Scheduled weekly dependency update for week 48

[pyup-bot]

Update redis from 4.6.0 to 5.2.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/redis
• Changelog: https://data.safetycli.com/changelogs/redis/
• Repo: https://github.com/redis/redis-py

Update selenium from 3.141.0 to 4.27.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/selenium
• Homepage: https://www.selenium.dev

Update Sphinx from 7.2.6 to 8.1.3.

Changelog

8.1.3

==============================

Bugs fixed
----------

* 13013: Restore support for :func:`!cut_lines` with no object type.
Patch by Adam Turner.

8.1.2

=====================================

Bugs fixed
----------

* 13012: Expose :exc:`sphinx.errors.ExtensionError` in ``sphinx.util``
for backwards compatibility.
This will be removed in Sphinx 9, as exposing the exception
in ``sphinx.util`` was never intentional.
:exc:`!ExtensionError` has been part of ``sphinx.errors`` since Sphinx 0.9.
Patch by Adam Turner.

8.1.1

=====================================

Bugs fixed
----------

* 13006: Use the preferred https://www.cve.org/ URL for
the :rst:role:`:cve: <cve>` role.
Patch by Hugo van Kemenade.
* 13007: LaTeX: Improve resiliency when the required
``fontawesome`` or ``fontawesome5`` packages are not installed.
Patch by Jean-François B.

8.1.0

=====================================

Dependencies
------------

* 12756: Add lower-bounds to the ``sphinxcontrib-*`` dependencies.
Patch by Adam Turner.
* 12833: Update the LaTeX ``parskip`` package from 2001 to 2018.
Patch by Jean-François B.

Incompatible changes
--------------------

* 12763: Remove unused internal class ``sphinx.util.Tee``.
Patch by Adam Turner.
* 12822: LaTeX: for Unicode engines, the :ref:`fvset` default is changed to
``'\\fvset{fontsize=auto}'`` from ``'\\fvset{fontsize=\\small}'``.
Code-blocks are unchanged as FreeMono is now loaded with ``Scale=0.9``.
An adjustment to existing projects is needed only if they used a custom
:ref:`fontpkg` configuration and did not set :ref:`fvset`.
Patch by Jean-François B.
* 12875: Disable smartquotes for languages: ``zh_CN`` and ``zh_TW`` by default.
Patch by A. Rafey Khan.

Deprecated
----------

* 12762: Deprecate ``sphinx.util.import_object``.
Use :py:func:`importlib.import_module` instead.
Patch by Adam Turner.
* 12766: Deprecate ``sphinx.util.FilenameUniqDict``
and ``sphinx.util.DownloadFiles``.
Patch by Adam Turner.

Features added
--------------

* 11328: Mention evaluation of templated content during production of static
output files.
Patch by James Addison.
* 12704: LaTeX: make :dudir:`contents <table-of-contents>`, :dudir:`topic`,
and :dudir:`sidebar` directives separately customizable for PDF output.
Patch by Jean-François B. and Bénédikt Tran.
* 12474: Support type-dependent search result highlighting via CSS.
Patch by Tim Hoffmann.
* 12652: LaTeX: Add :confval:`math_numsep` support to latex builder.
Patch by Thomas Fanning and Jean-François B.
* 12743: No longer exit on the first warning when
:option:`--fail-on-warning <sphinx-build --fail-on-warning>` is used.
Instead, exit with a non-zero status if any warnings were generated
during the build.
Patch by Adam Turner.
* 12743: Add :option:`sphinx-build --exception-on-warning`,
to raise an exception when warnings are emitted during the build.
Patch by Adam Turner and Jeremy Maitin-Shepard.
* 12907: Add :confval:`html_last_updated_use_utc` to allow using
universal time (GMT/UTC) instead of local time for the date-time
supplied to :confval:`html_last_updated_fmt`.
Patch by Adam Turner.
* 12910: Copyright entries now support the ``'%Y'`` placeholder
to substitute the current year.
This is helpful for reducing the reliance on Python modules
such as :py:mod:`time` or :py:mod:`datetime` in :file:`conf.py`.
See :ref:`the docs <config-copyright>` for further detail.
Patch by Adam Turner.
* 11781: Add roles for referencing CVEs (:rst:role:`:cve: <cve>`)
and CWEs (:rst:role:`:cwe: <cwe>`).
Patch by Hugo van Kemenade.
* 11809: Improve the formatting for RFC section anchors.
Patch by Jakub Stasiak and Adam Turner.
* 12852: Support a :attr:`.Builder.supported_linkcode` attribute
for builders to enable use of :mod:`sphinx.ext.linkcode`-generated
references.
Patch by James Knight.
* 12949: Print configuration options that differ from the pickled environment.
This can be helpful in diagnosing the cause of a full rebuild.
Patch by Adam Turner.

Bugs fixed
----------

* 12514: intersphinx: fix the meaning of a negative value for
:confval:`intersphinx_cache_limit`.
Patch by Shengyu Zhang.
* 12722: LaTeX: avoid TeX reporting ``Overfull \hbox`` from too long
strings in a codeline when the problem has actually been solved thanks
to :ref:`latexsphinxsetupforcewraps`.
Patch by Jean-François B.
* 12730: The ``UnreferencedFootnotesDetector`` transform has been improved
to more consistently detect unreferenced footnotes.
Note, the priority of the transform has been changed from 200 to 622,
so that it now runs after the docutils ``Footnotes`` resolution transform.
Patch by Chris Sewell.
* 12778: LaTeX: let :ref:`'sphinxsetup' <latexsphinxsetup>`
``div.topic_box-shadow`` key if used with only one dimension set both
x-offset and y-offset as per documentation.
Patch by Jean-François B.
* 12587: Do not warn when potential ambiguity detected during Intersphinx
resolution occurs due to duplicate targets that differ case-insensitively.
Patch by James Addison.
* 12639: Fix singular and plural search results text.
Patch by Hugo van Kemenade.
* 12645: Correctly support custom gettext output templates.
Patch by Jeremy Bowman.
* 12717: LaTeX: let :option:`-q <sphinx-build -q>` (quiet) option for
:program:`sphinx-build -M latexpdf` or :program:`make latexpdf` (``O=-q``)
get passed to :program:`latexmk`.  Let :option:`-Q <sphinx-build -Q>`
(silent) apply as well to the PDF build phase.
Patch by Jean-François B.
* 12744: LaTeX: Classes injected by a custom interpreted text role now give
rise to nested ``\DUrole``'s, rather than a single one with comma separated
classes.
Patch by Jean-François B.
* 12831: LaTeX: avoid large voids sometimes occurring at page bottoms.
Patch by Jean-François B.
* 11970, 12551: singlehtml builder: make target URIs to be same-document
references in the sense of :rfc:`RFC 3986, §4.4 <3986section-4.4>`,
e.g., ``index.htmlfoo`` becomes ``foo``.
(note: continuation of a partial fix added in Sphinx 7.3.0)
Patch by James Addison (with reference to prior work by Eric Norige).
* 12735: Fix :pep:`695` generic classes LaTeX output formatting.
Patch by Jean-François B. and Bénédikt Tran.
* 12782: intersphinx: fix double forward slashes when generating the inventory
file URL (user-defined base URL of an intersphinx project are left untouched
even if they end with double forward slashes).
Patch by Bénédikt Tran.
* 12796: Enable parallel reading if requested,
even if there are fewer than 6 documents.
Patch by Matthias Geier.
* 12844: Restore support for ``:noindex:`` for the :rst:dir:`js:module`
and :rst:dir:`py:module` directives.
Patch by Stephen Finucane.
* 12916: Restore support for custom templates named with the legacy ``_t``
suffix during ``apidoc`` RST rendering (regression in 7.4.0).
Patch by James Addison.
* 12451: Only substitute copyright notice years with values from
``SOURCE_DATE_EPOCH`` for entries that match the current system clock year,
and disallow substitution of future years.
Patch by James Addison and Adam Turner.
* 12905: intersphinx: fix flipped use of :confval:`intersphinx_cache_limit`,
which always kept the cache for positive values, and always refreshed it for
negative ones.
Patch by Nico Madysa.
* 12888: Add a warning when document is included in multiple toctrees
and ensure deterministic resolution of global toctree in parallel builds
by choosing the lexicographically greatest parent document.
Patch by A. Rafey Khan
* 12995: Significantly improve performance when building the search index
for Chinese languages.
Patch by Adam Turner.
* 12767: :py:meth:`.Builder.write` is typed as ``final``, meaning that the
:event:`write-started` event may be relied upon by extensions.
A new :py:meth:`.Builder.write_documents` method has been added to
control how documents are written.
This is intended for builders that do not output a file for each document.
Patch by Adam Turner.


Testing
-------

* 12141: Migrate from the deprecated ``karma`` JavaScript test framework to
the actively-maintained ``jasmine`` framework.  Test coverage is unaffected.
Patch by James Addison.

Links

• PyPI: https://pypi.org/project/sphinx
• Changelog: https://data.safetycli.com/changelogs/sphinx/

Update sphinx-autodoc-typehints from 2.0.0 to 2.5.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/sphinx-autodoc-typehints
• Changelog: https://data.safetycli.com/changelogs/sphinx-autodoc-typehints/

Update pip from 24.0 to 24.3.1.

Changelog

24.3.1

===================

Bug Fixes
---------

- Allow multiple nested inclusions of the same requirements file again. (`13046 <https://github.com/pypa/pip/issues/13046>`_)

24.3

=================

Deprecations and Removals
-------------------------

- Deprecate wheel filenames that are not compliant with :pep:`440`. (`12918 <https://github.com/pypa/pip/issues/12918>`_)

Features
--------

- Detect recursively referencing requirements files and help users identify
the source. (`12653 <https://github.com/pypa/pip/issues/12653>`_)
- Support for :pep:`730` iOS wheels. (`12961 <https://github.com/pypa/pip/issues/12961>`_)

Bug Fixes
---------

- Display a better error message when an already installed package has an invalid requirement. (`12953 <https://github.com/pypa/pip/issues/12953>`_)
- Ignore ``PIP_TARGET`` and ``pip.conf`` ``global.target`` when preparing a build environment. (`8438 <https://github.com/pypa/pip/issues/8438>`_)
- Restore support for macOS 10.12 and older (via truststore). (`12901 <https://github.com/pypa/pip/issues/12901>`_)
- Allow installing pip in editable mode in a virtual environment on Windows. (`12666 <https://github.com/pypa/pip/issues/12666>`_)

Vendored Libraries
------------------

- Upgrade certifi to 2024.8.30
- Upgrade distlib to 0.3.9
- Upgrade truststore to 0.10.0
- Upgrade urllib3 to 1.26.20

24.2

=================

Deprecations and Removals
-------------------------

- Deprecate ``pip install --editable`` falling back to ``setup.py develop``
when using a setuptools version that does not support :pep:`660`
(setuptools v63 and older). (`11457 <https://github.com/pypa/pip/issues/11457>`_)

Features
--------

- Check unsupported packages for the current platform. (`11054 <https://github.com/pypa/pip/issues/11054>`_)
- Use system certificates *and* certifi certificates to verify HTTPS connections on Python 3.10+.
Python 3.9 and earlier only use certifi.

To revert to previous behaviour, pass the flag ``--use-deprecated=legacy-certs``. (`11647 <https://github.com/pypa/pip/issues/11647>`_)
- Improve discovery performance of installed packages when the ``importlib.metadata``
backend is used to load distribution metadata (used by default under Python 3.11+). (`12656 <https://github.com/pypa/pip/issues/12656>`_)
- Improve performance when the same requirement string appears many times during
resolution, by consistently caching the parsed requirement string. (`12663 <https://github.com/pypa/pip/issues/12663>`_)
- Minor performance improvement of finding applicable package candidates by not
repeatedly calculating their versions (`12664 <https://github.com/pypa/pip/issues/12664>`_)
- Disable pip's self version check when invoking a pip subprocess to install
PEP 517 build requirements. (`12683 <https://github.com/pypa/pip/issues/12683>`_)
- Improve dependency resolution performance by caching platform compatibility
tags during wheel cache lookup. (`12712 <https://github.com/pypa/pip/issues/12712>`_)
- ``wheel`` is no longer explicitly listed as a build dependency of ``pip``.
``setuptools`` injects this dependency in the ``get_requires_for_build_wheel()``
hook and no longer needs it on newer versions. (`12728 <https://github.com/pypa/pip/issues/12728>`_)
- Ignore ``--require-virtualenv`` for ``pip check`` and ``pip freeze`` (`12842 <https://github.com/pypa/pip/issues/12842>`_)
- Improve package download and install performance.

Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB).
This reduces the frequency of updates to pip's progress bar. (`12810 <https://github.com/pypa/pip/issues/12810>`_)
- Improve pip install performance.

Files are now extracted in 1MB blocks, or in one block matching the file size for
smaller files. A decompressor is no longer instantiated when extracting 0 bytes files,
it is not necessary because there is no data to decompress. (`12803 <https://github.com/pypa/pip/issues/12803>`_)

Bug Fixes
---------

- Set ``no_color`` to global ``rich.Console`` instance. (`11045 <https://github.com/pypa/pip/issues/11045>`_)
- Fix resolution to respect ``--python-version`` when checking ``Requires-Python``. (`12216 <https://github.com/pypa/pip/issues/12216>`_)
- Perform hash comparisons in a case-insensitive manner. (`12680 <https://github.com/pypa/pip/issues/12680>`_)
- Avoid ``dlopen`` failure for glibc detection in musl builds (`12716 <https://github.com/pypa/pip/issues/12716>`_)
- Avoid keyring logging crashes when pip is run in verbose mode. (`12751 <https://github.com/pypa/pip/issues/12751>`_)
- Fix finding hardlink targets in tar files with an ignored top-level directory. (`12781 <https://github.com/pypa/pip/issues/12781>`_)
- Improve pip install performance by only creating required parent
directories once, instead of before extracting every file in the wheel. (`12782 <https://github.com/pypa/pip/issues/12782>`_)
- Improve pip install performance by calculating installed packages printout
in linear time instead of quadratic time. (`12791 <https://github.com/pypa/pip/issues/12791>`_)

Vendored Libraries
------------------

- Remove vendored tenacity.
- Update the preload list for the ``DEBUNDLED`` case, to replace ``pep517`` that has been renamed to ``pyproject_hooks``.
- Use tomllib from the stdlib if available, rather than tomli
- Upgrade certifi to 2024.7.4
- Upgrade platformdirs to 4.2.2
- Upgrade pygments to 2.18.0
- Upgrade setuptools to 70.3.0
- Upgrade typing_extensions to 4.12.2

Improved Documentation
----------------------

- Correct ``—-ignore-conflicts`` (including an em dash) to ``--ignore-conflicts``. (`12851 <https://github.com/pypa/pip/issues/12851>`_)

24.1.2

===================

Bug Fixes
---------

- Fix finding hardlink targets in tar files with an ignored top-level directory. (`12781 <https://github.com/pypa/pip/issues/12781>`_)

24.1.1

===================

Bug Fixes
---------

- Actually use system trust stores when the truststore feature is enabled.

Vendored Libraries
------------------

- Upgrade requests to 2.32.3

24.1

=================

Vendored Libraries
------------------

- Upgrade truststore to 0.9.1.

24.1b2

===================

Features
--------

- Report informative messages about invalid requirements. (`12713 <https://github.com/pypa/pip/issues/12713>`_)

Bug Fixes
---------

- Eagerly import the self version check logic to avoid crashes while upgrading or downgrading pip at the same time. (`12675 <https://github.com/pypa/pip/issues/12675>`_)
- Accommodate for mismatches between different sources of truth for extra names, for packages generated by ``setuptools``. (`12688 <https://github.com/pypa/pip/issues/12688>`_)
- Accommodate for development versions of CPython ending in ``+`` in the version string. (`12691 <https://github.com/pypa/pip/issues/12691>`_)

Vendored Libraries
------------------

- Upgrade packaging to 24.1
- Upgrade requests to 2.32.0
- Remove vendored colorama
- Remove vendored six
- Remove vendored webencodings
- Remove vendored charset_normalizer

``requests`` provides optional character detection support on some APIs when processing ambiguous bytes. This isn't relevant for pip to function and we're able to remove it due to recent upstream changes.

