Bump the minor-patch-dependencies group with 6 updates

[dependabot]

Bumps the minor-patch-dependencies group with 6 updates:

Package	From	To
aiohttp	3.11.7	3.11.10
sentry-sdk	2.19.0	2.19.2
pytest	8.3.3	8.3.4
bandit	1.7.10	1.8.0
ruff	0.8.0	0.8.2
kinto-http	11.6.0	11.7.0

Updates aiohttp from 3.11.7 to 3.11.10

Release notes

Sourced from aiohttp's releases.

3.11.10

Bug fixes

• Fixed race condition in :class:aiohttp.web.FileResponse that could have resulted in an incorrect response if the file was replaced on the file system during prepare -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10101, #10113.

• Replaced deprecated call to :func:mimetypes.guess_type with :func:mimetypes.guess_file_type when using Python 3.13+ -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10102.

• Disabled zero copy writes in the StreamWriter -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10125.

---

3.11.9

Bug fixes

• Fixed invalid method logging unexpected being logged at exception level on subsequent connections -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10055, #10076.

Miscellaneous internal changes

• Improved performance of parsing headers when using the C parser -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.11.10 (2024-12-05)

Bug fixes

• Fixed race condition in :class:aiohttp.web.FileResponse that could have resulted in an incorrect response if the file was replaced on the file system during prepare -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10101, :issue:10113.

• Replaced deprecated call to :func:mimetypes.guess_type with :func:mimetypes.guess_file_type when using Python 3.13+ -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10102.

• Disabled zero copy writes in the StreamWriter -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10125.

---

3.11.9 (2024-12-01)

Bug fixes

• Fixed invalid method logging unexpected being logged at exception level on subsequent connections -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10055, :issue:10076.

Miscellaneous internal changes

... (truncated)

Commits

• 0d7352a Release 3.11.10 (#10128)
• 5ddff95 [PR #10125/d58d2c3d backport][3.11] Disable zero copy writes in the ``StreamW...
• db5e6bb [PR #10122/703ce61 backport][3.11] Typing improvements for file responses (#1...
• bcae561 [PR #10113/01302134 backport][3.11] Restore 304 performance after fixing `Fil...
• 78473b9 [PR #10114/94569554 backport][3.11] Add 304 benchmark for FileResponse (#10115)
• ae153ab [PR #10107/84bb77d1 backport][3.11] Use internal self._headers var in `File...
• 07d1759 [PR #10101/678993a4 backport][3.11] Fix race in FileResponse if file is rep...
• 23a4b31 [PR #10102/7557b03d backport][3.11] Fix deprecated calls to guess_type for ...
• c41ffc7 [PR #10095/fcce1bf6 backport][3.11] Add a benchmark for web.FileResponse (#10...
• 86bb6ad [PR #10088/29c3ca93 backport][3.11] Avoid calling len on the same data in the...
• Additional commits viewable in compare view

Updates sentry-sdk from 2.19.0 to 2.19.2

Release notes

Sourced from sentry-sdk's releases.

2.19.2

Various fixes & improvements

• Deepcopy and ensure get_all function always terminates (#3861) by @​cmanallen
• Cleanup chalice test environment (#3858) by @​antonpirker

2.19.1

Various fixes & improvements

• Fix errors when instrumenting Django cache (#3855) by @​BYK
• Copy scope.client reference as well (#3857) by @​sl0thentr0py
• Don't give up on Spotlight on 3 errors (#3856) by @​BYK
• Add missing stack frames (#3673) by @​antonpirker
• Fix wrong metadata type in async gRPC interceptor (#3205) by @​fdellekart
• Rename launch darkly hook to match JS SDK (#3743) by @​aliu39
• Script for checking if our instrumented libs are Python 3.13 compatible (#3425) by @​antonpirker
• Improve Ray tests (#3846) by @​antonpirker
• Test with Celery 5.5.0rc3 (#3842) by @​sentrivana
• Fix asyncio testing setup (#3832) by @​sl0thentr0py
• Bump codecov/codecov-action from 5.0.2 to 5.0.7 (#3821) by @​dependabot
• Fix CI (#3834) by @​sentrivana
• Use new ClickHouse GH action (#3826) by @​antonpirker

Changelog

Sourced from sentry-sdk's changelog.

2.19.2

Various fixes & improvements

• Deepcopy and ensure get_all function always terminates (#3861) by @​cmanallen
• Cleanup chalice test environment (#3858) by @​antonpirker

2.19.1

Various fixes & improvements

• Fix errors when instrumenting Django cache (#3855) by @​BYK
• Copy scope.client reference as well (#3857) by @​sl0thentr0py
• Don't give up on Spotlight on 3 errors (#3856) by @​BYK
• Add missing stack frames (#3673) by @​antonpirker
• Fix wrong metadata type in async gRPC interceptor (#3205) by @​fdellekart
• Rename launch darkly hook to match JS SDK (#3743) by @​aliu39
• Script for checking if our instrumented libs are Python 3.13 compatible (#3425) by @​antonpirker
• Improve Ray tests (#3846) by @​antonpirker
• Test with Celery 5.5.0rc3 (#3842) by @​sentrivana
• Fix asyncio testing setup (#3832) by @​sl0thentr0py
• Bump codecov/codecov-action from 5.0.2 to 5.0.7 (#3821) by @​dependabot
• Fix CI (#3834) by @​sentrivana
• Use new ClickHouse GH action (#3826) by @​antonpirker

Commits

• 163762f release: 2.19.2
• 8f9461e Deepcopy and ensure get_all function always terminates (#3861)
• fd56608 Merge branch 'release/2.19.1'
• 7ab7fe6 Cleanup chalice test environment (#3858)
• 231a6a1 Update CHANGELOG.md
• c591b64 release: 2.19.1
• 7a6d460 Copy scope.client reference as well (#3857)
• 5a09770 fix(spotlight): Don't give up on Spotlight on 3 errors (#3856)
• 31fdcfa fix(django): Fix errors when instrumenting Django cache (#3855)
• 5891717 Script for checking if our instrumented libs are python 3.13 compatible (#3425)
• Additional commits viewable in compare view

Updates pytest from 8.3.3 to 8.3.4

Release notes

Sourced from pytest's releases.

8.3.4

pytest 8.3.4 (2024-12-01)

Bug fixes

• #12592: Fixed KeyError{.interpreted-text role="class"} crash when using --import-mode=importlib in a directory layout where a directory contains a child directory with the same name.

• #12818: Assertion rewriting now preserves the source ranges of the original instructions, making it play well with tools that deal with the AST, like executing.

• #12849: ANSI escape codes for colored output now handled correctly in pytest.fail{.interpreted-text role="func"} with [pytrace=False]{.title-ref}.

• #9353: pytest.approx{.interpreted-text role="func"} now uses strict equality when given booleans.

Improved documentation

• #10558: Fix ambiguous docstring of pytest.Config.getoption{.interpreted-text role="func"}.

• #10829: Improve documentation on the current handling of the --basetemp option and its lack of retention functionality (temporary directory location and retention{.interpreted-text role="ref"}).

• #12866: Improved cross-references concerning the recwarn{.interpreted-text role="fixture"} fixture.

• #12966: Clarify filterwarnings{.interpreted-text role="ref"} docs on filter precedence/order when using multiple @pytest.mark.filterwarnings <pytest.mark.filterwarnings ref>{.interpreted-text role="ref"} marks.

Contributor-facing changes

• #12497: Fixed two failing pdb-related tests on Python 3.13.

Commits

• 53f8b4e Update pypa/gh-action-pypi-publish to v1.12.2
• 98dff36 Prepare release version 8.3.4
• 1b474e2 approx: use exact comparison for bool (#13013)
• b541721 docs: Fix wrong statement about sys.modules with importlib import mode (#1298...
• 16cb87b pytest.fail: fix ANSI escape codes for colored output (#12959) (#12990)
• be6bc81 Issue #12966 Clarify filterwarnings docs on precedence when using multiple ma...
• 7aeb72b Improve docs on basetemp and retention (#12912) (#12928)
• c875841 Merge pull request #12917 from pytest-dev/patchback/backports/8.3.x/ded1f44e5...
• 6502816 Merge pull request #12913 from jakkdl/dontfailonbadpath
• 52135b0 Merge pull request #12885 from The-Compiler/pdb-py311 (#12887)
• Additional commits viewable in compare view

Updates bandit from 1.7.10 to 1.8.0

Release notes

Sourced from bandit's releases.

1.8.0

What's Changed

• Bump docker/build-push-action from 6.7.0 to 6.9.0 by @​dependabot in PyCQA/bandit#1178
• Rename doc file to match proper bandit ID by @​ericwb in PyCQA/bandit#1183
• Removal of Python 3.8 support by @​ericwb in PyCQA/bandit#1174
• Add more insecure cryptography cipher algorithms by @​ericwb in PyCQA/bandit#1185
• Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @​dependabot in PyCQA/bandit#1186
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in PyCQA/bandit#1187
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1162
• No need to check httpx client without timeout defined by @​ericwb in PyCQA/bandit#1177
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1191
• Mark Python 3.13 as officially supported by @​ericwb in PyCQA/bandit#1192
• Update project urls with added links by @​ericwb in PyCQA/bandit#1193
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1196
• Add a JSON to seek funding from the FLOSS/fund by @​ericwb in PyCQA/bandit#1194
• Remove Sentry as a sponsor by @​ericwb in PyCQA/bandit#1198
• Remove more leftover OpenStack references by @​ericwb in PyCQA/bandit#1195

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

Commits

• 8fd258a Remove more leftover OpenStack references (#1195)
• a19b072 Remove Sentry as a sponsor (#1198)
• 48e0258 Add a JSON to seek funding from the FLOSS/fund (#1194)
• 5300a21 [pre-commit.ci] pre-commit autoupdate (#1196)
• 0b249d9 Update project urls with added links (#1193)
• 4be653d Mark Python 3.13 as officially supported (#1192)
• 8e6dc1b [pre-commit.ci] pre-commit autoupdate (#1191)
• 071386b No need to check httpx client without timeout defined (#1177)
• 9b4d480 [pre-commit.ci] pre-commit autoupdate (#1162)
• ddf9b48 Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#1187)
• Additional commits viewable in compare view

Updates ruff from 0.8.0 to 0.8.2

Release notes

Sourced from ruff's releases.

0.8.2

Release Notes

Preview features

• [airflow] Avoid deprecated values (AIR302) (#14582)
• [airflow] Extend removed names for AIR302 (#14734)
• [ruff] Extend unnecessary-regular-expression to non-literal strings (RUF055) (#14679)
• [ruff] Implement used-dummy-variable (RUF052) (#14611)
• [ruff] Implement unnecessary-cast-to-int (RUF046) (#14697)

Rule changes

• [airflow] Check AIR001 from builtin or providers operators module (#14631)
• [flake8-pytest-style] Remove @ in pytest.mark.parametrize rule messages (#14770)
• [pandas-vet] Skip rules if the panda module hasn't been seen (#14671)
• [pylint] Fix false negatives for ascii and sorted in len-as-condition (PLC1802) (#14692)
• [refurb] Guard hashlib imports and mark hashlib-digest-hex fix as safe (FURB181) (#14694)

Configuration

• [flake8-import-conventions] Improve syntax check for aliases supplied in configuration for unconventional-import-alias (ICN001) (#14745)

Bug fixes

• Revert: [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#14615) (#14726)
• [pep8-naming] Avoid false positive for class Bar(type(foo)) (N804) (#14683)
• [pycodestyle] Handle f-strings properly for invalid-escape-sequence (W605) (#14748)
• [pylint] Ignore @overload in PLR0904 (#14730)
• [refurb] Handle non-finite decimals in verbose-decimal-constructor (FURB157) (#14596)
• [ruff] Avoid emitting assignment-in-assert when all references to the assigned variable are themselves inside asserts (RUF018) (#14661)

Documentation

• Improve docs for flake8-use-pathlib rules (#14741)
• Improve error messages and docs for flake8-comprehensions rules (#14729)
• [flake8-type-checking] Expands TC006 docs to better explain itself (#14749)

Contributors

• @​AlexWaygood
• @​Daverball
• @​InSyncWithFoo
• @​Lee-W
• @​Lokejoke
• @​Matt-Ord
• @​MichaReiser
• @​Well2333
• @​connorskees
• @​dcreager
• @​dhruvmanila

... (truncated)

Changelog

Sourced from ruff's changelog.

0.8.2

Preview features

• [airflow] Avoid deprecated values (AIR302) (#14582)
• [airflow] Extend removed names for AIR302 (#14734)
• [ruff] Extend unnecessary-regular-expression to non-literal strings (RUF055) (#14679)
• [ruff] Implement used-dummy-variable (RUF052) (#14611)
• [ruff] Implement unnecessary-cast-to-int (RUF046) (#14697)

Rule changes

• [airflow] Check AIR001 from builtin or providers operators module (#14631)
• [flake8-pytest-style] Remove @ in pytest.mark.parametrize rule messages (#14770)
• [pandas-vet] Skip rules if the panda module hasn't been seen (#14671)
• [pylint] Fix false negatives for ascii and sorted in len-as-condition (PLC1802) (#14692)
• [refurb] Guard hashlib imports and mark hashlib-digest-hex fix as safe (FURB181) (#14694)

Configuration

• [flake8-import-conventions] Improve syntax check for aliases supplied in configuration for unconventional-import-alias (ICN001) (#14745)

Bug fixes

• Revert: [pyflakes] Avoid false positives in @no_type_check contexts (F821, F722) (#14615) (#14726)
• [pep8-naming] Avoid false positive for class Bar(type(foo)) (N804) (#14683)
• [pycodestyle] Handle f-strings properly for invalid-escape-sequence (W605) (#14748)
• [pylint] Ignore @overload in PLR0904 (#14730)
• [refurb] Handle non-finite decimals in verbose-decimal-constructor (FURB157) (#14596)
• [ruff] Avoid emitting assignment-in-assert when all references to the assigned variable are themselves inside asserts (RUF018) (#14661)

Documentation

• Improve docs for flake8-use-pathlib rules (#14741)
• Improve error messages and docs for flake8-comprehensions rules (#14729)
• [flake8-type-checking] Expands TC006 docs to better explain itself (#14749)

0.8.1

Preview features

• Formatter: Avoid invalid syntax for format-spec with quotes for all Python versions (#14625)
• Formatter: Consider quotes inside format-specs when choosing the quotes for an f-string (#14493)
• Formatter: Do not consider f-strings with escaped newlines as multiline (#14624)
• Formatter: Fix f-string formatting in assignment statement (#14454)
• Formatter: Fix unnecessary space around power operator (**) in overlong f-string expressions (#14489)
• [airflow] Avoid implicit schedule argument to DAG and @dag (AIR301) (#14581)
• [flake8-builtins] Exempt private built-in modules (A005) (#14505)
• [flake8-pytest-style] Fix pytest.mark.parametrize rules to check calls instead of decorators (#14515)
• [flake8-type-checking] Implement runtime-cast-value (TC006) (#14511)

... (truncated)

Commits

• b0e26e6 Bump version to 0.8.2 (#14789)
• e9941cd [red-knot] Move standalone expr inference to for non-name target (#14788)
• 43bf1a8 Add tests for "keyword as identifier" syntax errors (#14754)
• fda8b1f [ruff] Unnecessary cast to int (RUF046) (#14697)
• 2d3f557 [red-knot] Fallback for typing._NoDefaultType (#14783)
• bd27bfa [red-knot] Unify setup_db() functions, add TestDb builder (#14777)
• 155d34b [red-knot] Infer precise types for len() calls (#14599)
• 04c887c Fix references for async-busy-wait (#14775)
• af43bd4 [red-knot] Gradual forms do not participate in equivalence/subtyping (#14758)
• 6149177 Remove @ in pytest.mark.parametrize rule messages (#14770)
• Additional commits viewable in compare view

Updates kinto-http from 11.6.0 to 11.7.0

Release notes

Sourced from kinto-http's releases.

11.7.0

What's Changed

New Features

• Add dry_mode parameter by @​leplatrem in Kinto/kinto-http.py#382

Full Changelog: Kinto/kinto-http.py@11.6.0...11.7.0

Commits

• 858b925 Add 'dry_mode' parameter (#382)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The minor update of this production dependency was not automatically approved. For production dependencies, these semver updates can be automatically approved: patch

[github-actions]

The minor update of this production dependency was not automatically approved. For production dependencies, these semver updates can be automatically approved: patch