fix(deps): update all non-major dependencies

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Werkzeug (changelog)	2.3.3 -> 2.3.4
alembic (source, changelog)	1.10.4 -> 1.11.1
asgiref (changelog)	3.6.0 -> 3.7.1
coverage	7.2.5 -> 7.2.6
email-validator	^2.0.0.post2 -> ^2.0.0-post.0
fakeredis	2.11.2 -> 2.13.0
httpx (changelog)	0.24.0 -> 0.24.1
orjson (changelog)	3.8.11 -> 3.8.14
protobuf	4.22.4 -> 4.23.1
pygit2 (changelog)	1.12.0 -> 1.12.1
pytest-cov (changelog)	4.0.0 -> 4.1.0
pytest-xdist (changelog)	3.2.1 -> 3.3.1
redis (changelog)	4.5.4 -> 4.5.5
requests (source, changelog)	2.30.0 -> 2.31.0

---

Release Notes

django/asgiref

v3.7.1

• On Python 3.10 and below, the version of the "typing_extensions" package is now constrained to be at least version 4 (as we depend on functionality in that version and above)

v3.7.0

Compare Source

• Contextvars are now required for the implementation of Local as Python 3.6 is now no longer a supported version.

• sync_to_async and async_to_sync now pass-through

• Debug and Lifespan State extensions have resulted in a typing change for some request and response types. This change should be backwards-compatible.

• asgiref frames will now be hidden in Django tracebacks by default.

• Raw performance and garbage collection improvements in Local, SyncToAsync, and AsyncToSync.

nedbat/coveragepy

v7.2.6

Compare Source

• Fix: the lcov command could raise an IndexError exception if a file is translated to Python but then executed under its own name. Jinja2 does this when rendering templates. Fixes issue 1553_.

• Python 3.12 beta 1 now inlines comprehensions. Previously they were compiled as invisible functions and coverage.py would warn you if they weren't completely executed. This no longer happens under Python 3.12.

• Fix: the coverage debug sys command includes some environment variables in its output. This could have included sensitive data. Those values are now hidden with asterisks, closing issue 1628_.

.. _issue 1553: https://github.com/nedbat/coveragepy/issues/1553 .. _issue 1628: https://github.com/nedbat/coveragepy/issues/1628

.. _changes_7-2-5:

JoshData/python-email-validator

v2.0.0

This is a major update to the library, but since email address specs haven't changed there should be no significant changes to which email addresses are considered valid or invalid with default options. There are new options for accepting unusual email addresses that were previously always rejected, some changes to how DNS errors are handled, many changes in error message text, and major internal improvements including the addition of type annotations. Python 3.7+ is now required. Details follow:

• Python 2.x and 3.x versions through 3.6, and dnspython 1.x, are no longer supported. Python 3.7+ with dnspython 2.x are now required.
• The dnspython package is no longer required if DNS checks are not used, although it will install automatically.
• NoNameservers and NXDOMAIN DNS errors are now handled differently: NoNameservers no longer fails validation, and NXDOMAIN now skips checking for an A/AAAA fallback and goes straight to failing validation.
• Some syntax error messages have changed because they are now checked explicitly rather than as a part of other checks.
• The quoted-string local part syntax (e.g. multiple @​-signs, spaces, etc. if surrounded by quotes) and domain-literal addresses (e.g. @​[192.XXX...] or @​[IPv6:...]) are now parsed but not considered valid by default. Better error messages are now given for these addresses since it can be confusing for a technically valid address to be rejected, and new allow_quoted_local and allow_domain_literal options are added to allow these addresses if you really need them.
• Some other error messages have changed to not repeat the email address in the error message.
• The email field on the returned ValidatedEmail object has been renamed to normalized to be clearer about its importance, but access via .email is also still supported.
• Some mailbox names like postmaster are now normalized to lowercase per RFC 2142.
• The library has been reorganized internally into smaller modules.
• The tests have been reorganized and expanded. Deliverability tests now mostly use captured DNS responses so they can be run off-line.
• The main tool now reads options to validate_email from environment variables.
• Type annotations have been added to the exported methods and the ValidatedEmail class and some internal methods.
• The old dict-like pattern for the return value of validate_email is deprecated.

Versions 2.0.0.post1 and 2.0.0.post2 corrected some packaging issues. 2.0.0.post2 also added a check for an invalid combination of arguments.

cunla/fakeredis-py

v2.13.0: 🌈

Compare Source

Changes

🚀 Features

• Implement XDEL (#​153)

🐛 Bug Fixes

• Fixed xadd timestamp (fixes #​151) (#​152)

🧰 Maintenance

• Improve test code
• Fix reported security issue

Contributors

We'd like to thank all the contributors who worked on this release!

@​bomber8013

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.12.1...v2.13.0

v2.12.1: 🌈

Compare Source

Changes

• Adding state for scan commands (#​99)
• Add support for Connection.read_response arguments used in redis-py 4.5.5 and 5.0.0

Contributors

We'd like to thank all the contributors who worked on this release!

@​matanper

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.12.0...v2.12.1

v2.12.0: 🌈

Compare Source

Changes

🚀 Features

• Implement XREAD (#​147)

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.11.2...v2.12.0

encode/httpx

v0.24.1

Compare Source

Added

• Provide additional context in some InvalidURL exceptions. (#​2675)

Fixed

• Fix optional percent-encoding behaviour. (#​2671)
• More robust checking for opening upload files in binary mode. (#​2630)
• Properly support IP addresses in NO_MROXY environment variable. (#​2659)
• Set default file for NetRCAuth() to None to use the stdlib default. (#​2667)
• Set logging request lines to INFO level for async requests, in line with sync requests. (#​2656)
• Fix which gen-delims need to be escaped for path/query/fragment components in URL. (#​2701)

ijl/orjson

v3.8.14

Compare Source

Changed

• PyPI manylinux wheels are compiled for x86-64 instead of x86-64-v2.

v3.8.13

Compare Source

Changed

• Source distribution contains all source code required for an offline build.
• PyPI macOS wheels use a MACOSX_DEPLOYMENT_TARGET of 10.15 instead of 11.
• Build uses maturin v1.

v3.8.12

Compare Source

Changed

• Exceptions raised in default are now chained as the __cause__ attribute on orjson.JSONEncodeError.

libgit2/pygit2

v1.12.1

Compare Source

• Fix segfault in signature when encoding is incorrect #&#8203;1210 <https://github.com/libgit2/pygit2/pull/1210>_

• Typing improvements #&#8203;1212 <https://github.com/libgit2/pygit2/pull/1212>_ #&#8203;1214 <https://github.com/libgit2/pygit2/pull/1214>_

• Update wheels to libgit2 v1.6.4

pytest-dev/pytest-cov

v4.1.0

Compare Source

• Updated CI with new Pythons and dependencies.
• Removed rsyncdir support. This makes pytest-cov compatible with xdist 3.0. Contributed by Sorin Sbarnea in #&#8203;558 <https://github.com/pytest-dev/pytest-cov/pull/558>_.
• Optimized summary generation to not be performed if no reporting is active (for example, when --cov-report='' is used without --cov-fail-under). Contributed by Jonathan Stewmon in #&#8203;589 <https://github.com/pytest-dev/pytest-cov/pull/589>_.
• Added support for JSON reporting. Contributed by Matthew Gamble in #&#8203;582 <https://github.com/pytest-dev/pytest-cov/pull/582>_.
• Refactored code to use f-strings. Contributed by Mark Mayo in #&#8203;572 <https://github.com/pytest-dev/pytest-cov/pull/572>_.
• Fixed a skip in the test suite for some old xdist. Contributed by a bunch of people in #&#8203;565 <https://github.com/pytest-dev/pytest-cov/pull/565>_.

pytest-dev/pytest-xdist

v3.3.1

Compare Source

===============================

Bug Fixes

• #&#8203;907 <https://github.com/pytest-dev/pytest-xdist/issues/907>_: Avoid remote calls during startup as execnet by default does not ensure remote affinity with the main thread and might accidentally schedule the pytest worker into a non-main thread, which breaks numerous frameworks, for example asyncio, anyio, PyQt/PySide, etc.

  A more safe correction will require thread affinity in execnet (pytest-dev/execnet#&#8203;96 <https://github.com/pytest-dev/execnet/issues/96>__).

v3.3.0

Compare Source

===============================

Features

• #&#8203;555 <https://github.com/pytest-dev/pytest-xdist/issues/555>_: Improved progress output when collecting nodes to be less verbose.

redis/redis-py

v4.5.5: 4.5.5

Compare Source

Changes

🚀 New Features

• Add support for CLIENT NO-TOUCH (#​2745)
• Add support for CLUSTER MYSHARDID (#​2704)
• Add "address_remap" feature to RedisCluster (#​2726)
• Add WITHSCORES argument to ZREVRANK command (#​2725)
• Improve error output for master discovery (#​2720)

🐛 Bug Fixes

• Fix XADD: allow non negative maxlen (#​2739)
• Fix create single connection client from url (#​2752)
• Optionally disable disconnects in read_response (#​2695)
• Fix SLOWLOG GET return value (#​2732)
• Fix potential race condition during disconnection (#​2719)
• Return response in case of KeyError (#​2628)
• Fix incorrect usage of once flag in async Sentinel (#​2718)
• Fix memory leak caused by hiredis in asyncio case (#​2694)
• Really do not use asyncio's timeout lib before 3.11.2 (#​2699)

🧰 Maintenance

• Clean PytestUnraisableExceptionWarning from asycio client (#​2731)
• Add RedisCluster.remap_host_port, Update tests for CWE 404 (#​2706)
• Updated AWS Elasticache IAM connection example (#​2702)
• Update CONTRIBUTING guidelines (#​2736)
• Fix ClusterCommandProtocol type (#​2729)
• Fix TOPK list example. (#​2724)
• Improving vector similarity search example (#​2661)
• Update example of Redisearch creating index (#​2703)

Contributors

We'd like to thank all the contributors who worked on this release!

@​AYMENJD, @​Anthchirp, @​Avasam, @​NickG123, @​SoulPancake, @​aciddust, @​chayim, @​cristianmatache, @​dvora-h, @​felipou, @​kristjanvalur, @​mirekdlugosz, @​mzdehbashi-github, @​oranav, @​scoopex, @​shacharPash and @​tylerhutcherson

psf/requests

v2.31.0

Compare Source

Security

• Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

  When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

  In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

  Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

  Full details can be read in our Github Security Advisory and CVE-2023-32681.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.