Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update Mend: high confidence minor and patch dependency updates#48

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates
Open

Update Mend: high confidence minor and patch dependency updates#48
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates

Conversation

@mend-for-github-com
Copy link
Copy Markdown

@mend-for-github-com mend-for-github-com Bot commented May 2, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Jinja2 (changelog) ==3.1.3==3.1.6 age adoption passing confidence
PyGitHub ==2.6.1==2.9.1 age adoption passing confidence
SecretStorage ==3.3.1==3.5.0 age adoption passing confidence
blinker ==1.4==1.9.0 age adoption passing confidence
codespell ==2.2.1==2.4.2 age adoption passing confidence
distro ==1.7.0==1.9.0 age adoption passing confidence
grpcio ==1.47.0==1.80.0 age adoption passing confidence
httplib2 ==0.20.2==0.31.2 age adoption passing confidence
importlib-metadata ==4.6.4==4.13.0 age adoption passing confidence
jeepney ==0.7.1==0.9.0 age adoption passing confidence
launchpadlib (source) ==1.10.16==1.11.0 age adoption passing confidence
more-itertools ==8.10.0==8.14.0 age adoption passing confidence
packaging ==24.1==24.2 age adoption passing confidence
protobuf ==4.25.3==4.25.9 age adoption passing confidence
pyarrow ==18.0.0==18.1.0 age adoption passing confidence
pycurl (changelog) ==7.45.3==7.46.0 age adoption passing confidence
pygithub ==1.43.5==1.59.1 age adoption passing confidence
pylint (changelog) ==3.1.0==3.3.9 age adoption passing confidence
requests (changelog) ==2.32.3==2.34.2 age adoption passing confidence
scipy ==1.12.0==1.17.1 age adoption passing confidence
six ==1.16.0==1.17.0 age adoption passing confidence
tabulate ==0.8.6==0.10.0 age adoption passing confidence
tqdm (changelog) ==4.67.1==4.67.3 age adoption passing confidence
wadllib (source) ==1.3.6==1.3.9 age adoption passing confidence
yamllint ==1.26.3==1.38.0 age adoption passing confidence

Release Notes

pallets/jinja (Jinja2)

v3.1.6

Compare Source

Released 2025-03-05

  • The |attr filter does not bypass the environment's attribute lookup,
    allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

v3.1.5

Compare Source

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as
    by passing a stored reference to a filter that calls its argument.
    :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid
    issues with names that contain f-string syntax.
    :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence
    types. :issue:2032
  • Calling sync render for an async template uses asyncio.run.
    :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from
    Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in
    Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends.
    :pr:1960
  • The runtime uses the correct concat function for the current environment
    when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another
    async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation.
    :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %}
    call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined
    objects. :issue:2025
  • Fix copy/pickle support for the internal missing object.
    :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were
    searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not
    contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the
    target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks
    does not cause the variable to be considered initially undefined.
    :issue:1253

v3.1.4

Compare Source

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, >
    greater-than sign, or = equals sign, in addition to disallowing spaces.
    Regardless of any validation done by Jinja, user input should never be used
    as keys to this filter, or must be separately validated first.
    :ghsa:h75v-3vvj-5mfj
pygithub/pygithub (PyGitHub)

v2.9.1

Compare Source

Bug Fixes

Full Changelog: PyGithub/PyGithub@v2.9.0...v2.9.1

v2.9.0

Compare Source

Notable changes
Lazy PyGithub objects

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObjects optionally lazy (if useful). See PyGithub/PyGithub#3403 for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

# Use lazy mode
g = Github(auth=auth, lazy=True)

# these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue

# these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo

# once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

  • Commit.files
  • Comparison.commits
  • EnterpriseConsumedLicenses.users

This PR makes iterating those paginated properties use the configured per_page setting.

It further allows to specify an individual per_page when either retrieving such objects, or fetching paginated properties.

See Classes with paginated properties for details.

Drop Python 3.8 support due to End-of-Life

Python 3.8 reached its end-of-life September 6, 2024. Support has been removed with this release.

Deprecations
  • Method delete of Reaction is deprecated, use IssueComment.delete_reaction,
    PullRequestComment.delete_reaction, CommitComment.delete_reaction or Issue.delete_reaction instead.
  • Method Issue.assignee and parameter Issue.edit(assignee=…) are deprecated,
    use Issue.assignees and Issue.edit(assignees=…) instead.
  • Method Organization.edit_hook is deprecated, use Organization.get_hook(id).edit(…) instead.
    If you need to avoid Organization.get_hook(id) to fetch the Hook object from Github API,
    use a lazy Github instance:
Github(…, lazy=True).get_organization(…).get_hook(id).edit(…)
  • Methods Team.add_to_members and Team.remove_from_members are deprecated,
    use Team.add_membership or Team.remove_membership instead.
New Features
Improvements
Bug Fixes
Maintenance

New Contributors

Full Changelog: PyGithub/PyGithub@v2.8.0...v2.9.0

v2.8.1

Compare Source

What's Changed

Bug Fixes

Full Changelog: PyGithub/PyGithub@v2.8.0...v2.8.1

v2.8.0

Compare Source

What's Changed

New Features
Improvements
Bug Fixes
Maintenance

New Contributors

Full Changelog: PyGithub/PyGithub@v2.7.0...v2.8.0

v2.7.0

Compare Source

What's Changed

Breaking Changes
  • Method Github.get_rate_limit() now returns RateLimitOverview rather than RateLimit (PyGithub/PyGithub#3205).

Code like

gh.get_rate_limit().core.remaining

should be replaced with

gh.get_rate_limit().resources.core.remaining
  • Method GitTag.verification now returns GitCommitVerification rather than dict[str, Any] (PyGithub/PyGithub#3226).

Code like

tag.verification["reason"]
tag.verification.get("reason")

should be replaced with

tag.verification.reason
New Features
Improvements
Bug Fixes
Dependencies
Maintenance

New Contributors

Full Changelog: PyGithub/PyGithub@v2.6.0...v2.7.0

mitya57/secretstorage (SecretStorage)

v3.5.0

Compare Source

===============================

  • Added timeout argument to the unlock() methods of Collection
    and Item [#33_].
  • Removed int_to_bytes() function in favor of the built-in method.

.. _#33: #​33

v3.4.1

Compare Source

===============================

  • Make sure public key length is exactly 128 bytes [#48_].
    This fixes Client public key size is invalid error from KWallet.

.. _#48: #​48

v3.4.0

Compare Source

===============================

  • Handle D-Bus UnknownObject error when no collection is found [#43_].
    Thanks to Renato Alencar for the pull request!
  • Added __repr__ methods to Collection and Item classes [#47_].
  • Moved project metadata to pyproject.toml.
  • Python ≥ 3.10 and setuptools ≥ 77.0 are now required.
  • Various code modernizations.
    Thanks to Hugo van Kemenade and Tomasz Kłoczko for the pull requests!

.. _#43: #​43
.. _#47: #​47

v3.3.3

Compare Source

===============================

  • Handle case when CreateItem method returns a prompt [#39_].
  • Reformatted code in accordance with :PEP:8 standard.

.. _#39: #​39

v3.3.2

Compare Source

===============================

  • Fixed a deprecation warning with jeepney 0.8.
    Thanks to Sam McKelvie for the pull request!
pallets-eco/blinker (blinker)

v1.9.0

Compare Source

Released 2024-11-08

  • Drop support for Python 3.8. :pr:175
  • Remove previously deprecated __version__, receiver_connected,
    Signal.temporarily_connected_to and WeakNamespace. :pr:172
  • Skip weakref signal cleanup if the interpreter is shutting down.
    :issue:173

v1.8.2

Compare Source

Released 2024-05-06

  • Simplify type for _async_wrapper and _sync_wrapper arguments.
    :pr:156

v1.8.1

Compare Source

Released 2024-04-28

  • Restore identity handling for str and int senders. :pr:148
  • Fix deprecated blinker.base.WeakNamespace import. :pr:149
  • Fix deprecated blinker.base.receiver_connected import. :pr:153
  • Use types from collections.abc instead of typing. :pr:150
  • Fully specify exported types as reported by pyright. :pr:152

v1.8.0

Compare Source

Released 2024-04-27

  • Deprecate the __version__ attribute. Use feature detection, or
    importlib.metadata.version("blinker"), instead. :issue:128
  • Specify that the deprecated temporarily_connected_to will be removed in
    the next version.
  • Show a deprecation warning for the deprecated global receiver_connected
    signal and specify that it will be removed in the next version.
  • Show a deprecation warning for the deprecated WeakNamespace and specify
    that it will be removed in the next version.
  • Greatly simplify how the library uses weakrefs. This is a significant change
    internally but should not affect any public API. :pr:144
  • Expose the namespace used by signal() as default_namespace.
    :pr:145

v1.7.0

Compare Source

Released 2023-11-01

  • Fixed messages printed to standard error about unraisable exceptions during
    signal cleanup, typically during interpreter shutdown. :pr:123
  • Allow the Signal set_class to be customised, to allow calling of
    receivers in registration order. :pr:116.
  • Drop Python 3.7 and support Python 3.12. :pr:126

v1.6.3

Compare Source

Released 2023-09-23

  • Fix SyncWrapperType and AsyncWrapperType :pr:108
  • Fixed issue where connected_to would not disconnect the receiver if an
    instance of BaseException was raised. :pr:114

v1.6.2

Compare Source

Released 2023-04-12

  • Type annotations are not evaluated at runtime. typing-extensions is not a
    runtime dependency. :pr:94

v1.6.1

Compare Source

Released 2023-04-09

  • Ensure that py.typed is present in the distributions (to enable other
    projects to use Blinker's typing).
  • Require typing-extensions > 4.2 to ensure it includes ParamSpec.
    :issue:90

v1.6

Compare Source

Released 2023-09-23

  • Fix SyncWrapperType and AsyncWrapperType :pr:108
  • Fixed issue where connected_to would not disconnect the receiver if an
    instance of BaseException was raised. :pr:114

[v1.5](https://redirect.github.com/palle

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from ff28012 to 2f9ef47 Compare May 9, 2025 10:31
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from 78e4e7d to f1f7ff6 Compare May 14, 2025 15:50
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from 34918b9 to 7548173 Compare June 9, 2025 06:58
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 3 times, most recently from 34062f3 to 81e1bc9 Compare July 14, 2025 07:19
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from 81e1bc9 to ac30391 Compare July 24, 2025 10:26
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from cd8c623 to 6bd3355 Compare August 7, 2025 11:16
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from b3b0ea8 to 61a899d Compare August 15, 2025 11:45
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 4 times, most recently from e8c4cae to a8c6b98 Compare September 1, 2025 07:54
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 2cd53d6 to 06956d1 Compare September 8, 2025 07:47
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 3 times, most recently from 69d768f to 0c94fa4 Compare September 17, 2025 21:31
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from 2c09fd4 to a022480 Compare October 20, 2025 07:50
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 763bc79 to c1738f4 Compare October 27, 2025 19:08
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from c1738f4 to a15cce3 Compare November 8, 2025 21:29
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 83353a4 to 6d600da Compare November 24, 2025 11:04
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 3 times, most recently from 5be507f to ee8ce2e Compare December 8, 2025 00:54
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from d811136 to 5214217 Compare December 17, 2025 13:32
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from cf69ab2 to 20ae5ca Compare December 28, 2025 03:43
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from 20ae5ca to e87e0c5 Compare January 8, 2026 01:33
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from cac0139 to 8f027c8 Compare January 17, 2026 18:28
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from 864afa6 to 831f347 Compare February 4, 2026 06:50
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from 831f347 to a7fadb4 Compare February 9, 2026 08:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants