Upgrade: Bump the dependencies group with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates:

Package	From	To
aiohttp	3.8.5	3.9.1
async-timeout	4.0.2	4.0.3
attrs	23.1.0	23.2.0
certifi	2023.7.22	2023.11.17
chardet	5.1.0	5.2.0
click	8.1.6	8.1.7
idna	3.4	3.6
tuspy	1.0.1	1.0.3
urllib3	2.0.4	2.1.0
yarl	1.9.2	1.9.4

Updates aiohttp from 3.8.5 to 3.9.1

Release notes

Sourced from aiohttp's releases.

3.9.1

Bugfixes

• Fixed importing aiohttp under PyPy on Windows.

  (#7848)

• Fixed async concurrency safety in websocket compressor.

  (#7865)

• Fixed ClientResponse.close() releasing the connection instead of closing.

  (#7869)

• Fixed a regression where connection may get closed during upgrade. -- by :user:Dreamsorcerer

  (#7879)

• Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:Dreamsorcerer

  (#7895)

---

3.9.0

Features

• Introduced AppKey for static typing support of Application storage. See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

  (#5864)

• Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. The period can be adjusted with the shutdown_timeout parameter. -- by :user:Dreamsorcerer. See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

  (#7188)

• Added handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>_ parameter to cancel web handler on client disconnection. -- by :user:mosquito This (optionally) reintroduces a feature removed in a previous release. Recommended for those looking for an extra level of protection against denial-of-service attacks.

  (#7056)

• Added support for setting response header parameters max_line_size and max_field_size.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.1 (2023-11-26)

Bugfixes

• Fixed importing aiohttp under PyPy on Windows.

  [#7848](https://github.com/aio-libs/aiohttp/issues/7848) <https://github.com/aio-libs/aiohttp/issues/7848>_

• Fixed async concurrency safety in websocket compressor.

  [#7865](https://github.com/aio-libs/aiohttp/issues/7865) <https://github.com/aio-libs/aiohttp/issues/7865>_

• Fixed ClientResponse.close() releasing the connection instead of closing.

  [#7869](https://github.com/aio-libs/aiohttp/issues/7869) <https://github.com/aio-libs/aiohttp/issues/7869>_

• Fixed a regression where connection may get closed during upgrade. -- by :user:Dreamsorcerer

  [#7879](https://github.com/aio-libs/aiohttp/issues/7879) <https://github.com/aio-libs/aiohttp/issues/7879>_

• Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:Dreamsorcerer

  [#7895](https://github.com/aio-libs/aiohttp/issues/7895) <https://github.com/aio-libs/aiohttp/issues/7895>_

---

3.9.0 (2023-11-18)

Features

• Introduced AppKey for static typing support of Application storage. See https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

  [#5864](https://github.com/aio-libs/aiohttp/issues/5864) <https://github.com/aio-libs/aiohttp/issues/5864>_

• Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. The period can be adjusted with the shutdown_timeout parameter. -- by :user:Dreamsorcerer. See https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

  [#7188](https://github.com/aio-libs/aiohttp/issues/7188) <https://github.com/aio-libs/aiohttp/issues/7188>_

• Added handler_cancellation <https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>_ parameter to cancel web handler on client disconnection. -- by :user:mosquito This (optionally) reintroduces a feature removed in a previous release.

... (truncated)

Commits

• 6333c02 Release v3.9.1 (#7911)
• 9dbd273 [PR #7673/aa7d1a8f backport][3.9] Document release process (#7909)
• dd175b6 Fix regression with connection upgrade (#7879) (#7908)
• 946523d Fix flaky websocket test (#7902) (#7904)
• ddc2a26 [PR #7896/9a7cfe77 backport][3.9] Fix some flaky tests (#7900)
• 2ae4d6f Message is not upgraded if Upgrade header is missing (#7895) (#7898)
• bb11101 Restore async concurrency safety to websocket compressor (#7865) (#7889)
• 6dd0122 Update dependabot.yml (#7888)
• 41a9f1f Bump mypy from 1.7.0 to 1.7.1 (#7882)
• a049701 Fix usage of proxy.py in test_proxy_functional (#7773) (#7876)
• Additional commits viewable in compare view

Updates async-timeout from 4.0.2 to 4.0.3

Release notes

Sourced from async-timeout's releases.

4.0.3

• Fixed compatibility with asyncio.timeout() on Python 3.11+.
• Added support for Python 3.11.
• Dropped support for Python 3.6.

Changelog

Sourced from async-timeout's changelog.

4.0.3 (2023-08-10)

• Fixed compatibility with asyncio.timeout() on Python 3.11+.
• Added support for Python 3.11.
• Dropped support for Python 3.6.

Commits

• a489744 Release 4.0.3 (#364)
• 5e3a4f0 Bump docutils from 0.19 to 0.20.1 (#369)
• 6a5964b Bump pytest-cov from 4.0.0 to 4.1.0 (#365)
• fcbeb65 Bump mypy from 1.2.0 to 1.4.1 (#368)
• 5eeffae Bump pytest from 7.3.1 to 7.4.0 (#366)
• 8ec8cc0 Bump pytest-asyncio from 0.21.0 to 0.21.1 (#367)
• 7290654 Bump pytest-asyncio from 0.20.3 to 0.21.0 (#354)
• 9f07afa Mention import at least once in the readme (#361)
• e1c8827 Bump pytest from 7.2.1 to 7.3.1 (#360)
• 211a9bf Bump mypy from 0.991 to 1.2.0 (#358)
• Additional commits viewable in compare view

Updates attrs from 23.1.0 to 23.2.0

Commits

• See full diff in compare view

Updates certifi from 2023.7.22 to 2023.11.17

Commits

• 515962b Merge pull request #252 from certifi/create-pull-request/patch
• 28b2a0d 2023.11.17
• 7ccda9f Bump actions/checkout from 4.1.0 to 4.1.1 (#251)
• 5e4bb9e Bump actions/setup-python from 4.7.0 to 4.7.1 (#248)
• 610354f Bump actions/checkout from 4.0.0 to 4.1.0 (#247)
• 2d98c76 Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#246)
• 7f0e639 ci: add minimal permissions to workflows bump.yml and release.yml (#245)
• 600713d Bump actions/checkout from 3.6.0 to 4.0.0 (#244)
• 0435b2a Bump actions/checkout from 3.5.3 to 3.6.0 (#242)
• 25ea83a Fix bash
• Additional commits viewable in compare view

Updates chardet from 5.1.0 to 5.2.0

Release notes

Sourced from chardet's releases.

chardet 5.2.0

Adds support for running chardet CLI via python -m chardet (0e9b7bc20366163efcc221281201baff4100fe19, @​dan-blanchard)

Commits

• 78250d9 Bump version to 5.2.0
• 0e9b7bc Add main module to support python -m chardet
• 0649ffe Bump version to 5.2.0dev0
• See full diff in compare view

Updates click from 8.1.6 to 8.1.7

Release notes

Sourced from click's releases.

8.1.7

This is a fix release for the 8.1.x feature branch.

• Changes: https://click.palletsprojects.com/en/8.1.x/changes/#version-8-1-7
• Milestone: https://github.com/pallets/click/milestone/22?closed=1

Changelog

Sourced from click's changelog.

Version 8.1.7

Released 2023-08-17

• Fix issue with regex flags in shell completion. :issue:2581
• Bash version detection issues a warning instead of an error. :issue:2574
• Fix issue with completion script for Fish shell. :issue:2567

Commits

• 874ca2b release version 8.1.7
• 6e1f6d3 completion(fish): add back ; as line endings in fish script (#2570)
• a955c77 update fish enabling script
• 3c1529e add back semicolons in fish script
• a260ca6 Replace bash shell completion version error with warning (#2576)
• d9db70c bash version support shows warning instead of error
• 22b9b1c Fix incorrect passing of flags to re.sub (#2581)
• d69d210 fix flake8 finding
• af2da1e Fix incorrect passing of flags to re.sub
• bb6a872 start version 8.1.7
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.6

