Sourced from werkzeug's releases.

3.1.1

This is the Werkzeug 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.1/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone: https://github.com/pallets/werkzeug/milestone/38?closed=1

• Fix an issue that caused str(Request.headers) to always appear empty. #2985

3.1.0

This is the Werkzeug 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Werkzeug/3.1.0/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/werkzeug/milestone/34?closed=1

• Drop support for Python 3.8. #2966
• Remove previously deprecated code. #2967
• Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. #2964
• OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. #2968
• Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.
  • Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. #2980
  • max_age is None if present without a value, rather than -1. #2980
  • no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. #2980
  • max_stale is True if present without a value, rather than "*". #2980
  • no_transform is a boolean. Previously it was mistakenly always None. #2881
  • min_fresh is None if present without a value, rather than "*". #2881
  • private is True if present without a value, rather than "*". #2980
  • Added the must_understand property. #2881
  • Added the stale_while_revalidate, and stale_if_error properties. #2948
  • Type annotations more accurately reflect the values. #2881
• Support Cookie CHIPS (Partitioned Cookies). #2797
• Add 421 MisdirectedRequest HTTP exception. #2850
• Increase default work factor for PBKDF2 to 1,000,000 iterations. #2969
• Inline annotations for datastructures, removing stub files. #2970
• MultiDict.getlist catches TypeError in addition to ValueError when doing type conversion. #2976
• Implement | and |= operators for MultiDict, Headers, and CallbackDict, and disallow |= on immutable types. #2977

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.6/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6

• Fix how max_form_memory_size is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2
• safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j

3.0.5

This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

... (truncated)

Sourced from werkzeug's changelog.

Version 3.1.1

Released 2024-11-01

• Fix an issue that caused str(Request.headers) to always appear empty. :issue:2985

Version 3.1.0

Released 2024-10-31

• Drop support for Python 3.8. :pr:2966

• Remove previously deprecated code. :pr:2967

• Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. :issue:2964

• OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. :issue:2968

• Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.

  • Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. :issue:2980
  • max_age is None if present without a value, rather than -1. :issue:2980
  • no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. :issue:2980
  • max_stale is True if present without a value, rather than "*". :issue:2980
  • no_transform is a boolean. Previously it was mistakenly always None. :issue:2881
  • min_fresh is None if present without a value, rather than "*". :issue:2881
  • private is True if present without a value, rather than "*". :issue:2980
  • Added the must_understand property. :issue:2881
  • Added the stale_while_revalidate, and stale_if_error properties. :issue:2948
  • Type annotations more accurately reflect the values. :issue:2881

• Support Cookie CHIPS (Partitioned Cookies). :issue:2797

• Add 421 MisdirectedRequest HTTP exception. :issue:2850

• Increase default work factor for PBKDF2 to 1,000,000 iterations. :issue:2969

• Inline annotations for datastructures, removing stub files.

... (truncated)

• 82ad306 release version 3.1.1
• 64d27f7 fix str(request.headers) (#2986)
• afc4ea7 fix str(request.headers)
• d1f60d6 start version 3.1.1
• 0d345ce release version 3.1.0 (#2984)
• df655e6 release version 3.1.0
• 564835a add docstring changelogs
• 1735b75 more cache-control cleanup (#2983)
• b0f361c more cache-control cleanup
• fa38728 more cache-control cleanup (#2981)
• Additional commits viewable in compare view

Sourced from sqlalchemy's releases.

2.0.36

Released: October 15, 2024

orm

• [orm] [usecase] Added new parameter _orm.mapped_column.hash to ORM constructs such as _orm.mapped_column(), _orm.relationship(), etc., which is interpreted for ORM Native Dataclasses in the same way as other dataclass-specific field parameters.

  References: #11923

• [orm] [bug] Fixed bug in ORM bulk update/delete where using RETURNING with bulk update/delete in combination with populate_existing would fail to accommodate the populate_existing option.

  References: #11912

• [orm] [bug] Continuing from #11912, columns marked with mapped_column.onupdate, mapped_column.server_onupdate, or Computed are now refreshed in ORM instances when running an ORM enabled UPDATE with WHERE criteria, even if the statement does not use RETURNING or populate_existing.

  References: #11917

• [orm] [bug] Fixed regression caused by fixes to joined eager loading in #11449 released in 2.0.31, where a particular joinedload case could not be asserted correctly. We now have an example of that case so the assertion has been repaired to allow for it.

  References: #11965

• [orm] [bug] Improved the error message emitted when trying to map as dataclass a class while also manually providing the __table__ attribute. This usage is currently not supported.

  References: #11973

• [orm] [bug] Refined the check which the ORM lazy loader uses to detect "this would be loading by primary key and the primary key is NULL, skip loading" to take into account the current setting for the orm.Mapper.allow_partial_pks parameter. If this parameter is False, then a composite PK value that has partial NULL elements should also be skipped. This can apply to some composite overlapping foreign key configurations.

... (truncated)

• See full diff in compare view

Sourced from cloud-sql-python-connector's releases.

v1.13.0

1.13.0 (2024-10-22)

Features

• add support for Python 3.13 (#1177) (6e6a1c8)
• drop support for Python 3.8 (#1176) (10c9172)
• improve key for connector cache (#1172) (066c14e)

Bug Fixes

• remove ConnectorLoopError from connector.connect (#1170) (a348659)

Sourced from cloud-sql-python-connector's changelog.

1.13.0 (2024-10-22)

Features

• add support for Python 3.13 (#1177) (6e6a1c8)
• drop support for Python 3.8 (#1176) (10c9172)
• improve key for connector cache (#1172) (066c14e)

Bug Fixes

• remove ConnectorLoopError from connector.connect (#1170) (a348659)

• 5dedce7 chore(main): release 1.13.0 (#1171)
• f434dbc chore(deps): Update dependencies for github (#1166)
• 6e6a1c8 feat: add support for Python 3.13 (#1177)
• f5eebdd chore(deps): update python-nonmajor (#1175)
• bc666ab chore: update pypi publication keystore version (#1179)
• 10c9172 feat: drop support for Python 3.8 (#1176)
• 753feb2 chore(deps): update python-nonmajor (#1167)
• 066c14e feat: improve key for connector cache (#1172)
• a348659 fix: remove ConnectorLoopError from connector.connect (#1170)
• See full diff in compare view

Sourced from marshmallow's changelog.

3.23.1 (2024-11-01)

---

Support:

• Document absolute parameter of URL field (:pr:2327).
• Documentation: Remove (outdated) minimum Python 3 minor version in documentation and README (:pr:2323).

3.23.0 (2024-10-17)

---

Features:

• Typing: replace "type" with specific metaclass for Schema and Field.

Other changes:

• Officially support Python 3.13 (:pr:2319).
• Drop support for Python 3.8 (:pr:2318).

• 1b1250d Bump version and update changelog
• 31d67b9 Merge pull request #2328 from marshmallow-code/rm_pytz
• 77229d1 Remove types-pytz from pre-commit config
• 91d5c0c Document "absolute" URL field parameter (#2327)
• 341b927 Update Fern sponsor link
• d686cd8 Bump autodocsumm from 0.2.13 to 0.2.14 (#2326)
• 90637c2 Merge pull request #2323 from marshmallow-code/docs_py38
• 0b4dbe1 Remove min Python 3 minor version in docs and README
• 5e71a04 Bump version and update changelog
• 3cbcc5b Bump sphinx-issues from 4.1.0 to 5.0.0 (#2321)
• Additional commits viewable in compare view

Sourced from flask-oidc's releases.

2.2.2

Added

• Re-add redirect_to_auth_server() for compatibility with v1.x (d0cac91)

2.2.1

Added

• Add compatibility with EL8 (8a8bf4c)
• Add an accessor for the user's email (32f046a)
• Document the OIDC_CLIENT_SECRETS config option (2e9b5b2)

Fixed

• Add a config file for readthedocs (fd55294)
• Minor typo/fixes (fd1f415)
• Improve the documentation (0836711)
• Include the root_path when redirecting to the custom callback route (71747d1)

Sourced from flask-oidc's changelog.

2.2.2 (2024-10-24)

Added

• Re-add redirect_to_auth_server() for compatibility with v1.x (d0cac91)

2.2.1 (2024-10-23)

Added

• Add compatibility with EL8 (8a8bf4c)
• Add an accessor for the user's email (32f046a)
• Document the OIDC_CLIENT_SECRETS config option (2e9b5b2)

Fixed

• Add a config file for readthedocs (fd55294)
• Minor typo/fixes (fd1f415)
• Improve the documentation (0836711)
• Include the root_path when redirecting to the custom callback route (71747d1)

• bbe7e73 Version 2.2.2
• d0cac91 Re-add redirect_to_auth_server() for compatibility with v1.x
• b856a0c Make the flask dependency format compatible with PyPI
• 0c1d44c Version 2.2.1
• 80328e7 Update sigstore/gh-action-sigstore-python action to v3
• 2e9b5b2 Document the OIDC_CLIENT_SECRETS config option
• 71747d1 Include the root_path when redirecting the the custom callback route
• 0836711 Improve the documentation
• 32f046a Add an accessor for the user's email
• fd1f415 Minor typo/fixes
• Additional commits viewable in compare view

Sourced from sentry-sdk[flask]'s releases.

2.17.0

Various fixes & improvements

• Add support for async calls in Anthropic and OpenAI integration (#3497) by @​vetyy
• Allow custom transaction names in ASGI (#3664) by @​sl0thentr0py
• Langchain: Handle case when parent span wasn't traced (#3656) by @​rbasoalto
• Fix Anthropic integration when using tool calls (#3615) by @​kwnath
• More defensive Django Spotlight middleware injection (#3665) by @​BYK
• Remove ensure_integration_enabled_async (#3632) by @​sentrivana
• Test with newer Falcon version (#3644, #3653, #3662) by @​sentrivana
• Fix mypy (#3657) by @​sentrivana
• Fix flaky transport test (#3666) by @​sentrivana
• Remove pin on sphinx (#3650) by @​sentrivana
• Bump actions/checkout from 4.2.0 to 4.2.1 (#3651) by @​dependabot

Sourced from sentry-sdk[flask]'s changelog.

2.17.0

Various fixes & improvements

• Add support for async calls in Anthropic and OpenAI integration (#3497) by @​vetyy
• Allow custom transaction names in ASGI (#3664) by @​sl0thentr0py
• Langchain: Handle case when parent span wasn't traced (#3656) by @​rbasoalto
• Fix Anthropic integration when using tool calls (#3615) by @​kwnath
• More defensive Django Spotlight middleware injection (#3665) by @​BYK
• Remove ensure_integration_enabled_async (#3632) by @​sentrivana
• Test with newer Falcon version (#3644, #3653, #3662) by @​sentrivana
• Fix mypy (#3657) by @​sentrivana
• Fix flaky transport test (#3666) by @​sentrivana
• Remove pin on sphinx (#3650) by @​sentrivana
• Bump actions/checkout from 4.2.0 to 4.2.1 (#3651) by @​dependabot

• e44c9ee Update CHANGELOG.md
• ee30db3 release: 2.17.0
• 365d9cf Fix flaky transport test (#3666)
• 9ae5820 Add support for async calls in Anthropic and OpenAI integration (#3497)
• 891afee fix(spotlight): More defensive Django spotlight middleware injection (#3665)
• f493057 Allow custom transaction names in asgi (#3664)
• e463034 tests: Falcon RC1 (#3662)
• deca5f2 build(deps): Remove pin on sphinx (#3650)
• 302457d build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3651)
• 846b8b2 fix(langchain): handle case when parent span wasn't traced (#3656)
• Additional commits viewable in compare view

Sourced from tox's releases.

4.23.2

What's Changed

• Support external tox.pytest usage via "test" extra by @​mbra in tox-dev/tox#3422

New Contributors

• @​mbra made their first contribution in tox-dev/tox#3422

Full Changelog: tox-dev/tox@4.23.1...4.23.2

4.23.1

What's Changed

• Docs: adjusting EOL Python version testing remarks by @​robsdedude in tox-dev/tox#3417
• Fix example docs by @​gaborbernat in tox-dev/tox#3421

New Contributors

• @​robsdedude made their first contribution in tox-dev/tox#3417

Full Changelog: tox-dev/tox@4.23.0...4.23.1

4.23.0

What's Changed

• replace tool.pyproject and tool.tox.pyproject with tool.tox in config… by @​graingert-coef in tox-dev/tox#3411
• Add NETRC to the default_pass_env list by @​chipot in tox-dev/tox#3410

New Contributors

• @​graingert-coef made their first contribution in tox-dev/tox#3411
• @​chipot made their first contribution in tox-dev/tox#3410

Full Changelog: tox-dev/tox@4.22.0...4.23.0

4.22.0

What's Changed

• Fix the fix environment definition by @​gaborbernat in tox-dev/tox#3407
• Expose type checking dependencies into an extra by @​ssbarnea in tox-dev/tox#3404
• Add dependency-groups support (PEP-735) by @​gaborbernat in tox-dev/tox#3409

Full Changelog: tox-dev/tox@4.21.2...4.22.0

Sourced from tox's changelog.

v4.23.2 (2024-10-22)

Misc - 4.23.2

- :issue:`3415`
v4.23.1 (2024-10-21)
Improved Documentation - 4.23.1

• Fix bad example in documentation for dependency groups - by :user:gaborbernat. (:issue:3240)

v4.23.0 (2024-10-16)

Features - 4.23.0

- Add ``NETRC`` to the list of environment variables always passed through. (:issue:`3410`)
Improved Documentation - 4.23.0

• replace [tool.pyproject] and [tool.tox.pyproject] with [tool.tox] in config.rst (:issue:3411)

v4.22.0 (2024-10-15)

Features - 4.22.0

- Implement dependency group support as defined in :pep:`735` - see :ref:`dependency_groups` - by :user:`gaborbernat`. (:issue:`3408`)

• 0447036 release 4.23.2
• f0799ac Support external tox.pytest usage via "test" extra (#3422)
• ec88713 Fix docs link check
• 962bc59 release 4.23.1
• 5916cc9 Fix example docs (#3421)
• e9cb93a [pre-commit.ci] pre-commit autoupdate (#3418)
• 88c1b99 Docs: adjusting EOL Python version testing remarks (#3417)
• 7696a8e release 4.23.0
• c01a023 Add NETRC to the default_pass_env list (#3410)
• 971e7da replace tool.pyproject and tool.tox.pyproject with tool.tox in config… (#3411)
• Additional commits viewable in compare view

Sourced from ruff's releases.

0.7.2

Release Notes

Preview features

• Fix formatting of single with-item with trailing comment (#14005)
• [pyupgrade] Add PEP 646 Unpack conversion to * with fix (UP044) (#13988)

Rule changes

• Regenerate known_stdlibs.rs with stdlibs 2024.10.25 (#13963)
• [flake8-no-pep420] Skip namespace package enforcement for PEP 723 scripts (INP001) (#13974)

Server

• Fix server panic when undoing an edit (#14010)

Bug fixes

• Fix issues in discovering ruff in pip build environments (#13881)
• [flake8-type-checking] Fix false positive for singledispatchmethod (TCH003) (#13941)
• [flake8-type-checking] Treat return type of singledispatch as runtime-required (TCH003) (#13957)

Documentation

• [flake8-simplify] Include caveats of enabling if-else-block-instead-of-if-exp (SIM108) (#14019)

Install ruff 0.7.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.7.2/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/ruff/releases/download/0.7.2/ruff-installer.ps1 | iex"

Download ruff 0.7.2

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum

... (truncated)

Sourced from ruff's changelog.

0.7.2

Preview features

• Fix formatting of single with-item with trailing comment (#14005)
• [pyupgrade] Add PEP 646 Unpack conversion to * with fix (UP044) (#13988)

Rule changes

• Regenerate known_stdlibs.rs with stdlibs 2024.10.25 (#13963)
• [flake8-no-pep420] Skip namespace package enforcement for PEP 723 scripts (INP001) (#13974)

Server

• Fix server panic when undoing an edit (#14010)

Bug fixes

• Fix issues in discovering ruff in pip build environments (#13881)
• [flake8-type-checking] Fix false positive for singledispatchmethod (TCH003) (#13941)
• [flake8-type-checking] Treat return type of singledispatch as runtime-required (TCH003) (#13957)

Documentation

• [flake8-simplify] Include caveats of enabling if-else-block-instead-of-if-exp (SIM108) (#14019)

0.7.1

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

... (truncated)

• 11c3b52 generate using cargo-dist
• a388e49 Temporary comment out certain release steps
• 099f077 [docs] Add rule short code to mkdocs tags (#14040)
• 8574751 Give non-existent files a durability of at least Medium (#14034)
• ddae741 Switch to uv publish (#14042)
• 5053d2c Doc: markdown link fix (#14041)
• ef72fd7 Bump version to 0.7.2 (#14039)
• 658a51e Fix typo for static method decorator (#14038)
• 7c2da4f Sync vendored typeshed stubs (#14030)
• 48fa839 Use named function in incremental red knot benchmark (#14033)
• Additional commits viewable in compare view

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Change to enum membership semantics

As per the updated typing specification for enums, enum members must be left unannotated.

class Pet(Enum):
    CAT = 1  # Member attribute
    DOG = 2  # Member attribute
    WOLF: int = 3  # New error: Enum members must be left unannotated
species: str  # Considered a non-member attribute

In particular, the specification change can result in issues in type stubs (.pyi files), since historically it was common to leave the value absent:

# In a type stub (.pyi file)
class Pet(Enum):
# Change in semantics: previously considered members, now non-member attributes
CAT: int
DOG: int
# Mypy will now issue a warning if it detects this situation in type stubs:
# > Detected enum "Pet" in a type stub with zero members.
# > There is a chance this is due to a recent change in the semantics of enum membership.
# > If so, use `member = value` to mark an enum member, instead of `member: type`

class Pet(Enum):
# As per the specification, you should now do one of the following:
DOG = 1  # Member attribute with value 1 and known type
WOLF = cast(int, ...)  # Member attribute with unknown value but known type
LION = ...  # Member attribute with unknown value and unknown type

Contributed by Terence Honles in PR 17207 and Shantanu Jain in PR 18068.

Mypy 1.13

We’ve just uploaded mypy 1.13 to the Python Package Index (PyPI). Mypy is a static type checker for Python. You can install it as follows:

python3 -m pip install -U mypy

... (truncated)

• eb31034 Bump version to 1.13.0
• 2eeb588 Update changelog for 1.12.1 (#17999)
• bc0386b Changelog for 1.13 (#18000)
• 5c4d2db Add faster-cache extra, test in CI (#17978)
• 854ad18 Make is_sub_path faster (#17962)
• 50aa4ca Speed up stubs suggestions (#17965)
• 7c27808 Use orjson instead of json, when available (#17955)
• 2cd2406 Use fast path in modulefinder more often (#17950)
• e20aaee Let mypyc optimise os.path.join (#17949)
• 159974c Use sha1 for hashing (#17953)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions