Update Lock-file Patch Releases for Next (next)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
GitPython	3.1.34 -> 3.1.36
Markdown (changelog)	~3.3.7 -> ~3.4.0
Markdown (changelog)	==3.3.7 -> ==3.4.4
black (changelog)	~23.7.0 -> ~23.9.0
coverage	~7.2.7 -> ~7.3.0
django-auth-ldap (changelog)	~4.3.0 -> ~4.5.0
django-celery-results (changelog)	~2.4.0 -> ~2.5.0
django-debug-toolbar (changelog)	~4.1.0 -> ~4.2.0
django-filter (source, changelog)	23.1 -> 23.2
django-jinja	~2.10.2 -> ~2.11.0
django-storages (changelog)	1.13.2 -> 1.14
drf-spectacular	0.26.3 -> 0.26.4
factory-boy	~3.2.1 -> ~3.3.0
flake8 (changelog)	~6.0.0 -> ~6.1.0
graphene-django-optimizer	~0.8.0 -> ~0.10.0
jsonschema (changelog)	>=4.7.0,<4.19.0 -> >=4.19.0,<4.20.0
mkdocs (changelog)	~1.4.3 -> ~1.5.0
mkdocs (changelog)	==1.4.3 -> ==1.5.2
mkdocs-material	~9.1.18 -> ~9.3.0
mkdocs-material	==9.1.18 -> ==9.3.1
mkdocs-section-index (changelog)	0.3.5 -> 0.3.7
mkdocs-section-index (changelog)	==0.3.5 -> ==0.3.7
mkdocstrings (changelog)	~0.22.0 -> ~0.23.0
mkdocstrings (changelog)	==0.22.0 -> ==0.23.0
mkdocstrings-python (changelog)	~1.3.0 -> ~1.6.0
mkdocstrings-python (changelog)	==1.3.0 -> ==1.6.3
netutils (source)	1.5.0 -> 1.6.0
rich	~13.4.2 -> ~13.5.0
selenium	~4.9.1 -> ~4.12.0
social-auth-app-django	~5.2.0 -> ~5.3.0
splinter (changelog)	~0.18.1 -> ~0.19.0
yamllint	~1.30.0 -> ~1.32.0

---

Release Notes

gitpython-developers/GitPython (GitPython)

v3.1.36

Compare Source

v3.1.35: - a fix for CVE-2023-41040

Compare Source

What's Changed

• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/gitpython-developers/GitPython/pull/1643
• Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @​CosmosAtlas in https://github.com/gitpython-developers/GitPython/pull/1645
• Fix CVE-2023-41040 by @​facutuesca in https://github.com/gitpython-developers/GitPython/pull/1644
• Only make config more permissive in tests that need it by @​EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1648
• Added test for PR #​1645 submodule path by @​CosmosAtlas in https://github.com/gitpython-developers/GitPython/pull/1647
• Fix Windows environment variable upcasing bug by @​EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1650

New Contributors

• @​CosmosAtlas made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1645
• @​facutuesca made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1644

Full Changelog: gitpython-developers/GitPython@3.1.34...3.1.35

Python-Markdown/markdown (Markdown)

v3.4.4

Compare Source

v3.4.3

Compare Source

v3.4.2

Compare Source

v3.4.1

Compare Source

v3.4

Compare Source

psf/black (black)

v23.9.1

Compare Source

Due to various issues, the previous release (23.9.0) did not include compiled mypyc
wheels, which make Black significantly faster. These issues have now been fixed, and
this release should come with compiled wheels once again.

There will be no wheels for Python 3.12 due to a bug in mypyc. We will provide 3.12
wheels in a future release as soon as the mypyc bug is fixed.

