Bump the py-version-updates group across 1 directory with 9 updates

[dependabot]

Bumps the py-version-updates group with 8 updates in the / directory:

Package	From	To
dj-database-url	2.2.0	2.3.0
gunicorn	22.0.0	23.0.0
wagtail-storages	1.0.0	2.0
mypy	1.11.2	1.13.0
ruff	0.7.0	0.7.1
werkzeug	3.0.4	3.0.6
setuptools	70.3.0	75.2.0
honcho	1.1.0	2.0.0

Updates dj-database-url from 2.2.0 to 2.3.0

Release notes

Sourced from dj-database-url's releases.

v2.3.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jazzband/dj-database-url#249
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jazzband/dj-database-url#251
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jazzband/dj-database-url#254
• Make config test options not unknown types by @​palfrey in jazzband/dj-database-url#252
• Add Python 3.13 and Django 5.1 testing by @​palfrey in jazzband/dj-database-url#255
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jazzband/dj-database-url#256

Full Changelog: jazzband/dj-database-url@v2.2.0...v2.3.0

Changelog

Sourced from dj-database-url's changelog.

v2.3.0 (2024-10-23)

• Remove Python 3.8 support.
• Remove Django 3 support.
• Add python 3.13 support.
• Add Django 5.1 to the testing library.

Commits

• 0f8cfdf Update test.yml
• 3505200 Update CHANGELOG.md
• 396344b Update setup.py
• 64660c7 Update setup.py
• eff9f27 [pre-commit.ci] pre-commit autoupdate (#256)
• 08d9cf0 Add Python 3.13 and Django 5.1 testing (#255)
• 99128b5 Make config test options not unknown types (#252)
• 45ac3bb [pre-commit.ci] pre-commit autoupdate (#254)
• 8d32603 Update CHANGELOG.md
• ed306f3 [pre-commit.ci] pre-commit autoupdate (#251)
• Additional commits viewable in compare view

Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Updates wagtail-storages from 1.0.0 to 2.0

Release notes

Sourced from wagtail-storages's releases.

v2.0

• Switch from BSD-2 to BSD-3 license (@​tm-kn)
• Drop support for Python 3.8 and 3.9 (@​tm-kn)
• Add support for Django 5.1 (@​PetrDlouhy)
• Add tests for Wagtail 6.1 (@​katdom13)
• Drop support for Django < 4.2 (@​katdom13)

v1.0.1

What's Changed

• Wagtail 5.1+ upgrades by @​katdom13 in torchbox/wagtail-storages#42

Full Changelog: torchbox/wagtail-storages@1.0.0...v1.0.1

Changelog

Sourced from wagtail-storages's changelog.

2.0 - 18th September 2024

• Switch from BSD-2 to BSD-3 license (@​tm-kn)
• Drop support for Python 3.8 and 3.9 (@​tm-kn)
• Add support for Django 5.1 (@​PetrDlouhy)
• Add tests for Wagtail 6.1 (@​katdom13)
• Drop support for Django < 4.2 (@​katdom13)

1.1.0 - 8th March 2024

• Drop support for Wagtail < 5.2 (@​katdom13)
• Add support for Wagtail 6.0 (@​katdom13)
• Add support for Python 3.12 (@​katdom13)

1.0.1 - 8th March 2024

• Drop support for Wagtail versions 4.2 and 5.0 (@​katdom13)
• Support for Wagtail 5.2 (@​katdom13)
• Update for Wagtail 5.1

Commits

• f3638c8 Release: 2.0
• 822559b Switch over to BSD-3 license (#53)
• 917b6c6 Update author and maintainer details
• 2815996 Delete unnecessary install_command in tox.ini
• 30b588b Deprecate Django < 4.2, Python < 3.10 and fix old mock paths (#51)
• 8f06748 Add Django 5.1 support and deprecate 3.2 (#50)
• 24d4e3f Add Wagtail 6.1 to the test matrix (#48)
• 03d3957 Merge pull request #47 from torchbox/release/v1.1.0
• fb8960c Bump to 1.1.0 according to semver rules due to dropping of Wagtail versions <...
• 90da4e2 Prepare release v1.0.2
• Additional commits viewable in compare view

Updates mypy from 1.11.2 to 1.13.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.13

We’ve just uploaded mypy 1.13 to the Python Package Index (PyPI). Mypy is a static type checker for Python. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Note that unlike typical releases, Mypy 1.13 does not have any changes to type checking semantics from 1.12.1.

Improved performance

Mypy 1.13 contains several performance improvements. Users can expect mypy to be 5-20% faster. In environments with long search paths (such as environments using many editable installs), mypy can be significantly faster, e.g. 2.2x faster in the use case targeted by these improvements.

Mypy 1.13 allows use of the orjson library for handling the cache instead of the stdlib json, for improved performance. You can ensure the presence of orjson using the faster-cache extra:

python3 -m pip install -U mypy[faster-cache]

Mypy may depend on orjson by default in the future.

These improvements were contributed by Shantanu.

List of changes:

• Significantly speed up file handling error paths (Shantanu, PR 17920)
• Use fast path in modulefinder more often (Shantanu, PR 17950)
• Let mypyc optimise os.path.join (Shantanu, PR 17949)
• Make is_sub_path faster (Shantanu, PR 17962)
• Speed up stubs suggestions (Shantanu, PR 17965)
• Use sha1 for hashing (Shantanu, PR 17953)
• Use orjson instead of json, when available (Shantanu, PR 17955)
• Add faster-cache extra, test in CI (Shantanu, PR 17978)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Shantanu Jain
• Jukka Lehtosalo

Mypy 1.12

We’ve just uploaded mypy 1.12 to the Python Package Index (PyPI). Mypy is a static type

... (truncated)

Commits

• eb31034 Bump version to 1.13.0
• 2eeb588 Update changelog for 1.12.1 (#17999)
• bc0386b Changelog for 1.13 (#18000)
• 5c4d2db Add faster-cache extra, test in CI (#17978)
• 854ad18 Make is_sub_path faster (#17962)
• 50aa4ca Speed up stubs suggestions (#17965)
• 7c27808 Use orjson instead of json, when available (#17955)
• 2cd2406 Use fast path in modulefinder more often (#17950)
• e20aaee Let mypyc optimise os.path.join (#17949)
• 159974c Use sha1 for hashing (#17953)
• Additional commits viewable in compare view

Updates django-stubs from 5.1.0 to 5.1.1

Commits

• 9b270a0 Version 5.1.1 release (#2424)
• 8de9d9a Allow None on view_on_site (#2419)
• 82cb4c0 Update django.conf.global_settings (#2420)
• c105965 Update db.migrations.serializer (#2421)
• 6500b89 Bump mypy from 1.12.1 to 1.13.0 (#2416)
• 71f4d9b Bump pyright from 1.1.385 to 1.1.386 (#2418)
• a98e7e7 Fixes #2413 -- update ModelAdmin.log_FOO method signatures (#2414)
• fbce0b8 [pre-commit.ci] pre-commit autoupdate (#2415)
• b7f43dd Treat QuerySet.alias like QuerySet.annotate (#2411)
• 4dc5e5c Remove EOL Python 3.8 and add 3.13 to CI (#2397)
• Additional commits viewable in compare view

Updates ruff from 0.7.0 to 0.7.1

Release notes

Sourced from ruff's releases.

0.7.1

Release Notes

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

Contributors

• @​Aditya-PS-05
• @​AlexWaygood
• @​Glyphack
• @​Lexxxzy
• @​MichaReiser
• @​TomerBin
• @​Watercycle
• @​cake-monotone
• @​carljm
• @​dhruvmanila
• @​diceroll123
• @​mihaic
• @​ndmitchell
• @​pilleye
• @​renovate
• @​rtpg
• @​samypr100
• @​sharkdp

Install ruff 0.7.1

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.7.1

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

Commits

• 337af83 Bump version to 0.7.1 (#13913)
• 113ce84 Fix normalize arguments when fstring_formatting is disabled (#13910)
• 7272f83 Fix preview style name in can_omit_parentheses to is_f_string_formatting_en...
• 3eb4546 [red-knot] Format mdtest Python snippets more concisely (#13905)
• 77ae0cc [red-knot] Infer subscript expression types for bytes literals (#13901)
• 73ee72b Join implicit concatenated strings when they fit on a line (#13663)
• e402e27 Use referencial equality in traversal helper methods (#13895)
• de4181d Remove "default" remark from ruff check (#13900)
• 2c57c2d [red-knot] Type narrowing for isinstance checks (#13894)
• 72c18c8 Fix E221 and E222 to flag missing or extra whitespace around == operator (#...
• Additional commits viewable in compare view

Updates werkzeug from 3.0.4 to 3.0.6

Release notes

Sourced from werkzeug's releases.

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.6/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6

• Fix how max_form_memory_size is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2
• safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j

3.0.5

This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.5/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5 Milestone: https://github.com/pallets/werkzeug/milestone/37?closed=1

• The Watchdog reloader ignores file closed no write events. #2945
• Logging works with client addresses containing an IPv6 scope. #2952
• Ignore invalid authorization parameters. #2955
• Improve type annotation fore SharedDataMiddleware. #2958
• Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. #2957

Changelog

Sourced from werkzeug's changelog.

Version 3.0.6

Released 2024-10-25

• Fix how max_form_memory_size is applied when parsing large non-file fields. :ghsa:q34m-jh98-gwm2
• safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

Version 3.0.5

Released 2024-10-24

• The Watchdog reloader ignores file closed no write events. :issue:2945
• Logging works with client addresses containing an IPv6 scope :issue:2952
• Ignore invalid authorization parameters. :issue:2955
• Improve type annotation fore SharedDataMiddleware. :issue:2958
• Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. :issue:2957

Commits

• 5eaefc3 release version 3.0.6
• 2767bcb Merge commit from fork
• 87cc78a catch special absolute path on Windows Python < 3.11
• 50cfeeb Merge commit from fork
• 8760275 apply max_form_memory_size another level up in the parser
• 8d6a12e start version 3.0.6
• a7b121a release version 3.0.5 (#2961)
• 9caf72a release version 3.0.5
• e28a245 catch OSError from getpass.getuser (#2960)
• e6b4cce catch OSError from getpass.getuser
• Additional commits viewable in compare view

Updates setuptools from 70.3.0 to 75.2.0

Changelog

Sourced from setuptools's changelog.

v75.2.0

Features

• Made errors when parsing Distribution data more explicit about the expected type (tuple[str, ...] | list[str]) -- by :user:Avasam (#4578)

Bugfixes

• Fix a TypeError when a Distribution's old included attribute was a tuple -- by :user:Avasam (#4578)
• Add workaround for bdist_wheel --dist-info-dir errors when customisation does not inherit from setuptools. (#4684)

v75.1.1

Bugfixes

• Re-use pre-existing .dist-info dir when creating wheels via the build backend APIs (PEP 517) and the metadata_directory argument is passed -- by :user:pelson. (#1825)
• Changed egg_info command to avoid adding an empty .egg-info directory while iterating over entry-points. This avoids triggering integration problems with importlib.metadata/importlib_metadata (reference: pypa/pyproject-hooks#206). (#4680)

v75.1.0

Features

• Deprecated bdist_wheel.universal configuration. (#4617)

Bugfixes

• Removed reference to upload_docs module in entry points. (#4650)

v75.0.0

Features

... (truncated)

Commits

• 61a5a03 Bump version: 75.1.1 → 75.2.0
• 8ad3ea7 Workaround for bdist_wheel.dist_info_dir problems (#4684)
• 9af0877 Type sequence checks in setuptools/dist.py (#4578)
• 0534fde Add news fragment
• 50b732a Check for more specific error message
• a663287 Add pragma for edge-case code path
• 96be735 Workaround for bdist_wheel.dist_info_dir problems
• 000a413 Deprecate public access to setuptools.dist.sequence
• 00995c1 Use variable msg instead of tmpl in setuptools/dist
• d457d0e Type sequence checks in setuptools/dist.py
• Additional commits viewable in compare view

Updates honcho from 1.1.0 to 2.0.0

Release notes

Sourced from honcho's releases.

v2.0.0

• CHANGED: You can use the PROCFILE OS environment variable to configure the name of the Procfile.
• CHANGED: Python 3.6 and 3.7 are no longer supported environments.
• CHANGED: Python 3.11, 3.12, 3.13 are now supported environments. Thank you to @​jacebrowning and @​marco-carvalho who each submitted fixes to enable this.
• CHANGED: PyPy 3.7 and 3.8 are no longer supported environments.
• CHANGED: PyPy 3.9, 3.10 are now supported environments.
• FIXED: The systemd exporter now correctly sets Wants for the process group master targets. Thank you to @​wg-daniel for the fix.
• CHANGED: The systemd exporter sets WantedBy=multi-user.target for individual services so that they start automatically on most systems. Processes also log to the journal by default. Thank you to @​wg-daniel for the contributions.

Thank you also to the following for contributions improving Honcho's documentation: @​timgates42, @​rafrafek, @​sblondon, and @​Bernardoow.

Changelog

Sourced from honcho's changelog.

2.0.0 -- 2024-10-06

• CHANGED: You can use the PROCFILE OS environment variable to configure the name of the Procfile.
• CHANGED: Python 3.6 and 3.7 are no longer supported environments.
• CHANGED: Python 3.11, 3.12, 3.13 are now supported environments. Thank you to Jace Browning and Marco Carvalho who each submitted fixes to enable this.
• CHANGED: PyPy 3.7 and 3.8 are no longer supported environments.
• CHANGED: PyPy 3.9, 3.10 are now supported environments.
• FIXED: The systemd exporter now correctly sets Wants for the process group master targets. Thank you to Dan Berg for the fix.
• CHANGED: The systemd exporter sets WantedBy=multi-user.target for individual services so that they start automatically on most systems. Processes also log to the journal by default. Thank you to Dan Berg for the contributions.

Thank you also to the following for contributions improving Honcho's documentation: @​timgates42, @​rafrafek, @​sblondon, and @​Bernardoow.

Commits

• 8af6317 Release 2.0.0
• 9593bfd Remove Makefile
• e5f9de2 Fix systemd exporter tests
• cf1205a fix little typo
• 69c6da5 Add multi user target
• 61c95a9 Fix redundant app name
• 830efd4 Add process master name as context
• 355da6e Use process master name as target in service
• 2e82dea Move from syslog to journal
• c62a1fa Add Wants to process master template
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Invalid

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.