Renovate update minor and patch updates (Python)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
gevent (changelog)	==24.10.2 -> ==24.10.3
locust (source)	==2.31.8 -> ==2.32.1
markupsafe (changelog)	==3.0.1 -> ==3.0.2
psutil	==6.0.0 -> ==6.1.0
werkzeug (changelog)	==3.0.4 -> ==3.0.6
zope-interface	==7.1.0 -> ==7.1.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-49766

On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.

CVE-2024-49767

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size setting.

The Request.max_content_length setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.

---

Release Notes

locustio/locust (locust)

v2.32.1

Compare Source

What's Changed

• Web UI Remove Default Value for Select if Value is Provided by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2943
• Web UI Auth Add Password Visibility Toggle by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2941
• LocustBadStatusCode without url param in fasthttp by @​swaalt in https://github.com/locustio/locust/pull/2944
• Add Google Analytics to docs.locust.io by @​heyman in https://github.com/locustio/locust/pull/2948
• Webui Echarts Time Axis Should be Localized by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2949
• Webui Fix Echarts Axis Formatting by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2950
• Webui Override Markdown HTML Link with MUI Link by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2951
• Webui Add Custom Form to Auth Page by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2952
• Webui Echarts Redraw Request Lines if Changed by @​andrewbaldwin44 in https://github.com/locustio/locust/pull/2953

New Contributors

• @​swaalt made their first contribution in https://github.com/locustio/locust/pull/2944

Full Changelog: locustio/locust@2.32.0...2.32.1

v2.32.0

Compare Source

Full Changelog

Fixed bugs:

• logfile is erroniously written when there are many workers. #​2927
• Form field for users, spawn rate, and run time still visible in UI although CustomShape defined without use_common_options. #​2924
• --html with --process 4 then get ValueError: StatsEntry.use_response_times_cache must be set to True #​2908
• IPV6 check doesn't work as expected on AWS EKS #​2787

Merged pull requests:

• Log deprecation warning for Python 3.9 #​2940 (cyberw)
• Run tests on python 3.13 too #​2939 (cyberw)
• Web UI - Fix Line Chart #​2935 (andrewbaldwin44)
• Modern UI - Fix Hide Common Options #​2934 (andrewbaldwin44)
• Allow alerts and errors on new and edit form #​2932 (andrewbaldwin44)
• Add error message to swarm form #​2930 (andrewbaldwin44)
• Disable --csv for workers when using --processes. #​2929 (cyberw)
• Decide if ipv6 can work #​2923 (nc-marco)
• Webui Add Form Alert #​2922 (andrewbaldwin44)
• Add faq item: Basic auth (Authorization header) does not work after redirection #​2921 (obriat)
• Add CSRF example #​2920 (andrewbaldwin44)
• Web UI Add Exports for Library #​2919 (andrewbaldwin44)
• lower log level for unnecessary --autostart argument #​2918 (cyberw)

pallets/markupsafe (markupsafe)

v3.0.2

Compare Source

Released 2024-10-18

• Fix compatibility when __str__ returns a str subclass. :issue:472
• Build requires setuptools >= 70.1. :issue:475

giampaolo/psutil (psutil)

v6.1.0

Compare Source

=====

2024-10-17

Enhancements

• 2366_, [Windows]: drastically speedup process_iter(). We now determine
  process unique identity by using process "fast" create time method. This
  will considerably speedup those apps which use process_iter() only once,
  e.g. to look for a process with a certain name.
• 2446_: use pytest instead of unittest.
• 2448_: add make install-sysdeps target to install the necessary system
  dependencies (python-dev, gcc, etc.) on all supported UNIX flavors.
• 2449_: add make install-pydeps-test and make install-pydeps-dev
  targets. They can be used to install dependencies meant for running tests and
  for local development. They can also be installed via pip install .[test]
  and pip install .[dev].
• 2456_: allow to run tests via python3 -m psutil.tests even if pytest
  module is not installed. This is useful for production environments that
  don't have pytest installed, but still want to be able to test psutil
  installation.

Bug fixes

• 2427_: psutil (segfault) on import in the free-threaded (no GIL) version of
  Python 3.13. (patch by Sam Gross)
• 2455_, [Linux]: IndexError may occur when reading /proc/pid/stat and
  field 40 (blkio_ticks) is missing.
• 2457_, [AIX]: significantly improve the speed of Process.open_files()_ for
  some edge cases.
• 2460_, [OpenBSD]: Process.num_fds()_ and Process.open_files()_ may fail
  with NoSuchProcess_ for PID 0. Instead, we now return "null" values (0 and
  [] respectively).

zopefoundation/zope.interface (zope-interface)

v7.1.1

Compare Source

==================

• Fix segmentation faults in weakrefobject.c on Python 3.12 and 3.13.
  (#&#8203;323 <https://github.com/zopefoundation/zope.interface/issues/323>_)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.