chore(pip-prod)(deps): bump itsdangerous from 2.1.2 to 2.2.0 #88

Merged

dependabot[bot] merged 1 commits from dependabot/pip/itsdangerous-2.2.0 into main 2024-04-21 10:22:32 +02:00

Conversation 2 Commits 1 Files Changed 1 +1 -1

dependabot[bot] commented 2024-04-17 03:00:23 +02:00 (Migrated from github.com)

Copy Link

Bumps itsdangerous from 2.1.2 to 2.2.0.

Release notes

Sourced from itsdangerous's releases.

2.2.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.2.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

Changes: https://itsdangerous.palletsprojects.com/en/2.2.x/changes/#version-2-2-0 Milestone: https://github.com/pallets/itsdangerous/milestone/8?closed=1

• Drop support for Python 3.7.
• Use modern packaging metadata with pyproject.toml instead of setup.cfg.
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead.
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method.
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default.

Changelog

Sourced from itsdangerous's changelog.

Version 2.2.0

Released 2024-04-16

• Drop support for Python 3.7. :pr:372
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:326
• Use flit_core instead of setuptools as build backend.
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("itsdangerous"), instead. :issue:371
• Serializer and the return type of dumps is generic for type checking. By default it is Serializer[str] and dumps returns a str. If a different serializer argument is given, it will try to infer the return type of its dumps method. :issue:347
• The default hashlib.sha1 may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:375

Commits

• 096c8d4 release version 2.2.0
• 7f4dcf8 access sha1 lazily
• 93ae366 change entry for generic serializer
• 135eb23 Generic serializer (#377)
• 999ce7a Improve generic typing further
• 52890d7 improve generic typing
• 385c0eb type Serializer as generic (#374)
• 01001c6 type Serializer as generic
• bc88e94 improve typing (#373)
• 69a3bca improve typing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [itsdangerous](https://github.com/pallets/itsdangerous) from 2.1.2 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/releases">itsdangerous's releases</a>.</em></p> <blockquote> <h2>2.2.0</h2> <p>This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.2.x branch is now the supported fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as <a href="https://pypi.org/project/pip-tools/">pip-tools</a> to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.</p> <p>Changes: <a href="https://itsdangerous.palletsprojects.com/en/2.2.x/changes/#version-2-2-0">https://itsdangerous.palletsprojects.com/en/2.2.x/changes/#version-2-2-0</a> Milestone: <a href="https://github.com/pallets/itsdangerous/milestone/8?closed=1">https://github.com/pallets/itsdangerous/milestone/8?closed=1</a></p> <ul> <li>Drop support for Python 3.7.</li> <li>Use modern packaging metadata with <code>pyproject.toml</code> instead of <code>setup.cfg</code>.</li> <li>Use <code>flit_core</code> instead of <code>setuptools</code> as build backend.</li> <li>Deprecate the <code>__version__</code> attribute. Use feature detection, or <code>importlib.metadata.version(&quot;itsdangerous&quot;)</code>, instead.</li> <li><code>Serializer</code> and the return type of <code>dumps</code> is generic for type checking. By default it is <code>Serializer[str]</code> and <code>dumps</code> returns a <code>str</code>. If a different <code>serializer</code> argument is given, it will try to infer the return type of its <code>dumps</code> method.</li> <li>The default <code>hashlib.sha1</code> may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst">itsdangerous's changelog</a>.</em></p> <blockquote> <h2>Version 2.2.0</h2> <p>Released 2024-04-16</p> <ul> <li>Drop support for Python 3.7. :pr:<code>372</code></li> <li>Use modern packaging metadata with <code>pyproject.toml</code> instead of <code>setup.cfg</code>. :pr:<code>326</code></li> <li>Use <code>flit_core</code> instead of <code>setuptools</code> as build backend.</li> <li>Deprecate the <code>__version__</code> attribute. Use feature detection, or <code>importlib.metadata.version(&quot;itsdangerous&quot;)</code>, instead. :issue:<code>371</code></li> <li><code>Serializer</code> and the return type of <code>dumps</code> is generic for type checking. By default it is <code>Serializer[str]</code> and <code>dumps</code> returns a <code>str</code>. If a different <code>serializer</code> argument is given, it will try to infer the return type of its <code>dumps</code> method. :issue:<code>347</code></li> <li>The default <code>hashlib.sha1</code> may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:<code>375</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/itsdangerous/commit/096c8d42545d3b68ea21a4f890fb2b2d8979c0bd"><code>096c8d4</code></a> release version 2.2.0</li> <li><a href="https://github.com/pallets/itsdangerous/commit/7f4dcf83a07bb3d53f4e0e65ef1b43327b4cca90"><code>7f4dcf8</code></a> access sha1 lazily</li> <li><a href="https://github.com/pallets/itsdangerous/commit/93ae366874bbd4f69d90495c45b2cd336387496c"><code>93ae366</code></a> change entry for generic serializer</li> <li><a href="https://github.com/pallets/itsdangerous/commit/135eb234ed4a07520779ffb679407b7d27c8ffe6"><code>135eb23</code></a> Generic serializer (<a href="https://redirect.github.com/pallets/itsdangerous/issues/377">#377</a>)</li> <li><a href="https://github.com/pallets/itsdangerous/commit/999ce7af1f0502a224d33338e6ded8bc1e81cb2f"><code>999ce7a</code></a> Improve generic typing further</li> <li><a href="https://github.com/pallets/itsdangerous/commit/52890d78bb6d92eac4d8d84f33f61be8bd803da7"><code>52890d7</code></a> improve generic typing</li> <li><a href="https://github.com/pallets/itsdangerous/commit/385c0eb7501b121b1fddafe19c547073f5a458a0"><code>385c0eb</code></a> type <code>Serializer</code> as generic (<a href="https://redirect.github.com/pallets/itsdangerous/issues/374">#374</a>)</li> <li><a href="https://github.com/pallets/itsdangerous/commit/01001c63af4a1c58b65328b2aad3df75a6edc843"><code>01001c6</code></a> type Serializer as generic</li> <li><a href="https://github.com/pallets/itsdangerous/commit/bc88e945d31c407e16c3f4e1c713c12dd598e58d"><code>bc88e94</code></a> improve typing (<a href="https://redirect.github.com/pallets/itsdangerous/issues/373">#373</a>)</li> <li><a href="https://github.com/pallets/itsdangerous/commit/69a3bca7582859bc8ce83ccc28b0cf33f7909388"><code>69a3bca</code></a> improve typing</li> <li>Additional commits viewable in <a href="https://github.com/pallets/itsdangerous/compare/2.1.2...2.2.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

luketainton (Migrated from github.com) reviewed 2024-04-17 03:00:23 +02:00

sonarqubecloud[bot] commented 2024-04-17 03:01:52 +02:00 (Migrated from github.com)

Copy Link

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

## [](https://sonarcloud.io/dashboard?id=luketainton_epage&pullRequest=88) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=luketainton_epage&pullRequest=88&resolved=false&inNewCodePeriod=true)  [0 Accepted issues](https://sonarcloud.io/component_measures?id=luketainton_epage&pullRequest=88&metric=new_accepted_issues&view=list) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=luketainton_epage&pullRequest=88&resolved=false&inNewCodePeriod=true)  No data about Coverage  No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=luketainton_epage&pullRequest=88)

Sign in to join this conversation.

Reviewers

No Reviewers

luketainton

Labels

Clear labels

bug

Something isn't working

dependencies

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

security

wontfix

This will not be worked on

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

dependencies

Milestone

No items

No Milestone

Assignees

Clear assignees

ai-review-bot gitea-actions-bot luke renovate-bot

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: repos/epage#88

No description provided.