fix(deps): update all minor dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
PyJWT	2.9.0 -> 2.10.1					dependencies	minor
apig-wsgi (changelog)	2.18.0 -> 2.19.0					dependencies	minor
cachelib (changelog)	0.12.0 -> 0.13.0					dependencies	minor
certifi	2024.8.30 -> 2024.12.14					dependencies	minor
click-datetime	0.2 -> 0.4.0					dependencies	minor
flask-marshmallow	0.14.0 -> 0.15.0					dependencies	minor
locust (source)	2.31.3 -> 2.32.4					test	minor
marshmallow (changelog)	3.22.0 -> 3.23.1					dependencies	minor	3.23.2
newrelic (source)	10.3.0 -> 10.4.0					dependencies	minor
python	~3.10.9 -> ~3.13.0					dependencies	minor

Review

• Updates have been tested and work
• If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

---

Release Notes

jpadilla/pyjwt (PyJWT)

v2.10.1

Compare Source

v2.10.0

Compare Source

Fixed

- Prevent partial matching of `iss` claim by @&#8203;fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

adamchainz/apig-wsgi (apig-wsgi)

v2.19.0

Compare Source

• Support Python 3.13.

• Drop Python 3.8 support.

• Send binary responses if the 'content-encoding' header is set to any value, rather than just 'gzip'.

  Thanks to Zoe Guillen for the report in PR #&#8203;496 <https://github.com/adamchainz/apig-wsgi/pull/496>__.

• Enable binary support by default for ALB events.

  Thanks to Oliver Ford for the report in Issue #&#8203;513 <https://github.com/adamchainz/apig-wsgi/issues/513>__.

• Treat the content-type header "application/problem+json" as non binary by default.

  Thanks to Ido Savion in PR #&#8203;503 <https://github.com/adamchainz/apig-wsgi/pull/503>__.

pallets-eco/cachelib (cachelib)

v0.13.0

Compare Source

Released 2024-04-13

• default hashlib.md5 may not be available in FIPS builds. We
  now do not access it at import time on FileSystemCacheso developers
  have time to change the default.
  hashlib.md5 will be lazy loaded when a new default is not provided

certifi/python-certifi (certifi)

v2024.12.14

Compare Source

locustio/locust (locust)

v2.32.4

Compare Source

Full Changelog

Fixed bugs:

• Number of requests lower than expected in web UI #​3000
• Reports download links do not contain web-base-path #​2998
• Setuptools CVE-2024-6345 #​2995
• When using exclude-tags to exclude more than two tags, this setting will not take effect #​2994

Merged pull requests:

• Allow showing auth info on blank page #​3002 (andrewbaldwin44)
• Number of requests lower than expected in web UI #​3001 (andrewbaldwin44)
• Webui links should be relative #​2999 (andrewbaldwin44)
• Dependency and node version bump #​2997 (andrewbaldwin44)
• Fix example in docs #​2993 (daniloakamine)
• Add Input Type to Login Form #​2992 (andrewbaldwin44)
• Update configuration.rst to show minimalistic config example #​2990 (vkuehn)
• Fix README Images for PyPi #​2989 (andrewbaldwin44)

v2.32.3

Compare Source

Full Changelog

Fixed bugs:

• Setuptools CVE-2022-40897 #​2986
• master crash with different version worker #​2975

Merged pull requests:

• Ensure we never use old version of setuptools #​2988 (cyberw)
• README Themed Screenshots #​2985 (andrewbaldwin44)
• When specifying locustfile fia url, output start of response text when it wasnt valid python #​2983 (cyberw)
• Use debug log level for first 5s of waiting for workers to be ready. #​2982 (cyberw)
• Add option for Extra Options to be Required #​2981 (andrewbaldwin44)
• Update ruff mypy #​2978 (tdadela)
• Fix crash with older worker version requesting locustfile from master #​2976 (cyberw)
• Use f-strings instead of old style string interpolation #​2974 (tdadela)

v2.32.2

Compare Source

Full Changelog

Fixed bugs:

• Requests not ramping up after switching to using pydantic in django project #​2960
• The locust chart shows that data is still being recorded after the timed run time expires #​2910

Closed issues:

• Downloading report should provide a meaningful human name #​2931
• Hard coded path make it impossible to host the UI on a path (instead of the domain root) #​2909

Merged pull requests:

• Fix Incorrectly Updating Stat History #​2972 (andrewbaldwin44)
• Webui Add Markdown Support for Auth Page #​2969 (andrewbaldwin44)
• Fix Web Base Path Env Variable #​2967 (andrewbaldwin44)
• Locust Configurable Web Base Path #​2966 (andrewbaldwin44)
• Fix Auth Args Type #​2965 (andrewbaldwin44)
• Webui Add Auth Info to Auth Page #​2963 (andrewbaldwin44)
• Fix doc link #​2961 (tjandy98)
• Report name #​2947 (obriat)

v2.32.1

Compare Source

What's Changed

• Web UI Remove Default Value for Select if Value is Provided by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2943
• Web UI Auth Add Password Visibility Toggle by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2941
• LocustBadStatusCode without url param in fasthttp by @​swaalt in https://github.com/locustio/locust/pull/2944
• Add Google Analytics to docs.locust.io by @​heyman in https://github.com/locustio/locust/pull/2948
• Webui Echarts Time Axis Should be Localized by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2949
• Webui Fix Echarts Axis Formatting by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2950
• Webui Override Markdown HTML Link with MUI Link by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2951
• Webui Add Custom Form to Auth Page by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2952
• Webui Echarts Redraw Request Lines if Changed by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2953

New Contributors

• @​swaalt made their first contribution in https://github.com/locustio/locust/pull/2944

Full Changelog: locustio/locust@2.32.0...2.32.1

v2.32.0

Compare Source

Full Changelog

Fixed bugs:

• logfile is erroniously written when there are many workers. #​2927
• Form field for users, spawn rate, and run time still visible in UI although CustomShape defined without use_common_options. #​2924
• --html with --process 4 then get ValueError: StatsEntry.use_response_times_cache must be set to True #​2908
• IPV6 check doesn't work as expected on AWS EKS #​2787

Merged pull requests:

• Log deprecation warning for Python 3.9 #​2940 (cyberw)
• Run tests on python 3.13 too #​2939 (cyberw)
• Web UI - Fix Line Chart #​2935 (andrewbaldwin44)
• Modern UI - Fix Hide Common Options #​2934 (andrewbaldwin44)
• Allow alerts and errors on new and edit form #​2932 (andrewbaldwin44)
• Add error message to swarm form #​2930 (andrewbaldwin44)
• Disable --csv for workers when using --processes. #​2929 (cyberw)
• Decide if ipv6 can work #​2923 (nc-marco)
• Webui Add Form Alert #​2922 (andrewbaldwin44)
• Add faq item: Basic auth (Authorization header) does not work after redirection #​2921 (obriat)
• Add CSRF example #​2920 (andrewbaldwin44)
• Web UI Add Exports for Library #​2919 (andrewbaldwin44)
• lower log level for unnecessary --autostart argument #​2918 (cyberw)

v2.31.8

Compare Source

What's Changed

• Fix RTD versioning with a deep git clone by @​mquinnfd in https://github.com/locustio/locust/pull/2913
• Url in template arg by @​fletelli42 in https://github.com/locustio/locust/pull/2914
• Web UI Auth submit should submit a POST request by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2915
• Log locust-cloud version if it is installed by @​cyberw in https://github.com/locustio/locust/pull/2916

New Contributors

• @​fletelli42 made their first contribution in https://github.com/locustio/locust/pull/2914

Full Changelog: locustio/locust@2.31.7...2.31.8

v2.31.7

Compare Source

Full Changelog

Merged pull requests:

• Fix Dependabot Complaints #​2912 (andrewbaldwin44)
• Improve Web UI Logging #​2911 (andrewbaldwin44)
• Pin python versions to avoid gh caching issue + always Install Dependencies, even when it looks like there was a cache hit #​2907 (cyberw)
• Fix Login Manager Error Message #​2905 (andrewbaldwin44)
• Log locust version earlier #​2904 (cyberw)
• Add Mongodb test example #​2903 (guel-codes)

v2.31.6

Compare Source

Full Changelog

Fixed bugs:

• RPS vs Total Running Users #​2895
• Overwriting weight by config-users may lead to crash #​2852
• FastHttpSession requests typing for the json argument should support lists #​2842
• Dockerfile warning #​2811

Closed issues:

• Cleaning up the build process #​2857
• Simplify GitHub Actions using install-poetry #​2822

Merged pull requests:

• Add Error Message for Accessing Login Manager without --web-login #​2902 (andrewbaldwin44)
• Update Webui README #​2901 (andrewbaldwin44)
• fix: Add worker_count = 1 to LocalRunner for parity with MasterRunner #​2900 (tarkatronic)
• Remove redundant None in Any | None annotations #​2892 (tdadela)
• Fix _kl_generator by filtering nonpositive User weights #​2891 (tdadela)
• Update README.md #​2889 (JonanOribe)
• Filename from URL Should Strip Query Params #​2887 (andrewbaldwin44)
• Simplify Generator annotations - PEP 696 #​2886 (tdadela)
• Fix FastHttpSession.request json typing #​2885 (tdadela)

v2.31.5

Compare Source

Full Changelog

Fixed bugs:

• Pressure testing is over, but RPS and Users still have data #​2870

Merged pull requests:

• Ensure we don't accidentally hide errors while importing in locust-cloud or locust-plugins #​2881 (cyberw)
• Add publishing dependency on build package step #​2880 (mquinnfd)
• Build pipeline tweaks - docker tagging #​2879 (mquinnfd)
• Webui Remove chart initial data fetch #​2878 (andrewbaldwin44)
• Document use with uvx and remove openssl version from --version output #​2877 (cyberw)
• Web UI Remove Scroll to Zoom #​2876 (andrewbaldwin44)
• Cleaning and improvements in the Build Pipeline #​2873 (mquinnfd)
• WebUI: Correct types for form select #​2872 (andrewbaldwin44)

v2.31.4

Compare Source

Full Changelog

Merged pull requests:

• Webui Allow changing select input size #​2871 (andrewbaldwin44)
• Webui Replace Logo SVG #​2867 (andrewbaldwin44)
• Add favicon that looks good in light color theme #​2866 (heyman)
• Webui Add build lib command to package.json #​2865 (andrewbaldwin44)
• Web UI Github Action Publish steps must Build lib #​2864 (andrewbaldwin44)
• Fix npm publish issue #​2863 (cyberw)
• GH actions: Update names of publish steps. Don't run prerelease steps when no prerelease is actually going to be published #​2862 (cyberw)
• Webui Fix Version Tag in NPM Prerelease Step #​2861 (andrewbaldwin44)
• Webui Fix NPM Publish Step #​2860 (andrewbaldwin44)
• Web UI as a Library NPM Release #​2858 (andrewbaldwin44)
• Add PostgresUser to examples #​2836 (guel-codes)

marshmallow-code/marshmallow (marshmallow)

v3.23.1

Compare Source

v3.23.0

Compare Source

newrelic/newrelic-python-agent (newrelic)

v10.4.0

Compare Source

Notes

This release of the Python agent adds support for async PyMongo, Motor, aiomysql, a new AWS account ID configuration setting, linking AWS entities for DynamoDB and Lambda, and fixes a path typing issue in newrelic.initialize().

Install the agent using easy_install/pip/distribute via the Python Package Index or download it directly from the New Relic download site.

New features

• Add support for async PyMongo

  • Instrumentation support was added for asynchronous PyMongo. Note that this API is currently in beta and may be subject to future breaking changes, which may affect instrumentation.

• Add support for Motor

  • Instrumentation support was added for motor.

• Add support for aiomysql

  • Add support for aiomysql.

• Add new AWS account ID configuration setting

  • Some AWS instrumentations are not able to automatically determine the AWS account ID which is used to link the AWS entity in the service map. When cloud.aws.account_id is set, it will be used in certain AWS instrumentations such as DynamoDB to link the DynamoDB AWS entity in the service map.

• Link AWS entity for DynamoDB

  • Add linking to the AWS entity in the service map for DynamoDB. This linking is done by utilizing the cloud.aws.account_id configuration setting.

• Link AWS entity for Lambda

  • Add linking to the AWS entity in the service map for Lambda. This linking is done by attaching the ARN to the lambda call's span.

Bug fixes

• Fix path typing issue in newrelic.initialize()

  • Fixes a bug in newrelic.initialize() where path-like objects were not accepted. This has been corrected to support strings, bytes, or PathLike objects.

Support statement

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date.

See the New Relic Python agent EOL policy for information about agent releases and support dates.

v10.3.1

Compare Source

Notes

This release of the Python agent fixes a bug in the package version collector that disabled telemetry from being sent to New Relic in certain cases.

Install the agent using easy_install/pip/distribute via the Python Package Index or download it directly from the New Relic download site.

Bug fixes

• Fix agent crash when uploading package version info

  • Previously, if package versioning was a class property then the function itself was sent with the payload. This would then display the __repr__() of the versioning class in the environment stats. In v10.3.0, this task was tweaked and moved to the harvest cycle that caused a failure during the payload conversion to JSON and disabled the telemetry transmission. This release introduces logic to exclude invalid data types from the module payload.

Support statement

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date.

See the New Relic Python agent EOL policy for information about agent releases and support dates.

containerbase/python-prebuild (python)

v3.13.1

Compare Source

Bug Fixes

• deps: update dependency python to v3.13.1

v3.13.0

Compare Source

Bug Fixes

• deps: update dependency python to v3.13.0

v3.12.8

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.8

v3.12.7

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.7

v3.12.6

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.6

v3.12.5

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.5

v3.12.4

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.4

v3.12.3

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.3

v3.12.2

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.2

v3.12.1

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.1

v3.12.0

Compare Source

Bug Fixes

• deps: update dependency python to v3.12.0

v3.11.11

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.11

v3.11.10

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.10

v3.11.9

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.9

v3.11.8

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.8

v3.11.7

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.7

v3.11.6

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.6

v3.11.5

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.5

v3.11.4

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.4

v3.11.3

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.3

v3.11.2

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.2

v3.11.1

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.1

v3.11.0

Compare Source

Bug Fixes

• deps: update dependency python to v3.11.0

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone America/Montreal, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv notification-api-Nm9E1q_n-py3.13 in /home/ubuntu/.cache/pypoetry/virtualenvs

The current project's supported Python range (>=3.13.0,<3.14.0) is not compatible with some of the required packages Python requirement:
  - notifications-utils requires Python ~3.10.9, so it will not be satisfied for Python >=3.13.0,<3.14.0
  - notifications-utils requires Python ~3.10.9, so it will not be satisfied for Python >=3.13.0,<3.14.0

Because notifications-utils (52.4.1) @ git+https://github.com/cds-snc/notifier-utils.git@task/pre-3.12-recipient-csv-annual-limit-validation requires Python ~3.10.9
 and notifications-utils (52.4.1) @ git+https://github.com/cds-snc/notifier-utils.git@task/pre-3.12-recipient-csv-annual-limit-validation requires Python ~3.10.9, version solving failed.

  • Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
    
    For notifications-utils, a possible solution would be to set the `python` property to "<empty>"
    For notifications-utils, a possible solution would be to set the `python` property to "<empty>"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers