Bump the python-packages group across 1 directory with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates in the / directory:

Package	From	To
idna	3.7	3.8
importlib-metadata	8.2.0	8.4.0
soupsieve	2.5	2.6
uvicorn	0.30.5	0.30.6
websockets	12.0	13.0

Updates idna from 3.7 to 3.8

Release notes

Sourced from idna's releases.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

Changelog

Sourced from idna's changelog.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Commits

• 784c6f4 Release v3.8
• 28c7c9e Typo fix
• a2b41c3 Pin remainder of Github Actions flagged in code scanning
• 1f613c5 More Github Action dependency pinning
• a87e2b6 Update OSSF scorecard to latest version
• 12d4dd1 Merge pull request #182 from kjd/github-pypi-actions
• e1a1541 Pin Github Actions dependencies
• c109d3a Merge branch 'master' into github-pypi-actions
• f8a8de4 Do not try to build/send packages to TestPyPI for now
• 613bdde Update regexp to move global flag to start of expression
• Additional commits viewable in compare view

Updates importlib-metadata from 8.2.0 to 8.4.0

Changelog

Sourced from importlib-metadata's changelog.

v8.4.0

Features

• Deferred import of inspect for import performance. (#499)

v8.3.0

Features

• Disallow passing of 'dist' to EntryPoints.select.

Commits

• 1616cb3 Finalize
• 71b4678 Add news fragment.
• ebcdcfd Remove workaround for python/typeshed#10328.
• 2c43cfe Merge pull request #499 from danielhollas/defer-inspect
• a7aaf72 Use third-person imperative voice and link to issue in comment.
• e99c105 Restore single-expression logic.
• debb516 Don't use global var
• 3c8e1ec Finalize
• 5035755 Merge pull request #498 from python/feature/entry-points-disallow-dist-match
• 6d9b766 Remove MetadataPathFinder regardless of its position.
• Additional commits viewable in compare view

Updates soupsieve from 2.5 to 2.6

Release notes

Sourced from soupsieve's releases.

2.6

• NEW: Add official support for Python 3.13.
• NEW: Add support for & as scoping root per the CSS Nesting Module, Level 1. When & is used outside the context of nesting, it is treated as the scoping root (equivalent to :scope).
• FIX: Improve error message when an unrecognized pseudo-class is used.

Commits

• f974ea7 Update token (#273)
• 1a67e46 Officially support Python 3.13 and update build environment (#271)
• 25631bd fix Adjacent sibling combinator example (#272)
• e0d4979 Improve pseudo-class error message (#270)
• c811bdf Add support for nesting ampersand (#269)
• dc71495 Fix typo in README.md (#267)
• See full diff in compare view

Updates uvicorn from 0.30.5 to 0.30.6

Release notes

Sourced from uvicorn's releases.

Version 0.30.6

Fixed

• Don't warn when upgrade is not WebSocket and depedencies are installed (#2360)

---

Full Changelog: encode/uvicorn@0.30.5...0.30.6

Changelog

Sourced from uvicorn's changelog.

0.30.6 (2024-08-13)

Fixed

• Don't warn when upgrade is not WebSocket and depedencies are installed (#2360)

Commits

• 7dc027d Version 0.30.6 (#2428)
• 587a1cc fix: upgrade is not websocket and dependencies are installed, should not warn...
• cee31a6 test(signal): add sleep to ensure shutdown completion (#2427)
• eba64ef ci: timeout for test suite runs to 30 minutes (#2426)
• 0f513d2 Remove signal testing order dependency (#2382)
• See full diff in compare view

Updates websockets from 12.0 to 13.0

Release notes

Sourced from websockets's releases.

13.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

• 323adef Migrate to actions/upload-artifact@v4.
• f9c20d0 Avoid deleting .so files in .direnv or equivalent.
• 4d0e0e1 Build sdist and arch-independent wheel with build.
• 0019943 Release version 13.0.
• 12fa8bc Complete changelog with changes since 12.0.
• 9d355bf Remove unnecessary code paths in keepalive().
• 453e55a Standardize on raise AssertionError(...).
• 9e5b91b Improve documentation of latency.
• 8eaa5a2 Document & test process_response modifying the response.
• 09b1d8d Fix tests on Python < 3.10.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 3 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 30f1b87.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
idna	3.8	BSD-2-Clause AND BSD-3-Clause	Incompatible License
uvicorn	0.30.6	BSD-2-Clause AND BSD-3-Clause	Incompatible License
websockets	13.0	BSD-2-Clause AND BSD-3-Clause	Incompatible License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, MIT, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/idna	3.8	🟢 7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 6 out of 6 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 0 Found 1/14 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 41 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 25 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/importlib-metadata	8.4.0	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/25 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 8 binaries present in source code Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/soupsieve	2.6	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/uvicorn	0.30.6	🟢 6.1	Details Check Score Reason Code-Review 🟢 6 Found 18/29 approved changesets -- score normalized to 6 Maintained 🟢 10 27 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/websockets	13.0	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/19 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

poetry.lock

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]