Bump the pip group across 1 directory with 7 updates

[dependabot]

Bumps the pip group with 7 updates in the / directory:

Package	From	To
cryptography	42.0.8	43.0.0
fastapi[all]	0.111.0	0.112.0
pyjwt	2.8.0	2.9.0
uvicorn	0.30.1	0.30.5
pylint	3.2.5	3.2.6
black	24.4.2	24.8.0
pytest	8.2.2	8.3.2

Updates cryptography from 42.0.8 to 43.0.0

Changelog

Sourced from cryptography's changelog.

43.0.0 - 2024-07-20

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
  removed.  Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
  now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
  considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
  now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
  insecure cryptographic primitives.
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
  deprecated in 37.0.0, have been added to this module. They will be removed
  from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
  and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
  :doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
  They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
  :mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
  form of :class:`~cryptography.x509.verification.ClientVerifier`,
  :class:`~cryptography.x509.verification.VerifiedClient`, and
  ``PolicyBuilder``
  :meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
  :attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
  and Certificate Signing Request
  :attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
  to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
  Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
  timezone-aware alternative to the naïve ``datetime`` attribute
  :attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
  :meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
  :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table> 

... (truncated)

Commits

• ebf14f2 bump for 43.0.0 and update changelog (#11311)
• 42788a0 Fix exchange with keys that had Q automatically computed (#11309)
• 2dbdfb8 don't assign unused name (#11310)
• ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
• 4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
• f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
• a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
• 2fe32b2 Bump mypy from 1.10.1 to 1.11.0 (#11303)
• ee24e82 Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)
• 7249ccd Bump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)
• Additional commits viewable in compare view

Updates fastapi[all] from 0.111.0 to 0.112.0

Release notes

Sourced from fastapi[all]'s releases.

0.112.0

Breaking Changes

• ♻️ Add support for pip install "fastapi[standard]" with standard dependencies and python -m fastapi. PR #11935 by @​tiangolo.

Summary

Install with:

pip install "fastapi[standard]"

Other Changes

• This adds support for calling the CLI as:

python -m python

• And it upgrades fastapi-cli[standard] >=0.0.5.

Technical Details

Before this, fastapi would include the standard dependencies, with Uvicorn and the fastapi-cli, etc.

And fastapi-slim would not include those standard dependencies.

Now fastapi doesn't include those standard dependencies unless you install with pip install "fastapi[standard]".

Before, you would install pip install fastapi, now you should include the standard optional dependencies (unless you want to exclude one of those): pip install "fastapi[standard]".

This change is because having the standard optional dependencies installed by default was being inconvenient to several users, and having to install instead fastapi-slim was not being a feasible solution.

Discussed here: #11522 and here: #11525

Docs

• ✏️ Fix typos in docs. PR #11926 by @​jianghuyiyuan.
• 📝 Tweak management docs. PR #11918 by @​tiangolo.
• 🚚 Rename GitHub links from tiangolo/fastapi to fastapi/fastapi. PR #11913 by @​tiangolo.
• 📝 Add docs about FastAPI team and project management. PR #11908 by @​tiangolo.
• 📝 Re-structure docs main menu. PR #11904 by @​tiangolo.
• 📝 Update Speakeasy URL. PR #11871 by @​ndimares.

Translations

• 🌐 Update Portuguese translation for docs/pt/docs/alternatives.md. PR #11931 by @​ceb10n.
• 🌐 Add Russian translation for docs/ru/docs/tutorial/dependencies/sub-dependencies.md. PR #10515 by @​AlertRED.

... (truncated)

Commits

• b2e2338 🔖 Release version 0.112.0
• 003d454 📝 Update release notes
• 450bff6 📝 Update release notes
• a25c92c ♻️ Add support for pip install "fastapi[standard]" with standard dependenci...
• 3990a0a 📝 Update release notes
• 1f7dcc5 🌐 Update Portuguese translation for docs/pt/docs/alternatives.md (#11931)
• 12a4476 📝 Update release notes
• efb4a07 🔧 Update sponsors: add liblab (#11934)
• 9d41d6e 📝 Update release notes
• 643a87c 👷 Update GitHub Action label-approved permissions (#11933)
• Additional commits viewable in compare view

Updates pyjwt from 2.8.0 to 2.9.0

Release notes

Sourced from pyjwt's releases.

2.9.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#905
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#909
• Add support for Python 3.12 by @​hugovk in jpadilla/pyjwt#910
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#911
• Fix an unnecessary str concat by @​sirosen in jpadilla/pyjwt#904
• Update jwt-api to accept either a string or list of strings for issuer validation by @​mattpollak in jpadilla/pyjwt#913
• Bump actions/checkout from 3 to 4 by @​dependabot in jpadilla/pyjwt#916
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#917
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#922
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#926
• Bump actions/setup-python from 4 to 5 by @​dependabot in jpadilla/pyjwt#931
• Bump hynek/build-and-inspect-python-package from 1 to 2 by @​dependabot in jpadilla/pyjwt#935
• docs/api: document strict_aud on decode_complete by @​woodruffw in jpadilla/pyjwt#923
• chore: fix docs step by @​jpadilla in jpadilla/pyjwt#950
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#953
• Add coverage and improve performance of is_ssh_key by @​bdraco in jpadilla/pyjwt#940
• Decode with PyJWK by @​luhn in jpadilla/pyjwt#886
• Remove an unused variable from an example code block by @​kenkoooo in jpadilla/pyjwt#958
• Handle load_pem_public_key ValueError by @​CollinEMac in jpadilla/pyjwt#952
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#960
• Raise exception when required cryptography dependency is missing by @​tobloef in jpadilla/pyjwt#963
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#965
• Add 2.9.0 changelog. Fixes #949 by @​benvdh in jpadilla/pyjwt#967

New Contributors

• @​mattpollak made their first contribution in jpadilla/pyjwt#913
• @​bdraco made their first contribution in jpadilla/pyjwt#940
• @​luhn made their first contribution in jpadilla/pyjwt#886
• @​kenkoooo made their first contribution in jpadilla/pyjwt#958
• @​CollinEMac made their first contribution in jpadilla/pyjwt#952
• @​tobloef made their first contribution in jpadilla/pyjwt#963
• @​benvdh made their first contribution in jpadilla/pyjwt#967

Full Changelog: jpadilla/pyjwt@2.8.0...2.9.0

Changelog

Sourced from pyjwt's changelog.

v2.9.0 <https://github.com/jpadilla/pyjwt/compare/2.8.0...2.9.0>__

Changed

- Drop support for Python 3.7 (EOL) by @hugovk in `[#910](https://github.com/jpadilla/pyjwt/issues/910) <https://github.com/jpadilla/pyjwt/pull/910>`__
- Allow JWT issuer claim validation to accept a list of strings too by @mattpollak in `[#913](https://github.com/jpadilla/pyjwt/issues/913) <https://github.com/jpadilla/pyjwt/pull/913>`__
Fixed

- Fix unnecessary string concatenation by @sirosen in `[#904](https://github.com/jpadilla/pyjwt/issues/904) &lt;https://github.com/jpadilla/pyjwt/pull/904&gt;`__
- Fix docs for ``jwt.decode_complete`` to include ``strict_aud`` option by @woodruffw in `[#923](https://github.com/jpadilla/pyjwt/issues/923) &lt;https://github.com/jpadilla/pyjwt/pull/923&gt;`__
- Fix docs step by @jpadilla in `[#950](https://github.com/jpadilla/pyjwt/issues/950) &lt;https://github.com/jpadilla/pyjwt/pull/950&gt;`__
- Fix: Remove an unused variable from example code block by @kenkoooo in `[#958](https://github.com/jpadilla/pyjwt/issues/958) &lt;https://github.com/jpadilla/pyjwt/pull/958&gt;`__
Added



