Bump the pip-minor-and-patch group across 1 directory with 8 updates

[dependabot]

Bumps the pip-minor-and-patch group with 8 updates in the /src directory:

Package	From	To
django-cors-headers	4.4.0	4.5.0
orjson	3.10.7	3.10.10
sentry-sdk	2.14.0	2.17.0
whitenoise	6.7.0	6.8.1
black	24.8.0	24.10.0
ruff	0.6.8	0.7.1
termcolor	2.4.0	2.5.0
tomli	2.0.1	2.0.2

Updates django-cors-headers from 4.4.0 to 4.5.0

Changelog

Sourced from django-cors-headers's changelog.

4.5.0 (2024-10-12)

• Drop Python 3.8 support.

• Support Python 3.13.

Commits

• 6f5222d Version 4.5.0
• 96ef5d7 Drop Python 3.8 support (#977)
• 6a0d30d Add automated release process (#976)
• e816d10 [pre-commit.ci] pre-commit autoupdate (#975)
• 132f381 Bump astral-sh/setup-uv from 1 to 3 in the github-actions group (#974)
• 3194a6d Support Python 3.13 (#972)
• 1cba108 Upgrade requirements (#971)
• a56c753 Use uv on GitHub Actions (#970)
• 0c34907 Fix GHA upload-artifact config
• 9fdf97c Fix Coverage upload on GHA
• Additional commits viewable in compare view

Updates orjson from 3.10.7 to 3.10.10

Release notes

Sourced from orjson's releases.

3.10.10

Fixed

• Fix int serialization on s390x. This was introduced in 3.10.8.

Changed

• Publish aarch64 manylinux_2_17 wheel for 3.13 to PyPI.

3.10.9

Fixed

• Fix int serialization on 32-bit Python 3.8, 3.9, 3.10. This was introduced in 3.10.8.

3.10.8

Changed

• int serialization no longer chains OverflowError to the the __cause__ attribute of orjson.JSONEncodeError when range exceeded.
• Compatibility with CPython 3.14 alpha 1.
• Improve performance.

Changelog

Sourced from orjson's changelog.

3.10.10

Fixed

• Fix int serialization on s390x. This was introduced in 3.10.8.

Changed

• Publish aarch64 manylinux_2_17 wheel for 3.13 to PyPI.

3.10.9

Fixed

• Fix int serialization on 32-bit Python 3.8, 3.9, 3.10. This was introduced in 3.10.8.

3.10.8

Changed

• int serialization no longer chains OverflowError to the the __cause__ attribute of orjson.JSONEncodeError when range exceeded.
• Compatibility with CPython 3.14 alpha 1.
• Improve performance.

Commits

• 4918783 3.10.10
• e1f64bf setup-qemu-container, restrict inline_int, cargo update
• e331c52 3.10.9
• 4ba2c7f inline_int
• 3be7253 3.10.8
• 92f7b8c int uses _PyLong_AsByteArray()
• aec6e70 jiff
• c5af268 cargo update, vendor pyo3-ffi, python3.14
• 3640a30 Fix orjson_manylinux_2_17_amd64_* artifact upload
• See full diff in compare view

Updates sentry-sdk from 2.14.0 to 2.17.0

Release notes

Sourced from sentry-sdk's releases.

2.17.0

Various fixes & improvements

• Add support for async calls in Anthropic and OpenAI integration (#3497) by @​vetyy
• Allow custom transaction names in ASGI (#3664) by @​sl0thentr0py
• Langchain: Handle case when parent span wasn't traced (#3656) by @​rbasoalto
• Fix Anthropic integration when using tool calls (#3615) by @​kwnath
• More defensive Django Spotlight middleware injection (#3665) by @​BYK
• Remove ensure_integration_enabled_async (#3632) by @​sentrivana
• Test with newer Falcon version (#3644, #3653, #3662) by @​sentrivana
• Fix mypy (#3657) by @​sentrivana
• Fix flaky transport test (#3666) by @​sentrivana
• Remove pin on sphinx (#3650) by @​sentrivana
• Bump actions/checkout from 4.2.0 to 4.2.1 (#3651) by @​dependabot

2.16.0

Integrations

• Bottle: Add failed_request_status_codes (#3618) by @​szokeasaurusrex

  You can now define a set of integers that will determine which status codes should be reported to Sentry.

  sentry_sdk.init(
      integrations=[
          BottleIntegration(
              failed_request_status_codes={403, *range(500, 600)},
          )
      ]
  )

  Examples of valid failed_request_status_codes:

  • {500} will only send events on HTTP 500.
  • {400, *range(500, 600)} will send events on HTTP 400 as well as the 5xx range.
  • {500, 503} will send events on HTTP 500 and 503.
  • set() (the empty set) will not send events for any HTTP status code.

  The default is {*range(500, 600)}, meaning that all 5xx status codes are reported to Sentry.

• Bottle: Delete never-reached code (#3605) by @​szokeasaurusrex

• Redis: Remove flaky test (#3626) by @​sentrivana

• Django: Improve getting psycopg3 connection info (#3580) by @​nijel

• Django: Add SpotlightMiddleware when Spotlight is enabled (#3600) by @​BYK

• Django: Open relevant error when SpotlightMiddleware is on (#3614) by @​BYK

• Django: Support http_methods_to_capture in ASGI Django (#3607) by @​sentrivana

  ASGI Django now also supports the http_methods_to_capture integration option. This is a configurable tuple of HTTP method verbs that should create a transaction in Sentry. The default is ("CONNECT", "DELETE", "GET", "PATCH", "POST", "PUT", "TRACE",). OPTIONS and HEAD are not included by default.

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.17.0

Various fixes & improvements

• Add support for async calls in Anthropic and OpenAI integration (#3497) by @​vetyy
• Allow custom transaction names in ASGI (#3664) by @​sl0thentr0py
• Langchain: Handle case when parent span wasn't traced (#3656) by @​rbasoalto
• Fix Anthropic integration when using tool calls (#3615) by @​kwnath
• More defensive Django Spotlight middleware injection (#3665) by @​BYK
• Remove ensure_integration_enabled_async (#3632) by @​sentrivana
• Test with newer Falcon version (#3644, #3653, #3662) by @​sentrivana
• Fix mypy (#3657) by @​sentrivana
• Fix flaky transport test (#3666) by @​sentrivana
• Remove pin on sphinx (#3650) by @​sentrivana
• Bump actions/checkout from 4.2.0 to 4.2.1 (#3651) by @​dependabot

2.16.0

Integrations

• Bottle: Add failed_request_status_codes (#3618) by @​szokeasaurusrex

  You can now define a set of integers that will determine which status codes should be reported to Sentry.

  sentry_sdk.init(
      integrations=[
          BottleIntegration(
              failed_request_status_codes={403, *range(500, 600)},
          )
      ]
  )

  Examples of valid failed_request_status_codes:

  • {500} will only send events on HTTP 500.
  • {400, *range(500, 600)} will send events on HTTP 400 as well as the 5xx range.
  • {500, 503} will send events on HTTP 500 and 503.
  • set() (the empty set) will not send events for any HTTP status code.

  The default is {*range(500, 600)}, meaning that all 5xx status codes are reported to Sentry.

• Bottle: Delete never-reached code (#3605) by @​szokeasaurusrex

• Redis: Remove flaky test (#3626) by @​sentrivana

• Django: Improve getting psycopg3 connection info (#3580) by @​nijel

• Django: Add SpotlightMiddleware when Spotlight is enabled (#3600) by @​BYK

• Django: Open relevant error when SpotlightMiddleware is on (#3614) by @​BYK

• Django: Support http_methods_to_capture in ASGI Django (#3607) by @​sentrivana

... (truncated)

Commits

• e44c9ee Update CHANGELOG.md
• ee30db3 release: 2.17.0
• 365d9cf Fix flaky transport test (#3666)
• 9ae5820 Add support for async calls in Anthropic and OpenAI integration (#3497)
• 891afee fix(spotlight): More defensive Django spotlight middleware injection (#3665)
• f493057 Allow custom transaction names in asgi (#3664)
• e463034 tests: Falcon RC1 (#3662)
• deca5f2 build(deps): Remove pin on sphinx (#3650)
• 302457d build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#3651)
• 846b8b2 fix(langchain): handle case when parent span wasn't traced (#3656)
• Additional commits viewable in compare view

Updates whitenoise from 6.7.0 to 6.8.1

Changelog

Sourced from whitenoise's changelog.

6.8.1 (2024-10-28)

• Raise any errors from threads in the whitenoise.compress command.

  Regression in 6.8.0. Thanks to Tom Grainger for the spotting this with a comment on PR [#484](https://github.com/evansd/whitenoise/issues/484) <https://github.com/evansd/whitenoise/pull/484#discussion_r1818989096>__.

6.8.0 (2024-10-28)

• Drop Django 3.2 to 4.1 support.

• Drop Python 3.8 support.

• Support Python 3.13.

• Fix a bug introduced in version 6.0.0 where Range requests could lead to database connection errors in other requests.

  Thanks to Per Myren for the detailed investigation and fix in PR [#612](https://github.com/evansd/whitenoise/issues/612) <https://github.com/evansd/whitenoise/pull/612>__.

• Use Django’s |FORCE_SCRIPT_NAME|__ setting correctly. This reverts a change from version 5.3.0 that added a call to Django’s |get_script_prefix() method|__ outside of the request-response cycle.

  .. |FORCE_SCRIPT_NAME| replace:: FORCE_SCRIPT_NAME __ https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-FORCE_SCRIPT_NAME

  .. |get_script_prefix() method| replace:: get_script_prefix() method __ https://docs.djangoproject.com/en/stable/ref/urlresolvers/#django.urls.get_script_prefix

  Thanks to Sarah Boyce in PR [#486](https://github.com/evansd/whitenoise/issues/486) <https://github.com/evansd/whitenoise/pull/486>__.

• Compress files using a thread pool. This speeds up the compression step up to four times in benchmarks.

  Thanks to Anthony Ricaud in PR [#484](https://github.com/evansd/whitenoise/issues/484) <https://github.com/evansd/whitenoise/pull/484>__.

Commits

• bfc5dae Version 6.8.1
• 6bbec0f Raise errors from threads in whitenoise.compress (#615)
• 0b054e5 Version 6.8.0
• 54c464a Upgrade and clarify Django quickstart docs (#548)
• d5caf8d Compress each file in a ThreadPool (#484)
• 9494ff3 Use settings.FORCE_SCRIPT_NAME correctly (#486)
• c42e93c Make sure SlicedFile is closed properly (#612)
• f8dff50 Drop Django 3.2 to 4.1 support (#614)
• 6450820 Drop Python 3.8 support (#613)
• 946a95e [pre-commit.ci] pre-commit autoupdate (#611)
• Additional commits viewable in compare view

Updates black from 24.8.0 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Changelog

Sourced from black's changelog.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Commits

• 1b2427a Prepare release 24.10.0 (#4471)
• a22b1eb Add mypyc 3.13 wheel build (#4449)
• b7d0e72 Bump AndreMiras/coveralls-python-action from 65c1672f0b8a201702d86c81b79187df...
• f1a2f92 Include --unstable in cache key (#4466)
• 8d9d18c Fix skipping Jupyter cells with unknown %% magic (#4462)
• bbfdba3 Fix docs CI: use venv for uv to fix 'failed to create directory' (#4460)
• 8fb2add Use builtin generics (#4458)
• 2a45cec Fix crashes with comments in parentheses (#4453)
• b4d6d86 Drop Python 3.8 support (#4452)
• ac018c1 Require newer aiohttp for blackd (#4451)
• Additional commits viewable in compare view

Updates ruff from 0.6.8 to 0.7.1

Release notes

Sourced from ruff's releases.

0.7.1

Release Notes

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

Contributors

• @​Aditya-PS-05
• @​AlexWaygood
• @​Glyphack
• @​Lexxxzy
• @​MichaReiser
• @​TomerBin
• @​Watercycle
• @​cake-monotone
• @​carljm
• @​dhruvmanila
• @​diceroll123
• @​mihaic
• @​ndmitchell
• @​pilleye
• @​renovate
• @​rtpg
• @​samypr100
• @​sharkdp

Install ruff 0.7.1

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.7.1

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

0.7.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

... (truncated)

Commits

• 337af83 Bump version to 0.7.1 (#13913)
• 113ce84 Fix normalize arguments when fstring_formatting is disabled (#13910)
• 7272f83 Fix preview style name in can_omit_parentheses to is_f_string_formatting_en...
• 3eb4546 [red-knot] Format mdtest Python snippets more concisely (#13905)
• 77ae0cc [red-knot] Infer subscript expression types for bytes literals (#13901)
• 73ee72b Join implicit concatenated strings when they fit on a line (#13663)
• e402e27 Use referencial equality in traversal helper methods (#13895)
• de4181d Remove "default" remark from ruff check (#13900)
• 2c57c2d [red-knot] Type narrowing for isinstance checks (#13894)
• 72c18c8 Fix E221 and E222 to flag missing or extra whitespace around == operator (#...
• Additional commits viewable in compare view

Updates termcolor from 2.4.0 to 2.5.0

Release notes

Sourced from termcolor's releases.

Release 2.5.0

Added

• Add strike attribute (#65) @​muzhig
• Generate and upload attestations to PyPI (#83) @​hugovk

Changed

• Drop support for Python 3.8 (#81) @​hugovk

Commits

• 2654f7f Test with uv (#84)
• 143a8b4 Generate and upload attestations to PyPI (#83)
• 09ca9cc Drop support for Python 3.8 (#81)
• 9e35c66 [pre-commit.ci] pre-commit autoupdate (#80)
• 9f38125 Update codecov/codecov-action action to v4 (#78)
• 354cb36 Update codecov/codecov-action action to v4 (#76)
• 0ac4aeb Add Codecov token to work with v4 (#75)
• 3c927b6 [pre-commit.ci] pre-commit autoupdate (#71)
• 7143ed6 Update github-actions (#69)
• 40bd968 [pre-commit.ci] pre-commit autoupdate (#67)
• Additional commits viewable in compare view

Updates tomli from 2.0.1 to 2.0.2

Changelog

Sourced from tomli's changelog.

2.0.2

• Removed
  • Python 3.7 support
• Improved
  • Make loads raise TypeError not AttributeError on bad input types that do not have the replace attribute. Improve error message when bytes is received.
• Type annotations
  • Type annotate load input as typing.IO[bytes] (previously typing.BinaryIO).

Commits

• 3ec6775 Bump version: 2.0.1 → 2.0.2
• 1dcd317 Add v2.0.2 changelog
• c94ee69 Fix GitHub Actions badge
• 4e245a4 tomli.loads: Raise TypeError not AttributeError. Improve message (#229)
• facdab0 Update pre-commit. Remove docformatter
• a613867 Use sys.version_info in compatibility layer (#220)
• 39eff9b Add support for Python 3.12, drop EOL 3.7 (#224)
• 0054e60 [pre-commit.ci] pre-commit autoupdate (#208)
• 1bd3345 Test against Python 3.12-dev
• 5646e69 Type annotate as IO[bytes], not BinaryIO
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.