24.1b1

===================

Deprecations and Removals
-------------------------

- Drop support for EOL Python 3.7. (`11934 <https://github.com/pypa/pip/issues/11934>`_)
- Remove support for legacy versions and dependency specifiers.

Packages with non standard-compliant versions or dependency specifiers are now ignored by the resolver.
Already installed packages with non standard-compliant versions or dependency specifiers
must be uninstalled before upgrading them. (`12063 <https://github.com/pypa/pip/issues/12063>`_)

Features
--------

- Improve performance of resolution of large dependency trees, with more caching. (`12453 <https://github.com/pypa/pip/issues/12453>`_)
- Further improve resolution performance of large dependency trees, by caching hash calculations. (`12657 <https://github.com/pypa/pip/issues/12657>`_)
- Reduce startup time of commands (e.g. show, freeze) that do not access the network by 15-30%. (`4768 <https://github.com/pypa/pip/issues/4768>`_)
- Reword and improve presentation of uninstallation errors. (`10421 <https://github.com/pypa/pip/issues/10421>`_)
- Add a 'raw' progress_bar type for simple and parsable download progress reports (`11508 <https://github.com/pypa/pip/issues/11508>`_)
- ``pip list`` no longer performs the pip version check unless ``--outdated`` or ``--uptodate`` is given. (`11677 <https://github.com/pypa/pip/issues/11677>`_)
- Use the ``data_filter`` when extracting tarballs, if it's available. (`12111 <https://github.com/pypa/pip/issues/12111>`_)
- Display the Project-URL value under key "Home-page" in ``pip show`` when the Home-Page metadata field is not set.

The Project-URL key detection is case-insensitive, and ignores any dashes and underscores. (`11221 <https://github.com/pypa/pip/issues/11221>`_)

Bug Fixes
---------

- Ensure ``-vv`` gets passed to any ``pip install`` build environment subprocesses. (`12577 <https://github.com/pypa/pip/issues/12577>`_)
- Deduplicate entries in the ``Requires`` field of ``pip show``. (`12165 <https://github.com/pypa/pip/issues/12165>`_)
- Fix error on checkout for subversion and bazaar with verbose mode on. (`11050 <https://github.com/pypa/pip/issues/11050>`_)
- Fix exception with completions when COMP_CWORD is not set (`12401 <https://github.com/pypa/pip/issues/12401>`_)
- Fix intermittent "cannot locate t64.exe" errors when upgrading pip. (`12666 <https://github.com/pypa/pip/issues/12666>`_)
- Remove duplication in invalid wheel error message (`12579 <https://github.com/pypa/pip/issues/12579>`_)
- Remove the incorrect pip3.x console entrypoint from the pip wheel. This console
script continues to be generated by pip when it installs itself. (`12536 <https://github.com/pypa/pip/issues/12536>`_)
- Gracefully skip VCS detection in pip freeze when PATH points to a non-directory path. (`12567 <https://github.com/pypa/pip/issues/12567>`_)
- Make the ``--proxy`` parameter take precedence over environment variables. (`10685 <https://github.com/pypa/pip/issues/10685>`_)

Vendored Libraries
------------------

- Add charset-normalizer 3.3.2
- Remove chardet
- Remove pyparsing
- Upgrade CacheControl to 0.14.0
- Upgrade certifi to 2024.2.2
- Upgrade distro to 1.9.0
- Upgrade idna to 3.7
- Upgrade msgpack to 1.0.8
- Upgrade packaging to 24.0
- Upgrade platformdirs to 4.2.1
- Upgrade pygments to 2.17.2
- Upgrade rich to 13.7.1
- Upgrade setuptools to 69.5.1
- Upgrade tenacity to 8.2.3
- Upgrade typing_extensions to 4.11.0
- Upgrade urllib3 to 1.26.18

Improved Documentation
----------------------

- Document UX research done on pip. (`10745 <https://github.com/pypa/pip/issues/10745>`_)
- Fix the direct usage of zipapp showing up as ``python -m pip.pyz`` rather than ``./pip.pyz`` / ``.\pip.pyz`` (`12043 <https://github.com/pypa/pip/issues/12043>`_)
- Add a warning explaining that the snippet in "Fallback behavior" is not a valid
``pyproject.toml`` snippet for projects, and link to setuptools documentation
instead. (`12122 <https://github.com/pypa/pip/issues/12122>`_)
- The Python Support Policy has been updated. (`12529 <https://github.com/pypa/pip/issues/12529>`_)
- Document the environment variables that correspond with CLI options. (`12576 <https://github.com/pypa/pip/issues/12576>`_)
- Update architecture documentation for command line interface. (`6831 <https://github.com/pypa/pip/issues/6831>`_)

Process
-------

- Remove ``setup.py`` since all the pip project metadata is now declared in
``pyproject.toml``.
- Move remaining pip development tools configurations to ``pyproject.toml``.

Links

• PyPI: https://pypi.org/project/pip
• Changelog: https://data.safetycli.com/changelogs/pip/

Update setuptools from 69.1.1 to 75.6.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/setuptools

Update wheel from 0.42.0 to 0.45.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/wheel

Update attrs from 23.2.0 to 24.2.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/attrs

Update certifi from 2024.2.2 to 2024.8.30.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/certifi
• Repo: https://github.com/certifi/python-certifi

Update cffi from 1.16.0 to 1.17.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/cffi
• Docs: http://cffi.readthedocs.org

Update cryptography from 42.0.5 to 44.0.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/cryptography

Update hiredis from 2.3.2 to 3.0.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/hiredis
• Changelog: https://data.safetycli.com/changelogs/hiredis/
• Repo: https://github.com/redis/hiredis-py

Update idna from 3.7 to 3.10.

Changelog

3.10

+++++++++++++++++

- Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes
to UTS46 processing that will require more work to properly implement.

3.9

++++++++++++++++

- Update to Unicode 16.0.0
- Deprecate setup.cfg in favour of pyproject.toml
- Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8

++++++++++++++++

- Fix regression where IDNAError exception was not being produced for
certain inputs.
- Add support for Python 3.13, drop support for Python 3.5 as it is no
longer testable.
- Documentation improvements
- Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Links

• PyPI: https://pypi.org/project/idna
• Changelog: https://data.safetycli.com/changelogs/idna/

Update mmh3 from 4.1.0 to 5.0.1.

Changelog

Links

• PyPI: https://pypi.org/project/mmh3
• Changelog: https://data.safetycli.com/changelogs/mmh3/

Update peewee from 3.17.1 to 3.17.8.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/peewee
• Repo: https://github.com/coleifer/peewee/

Update psutil from 5.9.8 to 6.1.0.

Changelog

6.1.0

=====

2024-10-17

**Enhancements**

- 2366_, [Windows]: drastically speedup `process_iter()`_. We now determine
process unique identity by using process "fast" create time method. This
will considerably speedup those apps which use `process_iter()`_ only once,
e.g. to look for a process with a certain name.
- 2446_: use pytest instead of unittest.
- 2448_: add ``make install-sysdeps`` target to install the necessary system
dependencies (python-dev, gcc, etc.) on all supported UNIX flavors.
- 2449_: add ``make install-pydeps-test`` and ``make install-pydeps-dev``
targets. They can be used to install dependencies meant for running tests and
for local development. They can also be installed via ``pip install .[test]``
and ``pip install .[dev]``.
- 2456_: allow to run tests via ``python3 -m psutil.tests`` even if ``pytest``
module is not installed. This is useful for production environments that
don't have pytest installed, but still want to be able to test psutil
installation.

**Bug fixes**

- 2427_: psutil (segfault) on import in the free-threaded (no GIL) version of
Python 3.13.  (patch by Sam Gross)
- 2455_, [Linux]: ``IndexError`` may occur when reading /proc/pid/stat and
field 40 (blkio_ticks) is missing.
- 2457_, [AIX]: significantly improve the speed of `Process.open_files()`_ for
some edge cases.
- 2460_, [OpenBSD]: `Process.num_fds()`_ and `Process.open_files()`_ may fail
with `NoSuchProcess`_ for PID 0. Instead, we now return "null" values (0 and
[] respectively).

6.0.0

- 2109_: the namedtuple returned by `disk_partitions()`_' no longer has
``maxfile`` and ``maxpath`` fields.
- 2396_: `process_iter()`_ no longer pre-emptively checks whether PIDs have
been reused. If you want to check for PID reusage you are supposed to use
`Process.is_running()`_ against the yielded `Process`_ instances. That will
also automatically remove reused PIDs from `process_iter()`_ internal cache.
- 2407_: `Process.connections()`_ was renamed to `Process.net_connections()`_.
The old name is still available, but it's deprecated (triggers a
``DeprecationWarning``) and will be removed in the future.

Links

• PyPI: https://pypi.org/project/psutil
• Changelog: https://data.safetycli.com/changelogs/psutil/
• Repo: https://github.com/giampaolo/psutil

Update pycparser from 2.21 to 2.22.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pycparser
• Repo: https://github.com/eliben/pycparser

Update pymysql[rsa] from 1.1.0 to 1.1.1.

Changelog

1.1.1

Release date: 2024-05-21

> [!WARNING]
> This release fixes a vulnerability (CVE-2024-36039).
> All users are recommended to update to this version.
>
> If you can not update soon, check the input value from
> untrusted source has an expected type. Only dict input
> from untrusted source can be an attack vector.

* Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL
and might cause SQL injection. (CVE-2024-36039)
* Added ssl_key_password param. 1145

Links

• PyPI: https://pypi.org/project/pymysql
• Changelog: https://data.safetycli.com/changelogs/pymysql/

Update pyopenssl from 24.1.0 to 24.3.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pyopenssl
• Homepage: https://pyopenssl.org/
• Docs: https://pythonhosted.org/pyOpenSSL/

Update python-datauri from 2.1.0 to 3.0.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/python-datauri
• Repo: https://github.com/fcurella/python-datauri/

Update requests-futures from 1.0.1 to 1.0.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/requests-futures
• Repo: https://github.com/ross/requests-futures

Update requests[socks] from 2.31.0 to 2.32.3.

Changelog

2.32.3

-------------------

**Bugfixes**
- Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (6716)
- Fixed issue where Requests started failing to run on Python versions compiled
without the `ssl` module. (6724)

2.32.2

-------------------

**Deprecations**
- To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed `_get_connection` to
a new public API, `get_connection_with_tls_context`. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (6710)

2.32.1

-------------------

**Bugfixes**
- Add missing test certs to the sdist distributed on PyPI.

2.32.0

-------------------

**Security**
- Fixed an issue where setting `verify=False` on the first request from a
Session will cause subsequent requests to the _same origin_ to also ignore
cert verification, regardless of the value of `verify`.
(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

**Improvements**
- `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (6667)
- Requests now supports optional use of character detection
(`chardet` or `charset_normalizer`) when repackaged or vendored.
This enables `pip` and other projects to minimize their vendoring
surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present. (6702)

**Bugfixes**
- Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (6589)
- Fixed deserialization bug in JSONDecodeError. (6629)
- Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (6644)

**Deprecations**

- Requests has officially added support for CPython 3.12 (6503)
- Requests has officially added support for PyPy 3.9 and 3.10 (6641)
- Requests has officially dropped support for CPython 3.7 (6642)
- Requests has officially dropped support for PyPy 3.7 and 3.8 (6641)

**Documentation**
- Various typo fixes and doc improvements.

**Packaging**
- Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist. (6506)
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using `hatchling`. This should not impact the average user, but extremely old
versions of packaging utilities may have issues with the new packaging format.

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://data.safetycli.com/changelogs/requests/
• Docs: https://requests.readthedocs.io

Update soupsieve from 2.5 to 2.6.

Changelog

2.6

-   **NEW**: Add official support for Python 3.13.
-   **NEW**: Add support for `&` as scoping root per the CSS Nesting Module, Level 1. When `&` is used outside the
 context of nesting, it is treated as the scoping root (equivalent to `:scope`).
-   **FIX**: Improve error message when an unrecognized pseudo-class is used.

Links

• PyPI: https://pypi.org/project/soupsieve
• Changelog: https://data.safetycli.com/changelogs/soupsieve/

Update trio from 0.24.0 to 0.27.0.

Changelog

0.27.0

**Full Changelog**: https://github.com/python-trio/trio/compare/v0.26.2...v0.27.0

Breaking changes
---

- `trio.move_on_after` and `trio.fail_after` previously set the deadline relative to initialization time, instead of more intuitively upon entering the context manager. This might change timeouts if a program relied on this behavior. If you want to restore previous behavior you should instead use ``trio.move_on_at(trio.current_time() + ...)``.
flake8-async has a new rule to catch this, in case you're supporting older trio versions. See `ASYNC122`. (https://github.com/python-trio/trio/issues/2512)


Features
---

- `CancelScope.relative_deadline` and `CancelScope.is_relative` added, as well as a ``relative_deadline`` parameter to ``__init__``. This allows initializing scopes ahead of time, but where the specified relative deadline doesn't count down until the scope is entered. (https://github.com/python-trio/trio/issues/2512)
- `trio.Lock` and `trio.StrictFIFOLock` will now raise `trio.BrokenResourceError` when `trio.Lock.acquire` would previously stall due to the owner of the lock exiting without releasing the lock. (https://github.com/python-trio/trio/issues/3035)
- `trio.move_on_at`, `trio.move_on_after`, `trio.fail_at` and `trio.fail_after` now accept *shield* as a keyword argument. If specified, it provides an initial value for the `~trio.CancelScope.shield` attribute of the `trio.CancelScope` object created by the context manager. (https://github.com/python-trio/trio/issues/3052)
- Added `trio.lowlevel.add_parking_lot_breaker` and `trio.lowlevel.remove_parking_lot_breaker` to allow creating custom lock/semaphore implementations that will break their underlying parking lot if a task exits unexpectedly. `trio.lowlevel.ParkingLot.break_lot` is also added, to allow breaking a parking lot intentionally. (https://github.com/python-trio/trio/issues/3081)


Bugfixes
---

- Allow sockets to bind any ``os.PathLike`` object. (https://github.com/python-trio/trio/issues/3041)
- Update ``trio.lowlevel.open_process``'s documentation to allow bytes. (https://github.com/python-trio/trio/issues/3076)
- Update `trio.sleep_forever` to be `NoReturn`. (https://github.com/python-trio/trio/issues/3095)


Improved documentation
---

- Add docstrings for memory channels' ``statistics()`` and ``aclose`` methods. (https://github.com/python-trio/trio/issues/3101)

0.26.2

**Full Changelog**: https://github.com/python-trio/trio/compare/v0.26.1...v0.26.2

Bugfixes
---

- Remove remaining ``hash`` usage and fix test configuration issue that prevented it from being caught. (https://github.com/python-trio/trio/issues/3053)

0.26.1

**Full Changelog**: https://github.com/python-trio/trio/compare/v0.26.0...v0.26.1

Bugfixes
---

- Switched ``attrs`` usage off of ``hash``, which is now deprecated. (https://github.com/python-trio/trio/issues/3053)


Miscellaneous internal changes
---

- Use PyPI's Trusted Publishers to make releases. (https://github.com/python-trio/trio/issues/2980)

0.26.0

**Full Changelog**: https://github.com/python-trio/trio/compare/v0.25.1...v0.26.0

Features
---

- Added an interactive interpreter ``python -m trio``.

