build(deps): bump the pip group across 3 directories with 9 updates #15

dependabot · 2024-03-20T17:26:59Z

Bumps the pip group with 5 updates in the /autogpts/autogpt directory:

Package	From	To
orjson	`3.9.10`	`3.9.15`
black	`23.12.0`	`24.3.0`
aiohttp	`3.9.1`	`3.9.2`
fonttools	`4.46.0`	`4.50.0`
jinja2	`3.1.2`	`3.1.3`
Bumps the pip group with 5 updates in the /autogpts/forge directory:

Package	From	To
black	`23.12.0`	`24.3.0`
aiohttp	`3.9.1`	`3.9.2`
fonttools	`4.46.0`	`4.50.0`
jinja2	`3.1.2`	`3.1.3`
urllib3	`2.1.0`	`2.2.1`
Bumps the pip group with 7 updates in the /benchmark directory:

Package	From	To
fastapi	`0.99.1`	`0.109.1`
black	`22.3.0`	`24.3.0`
aiohttp	`3.8.5`	`3.9.2`
fonttools	`4.42.1`	`4.43.0`
jinja2	`3.1.2`	`3.1.3`
python-multipart	`0.0.6`	`0.0.7`
urllib3	`2.0.5`	`2.0.7`

Updates orjson from 3.9.10 to 3.9.15

Release notes

Sourced from orjson's releases.

3.9.15

Fixed

Implement recursion limit of 1024 on orjson.loads().

Use byte-exact read on str formatting SIMD path to avoid crash.

3.9.14

Fixed

Fix crash serializing str introduced in 3.9.11.

Changed

Build now depends on Rust 1.72 or later.

3.9.13

Fixed

Serialization str escape uses only 128-bit SIMD.

Fix compatibility with CPython 3.13 alpha 3.

Changed

Publish musllinux_1_2 instead of musllinux_1_1 wheels.

Serialization uses small integer optimization in CPython 3.12 or later.

3.9.12

Fixed

Minimal musllinux_1_1 build due to sporadic CI failure.

Changed

Update benchmarks in README.

3.9.11

Changed

Improve performance of serializing. str is significantly faster. Documents using dict, list, and tuple are somewhat faster.

Changelog

Sourced from orjson's changelog.

3.9.15 - 2024-02-23

Fixed

Implement recursion limit of 1024 on orjson.loads().

Use byte-exact read on str formatting SIMD path to avoid crash.

3.9.14 - 2024-02-14

Fixed

Fix crash serializing str introduced in 3.9.11.

Changed

Build now depends on Rust 1.72 or later.

3.9.13 - 2024-02-03

Fixed

Serialization str escape uses only 128-bit SIMD.

Fix compatibility with CPython 3.13 alpha 3.

Changed

Publish musllinux_1_2 instead of musllinux_1_1 wheels.

Serialization uses small integer optimization in CPython 3.12 or later.

3.9.12 - 2024-01-18

Changed

Update benchmarks in README.

Fixed

Minimal musllinux_1_1 build due to sporadic CI failure.

3.9.11 - 2024-01-18

Changed

Improve performance of serializing. str is significantly faster. Documents using dict, list, and tuple are somewhat faster.

Commits

a348f59 3.9.15
b0e4d2c yyjson 0eca326, recursion limit
5067ead impl_escape_unchecked() byte exact read
e04ea73 cargo update, build misc
ba8c701 3.9.14
a2f7b7b impl_format_simd!() lift create from loop, rotate left
528220f format_escaped_str() fast and slow paths depending on page boundary
29884e6 Fix buffer overread in format_escaped_str
c825472 cargo update
4eb4f00 3.9.13
Additional commits viewable in compare view

Updates black from 23.12.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

552baf8 Prepare release 24.3.0 (#4279)
f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
1abcffc Use regex where we ignore case on windows (#4252)
719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
e5510af update plugin url for Thonny (#4259)
6af7d11 Fix AST safety check false negative (#4270)
f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
e4bfedb fix: Don't move comments while splitting delimiters (#4248)
d0287e1 Make trailing comma logic more concise (#4202)
Additional commits viewable in compare view

Updates aiohttp from 3.9.1 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates fonttools from 4.46.0 to 4.50.0

Release notes

Sourced from fonttools's releases.

4.49.0

[otlLib] Add API for building MATH table (#3446)

4.48.1

Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0

[varLib] Do not log when there are no OTL tables to be merged.

[setup.py] Do not restrict lxml=5.

[feaLib] Remove glyph and class names length restrictions in FEA (#3424).

[roundingPens] Added transformRoundFunc parameter to the rounding pens to allow for custom rounding of the components' transforms (#3426).

[feaLib] Keep declaration order of ligature components within a ligature set, instead of sorting by glyph name (#3429).

[feaLib] Fixed ordering of alternates in aalt lookups, following the declaration order of feature references within the aalt feature block (#3430).

[varLib.instancer] Fixed a bug in the instancer's IUP optimization (#3432).

[sbix] Support sbix glyphs with new graphicType "flip" (#3433).

[svgPathPen] Added --glyphs option to dump the SVG paths for the named glyphs in the font (0572f78).

[designspaceLib] Added "description" attribute to <mappings> and <mapping> elements, and allow multiple <mappings> elements to group <mapping> elements that are logically related (#3435, #3437).

[otlLib] Correctly choose the most compact GSUB contextual lookup format (#3439).

4.47.2

Minor release to fix uploading wheels to PyPI.

4.47.1

[merge] Improve help message and add standard command line options (#3408)

[otlLib] Pass ttFont to name.addName in buildStatTable (#3406)

[featureVars] Re-use FeatureVariationRecords when possible (#3413)

4.47.0

[varLib.models] New API for VariationModel: getMasterScalars and interpolateFromValuesAndScalars.

[varLib.interpolatable] Various bugfixes and rendering improvements. In particular, add a Summary page in the front, and an Index and Table-of-Contents in the back. Change the page size to Letter.

[Docs/designspaceLib] Defined a new public.fontInfo lib key, not used anywhere yet (#3358).

Changelog

Sourced from fonttools's changelog.

4.50.0 (released 2024-03-15)

[pens] Added decomposing filter pens that draw components as regular contours (#3460).

[instancer] Drop explicit no-op axes from TupleVariations (#3457).

[cu2qu/ufo] Return set of modified glyph names from fonts_to_quadratic (#3456).

4.49.0 (released 2024-02-15)

[otlLib] Add API for building MATH table (#3446)

4.48.1 (released 2024-02-06)

Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0 (released 2024-02-06)

[varLib] Do not log when there are no OTL tables to be merged.

[setup.py] Do not restrict lxml=5.

[feaLib] Remove glyph and class names length restrictions in FEA (#3424).

[roundingPens] Added transformRoundFunc parameter to the rounding pens to allow for custom rounding of the components' transforms (#3426).

[feaLib] Keep declaration order of ligature components within a ligature set, instead of sorting by glyph name (#3429).

[feaLib] Fixed ordering of alternates in aalt lookups, following the declaration order of feature references within the aalt feature block (#3430).

[varLib.instancer] Fixed a bug in the instancer's IUP optimization (#3432).

[sbix] Support sbix glyphs with new graphicType "flip" (#3433).

[svgPathPen] Added --glyphs option to dump the SVG paths for the named glyphs in the font (0572f78).

[designspaceLib] Added "description" attribute to <mappings> and <mapping> elements, and allow multiple <mappings> elements to group <mapping> elements that are logically related (#3435, #3437).

[otlLib] Correctly choose the most compact GSUB contextual lookup format (#3439).

4.47.2 (released 2024-01-11)

Minor release to fix uploading wheels to PyPI.

4.47.1 (released 2024-01-11)

[merge] Improve help message and add standard command line options (#3408)

[otlLib] Pass ttFont to name.addName in buildStatTable (#3406)

[featureVars] Re-use FeatureVariationRecord's when possible (#3413)

... (truncated)

Commits

10dd8b4 Release 4.50.0
8e52153 Update NEWS.rst [skip ci]
3e949ed recordingPen: add DecomposingRecordingPointPen to all list for star imports
0f06cba Merge pull request #3455 from fonttools/pyup-scheduled-update-2024-02-26
0f9b40d Merge branch 'main' into pyup-scheduled-update-2024-02-26
974fa0c Merge pull request #3459 from fonttools/dependabot/github_actions/pypa/gh-act...
a3b9edd Merge pull request #3460 from fonttools/decompose-filter-pen
f15857c filterPen_test: add tests for decomposing filter pens
d84c74c [filterPen] add decomposing filter pens
cccc358 [recordingPen] Add DecomposingRecordingPointPen, test new decomposing pen opt...
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates black from 23.12.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

552baf8 Prepare release 24.3.0 (#4279)
f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
1abcffc Use regex where we ignore case on windows (#4252)
719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
e5510af update plugin url for Thonny (#4259)
6af7d11 Fix AST safety check false negative (#4270)
f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
e4bfedb fix: Don't move comments while splitting delimiters (#4248)
d0287e1 Make trailing comma logic more concise (#4202)
Additional commits viewable in compare view

Updates aiohttp from 3.9.1 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates fonttools from 4.46.0 to 4.50.0

Release notes

Sourced from fonttools's releases.

4.49.0

[otlLib] Add API for building MATH table (#3446)

4.48.1

Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0

[varLib] Do not log when there are no OTL tables to be merged.

[setup.py] Do not restrict lxml=5.

[feaLib] Remove glyph and class names length restrictions in FEA (#3424).

[roundingPens] Added transformRoundFunc parameter to the rounding pens to allow for custom rounding of the components' transforms (#3426).

[feaLib] Keep declaration order of ligature components within a ligature set, instead of sorting by glyph name (#3429).

[feaLib] Fixed ordering of alternates in aalt lookups, following the declaration order of feature references within the aalt feature block (#3430).

[varLib.instancer] Fixed a bug in the instancer's IUP optimization (#3432).

[sbix] Support sbix glyphs with new graphicType "flip" (#3433).

[svgPathPen] Added --glyphs option to dump the SVG paths for the named glyphs in the font (0572f78).

[designspaceLib] Added "description" attribute to <mappings> and <mapping> elements, and allow multiple <mappings> elements to group <mapping> elements that are logically related (#3435, #3437).

[otlLib] Correctly choose the most compact GSUB contextual lookup format (#3439).

4.47.2

Minor release to fix uploading wheels to PyPI.

4.47.1

[merge] Improve help message and add standard command line options (#3408)

[otlLib] Pass ttFont to name.addName in buildStatTable (#3406)

[featureVars] Re-use FeatureVariationRecords when possible (#3413)

4.47.0

[varLib.models] New API for VariationModel: getMasterScalars and interpolateFromValuesAndScalars.

[varLib.interpolatable] Various bugfixes and rendering improvements. In particular, add a Summary page in the front, and an Index and Table-of-Contents in the back. Change the page size to Letter.

[Docs/designspaceLib] Defined a new public.fontInfo lib key, not used anywhere yet (#3358).

Changelog

Sourced from fonttools's changelog.

4.50.0 (released 2024-03-15)

[pens] Added decomposing filter pens that draw components as regular contours (#3460).

[instancer] Drop explicit no-op axes from TupleVariations (#3457).

[cu2qu/ufo] Return set of modified glyph names from fonts_to_quadratic (#3456).

4.49.0 (released 2024-02-15)

[otlLib] Add API for building MATH table (#3446)

4.48.1 (released 2024-02-06)

Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0 (released 2024-02-06)

[varLib] Do not log when there are no OTL tables to be merged.

[setup.py] Do not restrict lxml=5.

[feaLib] Remove glyph and class names length restrictions in FEA (#3424).

[roundingPens] Added transformRoundFunc parameter to the rounding pens to allow for custom rounding of the components' transforms (#3426).

[feaLib] Keep declaration order of ligature components within a ligature set, instead of sorting by glyph name (#3429).

[feaLib] Fixed ordering of alternates in aalt lookups, following the declaration order of feature references within the aalt feature block (#3430).

[varLib.instancer] Fixed a bug in the instancer's IUP optimization (#3432).

[sbix] Support sbix glyphs with new graphicType "flip" (#3433).

[svgPathPen] Added --glyphs option to dump the SVG paths for the named glyphs in the font (0572f78).

[designspaceLib] Added "description" attribute to <mappings> and <mapping> elements, and allow multiple <mappings> elements to group <mapping> elements that are logically related (#3435, #3437).

[otlLib] Correctly choose the most compact GSUB contextual lookup format (#3439).

4.47.2 (released 2024-01-11)

Minor release to fix uploading wheels to PyPI.

4.47.1 (released 2024-01-11)

[merge] Improve help message and add standard command line options (#3408)

[otlLib] Pass ttFont to name.addName in buildStatTable (#3406)

[featureVars] Re-use FeatureVariationRecord's when possible (#3413)

... (truncated)

Commits

10dd8b4 Release 4.50.0
8e52153 Update NEWS.rst [skip ci]
3e949ed recordingPen: add DecomposingRecordingPointPen to all list for star imports
0f06cba Merge pull request #3455 from fonttools/pyup-scheduled-update-2024-02-26
0f9b40d Merge branch 'main' into pyup-scheduled-update-2024-02-26
974fa0c Merge pull request #3459 from fonttools/dependabot/github_actions/pypa/gh-act...
a3b9edd Merge pull request #3460 from fonttools/decompose-filter-pen
f15857c filterPen_test: add tests for decomposing filter pens
d84c74c [filterPen] add decomposing filter pens
cccc358 [recordingPen] Add DecomposingRecordingPointPen, test new decomposing pen opt...
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates urllib3 from 2.1.0 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)

Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)

Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)

Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

2.2.0

🖥️ urllib3 now works in the browser

🎉 This release adds experimental support for using urllib3 in the browser with Pyodide! 🎉

Thanks to Joe Marshall (@joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising fo...
Description has been truncated

Bumps the pip group with 5 updates in the /autogpts/autogpt directory: | Package | From | To | | --- | --- | --- | | [orjson](https://github.com/ijl/orjson) | `3.9.10` | `3.9.15` | | [black](https://github.com/psf/black) | `23.12.0` | `24.3.0` | | [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.1` | `3.9.2` | | [fonttools](https://github.com/fonttools/fonttools) | `4.46.0` | `4.50.0` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.3` | Bumps the pip group with 5 updates in the /autogpts/forge directory: | Package | From | To | | --- | --- | --- | | [black](https://github.com/psf/black) | `23.12.0` | `24.3.0` | | [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.1` | `3.9.2` | | [fonttools](https://github.com/fonttools/fonttools) | `4.46.0` | `4.50.0` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.3` | | [urllib3](https://github.com/urllib3/urllib3) | `2.1.0` | `2.2.1` | Bumps the pip group with 7 updates in the /benchmark directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/tiangolo/fastapi) | `0.99.1` | `0.109.1` | | [black](https://github.com/psf/black) | `22.3.0` | `24.3.0` | | [aiohttp](https://github.com/aio-libs/aiohttp) | `3.8.5` | `3.9.2` | | [fonttools](https://github.com/fonttools/fonttools) | `4.42.1` | `4.43.0` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.3` | | [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.6` | `0.0.7` | | [urllib3](https://github.com/urllib3/urllib3) | `2.0.5` | `2.0.7` | Updates `orjson` from 3.9.10 to 3.9.15 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.9.10...3.9.15) Updates `black` from 23.12.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@23.12.0...24.3.0) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fonttools` from 4.46.0 to 4.50.0 - [Release notes](https://github.com/fonttools/fonttools/releases) - [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst) - [Commits](fonttools/fonttools@4.46.0...4.50.0) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `black` from 23.12.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@23.12.0...24.3.0) Updates `aiohttp` from 3.9.1 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fonttools` from 4.46.0 to 4.50.0 - [Release notes](https://github.com/fonttools/fonttools/releases) - [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst) - [Commits](fonttools/fonttools@4.46.0...4.50.0) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `urllib3` from 2.1.0 to 2.2.1 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.1.0...2.2.1) Updates `fastapi` from 0.99.1 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.99.1...0.109.1) Updates `black` from 22.3.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@23.12.0...24.3.0) Updates `aiohttp` from 3.8.5 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.2) Updates `fonttools` from 4.42.1 to 4.43.0 - [Release notes](https://github.com/fonttools/fonttools/releases) - [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst) - [Commits](fonttools/fonttools@4.46.0...4.50.0) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `python-multipart` from 0.0.6 to 0.0.7 - [Release notes](https://github.com/andrew-d/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.6...0.0.7) Updates `starlette` from 0.27.0 to 0.35.1 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](Kludex/starlette@0.27.0...0.35.1) Updates `urllib3` from 2.0.5 to 2.0.7 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.1.0...2.2.1) --- updated-dependencies: - dependency-name: orjson dependency-type: direct:production dependency-group: pip-security-group - dependency-name: black dependency-type: direct:development dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fonttools dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: indirect dependency-group: pip-security-group - dependency-name: black dependency-type: direct:development dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip-security-group - dependency-name: fonttools dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: direct:production dependency-group: pip-security-group - dependency-name: black dependency-type: direct:development dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: fonttools dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: indirect dependency-group: pip-security-group - dependency-name: python-multipart dependency-type: direct:production dependency-group: pip-security-group - dependency-name: starlette dependency-type: indirect dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2024-03-20T17:27:18Z

This PR exceeds the recommended size of 500 lines. Please make sure you are NOT addressing multiple issues with one PR.

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 20, 2024

github-actions bot added the size/xl label Mar 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the pip group across 3 directories with 9 updates #15

build(deps): bump the pip group across 3 directories with 9 updates #15

Uh oh!

dependabot bot commented on behalf of github Mar 20, 2024

Uh oh!

github-actions bot commented Mar 20, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

build(deps): bump the pip group across 3 directories with 9 updates #15

Are you sure you want to change the base?

build(deps): bump the pip group across 3 directories with 9 updates #15

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 20, 2024

3.9.15

Fixed

3.9.14

Fixed

Changed

3.9.13

Fixed

Changed

3.9.12

Fixed

Changed

3.9.11

Changed

3.9.15 - 2024-02-23

Fixed

3.9.14 - 2024-02-14

Fixed

Changed

3.9.13 - 2024-02-03

Fixed

Changed

3.9.12 - 2024-01-18

Changed

Fixed

3.9.11 - 2024-01-18

Changed

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

Configuration

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

4.49.0

4.48.1

4.48.0

4.47.2

4.47.1

4.47.0

4.50.0 (released 2024-03-15)

4.49.0 (released 2024-02-15)

4.48.1 (released 2024-02-06)

4.48.0 (released 2024-02-06)

4.47.2 (released 2024-01-11)

4.47.1 (released 2024-01-11)

3.1.3

Version 3.1.3

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

Configuration

24.3.0

Highlights

Stable style

Performance

🚀 urllib3 is fundraising fo...
Description has been truncated