fix(deps): update all non-major dependencies - autoclosed

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Markdown (changelog)	3.5.2 -> 3.6
SQLAlchemy (changelog)	1.4.51 -> 1.4.52
Werkzeug (changelog)	3.0.1 -> 3.0.2
asgiref (changelog)	3.7.2 -> 3.8.1
coverage	7.4.0 -> 7.4.4
email-validator	^2.1.0.post1 -> ^2.1.0-post.0
fakeredis	2.20.1 -> 2.21.3
filelock	3.13.1 -> 3.13.3
httpx (changelog)	^0.26.0 -> ^0.27.0
lxml (source, changelog)	5.1.0 -> 5.2.1
mysqlclient	2.2.1 -> 2.2.4
orjson (changelog)	3.9.12 -> 3.10.0
protobuf	4.25.2 -> 4.25.3
pygit2 (changelog)	1.13.3 -> 1.14.1
pytest-asyncio (changelog)	0.23.3 -> 0.23.6
python-multipart (changelog)	^0.0.6 -> ^0.0.9
redis (changelog)	5.0.1 -> 5.0.3
tomlkit	0.12.3 -> 0.12.4
uvicorn (changelog)	^0.27.0 -> ^0.29.0

---

Release Notes

Python-Markdown/markdown (Markdown)

v3.6

Compare Source

Changed

Refactor TOC Sanitation

• All postprocessors are now run on heading content.
• Footnote references are now stripped from heading content. Fixes #​660.
• A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
• The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
• The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
• An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
• The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

• Include scripts/*.py in the generated source tarballs (#​1430).
• Ensure lines after heading in loose list are properly detabbed (#​1443).
• Give smarty tree processor higher priority than toc (#​1440).
• Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\) from abbreviations (#​1444).
• In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed to contain curly braces (}) (#​1414).

django/asgiref (asgiref)

v3.8.1

Compare Source

• Fixes a regression in 3.8.0 affecting nested task cancellation inside sync_to_async.

v3.8.0

Compare Source

• Adds support for Python 3.12.

• Drops support for (end-of-life) Python 3.7.

• Fixes task cancellation propagation to subtasks when using synchronous Django middleware.

• Allows nesting sync_to_async via asyncio.wait_for.

• Corrects WSGI adapter handling of root path.

• Handles case where "client" is None in WsgiToAsgi adapter.

nedbat/coveragepy (coverage)

v7.4.4

Compare Source

• Fix: in some cases, even with [run] relative_files=True, a data file could be created with absolute path names. When combined with other relative data files, it was random whether the absolute file names would be made relative or not. If they weren't, then a file would be listed twice in reports, as detailed in issue 1752_. This is now fixed: absolute file names are always made relative when combining. Thanks to Bruno Rodrigues dos Santos for support.

• Fix: the last case of a match/case statement had an incorrect message if the branch was missed. It said the pattern never matched, when actually the branch is missed if the last case always matched.

• Fix: clicking a line number in the HTML report now positions more accurately.

• Fix: the report:format setting was defined as a boolean, but should be a string. Thanks, Tanaydin Sirin <pull 1754_>_. It is also now documented on the :ref:configuration page <config_report_format>.

.. _issue 1752: https://github.com/nedbat/coveragepy/issues/1752 .. _pull 1754: https://github.com/nedbat/coveragepy/pull/1754

.. _changes_7-4-3:

v7.4.3

Compare Source

• Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733_.

.. _issue 1733: https://github.com/nedbat/coveragepy/issues/1733

.. _changes_7-4-2:

v7.4.2

Compare Source

• Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade <pull 1747_>_. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: https://github.com/nedbat/coveragepy/pull/1747

.. _changes_7-4-1:

v7.4.1

Compare Source

• Python 3.13.0a3 is supported.

• Fix: the JSON report now includes an explicit format version number, closing issue 1732_.

.. _issue 1732: https://github.com/nedbat/coveragepy/issues/1732

.. _changes_7-4-0:

JoshData/python-email-validator (email-validator)

v2.1.1

Compare Source

• Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.
• When DNS-based deliverability checks fail, in some cases exceptions are now thrown with raise ... from for better nested exception tracking.
• Fixed tests to work when no local resolver can be configured.
• This project is now licensed under the Unlicense (instead of CC0).
• Minor improvements to tests.
• Minor improvements to code style.

v2.1.0

• Python 3.8+ is now required (support for Python 3.7 was dropped).
• The old email field on the returned ValidatedEmail object, which in the previous version was superseded by normalized, will now raise a deprecation warning if used. See https://stackoverflow.com/q/879173 for strategies to suppress the DeprecationWarning.
• A __version__ module attribute is added.
• The email address argument to validate_email is now marked as positional-only to better reflect the documented usage using the new Python 3.8 feature.

cunla/fakeredis-py (fakeredis)

v2.21.3: 🌈

Compare Source

🐛 Bug Fixes

• Revert behavior of defaulting to share the same server data structure between connections @​howamith #​303
• Fix type hint for version #​302

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.21.2...v2.21.3

v2.21.2: 🌈

Compare Source

Changes

🐛 Bug Fixes

• Connection params are defaulted to be the same between async and sync connections #​290
• xinfo_stream raises exception when stream does not exist #​296

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.21.1...v2.21.2

v2.21.1: 🌈

Compare Source

🐛 Bug Fixes

• Support for float timeout values #​289

🧰 Maintenance

• Fix django cache documentation #​286

Contributors

We'd like to thank all the contributors who worked on this release!

@​ldkv

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.21.0...v2.21.1

v2.21.0: 🌈

Compare Source

🚀 Features

• Implement all TOP-K commands (TOPK.INFO, TOPK.LIST, TOPK.RESERVE, TOPK.ADD, TOPK.COUNT, TOPK.QUERY, TOPK.INCRBY) #​278
• Implement all cuckoo filter commands #​276
• Implement all Count-Min Sketch commands #​277

🐛 Bug Fixes

• Fix XREAD blocking bug #​274 #​275
• EXAT option does not work #​279

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.20.1...v2.21.0

tox-dev/py-filelock (filelock)

v3.13.3

Compare Source

What's Changed

• Make singleton class instance dict unique per subclass by @​nefrob in https://github.com/tox-dev/filelock/pull/318

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.2...3.13.3

v3.13.2

Compare Source

What's Changed

• Fixed small typo in _unix.py by @​snemes in https://github.com/tox-dev/filelock/pull/302
• Update SECURITY.md to reflect Python 3.7 support dropoff by @​kemzeb in https://github.com/tox-dev/filelock/pull/304
• Update index.rst to improve the demo usage by @​youkaichao in https://github.com/tox-dev/filelock/pull/314
• [BugFix] fix permission denied error when lock file is placed in /tmp by @​kota-iizuka in https://github.com/tox-dev/filelock/pull/317

New Contributors

• @​snemes made their first contribution in https://github.com/tox-dev/filelock/pull/302
• @​kemzeb made their first contribution in https://github.com/tox-dev/filelock/pull/304
• @​youkaichao made their first contribution in https://github.com/tox-dev/filelock/pull/314
• @​kota-iizuka made their first contribution in https://github.com/tox-dev/filelock/pull/317

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.1...3.13.2

encode/httpx (httpx)

v0.27.0

Compare Source

Deprecated

• The app=... shortcut has been deprecated. Use the explicit style of transport=httpx.WSGITransport() or transport=httpx.ASGITransport() instead.

Fixed

• Respect the http1 argument while configuring proxy transports. (#​3023)
• Fix RFC 2069 mode digest authentication. (#​3045)

lxml/lxml (lxml)

v5.2.1

Compare Source

==================

Bugs fixed

• LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", but with SSE 4.2 enabled.

• LP#2059977: Element.iterfind("//absolute_path") failed with a SyntaxError where it should have issued a warning.

• GH#416: The documentation build was using the non-standard which command. Patch by Michał Górny.

v5.2.0

Compare Source

==================

Other changes

• LP#1958539: The lxml.html.clean implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library:

  https://github.com/fedora-python/lxml_html_clean

  Projects that use lxml without "lxml.html.clean" will not notice any difference, except that they won't have potentially vulnerable code installed. The module is available as an "extra" setuptools dependency "lxml[html_clean]", so that Projects that need "lxml.html.clean" will need to switch their requirements from "lxml" to "lxml[html_clean]", or install the new library themselves.

• The minimum CPU architecture for the Linux x86 binary wheels was upgraded to "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.

• Built with Cython 3.0.10.

v5.1.1

Compare Source

==================

Bugs fixed

• LP#2048920: iterlinks() in lxml.html rejected bytes input in 5.1.0.

• High source line numbers from the parser are no longer truncated (up to a C long) when using libxml2 2.11 or later.

Other changes

• GH#407: A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok.

• Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.

• Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39.

• Built with Cython 3.0.9.