This makes it easier to try things and experiment with trio in the a Python repl.
Use the ``await`` keyword without needing to call ``trio.run()``

sh
$ python -m trio
Trio 0.26.0, Python 3.10.6
Use "await" directly instead of "trio.run()".
Type "help", "copyright", "credits" or "license" for more information.
>>> import trio
>>> await trio.sleep(1); print("hi")   prints after one second
hi


See [interactive debugging](https://trio.readthedocs.io/en/stable/reference-core.html#interactive-debugging) for further detail. (https://github.com/python-trio/trio/issues/2972)
- `trio.testing.RaisesGroup` can now catch an unwrapped exception with ``unwrapped=True``. This means that the behaviour of `except*` can be fully replicated in combination with ``flatten_subgroups=True`` (formerly ``strict=False``). (https://github.com/python-trio/trio/issues/2989)


Bugfixes
---

- Fixed a bug where `trio.testing.RaisesGroup(..., strict=False)` would check the number of exceptions in the raised `ExceptionGroup` before flattening subgroups, leading to incorrectly failed matches.
It now properly supports end (``$``) regex markers in the ``match`` message, by no longer including " (x sub-exceptions)" in the string it matches against. (https://github.com/python-trio/trio/issues/2989)


Deprecations and removals
---

- Deprecated ``strict`` parameter from `trio.testing.RaisesGroup`, previous functionality of ``strict=False`` is now in ``flatten_subgroups=True``. (https://github.com/python-trio/trio/issues/2989)

0.25.1

**Full Changelog**: https://github.com/python-trio/trio/compare/v0.25.0...v0.25.1

Bugfixes
---

- Fix crash when importing trio in embedded Python on Windows, and other installs that remove docstrings. (https://github.com/python-trio/trio/issues/2987)

0.25.0

**Full Changelog**: https://github.com/python-trio/trio/compare/v0.24.0...v0.25.0

Breaking changes
---

- The `strict_exception_groups` parameter now defaults to `True` in `trio.run` and `trio.lowlevel.start_guest_run`. `trio.open_nursery` still defaults to the same value as was specified in `trio.run`/`trio.lowlevel.start_guest_run`, but if you didn't specify it there then all subsequent calls to `trio.open_nursery` will change.
This is unfortunately very tricky to change with a deprecation period, as raising a `DeprecationWarning` whenever `strict_exception_groups` is not specified would raise a lot of unnecessary warnings.

Notable side effects of changing code to run with ``strict_exception_groups==True``

* If an iterator raises `StopAsyncIteration` or `StopIteration` inside a nursery, then python will not recognize wrapped instances of those for stopping iteration.
* `trio.run_process` is now documented that it can raise an `ExceptionGroup`. It previously could do this in very rare circumstances, but with `strict_exception_groups` set to `True` it will now do so whenever exceptions occur in ``deliver_cancel`` or with problems communicating with the subprocess.

 * Errors in opening the process is now done outside the internal nursery, so if code previously ran with ``strict_exception_groups=True`` there are cases now where an `ExceptionGroup` is *no longer* added.
* `trio.TrioInternalError` ``.__cause__`` might be wrapped in one or more `ExceptionGroups <ExceptionGroup>` (https://github.com/python-trio/trio/issues/2786)


Features
---

- Add `trio.testing.wait_all_threads_completed`, which blocks until no threads are running tasks. This is intended to be used in the same way as `trio.testing.wait_all_tasks_blocked`. (https://github.com/python-trio/trio/issues/2937)
- `Path` is now a subclass of `pathlib.PurePath`, allowing it to interoperate with other standard
`pathlib` types.

Instantiating `Path` now returns a concrete platform-specific subclass, one of `PosixPath` or
`WindowsPath`, matching the behavior of `pathlib.Path`. (https://github.com/python-trio/trio/issues/2959)


Bugfixes
---

- The pthread functions are now correctly found on systems using vanilla versions of musl libc. (https://github.com/python-trio/trio/issues/2939)


Miscellaneous internal changes
---

- use the regular readme for the PyPI long_description (https://github.com/python-trio/trio/issues/2866)

Links

• PyPI: https://pypi.org/project/trio
• Changelog: https://data.safetycli.com/changelogs/trio/

Update typing-extensions from 4.10.0 to 4.12.2.

Changelog

4.12.2

- Fix regression in v4.12.0 where specialization of certain
generics with an overridden `__eq__` method would raise errors.
Patch by Jelle Zijlstra.
- Fix tests so they pass on 3.13.0b2

4.12.1

- Preliminary changes for compatibility with the draft implementation
of PEP 649 in Python 3.14. Patch by Jelle Zijlstra.
- Fix regression in v4.12.0 where nested `Annotated` types would cause
`TypeError` to be raised if the nested `Annotated` type had unhashable
metadata. Patch by Alex Waygood.

4.12.0

This release is mostly the same as 4.12.0rc1 but fixes one more
longstanding bug.

- Fix incorrect behaviour of `typing_extensions.ParamSpec` on Python 3.8 and
3.9 that meant that
`isinstance(typing_extensions.ParamSpec("P"), typing.TypeVar)` would have a
different result in some situations depending on whether or not a profiling
function had been set using `sys.setprofile`. Patch by Alex Waygood.

4.12.0rc1

This release focuses on compatibility with the upcoming release of
Python 3.13. Most changes are related to the implementation of type
parameter defaults (PEP 696).

Thanks to all of the people who contributed patches, especially Alex
Waygood, who did most of the work adapting typing-extensions to the
CPython PEP 696 implementation.

Full changelog:

- Improve the implementation of type parameter defaults (PEP 696)
- Backport the `typing.NoDefault` sentinel object from Python 3.13.
 TypeVars, ParamSpecs and TypeVarTuples without default values now have
 their `__default__` attribute set to this sentinel value.
- TypeVars, ParamSpecs and TypeVarTuples now have a `has_default()`
 method, matching `typing.TypeVar`, `typing.ParamSpec` and
 `typing.TypeVarTuple` on Python 3.13+.
- TypeVars, ParamSpecs and TypeVarTuples with `default=None` passed to
 their constructors now have their `__default__` attribute set to `None`
 at runtime rather than `types.NoneType`.
- Fix most tests for `TypeVar`, `ParamSpec` and `TypeVarTuple` on Python
 3.13.0b1 and newer.
- Backport CPython PR [118774](https://github.com/python/cpython/pull/118774),
 allowing type parameters without default values to follow those with
 default values in some type parameter lists. Patch by Alex Waygood,
 backporting a CPython PR by Jelle Zijlstra.
- It is now disallowed to use a `TypeVar` with a default value after a
 `TypeVarTuple` in a type parameter list. This matches the CPython
 implementation of PEP 696 on Python 3.13+.
- Fix bug in PEP-696 implementation where a default value for a `ParamSpec`
 would be cast to a tuple if a list was provided.
 Patch by Alex Waygood.
- Fix `Protocol` tests on Python 3.13.0a6 and newer. 3.13.0a6 adds a new
`__static_attributes__` attribute to all classes in Python,
which broke some assumptions made by the implementation of
`typing_extensions.Protocol`. Similarly, 3.13.0b1 adds the new
`__firstlineno__` attribute to all classes.
- Fix `AttributeError` when using `typing_extensions.runtime_checkable`
in combination with `typing.Protocol` on Python 3.12.2 or newer.
Patch by Alex Waygood.
- At runtime, `assert_never` now includes the repr of the argument
in the `AssertionError`. Patch by Hashem, backporting of the original
fix https://github.com/python/cpython/pull/91720 by Jelle Zijlstra.
- The second and third parameters of `typing_extensions.Generator`,
and the second parameter of `typing_extensions.AsyncGenerator`,
now default to `None`. This matches the behaviour of `typing.Generator`
and `typing.AsyncGenerator` on Python 3.13+.
- `typing_extensions.ContextManager` and
`typing_extensions.AsyncContextManager` now have an optional second
parameter, which defaults to `Optional[bool]`. The new parameter
signifies the return type of the `__(a)exit__` method, matching
`typing.ContextManager` and `typing.AsyncContextManager` on Python
3.13+.
- Backport `types.CapsuleType` from Python 3.13.
- Releases are now made using [Trusted Publishers](https://docs.pypi.org/trusted-publishers/)
improving the security of the release process. Patch by Jelle Zijlstra.

4.12.0a1

These releases primarily test a revised release workflow. If all goes
well, release 4.12.0rc1 will follow soon.

4.11.0

This feature release provides improvements to various recently
added features, most importantly type parameter defaults (PEP 696).

There are no changes since 4.11.0rc1.

4.11.0rc1

- Fix tests on Python 3.13.0a5. Patch by Jelle Zijlstra.
- Fix the runtime behavior of type parameters with defaults (PEP 696).
Patch by Nadir Chowdhury.
- Fix minor discrepancy between error messages produced by `typing`
and `typing_extensions` on Python 3.10. Patch by Jelle Zijlstra.
- When `include_extra=False`, `get_type_hints()` now strips `ReadOnly` from the annotation.

Links

• PyPI: https://pypi.org/project/typing-extensions
• Changelog: https://data.safetycli.com/changelogs/typing-extensions/

Update urllib3[secure] from 2.2.1 to 2.2.3.

Changelog

2.2.3

==================

Features
--------

- Added support for Python 3.13. (`3473 <https://github.com/urllib3/urllib3/issues/3473>`__)

Bugfixes
--------

- Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1.
All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (`3053 <https://github.com/urllib3/urllib3/issues/3053>`__)
- Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting https://github.com/python/cpython/issues/103472. (`#3252 <https://github.com/urllib3/urllib3/issues/3252>`__)
- Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (`3413 <https://github.com/urllib3/urllib3/issues/3413>`__)
- Fixed a crash where certain standard library hash functions were absent in restricted environments. (`3432 <https://github.com/urllib3/urllib3/issues/3432>`__)
- Fixed mypy error when adding to ``HTTPConnection.default_socket_options``. (`3448 <https://github.com/urllib3/urllib3/issues/3448>`__)

HTTP/2 (experimental)
---------------------

HTTP/2 support is still in early development.

- Excluded Transfer-Encoding: chunked from HTTP/2 request body (`3425 <https://github.com/urllib3/urllib3/issues/3425>`__)
- Added version checking for ``h2`` (https://pypi.org/project/h2/) usage.

Now only accepting supported h2 major version 4.x.x. (`3290 <https://github.com/urllib3/urllib3/issues/3290>`__)
- Added a probing mechanism for determining whether a given target origin
supports HTTP/2 via ALPN. (`3301 <https://github.com/urllib3/urllib3/issues/3301>`__)
- Add support for sending a request body with HTTP/2 (`3302 <https://github.com/urllib3/urllib3/issues/3302>`__)


Deprecations and Removals
-------------------------

- Note for downstream distributors: the ``_version.py`` file has been removed and is now created at build time by hatch-vcs. (`3412 <https://github.com/urllib3/urllib3/issues/3412>`__)
- Drop support for end-of-life PyPy3.8 and PyPy3.9. (`3475 <https://github.com/urllib3/urllib3/issues/3475>`__)

2.2.2

==================

- Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``.
- Allowed passing negative integers as ``amt`` to read methods of ``http.client.HTTPResponse`` as an alternative to ``None``. (`3122 <https://github.com/urllib3/urllib3/issues/3122>`__)
- Fixed return types representing copying actions to use ``typing.Self``. (`3363 <https://github.com/urllib3/urllib3/issues/3363>`__)

Links

• PyPI: https://pypi.org/project/urllib3
• Changelog: https://data.safetycli.com/changelogs/urllib3/