Bump the pip group across 1 directory with 6 updates #1

dependabot · 2024-09-20T09:17:54Z

Bumps the pip group with 6 updates in the / directory:

Package	From	To
streamlit	`1.36.0`	`1.37.0`
aiohttp	`3.9.5`	`3.10.2`
certifi	`2024.6.2`	`2024.7.4`
cryptography	`42.0.8`	`43.0.1`
jupyterlab	`4.2.3`	`4.2.5`
notebook	`7.2.1`	`7.2.2`

Updates streamlit from 1.36.0 to 1.37.0

Release notes

Sourced from streamlit's releases.

1.37.0

What's Changed

New Features 🎉

Stacking options - st.bar_chart by @mayagbarnes in streamlit/streamlit#8945

Support graphviz.sources.Source object for st.graphviz_chart by @sfc-gh-kbregula in streamlit/streamlit#8993

Add support for material icons in markdown by @LukasMasuch in streamlit/streamlit#8889

Fix lag when closing dialog by @raethlein in streamlit/streamlit#9023

Stacking options - st.area_chart by @mayagbarnes in streamlit/streamlit#8992

Add feedback widget by @raethlein in streamlit/streamlit#8915

READ only headers and cookies by @kajarenc in streamlit/streamlit#8976

De-experimentalize st.fragment by @vdonato in streamlit/streamlit#9019

De-experimentalize st.dialog by @raethlein in streamlit/streamlit#9020

Bug Fixes 🐛

Show fragment errors in fragment-path for main app runs by @raethlein in streamlit/streamlit#8868

Fix st.rerun fragment thread reuse issue by @raethlein in streamlit/streamlit#8798

Support non-unix style paths for MPA loading by @kmcgrady in streamlit/streamlit#8988

Set theme hash properly on load if a custom theme is active to start by @kmcgrady in streamlit/streamlit#8989

Don't remove session refs on fragment runs by @vdonato in streamlit/streamlit#9010

Improvements to NumberInput formatting by @sfc-gh-nbellante in streamlit/streamlit#9035

Hide all Particles upon printing by @sfc-gh-nbellante in streamlit/streamlit#9053

Fix: MPA support of custom themes by @mayagbarnes in streamlit/streamlit#8994

st.switch_page clears non-embed query params by @mayagbarnes in streamlit/streamlit#9059

Fix secrets.toml Windows Path Bug by @sfc-gh-nbellante in streamlit/streamlit#9061

Bugfix: Fixes two st.map width bugs by @sfc-gh-nbellante in streamlit/streamlit#9070

Validate the path using Tornado before performing checks by @kmcgrady in streamlit/streamlit#8990

Reset ctx.current_fragment_id to last ID instead of None by @vdonato in streamlit/streamlit#9114

Other Changes

Update emojis used for validation by @LukasMasuch in streamlit/streamlit#8923

Add support for numpy 2.x by @LukasMasuch in streamlit/streamlit#8940

Remove a bunch of deprecated experimental features by @vdonato in streamlit/streamlit#8943

Migrate custom icons from material outlined to rounded by @LukasMasuch in streamlit/streamlit#8998

Remove old config options - part 1 by @mayagbarnes in streamlit/streamlit#9005

Remove old config options - part 2 by @mayagbarnes in streamlit/streamlit#9013

Remove deprecation.showPyplotGlobalUse config option by @LukasMasuch in streamlit/streamlit#9018

Fix broken st.navigation docstring by @mahotd in streamlit/streamlit#9027

Update the feedback widget design by @raethlein in streamlit/streamlit#9094

New Contributors

@Dev-iL made their first contribution in streamlit/streamlit#8947

@quant12345 made their first contribution in streamlit/streamlit#8968

@mahotd made their first contribution in streamlit/streamlit#9027

Full Changelog: streamlit/streamlit@1.36.0...1.37.0

Commits

e2c3c93 Up version to 1.37.0
88389e3 Docstrings for 1.37.0 (#9115)
898fd80 Temp solution to fix invalid material icon error rendering (#9113)
b2c88c6 Reset ctx.current_fragment_id to last ID instead of None (#9114)
3a63985 Validate the path using Tornado before performing checks (#8990)
40303e1 Move the filled star icon for feedback widget from python code to web app (#9...
6296baf Update the feedback widget design (#9094)
b9c3521 Fixes two st.map width bugs (#9070)
a2ae47a Only expose selected objects in components module (#8873)
340f3f7 De-experimentalize st.dialog (#9020)
Additional commits viewable in compare view

Updates aiohttp from 3.9.5 to 3.10.2

Release notes

Sourced from aiohttp's releases.

3.10.2

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: #8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: #8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: #8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.2 (2024-08-08)

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: :issue:8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

... (truncated)

Commits

491106e Release 3.10.2 (#8655)
ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
6a77806 [PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...
1f92213 [PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...
2ef14a6 [PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...
68e8496 [PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...
72f41aa [PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...
bf83dbe [PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...
4815765 [PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...
266608d [PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)
Additional commits viewable in compare view

Updates certifi from 2024.6.2 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
See full diff in compare view

Updates cryptography from 42.0.8 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20
BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.

BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.

Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.

Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.

:func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.

:func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.

Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.

Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.

Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)

Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.

Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.

Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.

Added support for parsing empty DN string in

... (truncated)

Commits

a773387 bump for 43.0.1 (#11533)
0393fef Backport setuptools version ban (#11526)
6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
2dbdfb8 don't assign unused name (#11310)
ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
Additional commits viewable in compare view

Updates jupyterlab from 4.2.3 to 4.2.5

Release notes

Sourced from jupyterlab's releases.

v4.2.5

4.2.5

(Full Changelog)

Bugs fixed

Use locale name instead of display/native name to toggle language #16710 (@maitreya2954)

Prevent replacing code with find and replace in read-only cells #16682 (@itsmevichu)

Do not block shift-click mouse up handler on active cell #16647 (@EdsterG)

Maintenance and upkeep improvements

Bump braces from 3.0.2 to 3.0.3 #16486 (@dependabot[bot])

Documentation improvements

Fix JupyterLab install instructions in the debugger docs #16683 (@jtpio)

Contributors to this release

(GitHub contributors page for this release)

@davidbrochart | @fcollonval | @github-actions | @HaudinFlorence | @JasonWeill | @jtpio | @jupyterlab-probot | @krassowski | @meeseeksmachine | @Mehak261124 | @Rob-P-Smith | @tonyfast | @welcome | @williamstein

v4.2.4

4.2.4

(Full Changelog)

Bugs fixed

Fix the identifier to download licenses in JSON format #16584 (@joaopalmeiro)

Update JupyterLab wordmark color #16567 (@joaopalmeiro)

Add customisation options to prevent inline completer resizing aggressively #16507 (@krassowski)

Fix license table CSS selector to apply the selected row styles #16547 (@joaopalmeiro)

Maintenance and upkeep improvements

Bump ws from 8.12.0 to 8.17.1 #16495 (@dependabot[bot])

Documentation improvements

Fix galata docs on overriding tmpPath #16587 (@krassowski)

Align extension migration docs with the latest extension template #16450 (@jtpio)

... (truncated)

Changelog

Sourced from jupyterlab's changelog.

4.2.5

(Full Changelog)

Bugs fixed

Use locale name instead of display/native name to toggle language #16710 (@maitreya2954)

Prevent replacing code with find and replace in read-only cells #16682 (@itsmevichu)

Do not block shift-click mouse up handler on active cell #16647 (@EdsterG)

Maintenance and upkeep improvements

Bump braces from 3.0.2 to 3.0.3 #16486 (@dependabot[bot])

Documentation improvements

Fix JupyterLab install instructions in the debugger docs #16683 (@jtpio)

Contributors to this release

(GitHub contributors page for this release)

@davidbrochart | @fcollonval | @github-actions | @HaudinFlorence | @JasonWeill | @jtpio | @jupyterlab-probot | @krassowski | @meeseeksmachine | @Mehak261124 | @Rob-P-Smith | @tonyfast | @welcome | @williamstein

4.2.4

(Full Changelog)

Bugs fixed

Fix the identifier to download licenses in JSON format #16584 (@joaopalmeiro)

Update JupyterLab wordmark color #16567 (@joaopalmeiro)

Add customisation options to prevent inline completer resizing aggressively #16507 (@krassowski)

Fix license table CSS selector to apply the selected row styles #16547 (@joaopalmeiro)

Maintenance and upkeep improvements

Bump ws from 8.12.0 to 8.17.1 #16495 (@dependabot[bot])

Documentation improvements

Fix galata docs on overriding tmpPath #16587 (@krassowski)

Align extension migration docs with the latest extension template #16450 (@jtpio)

Contributors to this release

(GitHub contributors page for this release)

... (truncated)

Commits

a046125 [ci skip] Publish 4.2.5
88e24ba Merge commit from fork
58d7535 Backport PR #16710: Use locale name instead of display/native name to toggle ...
524f71d Backport PR #16486: Bump braces from 3.0.2 to 3.0.3 (#16699)
7bf7ec5 Backport PR #16682: Prevent replacing code with find and replace in read-only...
355cbd5 Backport PR #16683: Fix JupyterLab install instructions in the debugger docs ...
1fa4474 Backport PR #16647: Do not block shift-click mouse up handler on active cell ...
c639643 [ci skip] Publish 4.2.4
8f78e27 Backport PR #16450 on branch 4.2.x (Align extension migration docs with the l...
9223530 Backport PR #16507: Add customisation options to prevent inline completer res...
Additional commits viewable in compare view

Updates notebook from 7.2.1 to 7.2.2

Release notes

Sourced from notebook's releases.

v7.2.2

7.2.2

(Full Changelog)

Maintenance and upkeep improvements

Upgrade JupyterLab dependencies to v4.2.5 #7447 (@krassowski)

Contributors to this release

(GitHub contributors page for this release)

@github-actions | @krassowski | @RRosio

Changelog

Sourced from notebook's changelog.

7.2.2

(Full Changelog)

Maintenance and upkeep improvements

Upgrade JupyterLab dependencies to v4.2.5 #7447 (@krassowski)

Contributors to this release

(GitHub contributors page for this release)

@github-actions | @krassowski | @RRosio

Commits

d1d232b Publish 7.2.2
0426a89 Upgrade JupyterLab dependencies to v4.2.5 (#7447)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [streamlit](https://github.com/streamlit/streamlit) | `1.36.0` | `1.37.0` | | [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.5` | `3.10.2` | | [certifi](https://github.com/certifi/python-certifi) | `2024.6.2` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `42.0.8` | `43.0.1` | | [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.2.3` | `4.2.5` | | [notebook](https://github.com/jupyter/notebook) | `7.2.1` | `7.2.2` | Updates `streamlit` from 1.36.0 to 1.37.0 - [Release notes](https://github.com/streamlit/streamlit/releases) - [Commits](streamlit/streamlit@1.36.0...1.37.0) Updates `aiohttp` from 3.9.5 to 3.10.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.5...v3.10.2) Updates `certifi` from 2024.6.2 to 2024.7.4 - [Commits](certifi/python-certifi@2024.06.02...2024.07.04) Updates `cryptography` from 42.0.8 to 43.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@42.0.8...43.0.1) Updates `jupyterlab` from 4.2.3 to 4.2.5 - [Release notes](https://github.com/jupyterlab/jupyterlab/releases) - [Changelog](https://github.com/jupyterlab/jupyterlab/blob/@jupyterlab/[email protected]/CHANGELOG.md) - [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/[email protected]...@jupyterlab/[email protected]) Updates `notebook` from 7.2.1 to 7.2.2 - [Release notes](https://github.com/jupyter/notebook/releases) - [Changelog](https://github.com/jupyter/notebook/blob/@jupyter-notebook/[email protected]/CHANGELOG.md) - [Commits](https://github.com/jupyter/notebook/compare/@jupyter-notebook/[email protected]...@jupyter-notebook/[email protected]) --- updated-dependencies: - dependency-name: streamlit dependency-type: direct:development dependency-group: pip - dependency-name: aiohttp dependency-type: indirect dependency-group: pip - dependency-name: certifi dependency-type: indirect dependency-group: pip - dependency-name: cryptography dependency-type: indirect dependency-group: pip - dependency-name: jupyterlab dependency-type: indirect dependency-group: pip - dependency-name: notebook dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directory with 6 updates #1

Bump the pip group across 1 directory with 6 updates #1

dependabot bot commented on behalf of github Sep 20, 2024

Bump the pip group across 1 directory with 6 updates #1

Are you sure you want to change the base?

Bump the pip group across 1 directory with 6 updates #1

Conversation

dependabot bot commented on behalf of github Sep 20, 2024

1.37.0

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

3.10.2

Bug fixes

3.10.2 (2024-08-08)

Bug fixes

v4.2.5

4.2.5

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

v4.2.4

4.2.4

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

4.2.5

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

4.2.4

Bugs fixed

Maintenance and upkeep improvements

Documentation improvements

Contributors to this release

v7.2.2

7.2.2

Maintenance and upkeep improvements

Contributors to this release

7.2.2

Maintenance and upkeep improvements

Contributors to this release