Packaging

• Upgrade to mypy 1.5.1 (#​3864)

Performance

• Store raw tuples instead of NamedTuples in Black's cache, improving performance and
  decreasing the size of the cache (#​3877)

v23.9.0

Compare Source

Preview style

• More concise formatting for dummy implementations (#​3796)
• In stub files, add a blank line between a statement with a body (e.g an
  if sys.version_info > (3, x):) and a function definition on the same level (#​3862)
• Fix a bug whereby spaces were removed from walrus operators within subscript(#​3823)

Configuration

• Black now applies exclusion and ignore logic before resolving symlinks (#​3846)

Performance

• Avoid importing IPython if notebook cells do not contain magics (#​3782)
• Improve caching by comparing file hashes as fallback for mtime and size (#​3821)

Blackd

• Fix an issue in blackd with single character input (#​3558)

Integrations

• Black now has an
  official pre-commit mirror. Swapping
  https://github.com/psf/black to https://github.com/psf/black-pre-commit-mirror in
  your .pre-commit-config.yaml will make Black about 2x faster (#​3828)
• The .black.env folder specified by ENV_PATH will now be removed on the completion
  of the GitHub Action (#​3759)

nedbat/coveragepy (coverage)

v7.3.1

Compare Source

• The semantics of stars in file patterns has been clarified in the docs. A
  leading or trailing star matches any number of path components, like a double
  star would. This is different than the behavior of a star in the middle of a
  pattern. This discrepancy was identified by Sviatoslav Sydorenko <starbad_>, who provided patient detailed diagnosis <pull 1650_> and
  graciously agreed to a pragmatic resolution.

• The API docs were missing from the last version. They are now restored <apidocs_>_.

.. _apidocs: https://coverage.readthedocs.io/en/latest/api_coverage.html
.. _starbadhttps://github.com/nedbat/coveragepy/issues/1407#issuecomment-163108520909
.. _pull 165https://github.com/nedbat/coveragepy/pull/1650650

.. _changes_7-3-0:

v7.3.0

Compare Source

• Added a :meth:.Coverage.collect context manager to start and stop coverage
  data collection.

• Dropped support for Python 3.7.

• Fix: in unusual circumstances, SQLite cannot be set to asynchronous mode.
  Coverage.py would fail with the error Safety level may not be changed inside a transaction. This is now avoided, closing issue 1646_. Thanks
  to Michael Bell for the detailed bug report.

• Docs: examples of configuration files now include separate examples for the
  different syntaxes: .coveragerc, pyproject.toml, setup.cfg, and tox.ini.

• Fix: added nosemgrep comments to our JavaScript code so that
  semgrep-based SAST security checks won't raise false alarms about security
  problems that aren't problems.

• Added a CITATION.cff file, thanks to Ken Schackart <pull 1641_>_.

.. _pull 1641:https://github.com/nedbat/coveragepy/pull/16411
.. _issue 1646https://github.com/nedbat/coveragepy/issues/164646

.. _changes_7-2-7:

django-auth-ldap/django-auth-ldap (django-auth-ldap)

v4.5.0

Compare Source

What's Changed

• Allow to reload DN when using user-bind and DN-template by @​sevdog in https://github.com/django-auth-ldap/django-auth-ldap/pull/347

New Contributors

• @​sevdog made their first contribution in https://github.com/django-auth-ldap/django-auth-ldap/pull/347

Full Changelog: django-auth-ldap/django-auth-ldap@4.4.0...4.5.0

v4.4.0

Compare Source

What's Changed

• Drop support for Python 3.7 by @​francoisfreitag in https://github.com/django-auth-ldap/django-auth-ldap/pull/343

Full Changelog: django-auth-ldap/django-auth-ldap@4.3.0...4.4.0

celery/django-celery-results (django-celery-results)

v2.5.1

Compare Source

=====
:release-date: 2023-05-08 8:15 P.M. UTC+6:00
:release-by: Asif Saif Uddin

• Revert "feat: raw delete expired instead of Queryset.delete (#​235)" partially.

.. _version-2.5.0:

v2.5.0

Compare Source

=====
:release-date: 2023-03-13 5:45 P.M. UTC+6:00
:release-by: Asif Saif Uddin

• try possible fix to avoid a oracle regression (#​325).
• Added periodic_task_name to admin fieldset for parity with list view.
• Only update the ChordCounter.count field when saving.
• Meta injection (#​366).

.. _version-2.4.0:

jazzband/django-debug-toolbar (django-debug-toolbar)

v4.2.0

Compare Source

carltongibson/django-filter (django-filter)

v23.2

Compare Source

• Deprecated the schema generation methods of the DRF related DjangoFilterBackend.
  These will be removed in version 25.1.

  You should use drf-spectacular <https://drf-spectacular.readthedocs.io/en/latest/>_
  for generating OpenAPI schemas with DRF.

• In addition, stopped testing against the (very old now) coreapi schema generation.
  These methods should continue to work if you're using them until v25.1, but
  coreapi is no longer maintained, and is raising warnings against the current
  versions of Python. To workaround this is not worth the effort at this point.

• Updated Polish translations.

niwinz/django-jinja (django-jinja)

v2.11.0

Compare Source

Released September 3rd, 2023

• Drop Django 2.2 support, now require >=3.2.
• Drop Python 3.6 and 3.7 support, now require >=3.8.
• Add Django 4.1 and 4.2 support.
• Add Python 3.11 support.
• Provide a better default template engine NAME than 'backend' (#​303):

Previously, when configuring TEMPLATES in Django's settings,
NAME had to be set to avoid the template engine's name becoming "backend":

jschneier/django-storages (django-storages)

v1.14

Compare Source

tfranzel/drf-spectacular (drf-spectacular)

v0.26.4

Compare Source

• fix django-polymorphic empty serializer case #&#8203;1029 <https://github.com/tfranzel/drf-spectacular/issues/1029>_ #&#8203;542 <https://github.com/tfranzel/drf-spectacular/issues/542>_
• Add a blueprint for pydantic 2 [Carmen Alvarez]
• bugfix exclude behavior on subclassing #&#8203;1025 <https://github.com/tfranzel/drf-spectacular/issues/1025>_
• relax django-filter subclassing restriction #&#8203;1022 <https://github.com/tfranzel/drf-spectacular/issues/1022>_
• factor out serializer name estimation for easier modification #&#8203;976 <https://github.com/tfranzel/drf-spectacular/issues/976>_
• Fixing Pydantic Extension (#&#8203;1021 <https://github.com/tfranzel/drf-spectacular/issues/1021>_) [sydney-runkle]
• add Authorization header for oauth2 Bearer token [Danial]
• allow already supported lazy string in types #&#8203;982 <https://github.com/tfranzel/drf-spectacular/issues/982>_

Breaking changes / important additions:

• some minor bugfixes as well as improvements to django-filter and django-polymorphic.
• it is now significantly easier to adapt serializer naming via AutoSchema subclassing.

FactoryBoy/factory_boy (factory-boy)

v3.3.0

Compare Source

pycqa/flake8 (flake8)

v6.1.0

Compare Source

tfoxy/graphene-django-optimizer (graphene-django-optimizer)

v0.10.0: Fix compatibility with graphql-core v3.2

Compare Source

See https://github.com/tfoxy/graphene-django-optimizer/pull/83

Creating a new version instead of v0.9.2 because a test was failing so it may break things for some people.

v0.9.1

Compare Source

v0.9.0: Support for Graphene 3

Compare Source

Add support for Graphene 3.

BREAKING CHANGE

Graphene 2 is no longer supported. You can use v0.8, which will be maintained for fixes.

python-jsonschema/jsonschema (jsonschema)

v4.19.0

Compare Source

=======

• Importing the Validator protocol directly from the package root is deprecated.
  Import it from jsonschema.protocols.Validator instead.
• Automatic retrieval of remote references (which is still deprecated) now properly succeeds even if the retrieved resource does not declare which version of JSON Schema it uses.
  Such resources are assumed to be 2020-12 schemas.
  This more closely matches the pre-referencing library behavior.

mkdocs/mkdocs (mkdocs)

v1.5.2

Compare Source

• Bugfix (regression in 1.5.0): Restore functionality of --no-livereload. (#​3320)

• Bugfix (regression in 1.5.0): The new page title detection would sometimes be unable to drop anchorlinks - fix that. (#​3325)

• Partly bring back pre-1.5 API: extra_javascript items will once again be mostly strings, and only sometimes ExtraStringValue (when the extra script functionality is used).

  Plugins should be free to append strings to config.extra_javascript, but when reading the values, they must still make sure to read it as str(value) in case it is an ExtraScriptValue item. For querying the attributes such as .type you need to check isinstance first. Static type checking will guide you in that. (#​3324)

See commit log.

v1.5.1

Compare Source

• Bugfix (regression in 1.5.0): Make it possible to treat ExtraScriptValue as a path. This lets some plugins still work despite the breaking change.

• Bugfix (regression in 1.5.0): Prevent errors for special setups that have 3 conflicting files, such as index.html, index.md and README.md (#​3314)

See commit log.

v1.5.0

Compare Source

New: MkDocs now accepts donations. Please consider supporting the current maintainer at my new GitHub sponsorship page.

MkDocs has been a totally free project since the beginning and wasn't accepting funds. MkDocs will remain free of paywalls, but now you can show your support with donations (one-time and/or recurring).

Donate for MkDocs - @​oprypin sponsors page

And please also consider these other individuals who have been contributing to the ecosystem for a long time and check out their donations pages:

@​facelessuser
@​pawamoy
@​Ultrabug

---

Release 1.5.0

New command mkdocs get-deps

This command guesses the Python dependencies that a MkDocs site requires in order to build. It simply prints the PyPI packages that need to be installed. In the terminal it can be combined directly with an installation command as follows:

pip install $(mkdocs get-deps)

The idea is that right after running this command, you can directly follow it up with mkdocs build and it will almost always "just work", without needing to think which dependencies to install.

The way it works is by scanning mkdocs.yml for themes:, plugins:, markdown_extensions: items and doing a reverse lookup based on a large list of known projects (catalog, see below).

Of course, you're welcome to use a "virtualenv" with such a command. Also note that for environments that require stability (for example CI) directly installing deps in this way is not a very reliable approach as it precludes dependency pinning.

The command allows overriding which config file is used (instead of mkdocs.yml in the current directory) as well as which catalog of projects is used (instead of downloading it from the default location). See mkdocs get-deps --help.

Context: #​3205

MkDocs has an official catalog of plugins

Check out https://github.com/mkdocs/catalog and add all your general-purpose plugins, themes and extensions there, so that they can be looked up through mkdocs get-deps.

This was renamed from "best-of-mkdocs" and received significant updates. In addition to pip installation commands, the page now shows the config boilerplate needed to add a plugin.

Expanded validation of links

Validated links in Markdown

As you may know, within Markdown, MkDocs really only recognizes relative links that lead to another physical *.md document (or media file). This is a good convention to follow because then the source pages are also freely browsable without MkDocs, for example on GitHub. MkDocs knows that in the output it should turn those *.md links into *.html as appropriate, and it would also always tell you if such a link doesn't actually lead to an existing file.

However, the checks for links were really loose and had many concessions. For example, links that started with / ("absolute") and links that ended with / were left as is and no warning was shown, which allowed such very fragile links to sneak into site sources: links that happen to work right now but get no validation and links that confusingly need an extra level of .. with use_directory_urls enabled.

Now, in addition to validating relative links, MkDocs will print INFO messages for unrecognized types of links (including absolute links). They look like this:

INFO - Doc file 'example.md' contains an absolute link '/foo/bar/', it was left as is. Did you mean 'foo/bar.md'?

If you don't want any changes, not even the INFO messages, and wish to revert to the silence from MkDocs 1.4, add the following configs to mkdocs.yml (not recommended):

validation:
  absolute_links: ignore
  unrecognized_links: ignore

If, on the opposite end, you want these to print WARNING messages and cause mkdocs build --strict to fail, you are recommended to configure these to warn instead.

See documentation for actual recommended settings and more details. Context: #​3283

Validated links in the nav

Links to documents in the nav configuration now also have configurable validation, though with no changes to the defaults.

You are welcomed to turn on validation for files that were forgotten and excluded from the nav. Example:

validation:
  nav:
    omitted_files: warn
    absolute_links: warn

This can make the following message appear with the WARNING level (as opposed to INFO as the only option previously), thus being caught by mkdocs --strict:

INFO - The following pages exist in the docs directory, but are not included in the "nav" configuration: ...

See documentation. Context: #​3283, #​1755

Mark docs as intentionally "not in nav"

There is a new config not_in_nav. With it, you can mark particular patterns of files as exempt from the above omitted_files warning type; no messages will be printed for them anymore. (As a corollary, setting this config to * is the same as ignoring omitted_files altogether.)

This is useful if you generally like these warnings about files that were forgotten from the nav, but still have some pages that you knowingly excluded from the nav and just want to build and copy them.

The not_in_nav config is a set of gitignore-like patterns. See the next section for an explanation of another such config.

See documentation. Context: #​3224, #​1888

Excluded doc files

There is a new config exclude_docs that tells MkDocs to ignore certain files under docs_dir and not copy them to the built site as part of the build.

Historically MkDocs would always ignore file names starting with a dot, and that's all. Now this is all configurable: you can un-ignore these and/or ignore more patterns of files.

The exclude_docs config follows the .gitignore pattern format and is specified as a multiline YAML string. For example:

exclude_docs: |
  *.py               # Excludes e.g. docs/hooks/foo.py
  /drafts            # Excludes e.g. docs/drafts/hello.md
  /requirements.txt  # Excludes docs/requirements.txt

Validation of links (described above) is also affected by exclude_docs. During mkdocs serve the messages explain the interaction, whereas during mkdocs build excluded files are as good as nonexistent.

As an additional related change, if you have a need to have both README.md and index.md files in a directory but publish only one of them, you can now use this feature to explicitly ignore one of them and avoid warnings.

See documentation. Context: #​3224

Drafts

The exclude_docs config has another behavior: all excluded Markdown pages will still be previewable in mkdocs serve only, just with a "DRAFT" marker on top. Then they will of course be excluded from mkdocs build or gh-deploy.

If you don't want mkdocs serve to have any special behaviors and instead want it to perform completely normal builds, use the new flag mkdocs serve --clean.

See documentation. Context: #​3224

mkdocs serve no longer exits after build errors

If there was an error (from the config or a plugin) during a site re-build, mkdocs serve used to exit after printing a stack trace. Now it will simply freeze the server until the author edits the files to fix the problem, and then will keep reloading.

But errors on the first build still cause mkdocs serve to exit, as before.

Context: #​3255

Page titles will be deduced from any style of heading

MkDocs always had the ability to infer the title of a page (if it's not specified in the nav) based on the first line of the document, if it had a <h1> heading that had to written starting with the exact character #. Now any style of Markdown heading is understood (#​1886). Due to the previous simplistic parsing, it was also impossible to use attr_list attributes in that first heading (#​3136). Now that is also fixed.

Markdown extensions can use paths relative to the current document

This is aimed at extensions such as pymdownx.snippets or markdown_include.include: you can now specify their include paths to be relative to the currently rendered Markdown document, or relative to the docs_dir. Any other extension can of course also make use of the new !relative YAML tag.

markdown_extensions:
  - pymdownx.snippets:
      base_path: !relative

See documentation. Context: #​2154, #​3258

<script> tags can specify type="module" and other attributes

In extra_javascript, if you use the .mjs file extension or explicitly specify a type: module key, the script will be added with the type="module" attribute. defer: true and async: true keys are also available.

See updated documentation for extra_javascript.

At first this is only supported in built-in themes, other themes need to follow up, see below.

Context: #​3237

Changes for theme developers (action required!)

Using the construct {% for script in extra_javascript %} is now fully obsolete because it cannot allow customizing the attributes of the <script> tag. It will keep working but blocks some of MkDocs' features.

Instead, you now need to use config.extra_javascript (which was already the case for a while) and couple it with the new script_tag filter:

    {%- for script in config.extra_javascript %}
      {{ script | script_tag }}
    {%- endfor %}

See documentation.

Upgrades for plugin developers

• Breaking change: config.extra_javascript is no longer a plain list of strings, but instead a list of ExtraScriptValue items. So you can no longer treat the list values as strings. If you want to keep compatibility with old versions, just always reference the items as str(item) instead. And you can still append plain strings to the list if you wish. See information about <script> tags above. Context: #​3237

• File has a new attribute inclusion. Its value is calculated from both the exclude_docs and not_in_nav configs, and implements their behavior. Plugins can read this value or write to it. New File instances by default follow whatever the configs say, but plugins can choose to make this decision explicitly, per file.

• When creating a File, one can now set a dest_uri directly, rather than having to update it (and other dependent attributes) after creation. Context

• A new config option was added - DictOfItems. Similarly to ListOfItems, it validates a mapping of config options that all have the same type. Keys are arbitrary but always strings. Context: #​3242

• A new function get_plugin_logger was added. In order to opt into a standardized way for plugins to log messages, please use the idiom:

  log = mkdocs.plugins.get_plugin_logger(__name__)
  ...
  log.info("Hello, world")

  Context: #​3245

• SubConfig config option can be conveniently subclassed with a particular type of config specified. For example, class ExtraScript(SubConfig[ExtraScriptValue]):. To see how this is useful, search for this class in code. Context

• Bugfix: SubConfig had a bug where paths (from FilesystemObject options) were not made relative to the main config file as intended, because config_file_path was not properly inherited to it. This is now fixed. Context: #​3265

• Config members now have a way to avoid clashing with Python's reserved words. This is achieved by stripping a trailing underscore from each member's name.

  Example of adding an async boolean option that can be set by the user as async: true and read programmatically as config.async_:

  class ExampleConfig(Config):
      async_ = Type(bool, default=False)

  Previously making a config key with a reserved name was impossible with new-style schemas. Context

• Theme has its attributes properly declared and gained new attributes theme.locale, theme.custom_dir.

• Some type annotations were made more precise. For example:

  • The context parameter has gained the type TemplateContext (TypedDict). Context
  • The classes Page, Section, Link now have a common base class StructureItem. Context
  • Some methods stopped accepting Config and only accept MkDocsConfig as was originally intended. Context
  • config.mdx_configs got a proper type. Context: #​3229

Theme updates

• Built-in themes mostly stopped relying on <script defer>. This may affect some usages of extra_javascript, mainly remove the need for custom handling of "has the page fully loaded yet". Context: #​3237

• "mkdocs" theme now has a styling for > blockquotes, previously they were not distinguished at all. Context: #​3291

• "readthedocs" theme was updated to v1.2.0 according to upstream, with improved styles for <kbd> and breadcrumb navigation. Context: #​3058

• Both built-in themes had their version of highlight.js updated to 11.8.0, and jQuery updated to 3.6.0.

Bug fixes

Relative paths in the nav can traverse above the root

Regression in 1.2 - relative paths in the nav could no longer traverse above the site's root and were truncated to the root. Although such traversal is discouraged and produces a warning, this was a documented behavior. The behavior is now restored.

Context: #​2752, [#

---

Configuration

📅 Schedule: Branch creation - "before 2am on Friday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[bryanculver]

We should reconsider our upgrade policy:

Open up our upper bounds and have Renovate encourage opening them instead of forcing upgrades unless a CVE is being addressed.