fix(deps): update all non-major dependencies

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
Jinja2 (changelog)	3.1.3 -> 3.1.4
Werkzeug (changelog)	3.0.2 -> 3.0.3
bcrypt	4.1.2 -> 4.1.3
coverage	7.4.4 -> 7.5.1
fakeredis	2.21.3 -> 2.23.1
filelock	3.13.3 -> 3.14.0
itsdangerous (changelog)	2.1.2 -> 2.2.0
lxml (source, changelog)	5.2.1 -> 5.2.2
orjson (changelog)	3.10.0 -> 3.10.3
pytest (changelog)	8.1.1 -> 8.2.0
pytest-xdist (changelog)	3.5.0 -> 3.6.1
redis (changelog)	5.0.3 -> 5.0.4
tomlkit	0.12.4 -> 0.12.5

---

Release Notes

pallets/jinja (Jinja2)

v3.1.4

Compare Source

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

nedbat/coveragepy (coverage)

v7.5.1

Compare Source

• Fix: a pragma comment on the continuation lines of a multi-line statement now excludes the statement and its body, the same as if the pragma is on the first line. This closes issue 754*. The fix was contributed by Daniel Diniz <pull 1773_>*.

• Fix: very complex source files like this one <resolvent_lookup_>_ could cause a maximum recursion error when creating an HTML report. This is now fixed, closing issue 1774_.

• HTML report improvements:

  • Support files (JavaScript and CSS) referenced by the HTML report now have hashes added to their names to ensure updated files are used instead of stale cached copies.

  • Missing branch coverage explanations that said "the condition was never false" now read "the condition was always true" because it's easier to understand.

  • Column sort order is remembered better as you move between the index pages, fixing issue 1766*. Thanks, Daniel Diniz <pull 1768_>*.

.. _resolvent_lookup: https://github.com/sympy/sympy/blob/130950f3e6b3f97fcc17f4599ac08f70fdd2e9d4/sympy/polys/numberfields/resolvent_lookup.py .. _issue 754: https://github.com/nedbat/coveragepy/issues/754 .. _issue 1766: https://github.com/nedbat/coveragepy/issues/1766 .. _pull 1768: https://github.com/nedbat/coveragepy/pull/1768 .. _pull 1773: https://github.com/nedbat/coveragepy/pull/1773 .. _issue 1774: https://github.com/nedbat/coveragepy/issues/1774

.. _changes_7-5-0:

v7.5.0

Compare Source

• Added initial support for function and class reporting in the HTML report. There are now three index pages which link to each other: files, functions, and classes. Other reports don't yet have this information, but it will be added in the future where it makes sense. Feedback gladly accepted! Finishes issue 780_.

• Other HTML report improvements:

  • There is now a "hide covered" checkbox to filter out 100% files, finishing issue 1384_.

  • The index page is always sorted by one of its columns, with clearer indications of the sorting.

  • The "previous file" shortcut key didn't work on the index page, but now it does, fixing issue 1765_.

• The debug output showing which configuration files were tried now shows absolute paths to help diagnose problems where settings aren't taking effect, and is renamed from "attempted_config_files" to the more logical "config_files_attempted."

• Python 3.13.0a6 is supported.

.. _issue 780: https://github.com/nedbat/coveragepy/issues/780 .. _issue 1384: https://github.com/nedbat/coveragepy/issues/1384 .. _issue 1765: https://github.com/nedbat/coveragepy/issues/1765

.. _changes_7-4-4:

cunla/fakeredis-py (fakeredis)

v2.23.1: 🌈

Compare Source

🐛 Bug Fixes

• Fix XREAD behavior when COUNT is not provided but BLOCKING is provided #​308

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.23.0...v2.23.1

v2.23.0: 🌈

Compare Source

🚀 Features

• Support for TDigest commands: TDIGEST.ADD,TDIGEST.BYRANK,TDIGEST.BYREVRANK,TDIGEST.CDF, TDIGEST.CREATE, TDIGEST.INFO, TDIGEST.MAX, TDIGEST.MERGE, TDIGEST.MIN, TDIGEST.QUANTILE, TDIGEST.RANK, TDIGEST.RESET, TDIGEST.REVRANK, TDIGEST.TRIMMED_MEAN.

🐛 Bug Fixes

• Import Self from typing vs. typing_extension

🧰 Maintenance

• Update dependencies
• Add redis-py 5.0.4 to tests
• Update lupa version constraint #​306 @​noamkush

Contributors

We'd like to thank all the contributors who supported the work on this release! @​noamkush

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.22.0...v2.23.0

v2.22.0: 🌈

Compare Source

Changes

🚀 Features

• Support for setting LUA version from environment variable FAKEREDIS_LUA_VERSION #​287
• Support for loading LUA binary modules in fakeredis #​304

🐛 Bug Fixes

• Fix the type hint for the version parameter in the async client #​302
• Using LUA 5.1 like real redis #​287
• fix: FakeRedisMixin.from_url() return type is really Self. @​ben-xo #​305

@​ben-xo

Full Changelog: https://github.com/cunla/fakeredis-py/compare/v2.21.3...v2.22.0

tox-dev/py-filelock (filelock)

v3.14.0

Compare Source

What's Changed

• feat: blocking parameter on lock constructor with tests and docs by @​iamkhav in https://github.com/tox-dev/filelock/pull/325

New Contributors

• @​iamkhav made their first contribution in https://github.com/tox-dev/filelock/pull/325

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.4...3.14.0

v3.13.4

Compare Source

What's Changed

• Raise error on incompatible singleton timeout and mode args by @​nefrob in https://github.com/tox-dev/filelock/pull/320

Full Changelog: https://github.com/tox-dev/filelock/compare/3.13.3...3.13.4

pallets/itsdangerous (itsdangerous)

v2.2.0

Compare Source

Released 2024-04-16

• Drop support for Python 3.7. 🇵🇷372
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. 🇵🇷326
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead. :issue:371
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method. :issue:347
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:375

lxml/lxml (lxml)

v5.2.2

Compare Source

==================

Bugs fixed

• GH#417: The test_feed_parser test could fail if lxml_html_clean was not installed. It is now skipped in that case.

• LP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to "core2", without SSE 4.2.

• If libxml2 uses iconv, the compile time version is available as etree.ICONV_COMPILED_VERSION.

ijl/orjson (orjson)

v3.10.3

Compare Source

Changed

• manylinux amd64 builds include runtime-detected AVX-512 str implementation.
• Tests now compatible with numpy v2.

v3.10.2

Compare Source

Fixed

• Fix crash serializing str introduced in 3.10.1.

Changed

• Improve performance.
• Drop support for arm7.

v3.10.1

Compare Source

Fixed

• Serializing numpy.ndarray with non-native endianness raises orjson.JSONEncodeError.

Changed

• Improve performance of serializing.

pytest-dev/pytest (pytest)

v8.2.0

Compare Source

pytest 8.2.0 (2024-04-27)

Deprecations

• #​12069: A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter instead of the pathlib.Path parameter which replaced it:

  • pytest_ignore_collect{.interpreted-text role="hook"} - the path parameter - use collection_path instead.
  • pytest_collect_file{.interpreted-text role="hook"} - the path parameter - use file_path instead.
  • pytest_pycollect_makemodule{.interpreted-text role="hook"} - the path parameter - use module_path instead.
  • pytest_report_header{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.
  • pytest_report_collectionfinish{.interpreted-text role="hook"} - the startdir parameter - use start_path instead.

  The replacement parameters are available since pytest 7.0.0. The old parameters will be removed in pytest 9.0.0.

  See legacy-path-hooks-deprecated{.interpreted-text role="ref"} for more details.

Features

• #​11871: Added support for reading command line arguments from a file using the prefix character @, like e.g.: pytest @​tests.txt. The file must have one argument per line.

  See Read arguments from file <args-from-file>{.interpreted-text role="ref"} for details.

Improvements

• #​11523: pytest.importorskip{.interpreted-text role="func"} will now issue a warning if the module could be found, but raised ImportError{.interpreted-text role="class"} instead of ModuleNotFoundError{.interpreted-text role="class"}.

  The warning can be suppressed by passing exc_type=ImportError to pytest.importorskip{.interpreted-text role="func"}.

  See import-or-skip-import-error{.interpreted-text role="ref"} for details.

• #​11728: For unittest-based tests, exceptions during class cleanup (as raised by functions registered with TestCase.addClassCleanup <unittest.TestCase.addClassCleanup>{.interpreted-text role="meth"}) are now reported instead of silently failing.

• #​11777: Text is no longer truncated in the short test summary info section when -vv is given.

• #​12112: Improved namespace packages detection when consider_namespace_packages{.interpreted-text role="confval"} is enabled, covering more situations (like editable installs).

• #​9502: Added PYTEST_VERSION{.interpreted-text role="envvar"} environment variable which is defined at the start of the pytest session and undefined afterwards. It contains the value of pytest.__version__, and among other things can be used to easily check if code is running from within a pytest run.

Bug Fixes

• #​12065: Fixed a regression in pytest 8.0.0 where test classes containing setup_method and tests using @staticmethod or @classmethod would crash with AttributeError: 'NoneType' object has no attribute 'setup_method'.

  Now the request.instance <pytest.FixtureRequest.instance>{.interpreted-text role="attr"} attribute of tests using @staticmethod and @classmethod is no longer None, but a fresh instance of the class, like in non-static methods. Previously it was None, and all fixtures of such tests would share a single self.

• #​12135: Fixed issue where fixtures adding their finalizer multiple times to fixtures they request would cause unreliable and non-intuitive teardown ordering in some instances.

• #​12194: Fixed a bug with --importmode=importlib and --doctest-modules where child modules did not appear as attributes in parent modules.

• #​1489: Fixed some instances where teardown of higher-scoped fixtures was not happening in the reverse order they were initialized in.

Trivial/Internal Changes

• #​12069: pluggy>=1.5.0 is now required.
• #​12167: cache <cache>{.interpreted-text role="ref"}: create supporting files (CACHEDIR.TAG, .gitignore, etc.) in a temporary directory to provide atomic semantics.

v8.1.2

Compare Source

pytest 8.1.2 (2024-04-26)

Bug Fixes

• #​12114: Fixed error in pytest.approx{.interpreted-text role="func"} when used with [numpy]{.title-ref} arrays and comparing with other types.

pytest-dev/pytest-xdist (pytest-xdist)

v3.6.1

Compare Source

===============================

Bug Fixes

• #&#8203;1071 <https://github.com/pytest-dev/pytest-xdist/issues/1071>_: Add backward compatibility for deadlock issue with the execnet new main_thread_only "execmodel" triggered when pytest-cov accesses rinfo.

v3.6.0

Compare Source

===============================

This release was YANKED due to a regression fixed in 3.6.1.

Features

• #&#8203;1027 <https://github.com/pytest-dev/pytest-xdist/pull/1027>_:pytest-xdist workers now always execute the tests in the main thread. Previously some tests might end up executing in a separate thread other than main in the workers, due to some internal execnet`` details. This can cause problems specially with async frameworks where the event loop is running in the ``main`` thread (for example #​620 #​620`__).

Bug Fixes

• #&#8203;1024 <https://github.com/pytest-dev/pytest-xdist/issues/1024>_: Added proper handling of shouldstop (such as set by --max-fail) and shouldfail conditions in workers. Previously, a worker might have continued executing further tests before the controller could terminate the session.

• #&#8203;1028 <https://github.com/pytest-dev/pytest-xdist/issues/1028>_: Fixed compatibility issue between looponfail and editable installs.

• #&#8203;620 <https://github.com/pytest-dev/pytest-xdist/issues/620>_: Use the new main_thread_only execnet "execmodel" so that code which expects to only run in the main thread will now work as expected.

• #&#8203;937 <https://github.com/pytest-dev/pytest-xdist/issues/937>_: Fixed a bug where plugin would raise an incompatibility error with --pdb despite using -n0.

Removals

• #&#8203;1053 <https://github.com/pytest-dev/pytest-xdist/issues/1053>_: Dropped support for Python 3.7.

• #&#8203;1057 <https://github.com/pytest-dev/pytest-xdist/issues/1057>_: pytest>=7.0.0 is now required.

  execnet>=2.1.0 is now required.

Trivial Changes

• #&#8203;1020 <https://github.com/pytest-dev/pytest-xdist/issues/1020>_: pytest-xdist's setup.py file is removed.

  If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html#summary>_ for alternatives.

• #&#8203;1057 <https://github.com/pytest-dev/pytest-xdist/issues/1057>_: The internals of pytest-xdist are now fully typed. The typing is not exposed yet.

• #&#8203;996 <https://github.com/pytest-dev/pytest-xdist/issues/996>_: Adjusted license file format and content to ensure security scanners will identity the license.

redis/redis-py (redis)

v5.0.4: 5.0.4

Compare Source

Changes

🐛 Bug Fixes

• Make it possible to customize SSL ciphers (#​3212)

sdispater/tomlkit (tomlkit)

v0.12.5

Compare Source

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/python-poetry/tomlkit/pull/337
• chore(deps-dev): bump idna from 3.4 to 3.7 by @​dependabot in https://github.com/python-poetry/tomlkit/pull/339
• fix: CI workflow for macos by @​frostming in https://github.com/python-poetry/tomlkit/pull/342
• chore(deps-dev): bump jinja2 from 3.1.3 to 3.1.4 by @​dependabot in https://github.com/python-poetry/tomlkit/pull/344
• fix: don't add sign if the float is negative by @​frostming in https://github.com/python-poetry/tomlkit/pull/345
• fix: Construction of OutOfOrderTableProxy can cause newlines to be inserted by @​frostming in https://github.com/python-poetry/tomlkit/pull/347

New Contributors

• @​pre-commit-ci made their first contribution in https://github.com/python-poetry/tomlkit/pull/337

Full Changelog: https://github.com/python-poetry/tomlkit/compare/0.12.4...0.12.5

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.