Bump the python-packages group across 1 directory with 5 updates

[dependabot]

Updates the requirements on requests, waitress, bootstrap-flask, flask-migrate and pillow to permit the latest version.
Updates requests to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates waitress to 3.0.0

Release notes

Sourced from waitress's releases.

v3.0.0

3.0.0 (2024-02-04)

• Rename "master" git branch to "main"

• Fix a bug that would appear on macOS whereby if we accept() a socket that is already gone, setting socket options would fail and take down the server. See Pylons/waitress#399

• Fixed testing of vendored asyncore code to not rely on particular naming for errno's. See Pylons/waitress#397

• HTTP Request methods and versions are now validated to meet the HTTP standards thereby dropping invalid requests on the floor. See Pylons/waitress#423

• No longer close the connection when sending a HEAD request response. See Pylons/waitress#428

• Always attempt to send the Connection: close response header when we are going to close the connection to let the remote know in more instances. Pylons/waitress#429

• Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and PyPy 3.9, 3.10. See Pylons/waitress#412

• Document that trusted_proxy may be set to a wildcard value to trust all proxies. See Pylons/waitress#431

Updated Defaults

• clear_untrusted_proxy_headers is set to True by default. See Pylons/waitress#370

Changelog

Sourced from waitress's changelog.

3.0.0 (2024-02-04)

• Rename "master" git branch to "main"

• Fix a bug that would appear on macOS whereby if we accept() a socket that is already gone, setting socket options would fail and take down the server. See Pylons/waitress#399

• Fixed testing of vendored asyncore code to not rely on particular naming for errno's. See Pylons/waitress#397

• HTTP Request methods and versions are now validated to meet the HTTP standards thereby dropping invalid requests on the floor. See Pylons/waitress#423

• No longer close the connection when sending a HEAD request response. See Pylons/waitress#428

• Always attempt to send the Connection: close response header when we are going to close the connection to let the remote know in more instances. Pylons/waitress#429

• Python 3.7 is no longer supported. Add support for Python 3.11, 3.12 and PyPy 3.9, 3.10. See Pylons/waitress#412

• Document that trusted_proxy may be set to a wildcard value to trust all proxies. See Pylons/waitress#431

Updated Defaults

- clear_untrusted_proxy_headers is set to True by default. See
  https://github.com/Pylons/waitress/pull/370

Commits

• 4e0d8c4 Prep 3.0.0
• d59f148 Update CHANGES.txt
• af104eb Merge pull request #431 from Pylons/documentation/trusted_proxy_wildcard
• e0123ee Document wildcard support for trusted_proxy
• 5934be0 Update badges in README.rst
• 838db18 Pyton 3.7 begone, for realsies
• fde4aec Minimum supported Python version is 3.8
• f19cc71 Merge pull request #412 from gforcada/patch-1
• af0fd3d Don't run all PyPy version for macOS/Windows
• 6c8bb63 Set specific toxenv for PyPy
• Additional commits viewable in compare view

Updates bootstrap-flask to 2.4.0

Release notes

Sourced from bootstrap-flask's releases.

2.4.0

What's Changed

• support Python 3.12 by @​PanderMusubi in helloflask/bootstrap-flask#335
• replaced deprecated color muted with secondary by @​PanderMusubi in helloflask/bootstrap-flask#340
• Adding body_classes parameter to render_table by @​fsalum in helloflask/bootstrap-flask#350
• switch to pyproject.toml by @​180909 in helloflask/bootstrap-flask#354

New Contributors

• @​fsalum made their first contribution in helloflask/bootstrap-flask#350
• @​180909 made their first contribution in helloflask/bootstrap-flask#354

Full Changelog: helloflask/bootstrap-flask@2.3.3...2.4.0

Changelog

Sourced from bootstrap-flask's changelog.

2.4.0

Release date: 2024/4/7

• Test against Python 3.12.
• Replaced deprecated color "muted" with "secondary" ([#340](https://github.com/helloflask/bootstrap-flask/issues/340) <https://github.com/helloflask/bootstrap-flask/pull/340>__).
• Adding body_classes parameter to render_table ([#350](https://github.com/helloflask/bootstrap-flask/issues/350) <https://github.com/helloflask/bootstrap-flask/pull/350>__).
• Migrate setup.py to pyproject.toml.

2.3.3

Release date: 2023/11/30

• Upgrade to Bootstrap Icons 1.11.2.

2.3.2

Release date: 2023/10/11

• Fix the incorrect JS file integrity value.

2.3.1

Release date: 2023/10/11

• Upgrade to Bootstrap 5.3.2, Bootswatch 5.3.1, and Bootstrap Icons 1.11.1.
• Set up the Azure web app for the example application.

2.3.0

Release date: 2023/7/24

• Drop Python 3.7 support, and test against Python 3.11.
• Render enums in tables by their labels.
• Support creating action URLs for dict data ([#268](https://github.com/helloflask/bootstrap-flask/issues/268) <https://github.com/helloflask/bootstrap-flask/issues/268>__).
• Upgrade to Bootstrap 5.3.0, Bootstrap Icons 1.10.5, and Popper 2.11.8.

2.2.0

... (truncated)

Commits

• a53e696 Release 2.4.0 version
• 964ef8d switch to pyproject.toml (#354)
• ce852e4 Merge pull request #350 from fsalum/render-table-tbody-class
• fde6602 Adding body_classes paremeter to render_table
• e048e1a Merge pull request #340 from PanderMusubi/deprecation_muted_color
• a7e5632 Merge pull request #335 from PanderMusubi/python12
• c4de6b4 replaced deprecated color muted with secondary
• b60a8b7 support Python 3.12
• 8c40aed Fix release workflow publish job
• 556ab7d Fix release workflow create-release job
• Additional commits viewable in compare view

Updates flask-migrate from 4.0.5 to 4.0.7

Release notes

Sourced from flask-migrate's releases.

Release 4.0.7

See CHANGES.md for release notes.

Release 4.0.6

See CHANGES.md for release notes.

Changelog

Sourced from flask-migrate's changelog.

Flask-Migrate Change Log

Release 4.0.7 - 2024-03-11

• Regression from #438: check g.x_arg exists before accessing it #541 (commit) (thanks Skye Im!)

Release 4.0.6 - 2024-03-09

• Accept -x options for all db commands #438 (commit)
• Add --purge flag to the stamp command #540 (commit) (thanks Jono N!)

Release 4.0.5 - 2023-09-12

• Compatiblity fixes for Flask-SQLAlchemy >= 3.1 #526 (commit) (thanks David Lord!)
• Allow process_revision_directives option to be configurable #523 (commit) (thanks llc!)
• Stop testing Python 3.7, as Flask-SQLAlchemy 3.1 stopped supporting it (commit)

Release 4.0.4 - 2023-02-02

• Correctly obtain database URL with SQLAlchemy 2.0 #505 (commit)

Release 4.0.3 - 2023-01-29

• Remove legacy future import in Alembic templates #504 (commit) (thanks Pamela Fox!)
• Add SQLAlchemy 1.4 and 2.0 to the test matrix (commit)
• Switch to pytest as test runner (commit)

Release 4.0.2 - 2023-01-18

• Support "check" command #502 (commit) (thanks Masamitsu MURASE!)

Release 4.0.1 - 2023-01-05

• Do not use deprecated functions in Flask-SQLAlchemy 3.0 (commit)
• Stop building Python 3.6 (commit)
• Remove tests from pypi package (commit)

Release 4.0.0 - 2022-11-13

• Updates for Flask-SQLAlchemy 3.x compatiblity (commit)
• Enable type comparison and batch mode by default (commit)
• Option to rename "db" command group to a custom name (commit)
• Better handling of MetaData instances in templates (commit)
• Set options correctly when revision --autogenerate is used #463 (commit) (thanks Frazer McLean!)
• Documentation section on configuring Alembic (commit)
• Upgrade build to pypy-3.9 (commit)
• Add Python 3.10 to build (commit)
• Add Python 3.11 to build (commit)
• Specify license in project metadata #489 (commit) (thanks Frazer McLean!)
• Remove tests from pypi package (commit)

... (truncated)

Commits

• faf06d1 Release 4.0.7
• 7e8032c Check g.x_arg exists before working on it (#541)
• 9c0adac Version 4.0.7.dev0
• e8689ca Release 4.0.6
• af67bb0 Add --purge flag to the stamp command (#540)
• d70e25c Migrate Python package metadata to pyproject.toml
• 6f3f889 Accept -x options for all db commands (Fixes #438)
• 0ebfd4e Version 4.0.6.dev0
• See full diff in compare view

Updates pillow to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions