Deps: Bump the python-packages group with 10 updates

[dependabot]

Bumps the python-packages group with 10 updates:

Package	From	To
uvicorn	0.31.1	0.32.0
coverage	7.6.3	7.6.4
anyio	4.6.2	4.6.2.post1
httptools	0.6.1	0.6.4
mypy	1.11.2	1.12.1
pydantic	1.10.18	2.9.2
ruff	0.6.9	0.7.0
sqlalchemy	2.0.35	2.0.36
starlette	0.39.2	0.40.0
uvloop	0.20.0	0.21.0

Updates uvicorn from 0.31.1 to 0.32.0

Release notes

Sourced from uvicorn's releases.

Version 0.32.0

Added

• Officially support Python 3.13 (#2482)
• Warn when max_request_limit is exceeded (#2430)

---

Full Changelog: encode/uvicorn@0.31.1...0.32.0

Changelog

Sourced from uvicorn's changelog.

0.32.0 (2024-10-15)

Added

• Officially support Python 3.13 (#2482)
• Warn when max_request_limit is exceeded (#2430)

Commits

• fe39100 Version 0.32.0 (#2485)
• 967a2dc Support Python 3.13 (#2482)
• 079f07a feat(server): log warning when max request limit is exceeded (#2430)
• See full diff in compare view

Updates coverage from 7.6.3 to 7.6.4

Changelog

Sourced from coverage's changelog.

Version 7.6.4 — 2024-10-20

• fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880_). This is now fixed.

.. _issue 1880: nedbat/coveragepy#1880

.. _changes_7-6-3:

Commits

• f24f76b docs: sample HTML for 7.6.4
• 96e10f7 docs: prep for 7.6.4
• b8c236a fix: multi-line with-statements exit correctly. #1880
• 64b7a45 docs: another discord reference
• 68d7427 docs: Python Discord
• 43adcea build: include 3.14 in the usual Pythons
• fb2b49f build: github_releases can update older releases, and pauses to get the sorti...
• ca550ca 3.0b2 wasn't correctly titled
• debcc77 build: bump version
• See full diff in compare view

Updates anyio from 4.6.2 to 4.6.2.post1

Commits

• See full diff in compare view

Updates httptools from 0.6.1 to 0.6.4

Release notes

Sourced from httptools's releases.

v0.6.4

Fixes

• Include Cython source files in sdist (by @​mgorny in 2287a95a for #115)

v0.6.3

Fixes

• Fix missing CR is some tests (by @​mgorny in 21a199d3 for #112)

• Bump bundled llhttp to 9.2.1 Fixes CVE-2024-27982 (by @​elprans in 560bd9ea for #113)

v0.6.2

Fixes

• Fix build and run tests on Python 3.13 (#107) (by @​jameshilliard @​tacaswell @​fafanoulele @​fantix in ad9765b3 for #98 #104)

Commits

• e265ae0 httptools 0.6.4
• 2287a95 Include Cython source files in sdist (#115)
• 5e720bf httptools 0.6.3
• 560bd9e Bump bundled llhttp to 9.2.1 (#113)
• 21a199d Fix missing CR is some tests (#112)
• a2ed91d httptools 0.6.2
• ad9765b Fix build and run tests on Python 3.13 (#107)
• See full diff in compare view

Updates mypy from 1.11.2 to 1.12.1

Changelog

Sourced from mypy's changelog.

Mypy 1.12.1

• Fix crash when showing partially analyzed type in error message (Ivan Levkivskyi, PR 17961)
• Fix iteration over union (when self type is involved) (Shantanu, PR 17976)
• Fix type object with type var default in union context (Jukka Lehtosalo, PR 17991)
• Revert change to os.path stubs affecting use of os.PathLike[Any] (Shantanu, PR 17995)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Ali Hamdan
• Anders Kaseorg
• Bénédikt Tran
• Brian Schubert
• bzoracler
• Chelsea Durazo
• Danny Yang
• Edgar Ramírez Mondragón
• Eric Mark Martin
• InSync
• Ivan Levkivskyi
• Jordandev678
• Katrina Connors
• Kirill Podoprigora
• Marc Mueller
• Max Muoto
• Max Murin
• Michael Carlstrom
• Michael I Chen
• Pradyun Gedam
• quinn-sasha
• Raphael Krupinski
• Sebastian Rittau
• Shantanu
• sobolevn
• Soubhik Kumar Mitra
• Stanislav Terliakov
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

... (truncated)

Commits

• 050d12f Bump version to 1.12.1
• 346e370 [1.12 backport] revert os.path change (#17995)
• 71e1f05 Fix type object with type var default in union context (#17991)
• 34d8603 Fix iteration over union (when self type is involved) (#17976)
• 2485bed Use kw-only args for member access booleans (#17975)
• a5e9b0b Fix crash when showing partially analyzed type in error message (#17961)
• 4775da1 Bump version to 1.12.1+dev
• f2a39b1 Update version to 1.12.0
• b4ec37a Add one more 1.12 changelog item (#17936)
• cc1c679 Better handling of generic functions in partial plugin (#17925)
• Additional commits viewable in compare view

Updates pydantic from 1.10.18 to 2.9.2

Release notes

Sourced from pydantic's releases.

v2.9.2 (2024-09-17)

What's Changed

Fixes

• Do not error when trying to evaluate annotations of private attributes by @​Viicos in #10358
• Adding notes on designing sound Callable discriminators by @​sydney-runkle in #10400
• Fix serialization schema generation when using PlainValidator by @​Viicos in #10427
• Fix Union serialization warnings by @​sydney-runkle in pydantic/pydantic-core#1449
• Fix variance issue in _IncEx type alias, only allow True by @​Viicos in #10414
• Fix ZoneInfo validation with various invalid types by @​sydney-runkle in #10408

Full Changelog: pydantic/pydantic@v2.9.1...v2.9.2

v2.9.1 (2024-09-09)

What's Changed

Fixes

• Fix Predicate issue in v2.9.0 by @​sydney-runkle in #10321
• Fixing annotated-types bound to >=0.6.0 by @​sydney-runkle in #10327
• Turn tzdata install requirement into optional timezone dependency by @​jakob-keller in #10331
• Fix IncExc type alias definition by @​Viicos in #10339
• Use correct types namespace when building namedtuple core schemas by @​Viicos in #10337
• Fix evaluation of stringified annotations during namespace inspection by @​Viicos in #10347
• Fix tagged union serialization with alias generators by @​sydney-runkle in pydantic/pydantic-core#1442

Full Changelog: pydantic/pydantic@v2.9.0...v2.9.1

v2.9.0 (2024-09-05)

The code released in v2.9.0 is practically identical to that of v2.9.0b2.

Check out our blog post to learn more about the release highlights!

What's Changed

Packaging

• Bump ruff to v0.5.0 and pyright to v1.1.369 by @​sydney-runkle in #9801
• Bump pydantic-extra-types to v2.9.0 by @​sydney-runkle in #9832
• Support compatibility with pdm v2.18.1 by @​Viicos in #10138
• Bump v1 version stub to v1.10.18 by @​sydney-runkle in #10214
• Bump pydantic-core to v2.23.2 by @​sydney-runkle in #10311

New Features

• Add support for ZoneInfo by @​Youssefares in #9896
• Add Config.val_json_bytes by @​josh-newman in #9770
• Add DSN for Snowflake by @​aditkumar72 in #10128
• Support complex number by @​changhc in #9654
• Add support for annotated_types.Not by @​aditkumar72 in #10210

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.9.2 (2024-09-17)

GitHub release

What's Changed

Fixes

• Do not error when trying to evaluate annotations of private attributes by @​Viicos in #10358
• Adding notes on designing sound Callable discriminators by @​sydney-runkle in #10400
• Fix serialization schema generation when using PlainValidator by @​Viicos in #10427
• Fix Union serialization warnings by @​sydney-runkle in pydantic/pydantic-core#1449
• Fix variance issue in _IncEx type alias, only allow True by @​Viicos in #10414
• Fix ZoneInfo validation with various invalid types by @​sydney-runkle in #10408

v2.9.1 (2024-09-09)

GitHub release

What's Changed

Fixes

• Fix Predicate issue in v2.9.0 by @​sydney-runkle in #10321
• Fixing annotated-types bound to >=0.6.0 by @​sydney-runkle in #10327
• Turn tzdata install requirement into optional timezone dependency by @​jakob-keller in #10331
• Fix IncExc type alias definition by @​Viicos in #10339
• Use correct types namespace when building namedtuple core schemas by @​Viicos in #10337
• Fix evaluation of stringified annotations during namespace inspection by @​Viicos in #10347
• Fix tagged union serialization with alias generators by @​sydney-runkle in pydantic/pydantic-core#1442

v2.9.0 (2024-09-05)

GitHub release

The code released in v2.9.0 is practically identical to that of v2.9.0b2.

What's Changed

Packaging

• Bump ruff to v0.5.0 and pyright to v1.1.369 by @​sydney-runkle in #9801
• Bump pydantic-extra-types to v2.9.0 by @​sydney-runkle in #9832
• Support compatibility with pdm v2.18.1 by @​Viicos in #10138
• Bump v1 version stub to v1.10.18 by @​sydney-runkle in #10214
• Bump pydantic-core to v2.23.2 by @​sydney-runkle in #10311

New Features

• Add support for ZoneInfo by @​Youssefares in #9896
• Add Config.val_json_bytes by @​josh-newman in #9770
• Add DSN for Snowflake by @​aditkumar72 in #10128

... (truncated)

Commits

• 7cedbfb history updates
• 7eab2b8 v bump
• c0a288f Fix ZoneInfo with various invalid types (#10408)
• ea6115d Fix variance issue in _IncEx type alias, only allow True (#10414)
• fbfe25a Fix serialization schema generation when using PlainValidator (#10427)
• 26cff3c Adding notes on designing callable discriminators (#10400)
• 8a0e7ad Do not error when trying to evaluate annotations of private attributes (#10358)
• ecc5275 bump
• 2c61bfd Fix evaluation of stringified annotations during namespace inspection (#10347)
• 3d364cb Use correct types namespace when building namedtuple core schemas (#10337)
• Additional commits viewable in compare view

Updates ruff from 0.6.9 to 0.7.0

Release notes

Sourced from ruff's releases.

0.7.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

Rule changes

• [pylint] Mark PLE1141 fix as unsafe (#13629)
• [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#13639)
• [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#13656)
• [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#13640)
• [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#13704)
• [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files being opened from a wider range of standard-library functions (#12959).

CLI

• Add explanation of fixable in --statistics command (#13774)

Bug fixes

• [pyflakes] Allow ipytest cell magic (F401) (#13745)
• [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#13616)
• [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#13574)
• [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#13727)

Contributors

• @​AlexWaygood

... (truncated)

Changelog

Sourced from ruff's changelog.

0.7.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

Rule changes

• [pylint] Mark PLE1141 fix as unsafe (#13629)
• [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#13639)
• [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#13656)
• [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#13640)
• [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#13704)
• [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files being opened from a wider range of standard-library functions (#12959).

CLI

• Add explanation of fixable in --statistics command (#13774)

Bug fixes

• [pyflakes] Allow ipytest cell magic (F401) (#13745)
• [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#13616)
• [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#13574)
• [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#13727)

Commits

• 5e6de4e Changelog for Ruff v0.7 (#13794)
• 70e5c4a Recode TRY302 to TRY203 (#13502)
• 9218d6b Remove allow-unused-imports setting from the common lint options (#13677)
• 1b79ae9 [ruff-0.7] Stabilise the expansion of open-file-with-context-handler to wor...
• 2b87587 [flake8-pytest-style] Fix defaults when lint.flake8-pytest-style config s...
• d1e15f6 Remove tab-size setting (#12835)
• 89a8215 Remove error messages for removed CLI aliases (#12833)
• 202c6a6 Remove output-format=text setting (#12836)
• 5c3c0c4 [red-knot] Inference for comparison of union types (#13781)
• 6b7a738 Add explanation of fixable in --statistics command (#13774)
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.35 to 2.0.36

Release notes

Sourced from sqlalchemy's releases.

2.0.36

Released: October 15, 2024

orm

• [orm] [usecase] Added new parameter _orm.mapped_column.hash to ORM constructs such as _orm.mapped_column(), _orm.relationship(), etc., which is interpreted for ORM Native Dataclasses in the same way as other dataclass-specific field parameters.

  References: #11923

• [orm] [bug] Fixed bug in ORM bulk update/delete where using RETURNING with bulk update/delete in combination with populate_existing would fail to accommodate the populate_existing option.

  References: #11912

• [orm] [bug] Continuing from #11912, columns marked with mapped_column.onupdate, mapped_column.server_onupdate, or Computed are now refreshed in ORM instances when running an ORM enabled UPDATE with WHERE criteria, even if the statement does not use RETURNING or populate_existing.

  References: #11917

• [orm] [bug] Fixed regression caused by fixes to joined eager loading in #11449 released in 2.0.31, where a particular joinedload case could not be asserted correctly. We now have an example of that case so the assertion has been repaired to allow for it.

  References: #11965

• [orm] [bug] Improved the error message emitted when trying to map as dataclass a class while also manually providing the __table__ attribute. This usage is currently not supported.

  References: #11973

• [orm] [bug] Refined the check which the ORM lazy loader uses to detect "this would be loading by primary key and the primary key is NULL, skip loading" to take into account the current setting for the orm.Mapper.allow_partial_pks parameter. If this parameter is False, then a composite PK value that has partial NULL elements should also be skipped. This can apply to some composite overlapping foreign key configurations.

... (truncated)

Commits

• See full diff in compare view

Updates starlette from 0.39.2 to 0.40.0

Release notes

Sourced from starlette's releases.

Version 0.40.0

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Changelog

Sourced from starlette's changelog.

0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Commits

• 4ded4b7 Version 0.40.0 (#2728)
• fd038f3 Merge commit from fork
• e116840 Bump the python-packages group with 6 updates (#2713)
• See full diff in compare view

Updates uvloop from 0.20.0 to 0.21.0

Release notes

Sourced from uvloop's releases.

v0.21.0

Changes

• Add cleanup_socket param on create_unix_server() (#623) (by @​fantix in d6114d2)

Fixes

• Use cythonized SO_REUSEPORT rather than the unwrapped native one. (#609) (by @​ptribble in 4083a94e for #550)

• UDP errors should result in protocol.error_received (#601) (by @​jensbjorgensen in 3c3bbeff)

• Updates for Cython3 (#587) (by @​alan-brooks in 3fba9fab for #587)

• Test with Python 3.13 (#610) (by @​edgarrmondragon in fb5a139)

v0.21.0beta1

No release notes provided.

Commits

• 2e8feae bump cibuildwheel version
• 40e8a34 uvloop 0.21.0
• 79d5dcd uvloop 0.21.0beta1
• fb5a139 Add cleanup_socket param on create_unix_server() (#623)
• 3fba9fa Updates for Cython3 (#587)
• 3c3bbef udp errors should result in protocol.error_received (#601)
• 4083a94 Use cythonized SO_REUSEPORT rather than the unwrapped native one. (#609)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.