Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Scheduled weekly dependency update for week 31 (#19)
### Update [pip](https://pypi.org/project/pip) from **10.0.1** to **18.0**. <details> <summary>Changelog</summary> ### 18.0 ``` ================= Process ------- - Switch to a Calendar based versioning scheme. - Formally document our deprecation process as a minimum of 6 months of deprecation warnings. - Adopt and document NEWS fragment writing style. - Switch to releasing a new, non bug fix version of pip every 3 months. Deprecations and Removals ------------------------- - Remove the legacy format from pip list. (3651, 3654) - Dropped support for Python 3.3. (3796) - Remove support for cleaning up egg fragment postfixes. (4174) - Remove the shim for the old get-pip.py location. (5520) For the past 2 years, it's only been redirecting users to use the newer https://bootstrap.pypa.io/get-pip.py location. Features -------- - Introduce a new --prefer-binary flag, to prefer older wheels over newer source packages. (3785) - Improve autocompletion function on file name completion after options which have ``<file>``, ``<dir>`` or ``<path>`` as metavar. (4842, 5125) - Add support for installing PEP 518 build dependencies from source. (5229) - Improve status message when upgrade is skipped due to only-if-needed strategy. (5319) Bug Fixes --------- - Update pip's self-check logic to not use a virtualenv specific file and honor cache-dir. (3905) - Remove compiled pyo files for wheel packages. (4471) - Speed up printing of newly installed package versions. (5127) - Restrict install time dependency warnings to directly-dependant packages. (5196, 5457) Warning about the entire package set has resulted in users getting confused as to why pip is printing these warnings. - Improve handling of PEP 518 build requirements: support environment markers and extras. (5230, 5265) - Remove username/password from log message when using index with basic auth. (5249) - Remove trailing os.sep from PATH directories to avoid false negatives. (5293) - Fix "pip wheel pip" being blocked by the "don't use pip to modify itself" check. (5311, 5312) - Disable pip's version check (and upgrade message) when installed by a different package manager. (5346) This works better with Linux distributions where pip's upgrade message may result in users running pip in a manner that modifies files that should be managed by the OS's package manager. - Check for file existence and unlink first when clobbering existing files during a wheel install. (5366) - Improve error message to be more specific when no files are found as listed in as listed in PKG-INFO. (5381) - Always read ``pyproject.toml`` as UTF-8. This fixes Unicode handling on Windows and Python 2. (5482) - Fix a crash that occurs when PATH not set, while generating script location warning. (5558) - Disallow packages with ``pyproject.toml`` files that have an empty build-system table. (5627) Vendored Libraries ------------------ - Update CacheControl to 0.12.5. - Update certifi to 2018.4.16. - Update distro to 1.3.0. - Update idna to 2.7. - Update ipaddress to 1.0.22. - Update pkg_resources to 39.2.0 (via setuptools). - Update progress to 1.4. - Update pytoml to 0.1.16. - Update requests to 2.19.1. - Update urllib3 to 1.23. Improved Documentation ---------------------- - Document how to use pip with a proxy server. (512, 5574) - Document that the output of pip show is in RFC-compliant mail header format. (5261) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pip - Changelog: https://pyup.io/changelogs/pip/ - Homepage: https://pip.pypa.io/ </details> ### Update [tox](https://pypi.org/project/tox) from **3.0.0** to **3.1.3**. <details> <summary>Changelog</summary> ### 3.1.2 ``` ------------------ Bugfixes ^^^^^^^^ - Revert "Fix bug with incorrectly defactorized dependencies (`772 <https://github.com/tox-dev/tox/issues/772>`_)" due to a regression (`(799) <https://github.com/tox-dev/tox/issues/899>`_) - by :user:`obestwalter` ``` ### 3.1.1 ``` ------------------ Bugfixes ^^^^^^^^ - PyPi documentation for ``3.1.0`` is broken. Added test to check for this, and fix it by :user:`gaborbernat`. (`879 <https://github.com/tox-dev/tox/issues/879>`_) ``` ### 3.1.0 ``` ------------------ Bugfixes ^^^^^^^^ - Add ``ignore_basepython_conflict``, which determines whether conflicting ``basepython`` settings for environments containing default factors, such as ``py27`` or ``django18-py35``, should be ignored or result in warnings. This was a common source of misconfiguration and is rarely, if ever, desirable from a user perspective - by :user:`stephenfin` (`477 <https://github.com/tox-dev/tox/issues/477>`_) - Fix bug with incorrectly defactorized dependencies (deps passed to pip were not de-factorized) - by :user:`bartsanchez` (`706 <https://github.com/tox-dev/tox/issues/706>`_) Features ^^^^^^^^ - Add support for multiple PyPy versions using default factors. This allows you to use, for example, ``pypy27`` knowing that the correct intepreter will be used by default - by :user:`stephenfin` (`19 <https://github.com/tox-dev/tox/issues/19>`_) - Add support to explicitly invoke interpreter directives for environments with long path lengths. In the event that ``tox`` cannot invoke scripts with a system-limited shebang (e.x. a Linux host running a Jenkins Pipeline), a user can set the environment variable ``TOX_LIMITED_SHEBANG`` to workaround the system's limitation (e.x. ``export TOX_LIMITED_SHEBANG=1``) - by :user:`jdknight` (`794 <https://github.com/tox-dev/tox/issues/794>`_) - introduce a constants module to be used internally and as experimental API - by :user:`obestwalter` (`798 <https://github.com/tox-dev/tox/issues/798>`_) - Make ``py2`` and ``py3`` aliases also resolve via ``py`` on windows by :user:`asottile`. This enables the following things: ``tox -e py2`` and ``tox -e py3`` work on windows (they already work on posix); and setting ``basepython=python2`` or ``basepython=python3`` now works on windows. (`856 <https://github.com/tox-dev/tox/issues/856>`_) - Replace the internal version parsing logic from the not well tested `PEP-386 <https://www.python.org/dev/peps/pep-0386/>`_ parser for the more general `PEP-440 <https://www.python.org/dev/peps/pep-0440/>`_. `packaging >= 17.1 <https://pypi.org/project/packaging/>`_ is now an install dependency by :user:`gaborbernat`. (`860 <https://github.com/tox-dev/tox/issues/860>`_) Documentation ^^^^^^^^^^^^^ - extend the plugin documentation and make lot of small fixes and improvements - by :user:`obestwalter` (`797 <https://github.com/tox-dev/tox/issues/797>`_) - tidy up tests - remove unused fixtures, update old cinstructs, etc. - by :user:`obestwalter` (`799 <https://github.com/tox-dev/tox/issues/799>`_) - Various improvements to documentation: open browser once documentation generation is done, show Github/Travis info on documentation page, remove duplicate header for changelog, generate unreleased news as DRAFT on top of changelog, make the changelog page more compact and readable (width up to 1280px) by :user:`gaborbernat` (`859 <https://github.com/tox-dev/tox/issues/859>`_) Miscellaneous ^^^^^^^^^^^^^ - filter out unwanted files in package - by :user:`obestwalter` (`754 <https://github.com/tox-dev/tox/issues/754>`_) - make the already existing implicit API explicit - by :user:`obestwalter` (`800 <https://github.com/tox-dev/tox/issues/800>`_) - improve tox quickstart and corresponding tests - by :user:`obestwalter` (`801 <https://github.com/tox-dev/tox/issues/801>`_) - tweak codecov settings via .codecov.yml - by :user:`obestwalter` (`802 <https://github.com/tox-dev/tox/issues/802>`_) ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/tox - Changelog: https://pyup.io/changelogs/tox/ - Docs: https://tox.readthedocs.org/ </details> ### Update [Sphinx](https://pypi.org/project/Sphinx) from **1.7.5** to **1.7.6**. <details> <summary>Changelog</summary> ### 1.7.6 ``` ============================== Dependencies ------------ Incompatible changes -------------------- Deprecated ---------- Features added -------------- Bugs fixed ---------- * 5037: LaTeX ``\sphinxupquote{}`` breaks in Russian * sphinx.testing uses deprecated pytest API; ``Node.get_marker(name)`` * 5016: crashed when recommonmark.AutoStrictify is enabled * 5022: latex: crashed with docutils package provided by Debian/Ubuntu * 5009: latex: a label for table is vanished if table does not have a caption * 5048: crashed with numbered toctree * 2410: C, render empty argument lists for macros. * C++, fix lookup of full template specializations with no template arguments. * 4667: C++, fix assertion on missing references in global scope when using intersphinx. Thanks to Alan M. Carroll. * 5019: autodoc: crashed by Form Feed Character * 5032: autodoc: loses the first staticmethod parameter for old styled classes * 5036: quickstart: Typing Ctrl-U clears the whole of line * 5066: html: "relations" sidebar is not shown by default * 5091: latex: curly braces in index entries are not handled correctly * 5070: epub: Wrong internal href fragment links * 5104: apidoc: Interface of ``sphinx.apidoc:main()`` has changed * 5076: napoleon raises RuntimeError with python 3.7 * 5125: sphinx-build: Interface of ``sphinx:main()`` has changed * sphinx-build: ``sphinx.cmd.build.main()`` refers ``sys.argv`` instead of given argument * 5146: autosummary: warning is emitted when the first line of docstring ends with literal notation * autosummary: warnings of autosummary indicates wrong location (refs: 5146) * 5143: autodoc: crashed on inspecting dict like object which does not support sorting Testing -------- ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/sphinx - Changelog: https://pyup.io/changelogs/sphinx/ - Homepage: http://sphinx-doc.org/ </details> ### Update [cryptography](https://pypi.org/project/cryptography) from **2.2.2** to **2.3**. <details> <summary>Changelog</summary> ### 2.3 ``` ~~~~~~~~~~~~~~~~ * **SECURITY ISSUE:** :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag` allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the ``min_tag_length`` provided to the :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor. *CVE-2018-10903* * Added support for Python 3.7. * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the authenticated timestamp of a :doc:`Fernet </fernet>` token. * Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated. We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next ``cryptography`` release. * Fixed multiple issues preventing ``cryptography`` from compiling against LibreSSL 2.7.x. * Added :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number` for quick serial number searches in CRLs. * The :class:`~cryptography.x509.RelativeDistinguishedName` class now preserves the order of attributes. Duplicate attributes now raise an error instead of silently discarding duplicates. * :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if the wrapped key is an invalid length, instead of ``ValueError``. .. _v2-2-2: ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/cryptography - Changelog: https://pyup.io/changelogs/cryptography/ - Repo: https://github.com/pyca/cryptography </details> ### Update [PyYAML](https://pypi.org/project/PyYAML) from **3.12** to **3.13**. *The bot wasn't able to find a changelog for this release. [Got an idea?](https://github.com/pyupio/changelogs/issues/new)* <details> <summary>Links</summary> - PyPI: https://pypi.org/project/pyyaml - Homepage: http://pyyaml.org/wiki/PyYAML </details>
- Loading branch information
1 parent
25e1378
commit c73ea9f