Bump the dependencies group across 1 directory with 59 updates

[dependabot]

Bumps the dependencies group with 59 updates in the /.config directory:

Package	From	To
ansible-builder	3.0.0	3.0.1
ansible-compat	4.1.11	24.5.1
ansible-lint	24.2.0	24.5.0
ansible-runner	2.3.4	2.4.0
babel	2.14.0	2.15.0
black	24.1.1	24.4.2
cairocffi	1.6.1	1.7.0
coverage	7.4.1	7.5.2
cryptography	42.0.2	42.0.7
dnspython	2.5.0	2.6.1
docutils	0.20.1	0.21.2
exceptiongroup	1.2.0	1.2.1
execnet	2.0.2	2.1.1
filelock	3.13.1	3.14.0
griffe	0.40.1	0.45.2
identify	2.5.34	2.5.36
idna	3.6	3.7
jinja2	3.1.3	3.1.4
jsonschema	4.21.1	4.22.0
libtmux	0.16.1	0.37.0
markdown	3.5.2	3.6
markdown-exec	1.8.0	1.8.3
mkdocs	1.5.3	1.6.0
mkdocs-ansible	24.2.1	24.3.1
mkdocs-autorefs	0.5.0	1.0.1
mkdocs-htmlproofer-plugin	1.0.0	1.2.1
mkdocs-material	9.5.9	9.5.24
mkdocstrings	0.24.0	0.25.1
mkdocstrings-python	1.8.0	1.10.3
packaging	23.2	24.0
pillow	10.2.0	10.3.0
pipdeptree	2.13.2	2.21.0
platformdirs	4.2.0	4.2.2
pluggy	1.4.0	1.5.0
pre-commit	3.6.1	3.7.1
pycparser	2.21	2.22
pygments	2.17.2	2.18.0
pymdown-extensions	10.7	10.8.1
pytest	8.0.0	8.2.1
pytest-mock	3.12.0	3.14.0
pytest-plus	0.6.1	0.7.0
pytest-rerunfailures	13.0	14.0
pytest-subtests	0.11.0	0.12.1
pytest-xdist	3.5.0	3.6.1
python-dateutil	2.8.2	2.9.0.post0
referencing	0.33.0	0.35.1
regex	2023.12.25	2024.5.15
requests	2.31.0	2.32.2
requirements-parser	0.5.0	0.9.0
rich	13.7.0	13.7.1
rpds-py	0.17.1	0.18.1
tinycss2	1.2.1	1.3.0
types-setuptools	69.0.0.20240125	70.0.0.20240524
typing-extensions	4.9.0	4.12.0
urllib3	2.2.0	2.2.1
virtualenv	20.25.0	20.26.2
watchdog	4.0.0	4.0.1
wcmatch	8.5	8.5.2
yamllint	1.34.0	1.35.1

Updates ansible-builder from 3.0.0 to 3.0.1

Release notes

Sourced from ansible-builder's releases.

3.0.1

What's Changed

• Wrap variable in double quotes by @​Akasurde in ansible/ansible-builder#537
• definition.rst: Add link to Galaxy requirements file format; add example of specifying collection version by @​Andersson007 in ansible/ansible-builder#549
• Docs: mention a few base images as examples, using a free one as the default by @​felixfontein in ansible/ansible-builder#544
• Update to the builder documentation by @​acozine in ansible/ansible-builder#552
• Document PKGMGR_PRESERVE_CACHE by @​Akasurde in ansible/ansible-builder#558
• Added scenarios for version 3 by @​Akasurde in ansible/ansible-builder#538
• Docs: Using prepend_base by @​Akasurde in ansible/ansible-builder#563
• collection_metadata: improve documentation by @​Andersson007 in ansible/ansible-builder#551
• Improve CLI usage docs by @​Andersson007 in ansible/ansible-builder#559
• Fix container policy for version 3 by @​Shrews in ansible/ansible-builder#654

New Contributors

• @​felixfontein made their first contribution in ansible/ansible-builder#544
• @​acozine made their first contribution in ansible/ansible-builder#552

Full Changelog: ansible/ansible-builder@3.0.0...3.0.1

Commits

• e991c1a Revert "[RFE] Support for tags from the configuration file (#555)" (#655)
• 0563a9d Fix container policy for version 3 (#652)
• 3ca2372 Bump linters: pylint==3.0.1, mypy==1.6.0 (#622)
• 9d54763 Add pylint to CI (#575)
• ec99827 Improve CLI usage docs (#559)
• b73f65d collection_metadata: improve documentation (#551)
• 1bb59b3 Docs: Using prepend_base (#563)
• 317b132 [RFE] Support for tags from the configuration file (#555)
• 8e9f86c Added scenarios for version 3 (#538)
• 3ca0922 Documented PKGMGR_PRESERVE_CACHE (#558)
• Additional commits viewable in compare view