PyMySQL/mysqlclient (mysqlclient)

v2.2.4

Compare Source

What's Changed

• Support ssl=True by @​methane in https://github.com/PyMySQL/mysqlclient/pull/700
• release 2.2.4 by @​methane in https://github.com/PyMySQL/mysqlclient/pull/701

Full Changelog: https://github.com/PyMySQL/mysqlclient/compare/v2.2.3...v2.2.4

v2.2.3

Compare Source

What's Changed

• fix Connection.kill() broken since 2.2.2 by @​methane in https://github.com/PyMySQL/mysqlclient/pull/696

Full Changelog: https://github.com/PyMySQL/mysqlclient/compare/v2.2.2...v2.2.3

v2.2.2

Compare Source

What's Changed

• Support MySQL 8.3 by @​methane in https://github.com/PyMySQL/mysqlclient/pull/690
  • conn.kill() and conn.shutdown() are deprecated.
• use ruff for formatter by @​methane in https://github.com/PyMySQL/mysqlclient/pull/691
• doc: add link to README by @​methane in https://github.com/PyMySQL/mysqlclient/pull/692

Full Changelog: https://github.com/PyMySQL/mysqlclient/compare/v2.2.1...v2.2.2

ijl/orjson (orjson)

v3.10.0

Compare Source

Changed

• Support serializing numpy.float16 (numpy.half).
• sdist uses metadata 2.3 instead of 2.1.
• Improve Windows PyPI builds.

v3.9.15

Compare Source

Fixed

• Implement recursion limit of 1024 on orjson.loads().
• Use byte-exact read on str formatting SIMD path to avoid crash.

v3.9.14

Compare Source

Fixed

• Fix crash serializing str introduced in 3.9.11.

Changed

• Build now depends on Rust 1.72 or later.

v3.9.13

Compare Source

Fixed

• Serialization str escape uses only 128-bit SIMD.
• Fix compatibility with CPython 3.13 alpha 3.

Changed

• Publish musllinux_1_2 instead of musllinux_1_1 wheels.
• Serialization uses small integer optimization in CPython 3.12 or later.

libgit2/pygit2 (pygit2)

v1.14.1

Compare Source

• Update wheels to libgit2 v1.7.2

• Now Object.filemode returns enums.FileMode and Reference.type returns enums.ReferenceType #​1273

• Fix tests on Fedora 40 #​1275

Deprecations:

• Deprecate ReferenceType.OID, use ReferenceType.DIRECT
• Deprecate ReferenceType.LISTALL, use ReferenceType.ALL

v1.14.0

Compare Source

• Drop support for Python 3.8
• Add Linux wheels for musl on x86_64 #​1266
• New Repository.submodules namespace #​1250
• New Repository.listall_mergeheads(), Repository.message, Repository.raw_message and Repository.remove_message() #​1261
• New pygit2.enums supersedes the GIT_ constants #​1251
• Now Repository.status(), Repository.status_file(), Repository.merge_analysis(), DiffFile.flags, DiffFile.mode, DiffDelta.flags and DiffDelta.status return enums #​1263
• Now repository's merge(), merge_commits() and merge_trees() take enums/flags for their favor, flags and file_flags arguments. #​1271 #​1272
• Fix crash in filter cleanup #​1259
• Documentation fixes #​1255 #​1258 #​1268 #​1270

Breaking changes:

• Remove deprecated Repository.create_remote(...) function, use instead Repository.remotes.create(...)

Deprecations:

• Deprecate Repository.add_submodule(...), use Repository.submodules.add(...)

• Deprecate Repository.lookup_submodule(...), use Repository.submodules[...]

• Deprecate Repository.init_submodules(...), use Repository.submodules.init(...)

• Deprecate Repository.update_submodule(...), use Repository.submodules.update(...)

• Deprecate GIT_* constants, use pygit2.enums

• Passing dicts to repository's merge(...), merge_commits(...) and merge_trees(...) is deprecated. Instead pass MergeFlag for the flags argument, and MergeFileFlag for file_flags.

• Passing a string for the favor argument to repository's merge(...), merge_commits(...) and merge_trees(...) is deprecated. Instead pass MergeFavor.

pytest-dev/pytest-asyncio (pytest-asyncio)

v0.23.6: pytest-asyncio 0.23.6

Compare Source

0.23.6 (2024-03-19)

• Fix compatibility with pytest 8.2 #​800

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #​706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

v0.23.5: pytest-asyncio 0.23.5

Compare Source

0.23.5 (2024-02-09)

• Declare compatibility with pytest 8 #​737
• Fix typing errors with recent versions of mypy #​769
• Prevent DeprecationWarning about internal use of asyncio.get_event_loop() from affecting test cases #​757

Known issues

As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #​706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.

v0.23.4: pytest-asyncio 0.23.4

Compare Source

0.23.4 (2024-01-28)

• pytest-asyncio no longer imports additional, unrelated packages during test collection #​729
• Addresses further issues that caused an internal pytest error during test collection
• Declares incompatibility with pytest 8 #​737

andrew-d/python-multipart (python-multipart)

v0.0.9

Compare Source

• Add support for Python 3.12 #​85.
• Drop support for Python 3.7 #​95.
• Add MultipartState(IntEnum) #​96.
• Add QuerystringState #​97.
• Add TypedDict callbacks #​98.
• Add config TypedDicts #​99.

v0.0.8

Compare Source

• Check if Message.get_params return 3-tuple instead of str on parse_options_header #​79.
• Cleanup unused regex patterns #​82.

v0.0.7

Compare Source

• Refactor header option parser to use the standard library instead of a custom RegEx #​75.

redis/redis-py (redis)

v5.0.3: 5.0.3

Compare Source

Changes

🐛 Bug Fixes

• Fix breaking change: message in LockError is now optional (#​3176)

🧰 Maintenance

• Bump release-drafter/release-drafter from 5 to 6 (#​3171)
• Bump rojopolis/spellcheck-github-actions from 0.35.0 to 0.36.0 (#​3172)
• Remove redundant async-timeout dependency (#​3177)

v5.0.2: 5.0.2

Compare Source

Changes

🚀 New Features

• Allow to control the minimum SSL version (#​3127)
• Add modules support to async RedisCluster (#​3115)
• Adding lock_name to LockError (#​3023)
• Add GEOSHAPE field type for index creation of RediSearch (#​2957)

🐛 Bug Fixes

• Fix retry logic for pubsub and pipeline (#​3134)
• Ignore TypeError on disconnect (within multiprocess) (#​3149)
• Release already acquired connections on ClusterPipeline, when get_connection raises an exception (#​3133)
• Fix possible pipeline connections leak (#​3104)
• Return a copy of the response from cache (#​3106)
• Fix: HSET unexpectedly mutates the list passed to items (#​3103)
• Fix acl_genpass with bits (#​3062)
• Allow the parsing of the asking command to forward original options (#​3012)
• Fix parsing of FT.PROFILE result (#​3063)
• Use disable_decoding in async read_response with hiredis parser. (#​3042)
• Fix return types in json commands (#​3071)
• Fix Specifying Target Nodes broken hyperlink (#​3072)

🧰 Maintenance

• Fix incorrect asserts in test and ensure connections are closed (#​3004)
• Revert stale issue version update (#​3142)
• Docs: Add timeout parameter for get_message example (#​3129)
• Bump codecov/codecov-action from 3 to 4 (#​3131)
• Bump actions/stale from 3 to 9 (#​3132)
• Fix grammer in BlockingConnectionPool class documentation (#​3120)
• Updating async-timeout to 4.0.3 (#​3109)
• Fix type hint of arbitrary argument lists (#​2908)
• Fix JSON.OBJLEN type hint (#​2966)
• Fix HDEL type hint (#​3029)
• Docs: organize cluster mode part of lua scripting (#​3073)
• Update reported version deprecation in asyncio.client (#​2968)
• Make the connection callback methods public again, add documentation (#​2980)
• Update repr of important classes with module name and recommended "< … (#​3001)
• Typo in advanced features documentation (#​3019)
• Fix typos in documentation (#​3016
• Add "sum" to DUPLICATE_POLICY documentation of TS.CREATE, TS.ADD and TS.ALTER (#​3027)
• Fixed typo in ocsp.py (#​3022)
• Creating CODEOWNERS for documentation (#​2993)

Contributors

We'd like to thank all the contributors who worked on this release!

@​AYMENJD, @​AniketP04, @​BackflipPenguin, @​ING-XIAOJIAN, @​MrDenkoV, @​Pedram-Parsian, @​TheBlusky, @​ahmedabdou14, @​akx, @​chayim, @​d184230, @​danielzhangau, @​dependabot, @​dependabot[bot], @​dmkulazhenko, @​dvora-h, @​enjoy-binbin, @​hongqn, @​jakob-keller, @​kristjanvalur, @​mattwang44, @​parmenashp, @​poiuj, @​r0ro, @​sjpotter, @​tbbream, @​trkwyk, @​w-miller, @​wKollendorf, @​zakaf, @​zware and @​zxjlm

sdispater/tomlkit (tomlkit)

v0.12.4

Compare Source

Fixed

• Support | and |= operator for tables, and support + and += operator for arrays. (#​331)
• Fix an index error when setting dotted keys in a table. (#​332)

encode/uvicorn (uvicorn)

v0.29.0

Compare Source

Added

• Cooperative signal handling (#​1600) 19/03/24

v0.28.1

Compare Source

Fixed

• Revert raise ClientDisconnected on HTTP (#​2276) 19/03/24

v0.28.0

Compare Source

Added

• Raise ClientDisconnected on send() when client disconnected (#​2220) 12/02/24

Fixed

• Except AttributeError on sys.stdin.fileno() for Windows IIS10 (#​1947) 29/02/24
• Use X-Forwarded-Proto for WebSockets scheme when the proxy provides it (#​2258) 01/03/24

v0.27.1

Compare Source

• Fix spurious LocalProtocolError errors when processing pipelined requests (#​2243) 10/02/24

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.