Bump the pip group across 1 directory with 9 updates

[dependabot]

Bumps the pip group with 9 updates in the / directory:

Package	From	To
future	0.16.0	0.18.3
babel	2.5.1	2.9.1
certifi	2017.7.27.1	2024.7.4
idna	2.6	3.7
jinja2	2.9.6	3.1.6
py	1.4.34	1.11.0
requests	2.18.4	2.32.4
urllib3	1.22	1.26.19
virtualenv	15.1.0	20.26.6

Updates future from 0.16.0 to 0.18.3

Release notes

Sourced from future's releases.

v0.18.3

This is a minor bug-fix release containing a number of fixes:

• Backport fix for bpo-38804 (c91d70b)
• Fix bug in fix_print.py fixer (dffc579)
• Fix bug in fix_raise.py fixer (3401099)
• Fix newint bool in py3 (fe645ba)
• Fix bug in super() with metaclasses (6e27aac)
• docs: fix simple typo, reqest -> request (974eb1f)
• Correct eq (c780bf5)
• Pass if lint fails (2abe00d)
• Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
• fix order (f96a219)
• Add flake8 to image (046ff18)
• Make lint.sh executable (58cc984)
• Add docker push to optimize CI (01e8440)
• Build System (42b3025)
• Add docs build status badge to README.md (3f40bd7)
• Use same docs requirements in tox (18ecc5a)
• Add docs/requirements.txt (5f9893f)
• Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
• fix 2.6 test, better comment (ddedcb9)
• fix 2.6 test (3f1ff7e)
• remove nan test (4dbded1)
• include list test values (e3f1a12)
• fix other python2 test issues (c051026)
• fix missing subTest (f006cad)
• import from old imp library on older python versions (fc84fa8)
• replace fstrings with format for python 3.4,3.5 (4a687ea)
• minor style/spelling fixes (8302d8c)
• improve cmp function, add unittest (0d95a40)
• Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
• Fix various py26 unit test failures (9ca5a14)
• Add initial contributing guide with docs build instruction (e55f915)
• Add docs building to tox.ini (3ee9e7f)
• Support NumPy's specialized int types in builtins.round (b4b54f0)
• Added r""" to the docstring to avoid warnings in python3 (5f94572)
• Add subclasscheck for past.types.basestring (c9bc0ff)
• Correct example in README (681e78c)
• Add simple documentation (6c6e3ae)
• Add pre-commit hooks (a9c6a37)
• Handling of next and next by future.utils.get_next was reversed (52b0ff9)
• Add a test for our fix (461d77e)
• Compare headers to correct definition of str (3eaa8fd)
• #322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
• Add tkFileDialog to future.movers.tkinter (f6a6549)
• Sort before comparing dicts in TestChainMap (6126997)
• Fix typo (4dfa099)
• Fix formatting in "What's new" (1663dfa)
• Fix typo (4236061)

... (truncated)

Changelog

Sourced from future's changelog.

Changes in version 0.18.3 (2023-01-13)

This is a minor bug-fix release containing a number of fixes:

• Backport fix for bpo-38804 (c91d70b)
• Fix bug in fix_print.py fixer (dffc579)
• Fix bug in fix_raise.py fixer (3401099)
• Fix newint bool in py3 (fe645ba)
• Fix bug in super() with metaclasses (6e27aac)
• docs: fix simple typo, reqest -> request (974eb1f)
• Correct eq (c780bf5)
• Pass if lint fails (2abe00d)
• Update docker image and parcel out to constant variable. Add comment to update version constant (45cf382)
• fix order (f96a219)
• Add flake8 to image (046ff18)
• Make lint.sh executable (58cc984)
• Add docker push to optimize CI (01e8440)
• Build System (42b3025)
• Add docs build status badge to README.md (3f40bd7)
• Use same docs requirements in tox (18ecc5a)
• Add docs/requirements.txt (5f9893f)
• Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
• fix 2.6 test, better comment (ddedcb9)
• fix 2.6 test (3f1ff7e)
• remove nan test (4dbded1)
• include list test values (e3f1a12)
• fix other python2 test issues (c051026)
• fix missing subTest (f006cad)
• import from old imp library on older python versions (fc84fa8)
• replace fstrings with format for python 3.4,3.5 (4a687ea)
• minor style/spelling fixes (8302d8c)
• improve cmp function, add unittest (0d95a40)
• Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
• Fix various py26 unit test failures (9ca5a14)
• Add initial contributing guide with docs build instruction (e55f915)
• Add docs building to tox.ini (3ee9e7f)
• Support NumPy's specialized int types in builtins.round (b4b54f0)
• Added r""" to the docstring to avoid warnings in python3 (5f94572)
• Add subclasscheck for past.types.basestring (c9bc0ff)
• Correct example in README (681e78c)
• Add simple documentation (6c6e3ae)
• Add pre-commit hooks (a9c6a37)
• Handling of next and next by future.utils.get_next was reversed (52b0ff9)
• Add a test for our fix (461d77e)
• Compare headers to correct definition of str (3eaa8fd)
• #322 Add support for negative ndigits in round; additionally, fixing a bug so that it handles passing in Decimal properly (a4911b9)
• Add tkFileDialog to future.movers.tkinter (f6a6549)
• Sort before comparing dicts in TestChainMap (6126997)
• Fix typo (4dfa099)
• Fix formatting in "What's new" (1663dfa)

... (truncated)

Commits

• af1db97 Merge pull request #613 from PythonCharmers/lwan/0.18.3-release
• 079ee9b Prepare for 0.18.3 release
• 02f7a81 Merge pull request #610 from wshanks/wshanks-patch-1
• c91d70b Backport fix for bpo-38804
• 80523f3 Merge pull request #569 from jmadler/master
• 5e5af71 Merge pull request #582 from r3m0t/patch-6
• 17e4bbd Merge pull request #596 from abjonnes/fix-print-trailing-comma
• 1b427ba Merge branch 'xZise-official-count' into master
• c8eb497 Merge branch 'official-count' of https://github.com/xZise/python-future into ...
• dffc579 Fix bug in fix_print.py fixer
• Additional commits viewable in compare view

Updates babel from 2.5.1 to 2.9.1

Release notes

Sourced from babel's releases.

Version 2.9.1

Bugfixes

• The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

Version 2.9.0

Upcoming version support changes

• This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

• CLDR: Use CLDR 37 – Aarni Koskela (#734)
• Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (#741)
• Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (#726)

Bugfixes

• Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
• Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
• Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
• Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
• Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
• Tests: fix tests when using Python 3.9 – Felix Schwarz
• Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
• Tests: Support Py.test 6.x – Aarni Koskela
• Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (#724)
• Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation

• Update parse_number comments – Brad Martin (#708)
• Add iter to Catalog documentation – @​CyanNani123

Version 2.8.1

This patch version only differs from 2.8.0 in that it backports in #752.

Version 2.8.0

Improvements

• CLDR: Upgrade to CLDR 36.0 - Aarni Koskela (#679)
• Messages: Don't even open files with the "ignore" extraction method - @​sebleblanc (#678)

Bugfixes

• Numbers: Fix formatting very small decimals when quantization is disabled - Lev Lybin, @​miluChen (#662)
• Messages: Attempt to sort all messages – Mario Frasca (#651, #606)

Docs

... (truncated)

Changelog

Sourced from babel's changelog.

Version 2.9.1

Bugfixes

* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
  allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!
Version 2.9.0
Upcoming version support changes

• This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

* CLDR: Use CLDR 37 – Aarni Koskela (:gh:`734`)
* Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (:gh:`741`)
* Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (:gh:`726`)
Bugfixes

* Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
* Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
* Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
* Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
* Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
* Tests: fix tests when using Python 3.9 – Felix Schwarz
* Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
* Tests: Support Py.test 6.x – Aarni Koskela
* Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (:gh:`724`)
* Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok
Documentation

</code></pre>

<ul>

<li>Update parse_number comments – Brad Martin (:gh:<code>708</code>)</li>

<li>Add <strong>iter</strong> to Catalog documentation – <a href="https://github.com/CyanNani123&quot;&gt;&lt;code&gt;@​CyanNani123&lt;/code&gt;&lt;/a&gt;&lt;/li>

</ul>

<h2>Version 2.8.1</h2>

<p>This is solely a patch release to make running tests on Py.test 6+ possible.</p>

<p>Bugfixes</p>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/python-babel/babel/commit/a99fa2474c808b51ebdabea18db871e389751559&quot;&gt;&lt;code&gt;a99fa24&lt;/code&gt;&lt;/a> Use 2.9.0's setup.py for 2.9.1</li>

<li><a href="https://github.com/python-babel/babel/commit/60b33e083801109277cb068105251e76d0b7c14e&quot;&gt;&lt;code&gt;60b33e0&lt;/code&gt;&lt;/a> Become 2.9.1</li>

<li><a href="https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3&quot;&gt;&lt;code&gt;412015e&lt;/code&gt;&lt;/a> Merge pull request <a href="https://github.com/python-babel/babel/issues/782&quot;&gt;#782&lt;/a> from python-babel/locale-basename</li>

<li><a href="https://github.com/python-babel/babel/commit/5caf717ceca4bd235552362b4fbff88983c75d8c&quot;&gt;&lt;code&gt;5caf717&lt;/code&gt;&lt;/a> Disallow special filenames on Windows</li>

<li><a href="https://github.com/python-babel/babel/commit/3a700b5b8b53606fd98ef8294a56f9510f7290f8&quot;&gt;&lt;code&gt;3a700b5&lt;/code&gt;&lt;/a> Run locale identifiers through <code>os.path.basename()</code></li>

<li><a href="https://github.com/python-babel/babel/commit/5afe2b2f11dcdd6090c00231d342c2e9cd1bdaab&quot;&gt;&lt;code&gt;5afe2b2&lt;/code&gt;&lt;/a> Merge pull request <a href="https://github.com/python-babel/babel/issues/754&quot;&gt;#754&lt;/a> from python-babel/github-ci</li>

<li><a href="https://github.com/python-babel/babel/commit/58de8342f865df88697a4a166191e880e3c84d82&quot;&gt;&lt;code&gt;58de834&lt;/code&gt;&lt;/a> Replace Travis + Appveyor with GitHub Actions (WIP)</li>

<li><a href="https://github.com/python-babel/babel/commit/d1bbc08e845d03d8e1f0dfa0e04983d755f39cb5&quot;&gt;&lt;code&gt;d1bbc08&lt;/code&gt;&lt;/a> import_cldr: use logging; add -q option</li>

<li><a href="https://github.com/python-babel/babel/commit/156b7fb9f377ccf58c71cf01dc69fb10c7b69314&quot;&gt;&lt;code&gt;156b7fb&lt;/code&gt;&lt;/a> Quiesce CLDR download progress bar if requested (or not a TTY)</li>

<li><a href="https://github.com/python-babel/babel/commit/613dc1700f91c3d40b081948c0dd6023d8ece057&quot;&gt;&lt;code&gt;613dc17&lt;/code&gt;&lt;/a> Make the import warnings about unsupported number systems less verbose</li>

<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.5.1...v2.9.1&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates certifi from 2017.7.27.1 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view




Updates idna from 2.6 to 3.7

Release notes
Sourced from idna's releases.

v3.7
What's Changed

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.
Full Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7



Changelog
Sourced from idna's changelog.

3.7 (2024-04-11)
++++++++++++++++

Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
++++++++++++++++

Fix regression to include tests in source distribution.

3.5 (2023-11-24)
++++++++++++++++

Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.
3.4 (2022-09-14)
++++++++++++++++

Update to Unicode 15.0.0
Migrate to pyproject.toml for build information (PEP 621)
Correct another instance where generic exception was raised instead of
IDNAError for malformed input
Source distribution uses zeroized file ownership for improved
reproducibility

Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13)
++++++++++++++++

Update to Unicode 14.0.0
Update to in-line type annotations
Throw IDNAError exception correctly for some malformed input
Advertise support for Python 3.10
Improve testing regime on Github



... (truncated)


Commits

1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view




Updates jinja2 from 2.9.6 to 3.1.6

Release notes
Sourced from jinja2's releases.

3.1.6
This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.6/
Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

3.1.5
This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.5/
Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5
Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence types. #2032
Calling sync render for an async template uses asyncio.run. #1952
Avoid unclosed auto_aiter warnings. #1960
Return an aclose-able AsyncGenerator from Template.generate_async. #1960
Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
Avoid leaving async generators unclosed in blocks, includes and extends. #1960
The runtime uses the correct concat function for the current environment when calling block references. #1701
Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
|int filter handles OverflowError from scientific notation. #1921
Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
Fix copy/pickle support for the internal missing object. #2027
Environment.overlay(enable_async) is applied correctly. #2061
The error message from FileSystemLoader includes the paths that were searched. #1661
PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
Improve annotations for methods returning copies. #1880
urlize does not add mailto: to values like @a@b. #1870
Tests decorated with @pass_context can be used with the |select filter. #1624
Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/
Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3
This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.



... (truncated)


Changelog
Sourced from jinja2's changelog.

Version 3.1.6
Released 2025-03-05

The |attr filter does not bypass the environment's attribute lookup,
allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5
Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as
by passing a stored reference to a filter that calls its argument.
:ghsa:q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid
issues with names that contain f-string syntax.
:issue:1792, :ghsa:gmj6-6f8f-6699
Sandbox does not allow clear and pop on known mutable sequence
types. :issue:2032
Calling sync render for an async template uses asyncio.run.
:pr:1952
Avoid unclosed auto_aiter warnings. :pr:1960
Return an aclose-able AsyncGenerator from
Template.generate_async. :pr:1960
Avoid leaving root_render_func() unclosed in
Template.generate_async. :pr:1960
Avoid leaving async generators unclosed in blocks, includes and extends.
:pr:1960
The runtime uses the correct concat function for the current environment
when calling block references. :issue:1701
Make |unique async-aware, allowing it to be used after another
async-aware filter. :issue:1781
|int filter handles OverflowError from scientific notation.
:issue:1921
Make compiling deterministic for tuple unpacking in a {% set ... %}
call. :issue:2021
Fix dunder protocol (copy/pickle/etc) interaction with Undefined
objects. :issue:2025
Fix copy/pickle support for the internal missing object.
:issue:2027
Environment.overlay(enable_async) is applied correctly. :pr:2061
The error message from FileSystemLoader includes the paths that were
searched. :issue:1661
PackageLoader shows a clearer error message when the package does not
contain the templates directory. :issue:1705
Improve annotations for methods returning copies. :pr:1880
urlize does not add mailto: to values like @a@b. :pr:1870



... (truncated)


Commits

1520688 release version 3.1.6
90457bb Merge commit from fork
065334d attr filter uses env.getattr
033c200 start version 3.1.6
bc68d4e use global contributing guide (#2070)
247de5e use global contributing guide
ab8218c use project advisory link instead of global
b4ffc8f release version 3.1.5 (#2066)
877f6e5 release version 3.1.5
8d58859 remove test pypi
Additional commits viewable in compare view




Updates py from 1.4.34 to 1.11.0

Changelog
Sourced from py's changelog.

1.11.0 (2021-11-04)

Support Python 3.11
Support NO_COLOR environment variable
Update vendored apipkg: 1.5 => 2.0

1.10.0 (2020-12-12)

Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)
Update vendored apipkg: 1.4 => 1.5
Update vendored iniconfig: 1.0.0 => 1.1.1

1.9.0 (2020-06-24)


Add type annotation stubs for the following modules:

py.error
py.iniconfig
py.path (not including SVN paths)
py.io
py.xml

There are no plans to type other modules at this time.
The type annotations are provided in external .pyi files, not inline in the
code, and may therefore contain small errors or omissions. If you use py
in conjunction with a type checker, and encounter any type errors you believe
should be accepted, please report it in an issue.


1.8.2 (2020-06-15)

On Windows, py.path.locals which differ only in case now have the same
Python hash value. Previously, such paths were considered equal but had
different hashes, which is not allowed and breaks the assumptions made by
dicts, sets and other users of hashes.

1.8.1 (2019-12-27)


Handle FileNotFoundError when trying to import pathlib in path.common
on Python 3.4 (#207).


py.path.local.samefile now works correctly in Python 3 on Windows when dealing with symlinks.


1.8.0 (2019-02-21)


... (truncated)


Commits

447bac5 Update CHANGELOG.rst
6d003d9 Update CHANGELOG.rst
9cf613f Declare support for Python 3.8-3.10
d831150 Update python_requires: Python 3.4 was already dropped
e68532e Update CHANGELOG for 1.11.0
2f03e5a Merge pull request #258 from blueyed/NO_COLOR
e116b2b Merge pull request #275 from pytest-dev/upgrade-vendor-libs
f3a1a59 remove build pin again
f6cbf28 try to use pipx tox
3fe9ad7 try to use preinstalled tox
Additional commits viewable in compare view




Updates requests from 2.18.4 to 2.32.4

Release notes
Sourced from requests's releases.

v2.32.4
2.32.4 (2025-06-10)
Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file. (#6965)

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS. (#6926)
Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3
2.32.3 (2024-05-29)
Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)

v2.32.2
2.32.2 (2024-05-21)
Deprecations


To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)


v2.32.1
2.32.1 (2024-05-20)
Bugfixes

Add missing test certs to the sdist distributed on PyPI.

v2.32.0
2.32.0 (2024-05-20)


... (truncated)


Changelog
Sourced from requests's changelog.

2.32.4 (2025-06-10)
Security

CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

Improvements

Numerous documentation improvements

Deprecations

Added support for pypy 3.11 for Linux and macOS.
Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)
Bugfixes

Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (#6716)
Fixed issue where Requests started failing to run on Python versions compiled
without the ssl module. (#6724)

2.32.2 (2024-05-21)
Deprecations


To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed _get_connection to
a new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)


2.32.1 (2024-05-20)
Bugfixes

Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)
Security


... (truncated)


Commits

021dc72 Polish up release tooling for last manual release
821770e Bump version and add release notes for v2.32.4
59f8aa2 Add netrc file search information to authentication documentation (#6876)
5b4b64c Add more tests to prevent regression of CVE 2024 47081
7bc4587 Add new test to check netrc auth leak (#6962)
96ba401 Only use hostname to do netrc lookup instead of netloc
7341690 Merge pull request #6951 from tswast/patch-1
6716d7c remove links
a7e1c74 Update docs/conf.py
c799b81 docs: fix dead links to kenreitz.org
Additional commits viewable in compare view




Updates urllib3 from 1.22 to 1.26.19

Release notes
Sourced from urllib3's releases.

1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes

Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

Full Changelog: https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19
Note that due to an issue with our release automation, no  multiple.intoto.jsonl file is available for this release.
1.26.18

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

1.26.16

Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954)

1.26.15

Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645)
Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899)
Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901)

1.26.14

Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850)
Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module.

1.26.13

Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.
Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
Fixed a deprecation warning when using cryptography v39.0.0.
Removed the <4 in the Requires-Python packaging metadata field.

1.26.12

Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.

1.26.11
If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors.
:warning: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.



... (truncated)


Changelog
Sourced from urllib3's changelog.

1.26.19 (2024-06-17)

Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)

1.26.18 (2023-10-17)

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

1.26.16 (2023-05-23)

Fixed thread-safety issue where accessing a PoolManager with many distinct origins
would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) <https://github.com/urllib3/urllib3/pull/2954>_)

1.26.15 (2023-03-10)

Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) <https://github.com/urllib3/urllib3/issues/2645>__)
Remove "!" character from the unreserved characters in IPv6 Zone ID parsing
([#2899](https://github.com/urllib3/urllib3/issues/2899) <https://github.com/urllib3/urllib3/issues/2899>__)
Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) <https://github.com/urllib3/urllib3/issues/2901>__)

1.26.14 (2023-01-11)

Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) <https://github.com/urllib3/urllib3/issues/2850>__)
Removed deprecated getheaders() calls in contrib module. Fixed the type hint of PoolKey.key_retries by adding bool to the union. ([#2865](https://github.com/urllib3/urllib3/issues/2865) <https://github.com/urllib3/urllib3/issues/2865>__)

1.26.13 (2022-11-23)

Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.
Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
even when the port number after removing the zeroes was valid.
Fixed a deprecation warning when using cryptography v39.0.0.
Removed the <4 in the Requires-Python packaging metadata field.

1.26.12 (2022-08-22)

Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module.
Both will be removed in v2.x. See this GitHub issue <https://github.com/urllib3/urllib3/issues/2680>_



... (truncated)


Commits

d9d85c8 Release 1.26.19
8528b63 [1.26] Fix downstream tests (#3409)
40b6d16 Merge pull request from GHSA-34jh-p97f-mpxf
29cfd02 Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)
b600643 [1.26] Bump RECENT_DATE (#3404)
7e2d389 [1.26] Fix running CPython 2.7 tests in CI (#3137)
9c2c230 Release 1.26.18 (#3159)
b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4
944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport
c9016bf Release 1.26.17
Additional commits viewable in compare view




Updates virtualenv from 15.1.0 to 20.26.6

Release notes
Sourced from virtualenv's releases.

20.26.6

What's Changed

release 20.26.5 by @​gaborbernat in pypa/virtualenv#2766
Fix #2768: Quote template strings in activation scripts by @​y5c4l3 in pypa/virtualenv#2771

New Contributors

@​y5c4l3 made their first contribution in pypa/virtualenv#2771

Full Changelog: https://github.com/pypa/virtualenv/compare/20.26.5...20.26.6
20.26.5

What's Changed

release 20.26.4 by @​gaborbernat in pypa/virtualenv#2761
Use uv over pip by @​gaborbernat in pypa/virtualenv#2765

Full Changelog: https://github.com/pypa/virtualenv/compare/20.26.4...20.26.5
20.26.4

What's Changed

release 20.26.3 by @​gaborbernat in pypa/virtualenv#2742
Fix whitespace around backticks in changelog by @​edmorley in pypa/virtualenv#2751
Test latest Python 3.13 by @​hugovk in pypa/virtualenv#2752
Fix typo in Nushell activation script by @​edmorley in pypa/virtualenv#2754
GitHub Actions: Replace deprecated macos-12 with macos-13 by @​hugovk in pypa/virtualenv#2756
Fix #2728: Activating venv create unwanted console output  by @​ShootGan in pypa/virtualenv#2748
Upgrade bundled wheels by @​gaborbernat in pypa/virtualenv#2760

New Contributors

@​ShootGan made their first contribution in pypa/virtualenv#2748

Full Changelog: https://github.com/pypa/virtualenv/compare/20.26.3...20.26.4
20.26.3

What's Changed

release 20.26.2 by @​gaborbernat in pypa/virtualenv#2724
Bump embeded wheels by @​gaborbernat in pypa/virtualenv#2741

Full Changelog: https://github.com/pypa/virtualenv/compare/20.26.2...20.26.3
20.26.2


... (truncated)


Changelog
Sourced from virtualenv's changelog.

v20.26.6 (2024-09-27)
Bugfixes - 20.26.6
- Properly quote string placeholders in activation script templates to mitigate
  potential command injection - by :user:`y5c4l3`. (:issue:`2768`)
v20.26.5 (2024-09-17)
Bugfixes - 20.26.5


Upgrade embedded wheels: setuptools to 75.1.0 from 74.1.2 - by :user:gaborbernat. (:issue:2765)

v20.26.4 (2024-09-07)
Bugfixes - 20.26.4
- no longer create `()` output in console during activation of a virtualenv by .bat file. (:issue:`2728`)
- Upgrade embedded wheels:

wheel to 0.44.0 from 0.43.0
pip to 24.2 from 24.1
setuptools to 74.1.2 from 70.1.0 (:issue:2760)

v20.26.3 (2024-06-21)
Bugfixes - 20.26.3



Upgrade embedded wheels:

setuptools to 70.1.0 from 69.5.1
pip to 24.1 from 24.0 (:issue:2741)



v20.26.2 (2024-05-13)
Bugfixes - 20.26.2
- ``virtualenv.pyz`` no longer fails when zipapp path contains a symlink - by :user:`HandSonic` and :user:`petamas`. (:issue:`1949`)
- Fix bad return code from activate.sh if hashing is disabled - by :user:'fenkes-ibm'. (:issue:`2717`)
v20.26.1 (2024-04-29)
Bugfixes - 20.26.1



... (truncated)


Commits

ec04726 release 20.26.6
86ddded Fix #2768: Quote template strings in activation scripts (#2771)
6bb3f62 [pre-commit.ci] pre-commit autoupdate (#2769)
220d49c Bump...
Description has been truncated