Updates ansible-compat from 4.1.11 to 24.5.1

Release notes

Sourced from ansible-compat's releases.

v24.5.1

Minor Changes

• Add has_playbook method to Runtime (#364) @​ssbarnea

Bugfixes

• Fix packaging version to recognize pre-release versions (#371) @​ssbarnea
• Update requirements (#365) @​ssbarnea
• Allow dashes in role namespaces (#355) @​sur5r
• If project_dir is passed, locate requirements within that directory (#339) @​audgirka

Commits

• 77f4aa6 Fix packaging version to recognize pre-release versions (#371)
• 2e52498 Remove before-release from GHA release pipeline (#368)
• 2a97729 Upgrade gha upload-artifact (#366)
• 5fa97de chore: pre-commit autoupdate (#363)
• b6cafb1 Add has_playbook method to Runtime (#364)
• 0fc3578 Update requirements (#365)
• dba9fcc gha: rename reusable repository (#362)
• c7c6e83 Use python3 executable (#360)
• e454c82 Refactor dependency locking (#359)
• 4597e60 Enable dependabot for pip (#358)
• Additional commits viewable in compare view

Updates ansible-lint from 24.2.0 to 24.5.0

Release notes

Sourced from ansible-lint's releases.

v24.5.0

Enhancements

• Add subdirectories to be part of the task prefix (#4143) @​cavcrosby
• Prevent execution with incompatible yamllint configuration (#4139) @​ssbarnea
• Continue linting other files when one has syntax-check errors (#4133) @​ssbarnea

Bugfixes

• Make linter aware of its own requirements (#4159) @​ssbarnea
• Allow running with incompatible yamllint config (#4158) @​ssbarnea
• Avoid key exception during transform (#4156) @​ssbarnea
• Raise name[casing] violation for notify task param (#4149) @​cavcrosby
• Allow tabs in win_lineinfile (#4147) @​ssbarnea
• Improve feedback for fix, avoid a traceback with transform (#4148) @​cidrblock
• Allow tabs inside jinja strings (#4146) @​ssbarnea
• Avoid reformatting hexadecimal integers (#4145) @​ssbarnea
• Make import_playbook recognize playbooks from within collections (#4141) @​ssbarnea
• Document valid locations for requirements.yml in the docs (#4134) @​shatakshiiii
• Recognize adjacent plugins (#4131) @​ssbarnea
• Support examples for role entrypoints (#4019) @​felixfontein
• Add lower requirements and testing (#4130) @​ssbarnea

v24.2.3

Bugfixes

• Make ignore_unreachable accept jinja templates (#4120) @​audgirka
• Make fix more resilient to syntax-check errors (#4125) @​ssbarnea
• Don't inject CWD parent into PATH (#4108) @​garymm
• Do not assume working_directory is github.workspace (#4103) @​ajfabbri
• Fix yaml rules being included regardless of tags (#4107) @​cavcrosby
• Allow jinja2 expression for choices field (#4117) @​cavcrosby
• Update order schema to work with jinja template (#4121) @​audgirka
• Fix KeyError on key-order rule with blocks (#4116) @​Qalthos
• Avoid running get_app more than once (#4115) @​ssbarnea
• Avoid NameError if there is no notify keyword to update (#4113) @​Qalthos
• Add AstraLinux platform identification (#4111) @​dentist128

v24.2.2

Bugfixes

• Raise exception while accessing rules by index (#4068) @​audgirka
• Update spdx license list (#4097) @​ssbarnea
• Bump minimal version of black being required (#4089) @​ssbarnea
• Add systemctl get-default as acceptable command (#4087) @​konstruktoid
• Adding EDA tag to the required galaxy.yml tags (#4077) @​alisonlhart

v24.2.1

Bugfixes

... (truncated)

Commits

• 492d840 Make linter aware of its own requirements (#4159)
• b77726d Allow running with incompatible yamllint config (#4158)
• 6fb75a4 Avoid key exception during transform (#4156)
• 23c046b Raise name[casing] violation for notify task param (#4149)
• 0d3f69c Refactor globs test (#4157)
• 744254a Add subdirectories to be part of the task prefix (#4143)
• e8a71e5 Allow tabs in win_lineinfile (#4147)
• c66c903 Improve feedback for fix, avoid a traceback with transform (#4148)
• bad138f Bump the dependencies group across 1 directory with 10 updates (#4154)
• f6d4702 Allow tabs inside jinja strings (#4146)
• Additional commits viewable in compare view

Updates ansible-runner from 2.3.4 to 2.4.0

Release notes

Sourced from ansible-runner's releases.

2.4.0

What's Changed

• Bump minimum supported Python to 3.9

Bug Fixes

• Honor inventory filepath by @​Akasurde in ansible/ansible-runner#1065
• Ensure that UTC ISO8601 datetimes include timezone info by @​sivel in ansible/ansible-runner#1238
• Fix for non-str ident by @​Shrews in ansible/ansible-runner#1268
• Pass inventory directory path instead of file path when using containerization by @​christophert in ansible/ansible-runner#1304
• Validate inventory from CLI early by @​Shrews in ansible/ansible-runner#1307
• Allow shutil to copy into existing isolation directory by @​christophert in ansible/ansible-runner#1311
• Fix invalid inventory with relative pvt data dir by @​Shrews in ansible/ansible-runner#1316
• Add lib symlink to bwrap call by @​christophert in ansible/ansible-runner#1312

2.3.6

What's Changed

• Untag instead of force remove image for podman. This makes the worker cleanup subcommand behave similarly with either docker or podman. (#1342)

Full Changelog: ansible/ansible-runner@2.3.5...2.3.6

2.3.5

What's Changed

• fix pexpect child shutdown race (#1331) by @​TheRealHaoLiu in ansible/ansible-runner#1336

Full Changelog: ansible/ansible-runner@2.3.4...2.3.5

Commits

• 82efc86 Remove CodeCov upload from CI (#1357)
• 764790f Add Python 3.12 testing (#1348)
• d2afb91 Bump cryptography from 41.0.6 to 42.0.4 in /docs (#1341)
• d51a2f3 Untag instead of force remove image for podman (#1342)
• aa9bbe0 Add runner tests from ansible core test suite (#1334)
• 874f5cb docs: update links to EE getting started guide (#1338)
• 2097e81 fix pexpect child shutdown race (#1331)
• 309baad Upgrade setuptools-scm (#1332)
• e0371d6 Bump cryptography from 41.0.4 to 41.0.6 in /docs (#1329)
• e81b02c Add lib symlink to bwrap call (#1312)
• Additional commits viewable in compare view

Updates babel from 2.14.0 to 2.15.0

Release notes

Sourced from babel's releases.

v2.15.0

The changelog below is auto-generated by GitHub.

The binary artifacts attached to this GitHub release were generated by the GitHub Actions workflow.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Drop support for Python 3.7 (EOL since June 2023) by @​akx in python-babel/babel#1048
• Upgrade GitHub Actions by @​cclauss in python-babel/babel#1054
• Improve .po IO by @​akx in python-babel/babel#1068
• Use CLDR 44 by @​akx in python-babel/babel#1071
• Allow alternative space characters as group separator when parsing numbers by @​ronnix in python-babel/babel#1007
• Include Unicode license in locale-data and in documentation by @​akx in python-babel/babel#1074
• Encode support for the "fall back to short format" logic for time delta formatting by @​akx in python-babel/babel#1075
• Prepare for 2.15.0 release by @​akx in python-babel/babel#1079

New Contributors

• @​cclauss made their first contribution in python-babel/babel#1054
• @​ronnix made their first contribution in python-babel/babel#1007

Full Changelog: python-babel/babel@v2.14.0...v2.15.0

Changelog

Sourced from babel's changelog.

Version 2.15.0

Python version support

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)
Features

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)
Infrastructure



Upgrade GitHub Actions (:gh:1054) (@​cclauss's first contribution)
The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@​akx)

Commits

• 40b194f Prepare for 2.15.0 release (#1079)
• c2e6c6e Encode support for the "fall back to short format" logic for time delta forma...
• 1a03526 Include Unicode license in locale-data and in documentation (#1074)
• c0fb56e Allow alternative space characters as group separator when parsing numbers (#...
• fe82fbc Use CLDR 44 and adjust tests to match new data (#1071)
• e0d1018 Improve .po IO (#1068)
• 40e60a1 Upgrade GitHub Actions (#1054)
• 2a1709a Drop support for Python 3.7 (EOL since June 2023) (#1048)
• See full diff in compare view

Updates black from 24.1.1 to 24.4.2

Release notes

Sourced from black's releases.

24.4.2

This is a bugfix release to fix two regressions in the new f-string parser introduced in 24.4.1.

Parser

• Fix regression where certain complex f-strings failed to parse (#4332)

Performance

• Fix bad performance on certain complex string literals (#4331)

24.4.1

Highlights

• Add support for the new Python 3.12 f-string syntax introduced by PEP 701 (#3822)

Stable style

• Fix crash involving indented dummy functions containing newlines (#4318)

Parser

• Add support for type parameter defaults, a new syntactic feature added to Python 3.13 by PEP 696 (#4327)

Integrations

• Github Action now works even when git archive is skipped (#4313)

24.4.0

Stable style

• Fix unwanted crashes caused by AST equivalency check (#4290)

Preview style

• if guards in case blocks are now wrapped in parentheses when the line is too long. (#4269)
• Stop moving multiline strings to a new line unless inside brackets (#4289)

Integrations

• Add a new option use_pyproject to the GitHub Action psf/black. This will read the Black version from pyproject.toml. (#4294)

24.3.0

Highlights

... (truncated)

Changelog

Sourced from black's changelog.

24.4.2

This is a bugfix release to fix two regressions in the new f-string parser introduced in 24.4.1.

Parser

• Fix regression where certain complex f-strings failed to parse (#4332)

Performance

• Fix bad performance on certain complex string literals (#4331)

24.4.1

Highlights

• Add support for the new Python 3.12 f-string syntax introduced by PEP 701 (#3822)

Stable style

• Fix crash involving indented dummy functions containing newlines (#4318)

Parser

• Add support for type parameter defaults, a new syntactic feature added to Python 3.13 by PEP 696 (#4327)

Integrations

• Github Action now works even when git archive is skipped (#4313)

24.4.0

Stable style

• Fix unwanted crashes caused by AST equivalency check (#4290)

Preview style

• if guards in case blocks are now wrapped in parentheses when the line is too long. (#4269)
• Stop moving multiline strings to a new line unless inside brackets (#4289)

Integrations

• Add a new option use_pyproject to the GitHub Action psf/black. This will read the Black version from pyproject.toml. (#4294)

24.3.0

... (truncated)

Commits

• 3702ba2 Prepare release 24.4.2 (#4335)
• e4aaa8a Fix incorrect f-string tokenization (#4332)
• ba88fc3 Simplify string tokenization regexes (#4331)
• 5683242 New release template
• e7fb048 Prepare release 24.4.1 (#4328)
• 3f0f8f1 Support PEP 696 (#4327)
• 2f88085 Github Action: Directly install from repo if export-subst is skipped (#4313)
• 12ce3db Move changelog entry to right section (#4326)
• 1354be2 Add support to style function definitions with newlines before function stubs...
• f4b644b Prevent wrapping of multiline fstrings in parens (#4325)
• Additional commits viewable in compare view

Updates cairocffi from 1.6.1 to 1.7.0

Changelog

Sourced from cairocffi's changelog.

cairocffi changelog

Version 1.7.0 .............

Released on 2024-04-27

• Drop Python 3.7 support, add Python 3.12 support
• [#221](https://github.com/Kozea/cairocffi/issues/221) <https://github.com/Kozea/cairocffi/pull/225>_: Add environment variable to set folder where DLLs are installed on Windows
• [#225](https://github.com/Kozea/cairocffi/issues/225) <https://github.com/Kozea/cairocffi/pull/225>_: Use Ruff instead of Flake8 and isort

Version 1.6.1 .............

Released on 2023-07-24

• [#217](https://github.com/Kozea/cairocffi/issues/217) <https://github.com/Kozea/cairocffi/issues/217>_: Repair installation with PyInstaller

Version 1.6.0 .............

Released on 2023-06-12

This version uses a new CFFI mode that may break your program.

CairoCFFI now uses Flit for packaging and is also distributed as a Python wheel.

Please test carefully and don’t hesitate to report issues before using it in production.

• [#216](https://github.com/Kozea/cairocffi/issues/216) <https://github.com/Kozea/cairocffi/pull/216>_: Use ABI-level in-line CFFI mode

Version 1.5.1 .............

