Sourced from fastapi's releases.

0.103.2

Refactors

• ⬆️ Upgrade compatibility with Pydantic v2.4, new renamed functions and JSON Schema input/output models with default values. PR #10344 by @​tiangolo.

Translations

• 🌐 Add Ukrainian translation for docs/uk/docs/tutorial/extra-data-types.md. PR #10132 by @​ArtemKhymenko.
• 🌐 Fix typos in French translations for docs/fr/docs/advanced/path-operation-advanced-configuration.md, docs/fr/docs/alternatives.md, docs/fr/docs/async.md, docs/fr/docs/features.md, docs/fr/docs/help-fastapi.md, docs/fr/docs/index.md, docs/fr/docs/python-types.md, docs/fr/docs/tutorial/body.md, docs/fr/docs/tutorial/first-steps.md, docs/fr/docs/tutorial/query-params.md. PR #10154 by @​s-rigaud.
• 🌐 Add Chinese translation for docs/zh/docs/async.md. PR #5591 by @​mkdir700.
• 🌐 Update Chinese translation for docs/tutorial/security/simple-oauth2.md. PR #3844 by @​jaystone776.
• 🌐 Add Korean translation for docs/ko/docs/deployment/cloud.md. PR #10191 by @​Sion99.
• 🌐 Add Japanese translation for docs/ja/docs/deployment/https.md. PR #10298 by @​tamtam-fitness.
• 🌐 Fix typo in Russian translation for docs/ru/docs/tutorial/body-fields.md. PR #10224 by @​AlertRED.
• 🌐 Add Polish translation for docs/pl/docs/help-fastapi.md. PR #10121 by @​romabozhanovgithub.
• 🌐 Add Russian translation for docs/ru/docs/tutorial/header-params.md. PR #10226 by @​AlertRED.
• 🌐 Add Chinese translation for docs/zh/docs/deployment/versions.md. PR #10276 by @​xzmeng.

Internal

• 🔧 Update sponsors, remove Flint. PR #10349 by @​tiangolo.
• 🔧 Rename label "awaiting review" to "awaiting-review" to simplify search queries. PR #10343 by @​tiangolo.
• 🔧 Update sponsors, enable Svix (revert #10228). PR #10253 by @​tiangolo.
• 🔧 Update sponsors, remove Svix. PR #10228 by @​tiangolo.
• 🔧 Update sponsors, add Bump.sh. PR #10227 by @​tiangolo.

• 1bf5e7a 🔖 Release 0.103.2
• fcda32d 📝 Update release notes
• d0b17dd ⬆️ Upgrade Python version in Docker images for GitHub Actions (#10350)
• d769da3 📝 Update release notes
• 2f50ae8 🔧 Update sponsors, remove Flint (#10349)
• 831b5d5 📝 Update release notes
• bc935e0 ⬆️ Upgrade compatibility with Pydantic v2.4, new renamed functions and JSON S...
• b944b55 📝 Update release notes
• 74cf051 🔧 Rename label "awaiting review" to "awaiting-review" to simplify search quer...
• 1c4a9e9 📝 Update release notes
• Additional commits viewable in compare view

Sourced from celery's releases.

v5.1.2

Release date: 2021-06-28 16.15 P.M UTC+3:00

Release by: Omer Katz

• When chords fail, correctly call errbacks. (#6814)

  We had a special case for calling errbacks when a chord failed which assumed they were old style. This change ensures that we call the proper errback dispatch method which understands new and old style errbacks, and adds test to confirm that things behave as one might expect now.

• Avoid using the Event.isSet() deprecated alias. (#6824)

• Reintroduce sys.argv default behaviour for Celery.start(). (#6825)

Sourced from celery's changelog.

5.1.2

:release-date: 2021-06-28 16.15 P.M UTC+3:00 :release-by: Omer Katz

• When chords fail, correctly call errbacks. (#6814)

  We had a special case for calling errbacks when a chord failed which assumed they were old style. This change ensures that we call the proper errback dispatch method which understands new and old style errbacks, and adds test to confirm that things behave as one might expect now.

• Avoid using the Event.isSet() deprecated alias. (#6824)

• Reintroduce sys.argv default behaviour for Celery.start(). (#6825)

.. version-5.1.1:

5.1.1

:release-date: 2021-06-17 16.10 P.M UTC+3:00 :release-by: Omer Katz

• Fix --pool=threads support in command line options parsing. (#6787)
• Fix LoggingProxy.write() return type. (#6791)
• Couchdb key is now always coerced into a string. (#6781)
• grp is no longer imported unconditionally. (#6804) This fixes a regression in 5.1.0 when running Celery in non-unix systems.
• Ensure regen utility class gets marked as done when concertised. (#6789)
• Preserve call/errbacks of replaced tasks. (#6770)
• Use single-lookahead for regen consumption. (#6799)
• Revoked tasks are no longer incorrectly marked as retried. (#6812, #6816)

.. version-5.1.0:

5.1.0

:release-date: 2021-05-23 19.20 P.M UTC+3:00 :release-by: Omer Katz

• celery -A app events -c camera now works as expected. (#6774)
• Bump minimum required Kombu version to 5.1.0.

.. _version-5.1.0rc1:

5.1.0rc1

:release-date: 2021-05-02 16.06 P.M UTC+3:00 :release-by: Omer Katz

• Celery Mailbox accept and serializer parameters are initialized from configuration. (#6757)
• Error propagation and errback calling for group-like signatures now works as expected. (#6746)

... (truncated)

• 552e067 Bump version: 5.1.1 → 5.1.2
• 01a9e61 Update changelog.
• 22073e6 isort.
• bf53d10 Add missing release date for 5.1.1.
• 69093e5 Fix warning in test_get_sync_subtask_option. (#6827)
• 6806fc3 Update 5.0.x changelog.
• f5fb136 Fix changelog formatting.
• 494cc5d Reintroduce docstrings in programmatic start
• 7f1d162 test: Fix double-star unpacking of Mock in pypy3
• 030e71b style: Fix flake8 lint in tests
• Additional commits viewable in compare view

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

• Add parameters to Environment.overlay to match __init__. :issue:1645
• Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

• The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

• Drop support for Python 3.6. :pr:1534
• Remove previously deprecated code. :pr:1544

... (truncated)

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Sourced from black's releases.

21.12b0

Black

• Fix determination of f-string expression spans (#2654)
• Fix bad formatting of error messages about EOF in multi-line statements (#2343)
• Functions and classes in blocks now have more consistent surrounding spacing (#2472)

Jupyter Notebook support

• Cell magics are now only processed if they are known Python cell magics. Earlier, all cell magics were tokenized, leading to possible indentation errors e.g. with %%writefile. (#2630)
• Fix assignment to environment variables in Jupyter Notebooks (#2642)

Python 3.10 support

• Point users to using --target-version py310 if we detect 3.10-only syntax (#2668)
• Fix match statements with open sequence subjects, like match a, b: or match a, *b: (#2639) (#2659)
• Fix match/case statements that contain match/case soft keywords multiple times, like match re.match() (#2661)
• Fix case statements with an inline body (#2665)
• Fix styling of starred expressions inside match subject (#2667)
• Fix parser error location on invalid syntax in a match statement (#2649)
• Fix Python 3.10 support on platforms without ProcessPoolExecutor (#2631)
• Improve parsing performance on code that uses match under --target-version py310 up to ~50% (#2670)

Packaging

• Remove dependency on regex (#2644) (#2663)

---

Thank you!

• @​isidentical for the polishing up 3.10 syntax support (which they contributed in the first place!)
• @​MarcoGorelli for their ever-continuing work on Black's jupyter support
• @​jalaziz for cleaning up our Pyinstaller CD workflow
• @​hauntsaninja for helping us drop the regex dependency

And also congrats to first contributors!

• @​MatthewScholefield made their first contribution in psf/black#2631
• @​AshIsbitt made their first contribution in psf/black#2632
• @​kalbasit made their first contribution in psf/black#2638
• @​danieleades made their first contribution in psf/black#2653
• @​danielsparing made their first contribution in psf/black#2630
• @​tanvimoharir made their first contribution in psf/black#2343

Sourced from black's changelog.

21.12b0

Black

• Fix determination of f-string expression spans (#2654)
• Fix bad formatting of error messages about EOF in multi-line statements (#2343)
• Functions and classes in blocks now have more consistent surrounding spacing (#2472)

Jupyter Notebook support

• Cell magics are now only processed if they are known Python cell magics. Earlier, all cell magics were tokenized, leading to possible indentation errors e.g. with %%writefile. (#2630)
• Fix assignment to environment variables in Jupyter Notebooks (#2642)

Python 3.10 support

• Point users to using --target-version py310 if we detect 3.10-only syntax (#2668)
• Fix match statements with open sequence subjects, like match a, b: or match a, *b: (#2639) (#2659)
• Fix match/case statements that contain match/case soft keywords multiple times, like match re.match() (#2661)
• Fix case statements with an inline body (#2665)
• Fix styling of starred expressions inside match subject (#2667)
• Fix parser error location on invalid syntax in a match statement (#2649)
• Fix Python 3.10 support on platforms without ProcessPoolExecutor (#2631)
• Improve parsing performance on code that uses match under --target-version py310 up to ~50% (#2670)

Packaging

• Remove dependency on regex (#2644) (#2663)

21.11b1

Black

• Bumped regex version minimum to 2021.4.4 to fix Pattern class usage (#2621)

21.11b0

Black

• Warn about Python 2 deprecation in more cases by improving Python 2 only syntax detection (#2592)
• Add experimental PyPy support (#2559)
• Add partial support for the match statement. As it's experimental, it's only enabled when --target-version py310 is explicitly specified (#2586)
• Add support for parenthesized with (#2586)
• Declare support for Python 3.10 for running Black (#2562)

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.