Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scheduled weekly dependency update for week 37 #916

Merged
merged 1 commit into from
Sep 17, 2019
Merged

Scheduled weekly dependency update for week 37 #916

merged 1 commit into from
Sep 17, 2019

Conversation

pyup-bot
Copy link
Contributor

Update bandit from 1.5.1 to 1.6.2.

Changelog

1.6.2

<details open>
<summary><strong>Changelog</strong></summary>

* Performance fix (502) tylerwince 

</details>

[See full changelog](https://github.com/PyCQA/bandit/compare/1.6.1...1.6.2)

1.6.1

<details open>
<summary><strong>Changelog</strong></summary>

* add test for regression and fix directory exclusion without wildcards (489) mattjegan 
* add namespaces for parent attributes (492) tylerwince 

</details>

[See full changelog](https://github.com/PyCQA/bandit/compare/1.6.0...1.6.1)

1.6.0

<details open>
<summary><strong>Changelog</strong></summary>

* Remove paramiko invoke_shell and fix example (377) ericwb
* Fix custom format argument handling (380) evqna
* Add release drafter template (382) evqna
* Add option -q, --quiet, --silent to hide output (385) ericwb
* Password (387) ehooo
* Properly handle nosec strings in code (388) ericwb 
* Fix Pylint warning W0612: use of unused variables (389) ericwb 
* No need to skip R0204: redefined-variable-type (390) ericwb
* Allow failures on dev branch of Python 3.8 (392) ericwb 
* Fix more info line to be in color also (408) ericwb
* Add pre-commit config (411) KPilnacek
* Fix B611 doc title (414) paulopontesm 
* Describe baseline and it's usage in README (415) BillBrower
* Remove unneeded trailing paren in link (416) ericwb 
* Add missing custom formatter doc (406) (421) nixphix
* Fix terminal colors not displaying properly on Windows (424) GhostofGoes
* Fix sql injection check for f-strings (434) mikespallino
* Bump PyYAML minimum version to 3.13 (432) ericwb 
* Supporting CSafeLoader in yaml.load plugin (436) domanchi 
* Add a readthedocs build status badge (440) lukehinds 
* Fix DeprecationWarning: invalid escape sequence (441) BoboTiG
* Fix ResourceWarning: unclosed file (442) BoboTiG
* check if ast.JoinedStr exists before using it (446) calvinli
* Fix context class (449) ehooo 
* Interpret wildcards in the file exclusion list (450) thilp 
* Fix typo in README (451) bitcoinhodler 
* Redo logo on the README (463) ericwb 
* Remove pycryptodome blacklist (470) mikespallino 
* updated readme links for werkzeug debugger (473) soumitr-snowflake

</details>

[See full changelog](https://github.com/PyCQA/bandit/compare/1.5.1...1.6.0)
Links

Update cffi from 1.12.2 to 1.12.3.

Changelog

1.12.3

=======

* Fix for nested struct types that end in a var-sized array (405).

* Add support for using ``U`` and ``L`` characters at the end of integer
constants in ``ffi.cdef()`` (thanks Guillaume).

* More 3.8 fixes.
Links

Update configparser from 3.7.4 to 4.0.2.

Changelog

4.0.2

======

* Re-release after pulling 4.0.0 and 4.0.1 due to 45.

4.0.1

======

* Cleaned up broken badges and release notes publishing.

4.0.0

======

* Switched to
`semver <https://semver.org/spec/v2.0.0.html>`_
for versioning this backport.

* Project now uses ``setuptools_scm`` for tagging releases.

3.8.1

=====

* Synced with `Python 3.8.0b3
<https://docs.python.org/3.8/whatsnew/changelog.htmlpython-3-8-0-beta-3>`_.

3.8.0

* Repackaged using setuptools_scm for file discovery and other features
from `skeleton <https://pypi.org/project/skeleton>`_. Fixes 33.

* Package now unconditionally installs the  ``configparser`` module.
Doing so allowed for the project to release a universal wheel for
Python 2 and Python 3. Even though the ``configparser`` module is
installed unconditionally on Python 3, it's expected that it will be
masked in that environment by the module in stdlib, so the same
interface applies. Ref 31.

3.7.5

=====

* Synced project with Python 3.7.4 (no meaningful changes).
Links

Update cryptography from 2.6.1 to 2.7.

Changelog

2.7

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
* **BACKWARDS INCOMPATIBLE:** Removed the
``cryptography.hazmat.primitives.mac.MACContext`` interface. The ``CMAC`` and
``HMAC`` APIs have not changed, but they are no longer registered as
``MACContext`` instances.
* Removed support for running our tests with ``setup.py test``. Users
interested in running our tests can continue to follow the directions in our
:doc:`development documentation</development/getting-started>`.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with ``Encoding.OpenSSH`` and ``PublicFormat.OpenSSH``
in
:meth:`Ed25519PublicKey.public_bytes
<cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>`
.
* Correctly allow passing a ``SubjectKeyIdentifier`` to
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
and deprecate passing an ``Extension`` object. The documentation always
required ``SubjectKeyIdentifier`` but the implementation previously
required an ``Extension``.

.. _v2-6-1:
Links

Update gitpython from 2.1.11 to 3.0.2.

Changelog

3.0.2

=============================================

* fixes an issue with installation

3.0.1

=============================================

* Fix a `performance regression <https://github.com/gitpython-developers/GitPython/issues/906>`_ which could make certain workloads 50% slower
* Add `currently_rebasing_on` method on `Repo`, see `the PR <https://github.com/gitpython-developers/GitPython/pull/903/filesdiff-c276fc3c4df38382ec884e59657b869dR1065>`_
* Fix incorrect `requirements.txt` which could lead to broken installations, see this `issue <https://github.com/gitpython-developers/GitPython/issues/908>`_ for details.

3.0.0 - Remove Python 2 support
===============================

Motivation for this is a patch which improves unicode handling when dealing with filesystem paths.
Python 2 compatibility was introduced to deal with differences, and I thought it would be a good idea
to 'just' drop support right now, mere 5 months away from the official maintenance stop of python 2.7.

The underlying motivation clearly is my anger when thinking python and unicode, which was a hassle from the
start, at least in a codebase as old as GitPython, which totally doesn't handle encodings correctly in many cases.

Having migrated to using `Rust` exclusively for tooling, I still see that correct handling of encodings isn't entirely
trivial, but at least `Rust` makes clear what has to be done at compile time, allowing to write software that is pretty
much guaranteed to work once it compiles.

Again, my apologies if removing Python 2 support caused inconveniences, please see release 2.1.13 which returns it.

see the following for (most) details:
https://github.com/gitpython-developers/gitpython/milestone/27?closed=1

or run have a look at the difference between tags v2.1.12 and v3.0.0:
https://github.com/gitpython-developers/GitPython/compare/2.1.12...3.0.0.

2.1.13 - Bring back Python 2.7 support
======================================

My apologies for any inconvenience this may have caused. Following semver, backward incompatible changes
will be introduced in a minor version.

2.1.12

==============================

* Multi-value support and interface improvements for Git configuration. Thanks to A. Jesse Jiryu Davis.

or run have a look at the difference between tags v2.1.11 and v2.1.12:
https://github.com/gitpython-developers/GitPython/compare/2.1.11...2.1.12
Links

Update isort from 4.3.17 to 4.3.21.

Changelog

4.3.21

- Fixed issue 957 - Long aliases and use_parentheses generates invalid syntax

4.3.20

- Fixed issue 948 - Pipe redirection broken on Python2.7

4.3.19

- Fixed issue 942 - correctly handle pyi (Python Template Files) to match `black` output

4.3.18

- Fixed an issue with parsing files that contain unicode characters in Python 2
- Fixed issue 924 - Pulling in pip internals causes depreciation warning
- Fixed issue 938 - Providing a way to filter explicitly passed in files via configuration settings (`--filter-files`)
- Improved interoperability with toml configuration files
Links

Update lazy-object-proxy from 1.3.1 to 1.4.2.

Changelog

1.4.1

------------------

* Fixed wheels being built with ``-coverage`` cflags. No more issues about bogus ``cext.gcda`` files.
* Removed useless C file from wheels.
* Changed ``setup.py`` to use setuptools-scm.

1.4.0

------------------

* Fixed ``__mod__`` for the slots backend. Contributed by Ran Benita in
`28 <https://github.com/ionelmc/python-lazy-object-proxy/pull/28>`_.
* Dropped support for Python 2.6 and 3.3. Contributed by "hugovk" in
`24 <https://github.com/ionelmc/python-lazy-object-proxy/pull/24>`_.
Links

Update pbr from 5.1.3 to 5.4.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update pluggy from 0.9.0 to 0.13.0.

Changelog

0.13.0

==========================

Trivial/Internal Changes
------------------------

- `222 <https://github.com/pytest-dev/pluggy/issues/222>`_: Replace ``importlib_metadata`` backport with ``importlib.metadata`` from the
standard library on Python 3.8+.

0.12.0

==========================

Features
--------

- `215 <https://github.com/pytest-dev/pluggy/issues/215>`_: Switch from ``pkg_resources`` to ``importlib-metadata`` for entrypoint detection for improved performance and import time.  This time with ``.egg`` support.

0.11.0

==========================

Bug Fixes
---------

- `205 <https://github.com/pytest-dev/pluggy/issues/205>`_: Revert changes made in 0.10.0 release breaking ``.egg`` installs.

0.10.0

==========================

Features
--------

- `199 <https://github.com/pytest-dev/pluggy/issues/199>`_: Switch from ``pkg_resources`` to ``importlib-metadata`` for entrypoint detection for improved performance and import time.
Links

Update pyyaml from 5.1 to 5.1.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update requests from 2.21.0 to 2.22.0.

Changelog

2.22.0

-------------------

**Dependencies**

- Requests now supports urllib3 v1.25.2.
(note: 1.25.0 and 1.25.1 are incompatible)

**Deprecations**

- Requests has officially stopped support for Python 3.4.
Links

Update stevedore from 1.30.1 to 1.31.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update tox from 3.8.6 to 3.14.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update virtualenv from 16.4.3 to 16.7.5.

Changelog

16.7.4

--------------------

Bugfixes
^^^^^^^^

- * fix powershell activation when sourced (`1398 <https://github.com/pypa/virtualenv/issues/1398>`_)
- * upgrade wheel from ``0.33.4`` to ``0.33.6`` and setuptools from ``41.1.0`` to ``41.2.0`` (`1409 <https://github.com/pypa/virtualenv/issues/1409>`_)

16.7.3

--------------------

Bugfixes
^^^^^^^^

- upgrade pip from ``19.1.1`` to ``19.2.2`` and setuptools from ``41.0.1`` to ``41.1.0`` (`1404 <https://github.com/pypa/virtualenv/issues/1404>`_)

16.7.2

--------------------

Bugfixes
^^^^^^^^

- fix regression - sh activation script not working under sh (only bash) (`1396 <https://github.com/pypa/virtualenv/issues/1396>`_)

16.7.1

--------------------

Features
^^^^^^^^

- pip bumped to 19.2.1 (`1392 <https://github.com/pypa/virtualenv/issues/1392>`_)

16.7.0

--------------------

Features
^^^^^^^^

- ``activate.ps1`` syntax and style updated to follow ``PSStyleAnalyzer`` rules (`1371 <https://github.com/pypa/virtualenv/issues/1371>`_)
- Allow creating virtual environments for ``3.xy``. (`1385 <https://github.com/pypa/virtualenv/issues/1385>`_)
- Report error when running activate scripts directly, instead of sourcing. By reporting an error instead of running silently, the user get immediate feedback that the script was not used correctly. Only Bash and PowerShell are supported for now. (`1388 <https://github.com/pypa/virtualenv/issues/1388>`_)
- * add pip 19.2 (19.1.1 is kept to still support python 3.4 dropped by latest pip) (`1389 <https://github.com/pypa/virtualenv/issues/1389>`_)

16.6.2

--------------------

Bugfixes
^^^^^^^^

- Extend the LICENSE search paths list by ``lib64/pythonX.Y`` to support Linux
vendors who install their Python to ``/usr/lib64/pythonX.Y`` (Gentoo, Fedora,
openSUSE, RHEL and others) - by ``hroncok`` (`1382 <https://github.com/pypa/virtualenv/issues/1382>`_)

16.6.1

--------------------

Bugfixes
^^^^^^^^

- Raise an error if the target path contains the operating systems path separator (using this would break our activation scripts) - by rrauenza. (`395 <https://github.com/pypa/virtualenv/issues/395>`_)
- Fix an additional issue with 1339, where the user specifies ``--python``
pointing to a venv redirector executable. (`1364 <https://github.com/pypa/virtualenv/issues/1364>`_)

16.6.0

--------------------

Features
^^^^^^^^

- Drop Jython support. Jython became slower and slower in the last few months and significantly holds back our
CI and development. As there's very little user base for it decided to drop support for it. If there are Jython
developers reach out to us to see how we can add back support. (`1354 <https://github.com/pypa/virtualenv/issues/1354>`_)
- Upgrade embedded packages:

   * upgrade wheel from ``0.33.1`` to ``0.33.4``
   * upgrade pip from ``19.1`` to ``19.1.1`` (`1356 <https://github.com/pypa/virtualenv/issues/1356>`_)

16.5.0

--------------------

Bugfixes
^^^^^^^^

- Add tests covering prompt manipulation during activation/deactivation,
and harmonize behavior of all supported shells - by ``bskinn`` (`1330 <https://github.com/pypa/virtualenv/issues/1330>`_)
- Handle running virtualenv from within a virtual environment created
using the stdlib ``venv`` module. Fixes 1339. (`1345 <https://github.com/pypa/virtualenv/issues/1345>`_)


Features
^^^^^^^^

- ``-p`` option accepts Python version in following formats now: ``X``, ``X-ZZ``, ``X.Y`` and ``X.Y-ZZ``, where ``ZZ`` is ``32`` or ``64``. (Windows only) (`1340 <https://github.com/pypa/virtualenv/issues/1340>`_)
- upgrade pip from ``19.0.3`` to ``19.1`` (`1346 <https://github.com/pypa/virtualenv/issues/1346>`_)
- upgrade setuptools from ``40.8.0 to ``41.0.1`` (`1346 <https://github.com/pypa/virtualenv/issues/1346>`_)
Links

Update wrapt from 1.11.1 to 1.11.2.

Changelog

1.11.2

---------------

**Bugs Fixed**

* Fix possible crash when garbage collection kicks in when invoking a
destructor of wrapped object.
Links

Update certifi from 2019.3.9 to 2019.9.11.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update urllib3 from 1.24.2 to 1.25.3.

Changelog

1.25.3

-------------------

* Change ``HTTPSConnection`` to load system CA certificates
when ``ca_certs``, ``ca_cert_dir``, and ``ssl_context`` are
unspecified. (Pull 1608, Issue 1603)

* Upgrade bundled rfc3986 to v1.3.2. (Pull 1609, Issue 1605)

1.25.2

-------------------

* Change ``is_ipaddress`` to not detect IPvFuture addresses. (Pull 1583)

* Change ``parse_url`` to percent-encode invalid characters within the
path, query, and target components. (Pull 1586)

1.25.1

-------------------

* Add support for Google's ``Brotli`` package. (Pull 1572, Pull 1579)

* Upgrade bundled rfc3986 to v1.3.1 (Pull 1578)

1.25

-----------------

* Require and validate certificates by default when using HTTPS (Pull 1507)

* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. (Pull 1487)

* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
encrypted ``key_file`` without creating your own ``SSLContext`` object. (Pull 1489)

* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
implementations. (Pull 1496)

* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue 303, PR 1492)

* Fixed issue where OpenSSL would block if an encrypted client private key was
given and no password was given. Instead an ``SSLError`` is raised. (Pull 1489)

* Added support for Brotli content encoding. It is enabled automatically if
``brotlipy`` package is installed which can be requested with
``urllib3[brotli]`` extra. (Pull 1532)

* Drop ciphers using DSS key exchange from default TLS cipher suites.
Improve default ciphers when using SecureTransport. (Pull 1496)

* Implemented a more efficient ``HTTPResponse.__iter__()`` method. (Issue 1483)

1.24.3

-------------------

* Apply fix for CVE-2019-9740. (Pull 1591)
Links

@pyup-bot pyup-bot mentioned this pull request Sep 16, 2019
Closed
@lukpueh lukpueh force-pushed the pyup-scheduled-update-2019-09-16 branch from dbbb98d to e0667d1 Compare September 17, 2019 09:58
@pyup-bot @lukpueh
Update bandit from 1.5.1 to 1.6.2
089afa7 
Update cffi from 1.12.2 to 1.12.3

Update cffi from 1.12.2 to 1.12.3

Update configparser from 3.7.4 to 4.0.2

Update cryptography from 2.6.1 to 2.7

Update cryptography from 2.6.1 to 2.7

Update gitpython from 2.1.11 to 3.0.2

Update isort from 4.3.17 to 4.3.21

Update lazy-object-proxy from 1.3.1 to 1.4.2

Update pbr from 5.1.3 to 5.4.3

Update pluggy from 0.9.0 to 0.13.0

Update pyyaml from 5.1 to 5.1.2

Update requests from 2.21.0 to 2.22.0

Update requests from 2.21.0 to 2.22.0

Update stevedore from 1.30.1 to 1.31.0

Update tox from 3.8.6 to 3.14.0

Update virtualenv from 16.4.3 to 16.7.5

Update wrapt from 1.11.1 to 1.11.2

Update certifi from 2019.3.9 to 2019.9.11

Update urllib3 from 1.24.2 to 1.25.3

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
@lukpueh lukpueh force-pushed the pyup-scheduled-update-2019-09-16 branch from e0667d1 to 089afa7 Compare September 17, 2019 10:01
lukpueh
lukpueh approved these changes Sep 17, 2019
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Skimmed changelogs, verified hashes by running pip install -r requirements.txt locally, squash-rebased and added DCO.

@lukpueh lukpueh mentioned this pull request Sep 17, 2019
Closed
@lukpueh lukpueh merged commit 824e7db into develop Sep 17, 2019
@lukpueh lukpueh mentioned this pull request Oct 2, 2019
Merged
@trishankatdatadog trishankatdatadog deleted the pyup-scheduled-update-2019-09-16 branch November 5, 2019 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pyup-bot @lukpueh