Released on 2023-04-15

• [#212](https://github.com/Kozea/cairocffi/issues/212) <https://github.com/Kozea/cairocffi/issues/212>_: Bring back XCB support during wheel generation

... (truncated)

Commits

• 4bafdd7 Version 1.7.0
• a535d50 Merge pull request #225 from Kozea/ruff
• aa240d3 Use ruff instead of flake8 and isort
• 33501f0 Fix CI tests on macOS
• ee7186b Drop Python 3.7, support Python 3.12
• dbb62b0 Clean and fix tests
• 8a8d35a Update tests on GitHub Actions
• 290b5db Merge pull request #221 from Li-Xiang-Ideal/patch-1
• 3e3dafd Add missing import
• f4ebc6e Add documentation about CAIROCFFI_DLL_DIRECTORIES
• Additional commits viewable in compare view

Updates coverage from 7.4.1 to 7.5.2

Changelog

Sourced from coverage's changelog.

Version 7.5.2 — 2024-05-24

• Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779_. This is now fixed.

• Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported.

• In the HTML report, the filter term and "hide covered" checkbox settings are remembered between viewings, thanks to Daniel Diniz <pull 1776_>_.

• Python 3.13.0b1 is supported.

• Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe <pull 1788_>. Closes issue 1787.

.. _pull 1776: nedbat/coveragepy#1776 .. _issue 1779: nedbat/coveragepy#1779 .. _issue 1787: nedbat/coveragepy#1787 .. _pull 1788: nedbat/coveragepy#1788

.. _changes_7-5-1:

Version 7.5.1 — 2024-05-04

• Fix: a pragma comment on the continuation lines of a multi-line statement now excludes the statement and its body, the same as if the pragma is on the first line. This closes issue 754. The fix was contributed by Daniel Diniz <pull 1773_>.

• Fix: very complex source files like this one <resolvent_lookup_>_ could cause a maximum recursion error when creating an HTML report. This is now fixed, closing issue 1774_.

• HTML report improvements:

  • Support files (JavaScript and CSS) referenced by the HTML report now have hashes added to their names to ensure updated files are used instead of stale cached copies.

  • Missing branch coverage explanations that said "the condition was never false" now read "the condition was always true" because it's easier to

... (truncated)

Commits

• 242adea build: don't claim pre-alpha-1 in classifiers
• 7f33622 docs: sample HTML for 7.5.2
• 946fa3a docs: prep for 7.5.2
• 535ddc3 build: pylint can run in parallel
• 60a5d65 docs: explain partial coverage reports on generator expressions (#1789)
• 0700018 docs: changelog for #1788 #1787. Thanks Liam DeVoe
• 364282e fix: catch TokenError on parse (#1788)
• 81089de fix: module docstrings are never counted as statements
• 96bd930 fix: rework exclusion parsing to fix #1779
• 75f9d51 test(build): when running metacov, create json report
• Additional commits viewable in compare view

Updates cryptography from 42.0.2 to 42.0.7

Changelog

Sourced from cryptography's changelog.

42.0.7 - 2024-05-06

* Restored Windows 7 compatibility for our pre-built wheels. Note that we do
  not test on Windows 7 and wheels for our next release will not support it.
  Microsoft no longer provides support for Windows 7 and users are encouraged
  to upgrade.
.. _v42-0-6:
42.0.6 - 2024-05-04

• Fixed compilation when using LibreSSL 3.9.1.

.. _v42-0-5:

42.0.5 - 2024-02-23

* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:
42.0.4 - 2024-02-20

• Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130
• Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370.

.. _v42-0-3:

42.0.3 - 2024-02-15

* Fixed an initialization issue that caused key loading failures for some
  users.
.. _v42-0-2:

Commits

• 0cc7fc3 Prepare for 42.0.7 release (#10949)
• cfad004 Prepare backports for 42.0.6 release (#10929)
• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• c49a7a5 changelog and version bump for 42.0.3 (#10396)
• Additional commits viewable in compare view

Updates dnspython from 2.5.0 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

• The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

• As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

  This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

• Added support for the NSID EDNS option.

• Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

• The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

Commits

• 0a742b9 update CI
• 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
• f12d398 2.6.1 version prep
• cecb853 Further improve CVE fix coverage to 100% for sync and async.
• 7952e31 test IgnoreErrors
• e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
• 3af9f78 2.6.0 versioning
• ca63d95 Require cryptography >=41 instead of 42.
• 902cbf3 Create CODE_OF_CONDUCT.md
• ed9795f github contributing and pull request template
• Additional commits viewable in compare view

Updates docutils from 0.20.1 to 0.21.2

Updates exceptiongroup from 1.2.0 to 1.2.1

Release notes

Sourced from exceptiongroup's releases.

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

• Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
• Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
• Fixed bare raise i...

  Description has been truncated

[dependabot]

The following labels could not be found: dependencies, skip-changelog.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.