Add support for Python 3.12 by @​hugovk in [#910](https://github.com/jpadilla/pyjwt/issues/910) &lt;https://github.com/jpadilla/pyjwt/pull/910&gt;__
Improve performance of is_ssh_key + add unit test by @​bdraco in [#940](https://github.com/jpadilla/pyjwt/issues/940) &lt;https://github.com/jpadilla/pyjwt/pull/940&gt;__
Allow jwt.decode() to accept a PyJWK object by @​luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) &lt;https://github.com/jpadilla/pyjwt/pull/886&gt;__
Make algorithm_name attribute available on PyJWK by @​luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) &lt;https://github.com/jpadilla/pyjwt/pull/886&gt;__
Raise InvalidKeyError on invalid PEM keys to be compatible with cryptography 42.x.x by @​CollinEMac in [#952](https://github.com/jpadilla/pyjwt/issues/952) &lt;https://github.com/jpadilla/pyjwt/pull/952&gt;__
Raise an exception when required cryptography dependency is missing by @​tobloef in &lt;https://github.com/jpadilla/pyjwt/pull/963&gt;__

Commits

• 868cf4a Add 2.9.0 changelog. Fixes #949 (#967)
• 304a3df [pre-commit.ci] pre-commit autoupdate (#965)
• 527fec2 Raise exception when required cryptography dependency is missing (#963)
• 18a50be [pre-commit.ci] pre-commit autoupdate (#960)
• 4703f87 Handle load_pem_public_key ValueError (#952)
• 9dc732f Update usage.rst (#958)
• ab8176a Decode with PyJWK (#886)
• c0a071d chore: update actions/download-artifact
• 2afbe32 Add coverage and improve performance of is_ssh_key (#940)
• 97345a7 [pre-commit.ci] pre-commit autoupdate (#953)
• Additional commits viewable in compare view

Updates uvicorn from 0.30.1 to 0.30.5

Release notes

Sourced from uvicorn's releases.

Version 0.30.5

Fixed

• Don't close connection before receiving body on H11 (#2408)

---

Full Changelog: encode/uvicorn@0.30.4...0.30.5

Version 0.30.4

Fixed

• Close connection when h11 sets client state to MUST_CLOSE #2375

---

Full Changelog: encode/uvicorn@0.30.3...0.30.4

Version 0.30.3

Fixed

• Suppress KeyboardInterrupt from CLI and programmatic usage (#2384)
• ClientDisconnect inherits from OSError instead of IOError (#2393)

---

Full Changelog: encode/uvicorn@0.30.2...0.30.3

Version 0.30.2

Added

• Add reason support to websocket.disconnect event (#2324)

Fixed

• Iterate subprocesses in-place on the process manager (#2373)

---

Full Changelog: encode/uvicorn@0.30.1...0.30.2

Changelog

Sourced from uvicorn's changelog.

0.30.5 (2024-08-02)

Fixed

• Don't close connection before receiving body on H11 (#2408)

0.30.4 (2024-07-31)

Fixed

• Close connection when h11 sets client state to MUST_CLOSE (#2375)

0.30.3 (2024-07-20)

Fixed

• Suppress KeyboardInterrupt from CLI and programmatic usage (#2384)
• ClientDisconnect inherits from OSError instead of IOError (#2393)

0.30.2 (2024-07-20)

Added

• Add reason support to websocket.disconnect event (#2324)

Fixed

• Iterate subprocesses in-place on the process manager (#2373)

Commits

• ff54b02 Version 0.30.5 (#2409)
• 2f25107 Fix 0.30.4 issue with connection close header (#2408)
• 8efa41c Version 0.30.4 (#2403)
• b492349 Add pragma: full coverage to Process.is_alive (#2402)
• ce999aa close request connection if h11 sets client state as MUST_CLOSE (#2375)
• d277c25 Add Marcelo Trylesinski as maintainer (#2398)
• 5bf788f Version 0.30.3 (#2395)
• 8f4c8a7 Add 100% clean coverage (#2394)
• 9baded3 Bump the python-packages group with 9 updates (#2376)
• 9279825 ClientDisconnect inherits from OSError instead of IOError (#2393)
• Additional commits viewable in compare view

Updates pylint from 3.2.5 to 3.2.6

Commits

• da19566 Bump pylint to 3.2.6, update changelog (#9825)
• 810c59c Update setuptools to >=71.0.4 (#9812) (#9824)
• 5f19cd5 Fix a crash when a subclass extends __slots__ (#9817) (#9822)
• c0b1d22 Bump astroid to 3.2.4 (#9816) (#9821)
• 1d877de Fix consider-using-min-max-builtin (#9802) (#9803)
• 8410f57 Fix a false positive for missing-param-doc (#9740) (#9793)
• bd4c8f1 Handle assert_never() when imported from typing_extensions (#9782) (#9790)
• 8eb2c4d Fix FP for unexpected-keyword-arg with ambiguous constructors (#9785) (#9788)
• 9882537 Bump astroid to 3.2.3 (#9787)
• aea868c Fix invalid-name regression for class attributes in subclasses (#9772) (#9775)
• See full diff in compare view

Updates black from 24.4.2 to 24.8.0

Release notes

Sourced from black's releases.

24.8.0

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)
• Fix regression where Black failed to parse an escaped single quote inside an f-string (#4401)
• Fix bug with Black incorrectly parsing empty lines with a backslash (#4343)
• Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#4422)
• Fix incorrect line numbers in the tokenizer for certain tokens within f-strings (#4423)

Performance

• Improve performance when a large directory is listed in .gitignore (#4415)

Blackd

• Fix blackd (and all extras installs) for docker container (#4357)

Changelog

Sourced from black's changelog.

24.8.0

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also linked. This improves the PyPI listing for Black. (#4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another multiline string (#4339)
• Fix regression where Black failed to parse an escaped single quote inside an f-string (#4401)
• Fix bug with Black incorrectly parsing empty lines with a backslash (#4343)
• Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#4422)
• Fix incorrect line numbers in the tokenizer for certain tokens within f-strings (#4423)

Performance

• Improve performance when a large directory is listed in .gitignore (#4415)

Blackd

• Fix blackd (and all extras installs) for docker container (#4357)

Commits

• b965c2a Prepare release 24.8.0 (#4426)
• 9ccf279 Document find_project_root ignoring pyproject.toml without [tool.black]...
• 14b6e61 fix: Enhace black efficiently to skip directories listed in .gitignore (#4415)
• b1c4dd9 fix: respect braces better in f-string parsing (#4422)
• 4b4ae43 Fix incorrect linenos on fstring tokens with escaped newlines (#4423)
• 7fa1faf docs: fix the installation command of extra for blackd (#4413)
• 8827acc Bump sphinx from 7.3.7 to 7.4.0 in /docs (#4404)
• b0da11d Bump furo from 2024.5.6 to 2024.7.18 in /docs (#4409)
• 721dff5 fix: avoid formatting backslash strings inside f-strings (#4401)
• 7e2afc9 Update actions/checkout to v4 to stop node deprecation warnings (#4379)
• Additional commits viewable in compare view

Updates pytest from 8.2.2 to 8.3.2

Release notes

Sourced from pytest's releases.

8.3.2

pytest 8.3.2 (2024-07-24)

Bug fixes

• #12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.

  -- by RonnyPfannschmidt{.interpreted-text role="user"}

8.3.1

pytest 8.3.1 (2024-07-20)

The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.

8.3.0

pytest 8.3.0 (2024-07-20)

New features

• #12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.

  • If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
  • The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
  • Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.

  Some history:

  With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.

  This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.

• #12281: Added support for keyword matching in marker expressions.

  Now tests can be selected by marker keyword arguments. Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.

  See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.

  -- by lovetheguitar{.interpreted-text role="user"}

• #12567: Added --no-fold-skipped command line option.

  If this option is set, then skipped tests in short summary are no longer grouped by reason but all tests are printed individually with their nodeid in the same way as other statuses.

  -- by pbrezina{.interpreted-text role="user"}

... (truncated)

Commits

• bbcec9c Prepare release version 8.3.2
• 78fe8b6 Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...
• 238bad2 Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-env
• ae6034a Merge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...
• 31337ab Merge pull request #12640 from pytest-dev/update-user
• ca3070b Merge pull request #12637 from pytest-dev/release-8.3.1
• de98446 Prepare release version 8.3.1
• bd0a042 Merge pull request #12636 from pytest-dev/update-release-notes
• 664325b doc/changelog: update 8.3.0 notes
• 19d225d Merge pull request #12635 from pytest-dev/release-8.3.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #123.