Changelog

Sourced from idna's changelog.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 4ae74cf Release v3.6
• 21888f3 Merge pull request #164 from mgorny/sdist-test
• c5ba76a Include tests in sdist
• 2eb16d3 Merge pull request #162 from kjd/release-3.5
• 89cd061 Release v3.5
• 9fc29cd Merge pull request #161 from kjd/master
• acb8c4a Merge pull request #160 from cclauss/patch-1
• adca101 README.rst: Fix typos
• 33a8f7b Merge pull request #159 from diogoteles08/add-scorecard
• 354a412 Add Scorecard GitHub Action
• Additional commits viewable in compare view

Updates tuspy from 1.0.1 to 1.0.3

Release notes

Sourced from tuspy's releases.

v1.0.3

What's Changed

• Add explicit test fixtures to fix tests on Windows by @​nhairs in tus/tus-py-client#91
• Remove unneeded six dependency (was used for Python 2) by @​a-detiste in tus/tus-py-client#90
• Fix calls to upload_chunk by @​Acconut in tus/tus-py-client#92

New Contributors

• @​Acconut made their first contribution in tus/tus-py-client#92
• @​a-detiste made their first contribution in tus/tus-py-client#90
• @​nhairs made their first contribution in tus/tus-py-client#91

Full Changelog: tus/tus-py-client@v1.0.2...v1.0.3

v1.0.2

What's Changed

• Remove unnecessary future install requirement by @​nsoranzo in tus/tus-py-client#81
• Expose typing information (PEP 561) by @​nhairs in tus/tus-py-client#88

New Contributors

• @​nsoranzo made their first contribution in tus/tus-py-client#81
• @​nhairs made their first contribution in tus/tus-py-client#88

Full Changelog: tus/tus-py-client@v1.0.1...v1.0.2

Changelog

Sourced from tuspy's changelog.

1.0.3 / 2023-12-13

• Add explicit test fixtures to fix tests on Windows by @​nhairs in tus/tus-py-client#91
• Remove unneeded six dependency (was used for Python 2) by @​a-detiste in tus/tus-py-client#90
• Fix calls to upload_chunk by @​Acconut in tus/tus-py-client#92

1.0.2 / 2023-11-30

• Remove unnecessary future install requirement #81
• Expose typing information (PEP 561) #87

Commits

• 7b54f7a v1.0.3
• 43b9b57 Fix calls to upload_chunk (#92)
• fd8db8f Apply uniform formatting via black
• a56587a Add Python 3.12 to CI
• 751eff0 Remove unneeded six dependency (was used for Python 2) (#90)
• 6d42811 Add explicit test fixtures to fix tests on Windows (#91)
• 2aaab2c Update changelog
• 5a1bae2 Expose typing information (PEP 561) (#88)
• 2256c7c Remore unnecessary future install requirement (#81)
• 0652b0f docs: Instructions for development
• See full diff in compare view

Updates urllib3 from 2.0.4 to 2.1.0

Release notes

Sourced from urllib3's releases.

2.1.0

Read the v2 migration guide for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. (#2680)
• Removed support for the deprecated SecureTransport TLS implementation. (#2681)
• Removed support for the end-of-life Python 3.7. (#3143)

Bugfixes

• Allowed loading CA certificates from memory for proxies. (#3065)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. (#3174)

2.0.7

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

Changelog

Sourced from urllib3's changelog.

2.1.0 (2023-11-13)

Read the v2 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removals

• Removed support for the deprecated urllib3[secure] extra. ([#2680](https://github.com/urllib3/urllib3/issues/2680) <https://github.com/urllib3/urllib3/issues/2680>__)
• Removed support for the deprecated SecureTransport TLS implementation. ([#2681](https://github.com/urllib3/urllib3/issues/2681) <https://github.com/urllib3/urllib3/issues/2681>__)
• Removed support for the end-of-life Python 3.7. ([#3143](https://github.com/urllib3/urllib3/issues/3143) <https://github.com/urllib3/urllib3/issues/3143>__)

Bugfixes

• Allowed loading CA certificates from memory for proxies. ([#3065](https://github.com/urllib3/urllib3/issues/3065) <https://github.com/urllib3/urllib3/issues/3065>__)
• Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. ([#3174](https://github.com/urllib3/urllib3/issues/3174) <https://github.com/urllib3/urllib3/issues/3174>__)

2.0.7 (2023-10-17)

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)

Commits

• 69be299 Release 2.1.0
• 77f71d3 Mention myself in README
• e601a0e Check _has_route within the test function (#3187)
• f7cd7f3 Stop naming urllib3/requests tests "integration" (#3182)
• 6fc4260 Use more precise type checks
• 5fa8ea6 Fix lint on Python 3.12
• 8727683 Remove Sphinx version pin
• 5fc48e7 Treat x-gzip content encoding as gzip
• ff764a0 Allow loading CA certificates from memory for proxies (#3150)
• b99cc39 Replace deprecated set-output in GitHub Actions
• Additional commits viewable in compare view

Updates yarl from 1.9.2 to 1.9.4

Release notes

Sourced from yarl's releases.

1.9.4

Bug fixes

• Started raising :py:exc:TypeError when a string value is passed into :py:meth:~yarl.URL.build as the port argument -- by :user:commonism.

  Previously the empty string as port would create malformed URLs when rendered as string representations. (#883)

Packaging updates and notes for downstreams

• The leading -- has been dropped from the :pep:517 in-tree build backend config setting names. --pure-python is now just pure-python -- by :user:webknjaz.

  The usage now looks as follows:

  .. code-block:: console

  $ python -m build \
      --config-setting=pure-python=true \
      --config-setting=with-cython-tracing=true
  

  (#963)

Contributor-facing changes

• A step-by-step :doc:Release Guide <contributing/release_guide> guide has been added, describing how to release yarl -- by :user:webknjaz.

  This is primarily targeting maintainers. (#960)

• Coverage collection has been implemented for the Cython modules -- by :user:webknjaz.

  It will also be reported to Codecov from any non-release CI jobs.

  To measure coverage in a development environment, yarl can be installed in editable mode, which requires an environment variable YARL_CYTHON_TRACING=1 to be set:

  .. code-block:: console

  $ YARL_CYTHON_TRACING=1 python -Im pip install -e .
  

  Editable install produces C-files required for the Cython coverage plugin to map the measurements back to the PYX-files. (#961)

... (truncated)

Changelog

Sourced from yarl's changelog.

1.9.4 (2023-12-06)

Bug fixes

• Started raising :py:exc:TypeError when a string value is passed into :py:meth:~yarl.URL.build as the port argument -- by :user:commonism.

  Previously the empty string as port would create malformed URLs when rendered as string representations. (:issue:883)

Packaging updates and notes for downstreams

• The leading -- has been dropped from the :pep:517 in-tree build backend config setting names. --pure-python is now just pure-python -- by :user:webknjaz.

  The usage now looks as follows:

  .. code-block:: console

  $ python -m build \
      --config-setting=pure-python=true \
      --config-setting=with-cython-tracing=true
  

  (:issue:963)

Contributor-facing changes

• A step-by-step :doc:Release Guide <contributing/release_guide> guide has been added, describing how to release yarl -- by :user:webknjaz.

  This is primarily targeting maintainers. (:issue:960)

• Coverage collection has been implemented for the Cython modules -- by :user:webknjaz.

  It will also be reported to Codecov from any non-release CI jobs.

  To measure coverage in a development environment, yarl can be installed in editable mode:

  .. code-block:: console

  $ python -Im pip install -e .
  

  Editable install produces C-files required for the Cython coverage

... (truncated)

Commits

• 6362ff1 ⇪📦 Release yarl v1.9.4
• 241e5df 📝 Add a dedicated Towncrier template
• f384fef 🎨 Sort coverage report config settings
• 04399eb Exterminate offensive references from the project
• 6e61b44 🎨Move tomllib access to _compat @ packaging
• b3a5a71 Raise TypeError when a string is passed for port to URL.build()
• e8cc8ab 🧪 Determine and use exact pure dist names @ GHA
• cc8f29e 🧪 Skip setting up Python @ cibuildwheel jobs
• d86eb20 Bump cython from 3.0.5 to 3.0.6 (#966)
• d3f762d Bump idna from 3.4 to 3.6 (#965)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions