="7570e39ae3"><code>7570e39</code></a>
release: 1.45.0</li>
<li><a
href="e22abb636f"><code>e22abb6</code></a>
fix(metrics): Change <code>data_category</code> from <code>statsd</code>
to <code>metric_bucket</code> (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2954">#2954</a>)</li>
<li><a
href="fab65e6574"><code>fab65e6</code></a>
feat(metrics): New normalization of keys, values, units (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2946">#2946</a>)</li>
<li><a
href="a584653e6e"><code>a584653</code></a>
feat(typing): Make monitor_config a TypedDict (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2931">#2931</a>)</li>
<li><a
href="a1ab33901d"><code>a1ab339</code></a>
feat(metrics): Add value, unit to before_emit_metric (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2958">#2958</a>)</li>
<li><a
href="18ccb8f464"><code>18ccb8f</code></a>
chore: Remove experimental metric summary options (<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2957">#2957</a>)</li>
<li><a
href="a422dd781d"><code>a422dd7</code></a>
fix(profiler): Accessing <strong>mro</strong> might throw a ValueError
(<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2952">#2952</a>)</li>
<li><a
href="11e1f9aa1f"><code>11e1f9a</code></a>
feat(integrations): Add django signals_denylist to filter signals that
are at...</li>
<li><a
href="f5ec34cb63"><code>f5ec34c</code></a>
build(deps): bump types-protobuf from 4.24.0.20240311 to 4.24.0.20240408
(<a
href="https://redirect.github.com/getsentry/sentry-python/issues/2941">#2941</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-python/compare/1.44.0...1.45.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/releases">idna's
releases</a>.</em></p>
<blockquote>
<h2>v3.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix issue where specially crafted inputs to encode() could take
exceptionally long amount of time to process. [CVE-2024-3651]</li>
</ul>
<p>Thanks to Guido Vranken for reporting the issue.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's
changelog</a>.</em></p>
<blockquote>
<p>3.7 (2024-04-11)
++++++++++++++++</p>
<ul>
<li>Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]</li>
</ul>
<p>Thanks to Guido Vranken for reporting the issue.</p>
<p>3.6 (2023-11-25)
++++++++++++++++</p>
<ul>
<li>Fix regression to include tests in source distribution.</li>
</ul>
<p>3.5 (2023-11-24)
++++++++++++++++</p>
<ul>
<li>Update to Unicode 15.1.0</li>
<li>String codec name is now "idna2008" as overriding the
system codec
"idna" was not working.</li>
<li>Fix typing error for codec encoding</li>
<li>"setup.cfg" has been added for this release due to some
downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.</li>
<li>Removed reliance on a symlink for the "idna-data" tool to
comport
with PEP 517 and the Python Packaging User Guide for sdist
archives.</li>
<li>Added security reporting protocol for project</li>
</ul>
<p>Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for
contributions
to this release.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1d365e17e1"><code>1d365e1</code></a>
Release v3.7</li>
<li><a
href="c1b3154939"><code>c1b3154</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from
kjd/optimize-contextj</li>
<li><a
href="0394ec76ff"><code>0394ec7</code></a>
Merge branch 'master' into optimize-contextj</li>
<li><a
href="cd58a23173"><code>cd58a23</code></a>
Merge pull request <a
href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from
elliotwutingfeng/dev</li>
<li><a
href="5beb28b9dd"><code>5beb28b</code></a>
More efficient resolution of joiner contexts</li>
<li><a
href="1b121483ed"><code>1b12148</code></a>
Update ossf/scorecard-action to v2.3.1</li>
<li><a
href="d516b874c3"><code>d516b87</code></a>
Update Github actions/checkout to v4</li>
<li><a
href="c095c75943"><code>c095c75</code></a>
Merge branch 'master' into dev</li>
<li><a
href="60a0a4cb61"><code>60a0a4c</code></a>
Fix typo in GitHub Actions workflow key</li>
<li><a
href="5918a0ef80"><code>5918a0e</code></a>
Merge branch 'master' into dev</li>
<li>Additional commits viewable in <a
href="https://github.com/kjd/idna/compare/v3.4...v3.7">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Because
- Fxa can run the cirrus image in a container in the GCP v2 environment
as a non-root user only due to security policies.
This commit
- Support cirrus images to run as non-root users too.
Fixes#10459
Bumps [black](https://github.com/psf/black) from 23.12.1 to 24.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/releases">black's
releases</a>.</em></p>
<blockquote>
<h2>24.3.0</h2>
<h3>Highlights</h3>
<p>This release is a milestone: it fixes Black's first CVE security
vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of
leading tab
characters in your docstrings, you are strongly encouraged to upgrade
immediately to fix
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
<p>This release also fixes a bug in Black's AST safety check that
allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and
higher.</p>
<h3>Stable style</h3>
<ul>
<li>Don't move comments along with delimiters, which could cause crashes
(<a
href="https://redirect.github.com/psf/black/issues/4248">#4248</a>)</li>
<li>Strengthen AST safety check to catch more unsafe changes to strings.
Previous versions
of Black would incorrectly format the contents of certain unusual
f-strings containing
nested strings with the same quote type. Now, Black will crash on such
strings until
support for the new f-string syntax is implemented. (<a
href="https://redirect.github.com/psf/black/issues/4270">#4270</a>)</li>
<li>Fix a bug where line-ranges exceeding the last code line would not
work as expected
(<a
href="https://redirect.github.com/psf/black/issues/4273">#4273</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix catastrophic performance on docstrings that contain large
numbers of leading tab
characters. This fixes
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
(<a
href="https://redirect.github.com/psf/black/issues/4278">#4278</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Note what happens when <code>--check</code> is used with
<code>--quiet</code> (<a
href="https://redirect.github.com/psf/black/issues/4236">#4236</a>)</li>
</ul>
<h2>24.2.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fixed a bug where comments where mistakenly removed along with
redundant parentheses
(<a
href="https://redirect.github.com/psf/black/issues/4218">#4218</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Move the <code>hug_parens_with_braces_and_square_brackets</code>
feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (<a
href="https://redirect.github.com/psf/black/issues/4198">#4198</a>)</li>
<li>Fixed a bug where base expressions caused inconsistent formatting of
** in tenary
expression (<a
href="https://redirect.github.com/psf/black/issues/4154">#4154</a>)</li>
<li>Checking for newline before adding one on docstring that is almost
at the line limit
(<a
href="https://redirect.github.com/psf/black/issues/4185">#4185</a>)</li>
<li>Remove redundant parentheses in <code>case</code> statement
<code>if</code> guards (<a
href="https://redirect.github.com/psf/black/issues/4214">#4214</a>).</li>
</ul>
<h3>Configuration</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/black/blob/main/CHANGES.md">black's
changelog</a>.</em></p>
<blockquote>
<h2>24.3.0</h2>
<h3>Highlights</h3>
<p>This release is a milestone: it fixes Black's first CVE security
vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of
leading tab
characters in your docstrings, you are strongly encouraged to upgrade
immediately to fix
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
<p>This release also fixes a bug in Black's AST safety check that
allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and
higher.</p>
<h3>Stable style</h3>
<ul>
<li>Don't move comments along with delimiters, which could cause crashes
(<a
href="https://redirect.github.com/psf/black/issues/4248">#4248</a>)</li>
<li>Strengthen AST safety check to catch more unsafe changes to strings.
Previous versions
of Black would incorrectly format the contents of certain unusual
f-strings containing
nested strings with the same quote type. Now, Black will crash on such
strings until
support for the new f-string syntax is implemented. (<a
href="https://redirect.github.com/psf/black/issues/4270">#4270</a>)</li>
<li>Fix a bug where line-ranges exceeding the last code line would not
work as expected
(<a
href="https://redirect.github.com/psf/black/issues/4273">#4273</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix catastrophic performance on docstrings that contain large
numbers of leading tab
characters. This fixes
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
(<a
href="https://redirect.github.com/psf/black/issues/4278">#4278</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Note what happens when <code>--check</code> is used with
<code>--quiet</code> (<a
href="https://redirect.github.com/psf/black/issues/4236">#4236</a>)</li>
</ul>
<h2>24.2.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fixed a bug where comments where mistakenly removed along with
redundant parentheses
(<a
href="https://redirect.github.com/psf/black/issues/4218">#4218</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Move the <code>hug_parens_with_braces_and_square_brackets</code>
feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (<a
href="https://redirect.github.com/psf/black/issues/4198">#4198</a>)</li>
<li>Fixed a bug where base expressions caused inconsistent formatting of
** in tenary
expression (<a
href="https://redirect.github.com/psf/black/issues/4154">#4154</a>)</li>
<li>Checking for newline before adding one on docstring that is almost
at the line limit
(<a
href="https://redirect.github.com/psf/black/issues/4185">#4185</a>)</li>
<li>Remove redundant parentheses in <code>case</code> statement
<code>if</code> guards (<a
href="https://redirect.github.com/psf/black/issues/4214">#4214</a>).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="552baf8229"><code>552baf8</code></a>
Prepare release 24.3.0 (<a
href="https://redirect.github.com/psf/black/issues/4279">#4279</a>)</li>
<li><a
href="f000936726"><code>f000936</code></a>
Fix catastrophic performance in lines_with_leading_tabs_expanded() (<a
href="https://redirect.github.com/psf/black/issues/4278">#4278</a>)</li>
<li><a
href="7b5a657285"><code>7b5a657</code></a>
Fix --line-ranges behavior when ranges are at EOF (<a
href="https://redirect.github.com/psf/black/issues/4273">#4273</a>)</li>
<li><a
href="1abcffc818"><code>1abcffc</code></a>
Use regex where we ignore case on windows (<a
href="https://redirect.github.com/psf/black/issues/4252">#4252</a>)</li>
<li><a
href="719e67462c"><code>719e674</code></a>
Fix 4227: Improve documentation for --quiet --check (<a
href="https://redirect.github.com/psf/black/issues/4236">#4236</a>)</li>
<li><a
href="e5510afc06"><code>e5510af</code></a>
update plugin url for Thonny (<a
href="https://redirect.github.com/psf/black/issues/4259">#4259</a>)</li>
<li><a
href="6af7d11096"><code>6af7d11</code></a>
Fix AST safety check false negative (<a
href="https://redirect.github.com/psf/black/issues/4270">#4270</a>)</li>
<li><a
href="f03ee113c9"><code>f03ee11</code></a>
Ensure <code>blib2to3.pygram</code> is initialized before use (<a
href="https://redirect.github.com/psf/black/issues/4224">#4224</a>)</li>
<li><a
href="e4bfedbec2"><code>e4bfedb</code></a>
fix: Don't move comments while splitting delimiters (<a
href="https://redirect.github.com/psf/black/issues/4248">#4248</a>)</li>
<li><a
href="d0287e1f75"><code>d0287e1</code></a>
Make trailing comma logic more concise (<a
href="https://redirect.github.com/psf/black/issues/4202">#4202</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/black/compare/23.12.1...24.3.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jaredlockhart.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jared Lockhart <119884+jaredlockhart@users.noreply.github.com>
Bumps [httpx](https://github.com/encode/httpx) from 0.26.0 to 0.27.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/encode/httpx/releases">httpx's
releases</a>.</em></p>
<blockquote>
<h2>Version 0.27.0</h2>
<h2>0.27.0 (21st February, 2024)</h2>
<h3>Deprecated</h3>
<ul>
<li>The <code>app=...</code> shortcut has been deprecated. Use the
explicit style of <code>transport=httpx.WSGITransport()</code> or
<code>transport=httpx.ASGITransport()</code> instead.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Respect the <code>http1</code> argument while configuring proxy
transports. (<a
href="https://redirect.github.com/encode/httpx/issues/3023">#3023</a>)</li>
<li>Fix RFC 2069 mode digest authentication. (<a
href="https://redirect.github.com/encode/httpx/issues/3045">#3045</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/encode/httpx/blob/master/CHANGELOG.md">httpx's
changelog</a>.</em></p>
<blockquote>
<h2>0.27.0 (21st February, 2024)</h2>
<h3>Deprecated</h3>
<ul>
<li>The <code>app=...</code> shortcut has been deprecated. Use the
explicit style of <code>transport=httpx.WSGITransport()</code> or
<code>transport=httpx.ASGITransport()</code> instead.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Respect the <code>http1</code> argument while configuring proxy
transports. (<a
href="https://redirect.github.com/encode/httpx/issues/3023">#3023</a>)</li>
<li>Fix RFC 2069 mode digest authentication. (<a
href="https://redirect.github.com/encode/httpx/issues/3045">#3045</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="326b9431c7"><code>326b943</code></a>
Version 0.27.0 (<a
href="https://redirect.github.com/encode/httpx/issues/3095">#3095</a>)</li>
<li><a
href="3faa4a8f2e"><code>3faa4a8</code></a>
Improve 'Custom transports' docs (<a
href="https://redirect.github.com/encode/httpx/issues/3081">#3081</a>)</li>
<li><a
href="c51af4ba52"><code>c51af4b</code></a>
Extensions docs (<a
href="https://redirect.github.com/encode/httpx/issues/3080">#3080</a>)</li>
<li><a
href="cabd1c095e"><code>cabd1c0</code></a>
Deprecate <code>app=...</code> in favor of explicit
<code>WSGITransport</code>/<code>ASGITransport</code>. (<a
href="https://redirect.github.com/encode/httpx/issues/3">#3</a>...</li>
<li><a
href="6f461522a5"><code>6f46152</code></a>
Bump the python-packages group with 6 updates (<a
href="https://redirect.github.com/encode/httpx/issues/3077">#3077</a>)</li>
<li><a
href="37a2901af3"><code>37a2901</code></a>
Mention NO_PROXY environment variable on Advanced Usage page (<a
href="https://redirect.github.com/encode/httpx/issues/3066">#3066</a>)</li>
<li><a
href="371b6e946c"><code>371b6e9</code></a>
Use <code>__future__.annotations</code> (<a
href="https://redirect.github.com/encode/httpx/issues/3068">#3068</a>)</li>
<li><a
href="4f6edf36e9"><code>4f6edf3</code></a>
test <code>parse_header_links</code> via public api (<a
href="https://redirect.github.com/encode/httpx/issues/3061">#3061</a>)</li>
<li><a
href="c7cd6aa5bd"><code>c7cd6aa</code></a>
test <code>obfuscate_sensitive_headers</code> via public api (<a
href="https://redirect.github.com/encode/httpx/issues/3063">#3063</a>)</li>
<li><a
href="15f925336c"><code>15f9253</code></a>
Drop outdated section (<a
href="https://redirect.github.com/encode/httpx/issues/3057">#3057</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/encode/httpx/compare/0.26.0...0.27.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fastapi](https://github.com/tiangolo/fastapi) from 0.109.1 to
0.110.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tiangolo/fastapi/releases">fastapi's
releases</a>.</em></p>
<blockquote>
<h2>0.110.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>🐛 Fix unhandled growing memory for internal server errors, refactor
dependencies with <code>yield</code> and <code>except</code> to require
raising again as in regular Python. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11191">#11191</a>
by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.
<ul>
<li>This is a breaking change (and only slightly) if you used
dependencies with <code>yield</code>, used <code>except</code> in those
dependencies, and didn't raise again.</li>
<li>This was reported internally by <a
href="https://github.com/rushilsrivastava"><code>@rushilsrivastava</code></a>
as a memory leak when the server had unhandled exceptions that would
produce internal server errors, the memory allocated before that point
would not be released.</li>
<li>Read the new docs: <a
href="https://fastapi.tiangolo.com/tutorial/dependencies/dependencies-with-yield/#dependencies-with-yield-and-except">Dependencies
with <code>yield</code> and <code>except</code></a>.</li>
</ul>
</li>
</ul>
<p>In short, if you had dependencies that looked like:</p>
<pre lang="Python"><code>def my_dep():
try:
yield
except SomeException:
pass
</code></pre>
<p>Now you need to make sure you raise again after <code>except</code>,
just as you would in regular Python:</p>
<pre lang="Python"><code>def my_dep():
try:
yield
except SomeException:
raise
</code></pre>
<h3>Docs</h3>
<ul>
<li>✏️ Fix minor typos in <code>docs/ko/docs/</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11126">#11126</a>
by <a href="https://github.com/KaniKim"><code>@KaniKim</code></a>.</li>
<li>✏️ Fix minor typo in <code>fastapi/applications.py</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11099">#11099</a>
by <a
href="https://github.com/JacobHayes"><code>@JacobHayes</code></a>.</li>
</ul>
<h3>Translations</h3>
<ul>
<li>🌐 Add German translation for
<code>docs/de/docs/reference/background.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10820">#10820</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/reference/templating.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10842">#10842</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/external-links.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10852">#10852</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Update Turkish translation for
<code>docs/tr/docs/tutorial/query-params.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11162">#11162</a>
by <a
href="https://github.com/hasansezertasan"><code>@hasansezertasan</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/reference/encoders.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10840">#10840</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/reference/responses.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10825">#10825</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/reference/request.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10821">#10821</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add Turkish translation for
<code>docs/tr/docs/tutorial/query-params.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11078">#11078</a>
by <a
href="https://github.com/emrhnsyts"><code>@emrhnsyts</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/reference/fastapi.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10813">#10813</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add German translation for
<code>docs/de/docs/newsletter.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/10853">#10853</a>
by <a
href="https://github.com/nilslindemann"><code>@nilslindemann</code></a>.</li>
<li>🌐 Add Traditional Chinese translation for
<code>docs/zh-hant/docs/learn/index.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11142">#11142</a>
by <a
href="https://github.com/hsuanchi"><code>@hsuanchi</code></a>.</li>
<li>🌐 Add Korean translation for
<code>/docs/ko/docs/tutorial/dependencies/global-dependencies.md</code>.
PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11123">#11123</a>
by <a href="https://github.com/riroan"><code>@riroan</code></a>.</li>
<li>🌐 Add Korean translation for
<code>/docs/ko/docs/tutorial/dependencies/dependencies-in-path-operation-decorators.md</code>.
PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11124">#11124</a>
by <a href="https://github.com/riroan"><code>@riroan</code></a>.</li>
<li>🌐 Add Korean translation for
<code>/docs/ko/docs/tutorial/schema-extra-example.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11121">#11121</a>
by <a href="https://github.com/KaniKim"><code>@KaniKim</code></a>.</li>
<li>🌐 Add Korean translation for
<code>/docs/ko/docs/tutorial/body-fields.md</code>. PR <a
href="https://redirect.github.com/tiangolo/fastapi/pull/11112">#11112</a>
by <a href="https://github.com/KaniKim"><code>@KaniKim</code></a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e40747f10a"><code>e40747f</code></a>
🔖 Release version 0.110.0</li>
<li><a
href="32b56a8d08"><code>32b56a8</code></a>
📝 Update release notes</li>
<li><a
href="b6b0f2a7e6"><code>b6b0f2a</code></a>
📝 Update release notes</li>
<li><a
href="bf771bd781"><code>bf771bd</code></a>
🐛 Fix unhandled growing memory for internal server errors, refactor
dependenc...</li>
<li><a
href="6336604906"><code>6336604</code></a>
📝 Update release notes</li>
<li><a
href="cb93874014"><code>cb93874</code></a>
📝 Update release notes</li>
<li><a
href="9210e6a330"><code>9210e6a</code></a>
🌐 Add German translation for
<code>docs/de/docs/reference/background.md</code> (<a
href="https://redirect.github.com/tiangolo/fastapi/issues/10820">#10820</a>)</li>
<li><a
href="dec45c534f"><code>dec45c5</code></a>
🌐 Add German translation for
<code>docs/de/docs/reference/templating.md</code> (<a
href="https://redirect.github.com/tiangolo/fastapi/issues/10842">#10842</a>)</li>
<li><a
href="5da35ff980"><code>5da35ff</code></a>
📝 Update release notes</li>
<li><a
href="626b066e56"><code>626b066</code></a>
🌐 Add German translation for <code>docs/de/docs/external-links.md</code>
(<a
href="https://redirect.github.com/tiangolo/fastapi/issues/10852">#10852</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tiangolo/fastapi/compare/0.109.1...0.110.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
Beth Rennie
Yashika Khurana