Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the pip group across 1 directory with 5 updates #74

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 9, 2024

Bumps the pip group with 5 updates in the / directory:

Package From To
certifi 2019.9.11 2024.7.4
lxml 4.4.1 4.9.1
py 1.10.0 1.11.0
zipp 0.6.0 3.19.1
scrapy 1.8.1 2.11.2

Updates certifi from 2019.9.11 to 2024.7.4

Commits

Updates lxml from 4.4.1 to 4.9.1

Changelog

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

  • A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

  • GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

  • Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

  • Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

  • GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

4.8.0 (2022-02-17)

Features added

  • GH#337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

  • The ElementMaker now supports QName values as tags, which always override the default namespace of the factory.

Bugs fixed

  • GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.

... (truncated)

Commits
  • d01872c Prevent parse failure in new test from leaking into later test runs.
  • d65e632 Prepare release of lxml 4.9.1.
  • 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
  • 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
  • 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
  • b9f7074 Remove debug print from test.
  • b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
  • 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
  • 853c9e9 Prepare release of 4.9.0.
  • d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
  • Additional commits viewable in compare view

Updates py from 1.10.0 to 1.11.0

Changelog

Sourced from py's changelog.

1.11.0 (2021-11-04)

  • Support Python 3.11
  • Support NO_COLOR environment variable
  • Update vendored apipkg: 1.5 => 2.0
Commits
  • 447bac5 Update CHANGELOG.rst
  • 6d003d9 Update CHANGELOG.rst
  • 9cf613f Declare support for Python 3.8-3.10
  • d831150 Update python_requires: Python 3.4 was already dropped
  • e68532e Update CHANGELOG for 1.11.0
  • 2f03e5a Merge pull request #258 from blueyed/NO_COLOR
  • e116b2b Merge pull request #275 from pytest-dev/upgrade-vendor-libs
  • f3a1a59 remove build pin again
  • f6cbf28 try to use pipx tox
  • 3fe9ad7 try to use preinstalled tox
  • Additional commits viewable in compare view

Updates zipp from 0.6.0 to 3.19.1

Changelog

Sourced from zipp's changelog.

v3.19.1

Bugfixes

  • Improved handling of malformed zip files. (#119)

v3.19.0

Features

  • Implement is_symlink. (#117)

v3.18.2

No significant changes.

v3.18.1

No significant changes.

v3.18.0

Features

  • Bypass ZipFile.namelist in glob for better performance. (#106)
  • Refactored glob functionality to support a more generalized solution with support for platform-specific path separators. (#108)

Bugfixes

  • Add special accounting for pypy when computing the stack level for text encoding warnings. (#114)

v3.17.0

Features

... (truncated)

Commits

Updates scrapy from 1.8.1 to 2.11.2

Release notes

Sourced from scrapy's releases.

2.11.2

Mostly bug fixes, including security bug fixes.

See the full changelog.

2.11.1

  • Security bug fixes.
  • Support for Twisted >= 23.8.0.
  • Documentation improvements.

See the full changelog.

2.11.0

  • Spiders can now modify settings in their from_crawler methods, e.g. based on spider arguments.
  • Periodic logging of stats.
  • Bug fixes.

See the full changelog.

2.10.1

Marked Twisted >= 23.8.0 as unsupported.

2.10.0

  • Added Python 3.12 support, dropped Python 3.7 support.
  • The new add-ons framework simplifies configuring 3rd-party components that support it.
  • Exceptions to retry can now be configured.
  • Many fixes and improvements for feed exports.

See the full changelog.

2.9.0

  • Per-domain download settings.
  • Compatibility with new cryptography and new parsel.
  • JMESPath selectors from the new parsel.
  • Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

  • Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older
  • Bug fixes

See the full changelog

2.7.0

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.11.2 (2024-05-14)

Security bug fixes


-   Redirects to non-HTTP protocols are no longer followed. Please, see the
    `23j4-mw76-5v7h security advisory`_ for more information. (:issue:`457`)
.. _23j4-mw76-5v7h security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h
  • The Authorization header is now dropped on redirects to a different
    scheme (http:// or https://) or port, even if the domain is the
    same. Please, see the 4qqq-9vqf-3h3f security advisory_ for more
    information.

    .. _4qqq-9vqf-3h3f security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f

  • When using system proxy settings that are different for http:// and
    https://, redirects to a different URL scheme will now also trigger the
    corresponding change in proxy settings for the redirected request. Please,
    see the jm3v-qxmh-hxwv security advisory_ for more information.
    (:issue:767)

    .. _jm3v-qxmh-hxwv security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv

  • :attr:Spider.allowed_domains <scrapy.Spider.allowed_domains> is now
    enforced for all requests, and not only requests from spider callbacks.
    (:issue:1042, :issue:2241, :issue:6358)

  • :func:~scrapy.utils.iterators.xmliter_lxml no longer resolves XML
    entities. (:issue:6265)

  • defusedxml_ is now used to make
    :class:scrapy.http.request.rpc.XmlRpcRequest more secure.
    (:issue:6250, :issue:6251)

    .. _defusedxml: https://github.com/tiran/defusedxml

Bug fixes


-   Restored support for brotlipy_, which had been dropped in Scrapy 2.11.1 in
    favor of brotli_. (:issue:`6261`)
.. _brotli: https://github.com/google/brotli

.. note:: brotlipy is deprecated, both in Scrapy and upstream. Use brotli
    instead if you can.

</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/scrapy/scrapy/commit/e8cb5a03b382b98f2c8945355076390f708b918d&quot;&gt;&lt;code&gt;e8cb5a0&lt;/code&gt;&lt;/a> Bump version: 2.11.1 → 2.11.2</li>
<li><a href="https://github.com/scrapy/scrapy/commit/2c031f4061ae9bf486cc9e2a699355450638e8c2&quot;&gt;&lt;code&gt;2c031f4&lt;/code&gt;&lt;/a> Set the release date of 2.11.2</li>
<li><a href="https://github.com/scrapy/scrapy/commit/3ffa17c0204deb3bdf2c7c60f5a56c9f777698c6&quot;&gt;&lt;code&gt;3ffa17c&lt;/code&gt;&lt;/a> Use posargs for pypy3-pinned</li>
<li><a href="https://github.com/scrapy/scrapy/commit/c6a8f0e4d945622a7e71adf635e272b66eddbbd0&quot;&gt;&lt;code&gt;c6a8f0e&lt;/code&gt;&lt;/a> Update VERSION references</li>
<li><a href="https://github.com/scrapy/scrapy/commit/60d2577284128cd0cf4af54745730da4a9005177&quot;&gt;&lt;code&gt;60d2577&lt;/code&gt;&lt;/a> Merge remote-tracking branch '23j4/2.11.2-release-notes' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6&quot;&gt;&lt;code&gt;36287cb&lt;/code&gt;&lt;/a> Merge branch 'redirect-protocols' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/f138d5d1450ef38ee077c2472c136c70d8d673e8&quot;&gt;&lt;code&gt;f138d5d&lt;/code&gt;&lt;/a> Merge branch 'environ-proxy-protocol' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8&quot;&gt;&lt;code&gt;1d0502f&lt;/code&gt;&lt;/a> Merge branch 'advisory-fix' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/bb948af00babe545a7fb52700f4ba1424d206677&quot;&gt;&lt;code&gt;bb948af&lt;/code&gt;&lt;/a> Release notes for 2.11.2 (<a href="https://redirect.github.com/scrapy/scrapy/issues/6359&quot;&gt;#6359&lt;/a&gt;)&lt;/li>
<li><a href="https://github.com/scrapy/scrapy/commit/5ad9433dd59cd8436ce33bf2c44796516eef4c3c&quot;&gt;&lt;code&gt;5ad9433&lt;/code&gt;&lt;/a> Merge remote-tracking branch 'scrapy/2.11' into 2.11</li>
<li>Additional commits viewable in <a href="https://github.com/scrapy/scrapy/compare/1.8.1...2.11.2&quot;&gt;compare view</a></li>
</ul>
</details>

<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2019.9.11` | `2024.7.4` |
| [lxml](https://github.com/lxml/lxml) | `4.4.1` | `4.9.1` |
| [py](https://github.com/pytest-dev/py) | `1.10.0` | `1.11.0` |
| [zipp](https://github.com/jaraco/zipp) | `0.6.0` | `3.19.1` |
| [scrapy](https://github.com/scrapy/scrapy) | `1.8.1` | `2.11.2` |



Updates `certifi` from 2019.9.11 to 2024.7.4
- [Commits](certifi/python-certifi@2019.09.11...2024.07.04)

Updates `lxml` from 4.4.1 to 4.9.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.4.1...lxml-4.9.1)

Updates `py` from 1.10.0 to 1.11.0
- [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/py@1.10.0...1.11.0)

Updates `zipp` from 0.6.0 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v0.6.0...v3.19.1)

Updates `scrapy` from 1.8.1 to 2.11.2
- [Release notes](https://github.com/scrapy/scrapy/releases)
- [Changelog](https://github.com/scrapy/scrapy/blob/master/docs/news.rst)
- [Commits](scrapy/scrapy@1.8.1...2.11.2)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: lxml
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: py
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: zipp
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scrapy
  dependency-type: direct:development
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants