chore(deps): Bump the github-actions group across 1 directory with 7 updates

[dependabot]

Bumps the github-actions group with 7 updates in the / directory:

Package	From	To
flask	3.0.3	3.1.0
numpy	2.1.2	2.1.3
protobuf	5.28.2	5.29.0
werkzeug	3.0.4	3.1.3
xgboost	2.1.2	2.1.3
boto3	1.35.43	1.35.72
pymarkdownlnt	0.9.22	0.9.25

Updates flask from 3.0.3 to 3.1.0

Release notes

Sourced from flask's releases.

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

• Drop support for Python 3.8. #5623
• Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
• Provide a configuration option to control automatic option responses. #5496
• Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
• Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
• Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
• -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
• Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
• Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

Changelog

Sourced from flask's changelog.

Version 3.1.0

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option responses. :pr:5496
• Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. :issue:5636

Commits

• ab81496 release version 3.1.0
• 70602a1 remove test pypi
• 6748a09 update dev dependencies
• 22c48a7 Merge remote-tracking branch 'origin/stable'
• 2eab96a use generic bases for session (#5638)
• f49dbfd use generic bases for session
• 7b21d43 configure and check request.trusted_hosts (#5637)
• 4f7156f configure and check trusted_hosts
• 10bdf61 setting SERVER_NAME does not restrict routing for both subdomain_matching...
• 4995a77 fix subdomain_matching=False behavior
• Additional commits viewable in compare view

Updates numpy from 2.1.2 to 2.1.3

Release notes

Sourced from numpy's releases.

2.1.3 (Nov 2, 2024)

NumPy 2.1.3 Release Notes

NumPy 2.1.3 is a maintenance release that fixes bugs and regressions discovered after the 2.1.2 release. This release also adds support for free threaded Python 3.13 on Windows.

The Python versions supported by this release are 3.10-3.13.

Improvements

• Fixed a number of issues around promotion for string ufuncs with StringDType arguments. Mixing StringDType and the fixed-width DTypes using the string ufuncs should now generate much more uniform results.

  (gh-27636)

Changes

• numpy.fix now won't perform casting to a floating data-type for integer and boolean data-type input arrays.

  (gh-26766)

Contributors

A total of 15 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Abhishek Kumar +
• Austin +
• Benjamin A. Beasley +
• Charles Harris
• Christian Lorentzen
• Marcel Telka +
• Matti Picus
• Michael Davidsaver +
• Nathan Goldbaum
• Peter Hawkins
• Raghuveer Devulapalli
• Ralf Gommers
• Sebastian Berg
• dependabot[bot]
• kp2pml30 +

Pull requests merged

A total of 21 pull requests were merged for this release.

... (truncated)

Commits

• 98464cc Merge pull request #27690 from charris/prepare-2.1.3
• cbda85b REL: Prepare for the NumPy 2.1.3 release [wheel build]
• daa8699 Merge pull request #27672 from charris/backport-27666
• 614ca19 Merge pull request #27673 from charris/backport-27636
• e6b02d7 DOC: add release note
• 54fd729 BUG: substantially simplify and fix issue with justification promoter
• a90fe7c BUG: fix more issues with string ufunc promotion
• a121864 BUG: fixes for StringDType/unicode promoters
• f055fb9 BUG: Fix a reference count leak in npy_find_descr_for_scalar.
• 5895c02 Merge pull request #27669 from charris/backport-27663
• Additional commits viewable in compare view

Updates protobuf from 5.28.2 to 5.29.0

Commits

• 2d4414f Updating version.json and repo version numbers to: 29.0
• 870e599 Revert upgrade to rules_java 8.3.1. This is a partial roll-back of fb8ee79 (#...
• 02cffa4 Fix typo in BCR maintainer name config for acozzette@ (#19307)
• 7537b03 Remove Bazel 6 in BCR presubmits (#19309)
• 325aa80 Merge pull request #19305 from protocolbuffers/29.x-202411182222
• c13eb62 Updating version.json and repo version numbers to: 29.0-dev
• 71c2594 Updating version.json and repo version numbers to: 29.0-rc3
• b69ea96 Fixed non-conformance in JSON parsing for empty strings in numeric fields. (#...
• fb8ee79 Upgrade rules_cc 0.0.15 and rules_java 8.3.1 (#19215)
• 6f310d5 Add missing line to docstring after Args (#19213)
• Additional commits viewable in compare view

Updates werkzeug from 3.0.4 to 3.1.3

Release notes

Sourced from werkzeug's releases.

3.1.3

This is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.3/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3 Milestone: https://github.com/pallets/werkzeug/milestone/41?closed=1

• Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. #2994
• When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. #2993

3.1.2

This is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.2/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2 Milestone: https://github.com/pallets/werkzeug/milestone/40?closed=1

• Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. #2988
• Headers does not inherit from MutableMapping, as it is does not exactly match that interface. #2989

3.1.1

This is the Werkzeug 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.1/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone: https://github.com/pallets/werkzeug/milestone/38?closed=1

• Fix an issue that caused str(Request.headers) to always appear empty. #2985

3.1.0

This is the Werkzeug 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Werkzeug/3.1.0/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/werkzeug/milestone/34?closed=1

• Drop support for Python 3.8. #2966
• Remove previously deprecated code. #2967
• Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. #2964
• OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. #2968
• Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.
  • Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. #2980
  • max_age is None if present without a value, rather than -1. #2980
  • no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. #2980
  • max_stale is True if present without a value, rather than "*". #2980
  • no_transform is a boolean. Previously it was mistakenly always None. #2881
  • min_fresh is None if present without a value, rather than "*". #2881
  • private is True if present without a value, rather than "*". #2980
  • Added the must_understand property. #2881
  • Added the stale_while_revalidate, and stale_if_error properties. #2948

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.1.3

Released 2024-11-08

• Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. :issue:2994
• When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. :issue:2993

Version 3.1.2

Released 2024-11-04

• Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. :issue:2988
• Headers does not inherit from MutableMapping, as it is does not exactly match that interface. :issue:2989

Version 3.1.1

Released 2024-11-01

• Fix an issue that caused str(Request.headers) to always appear empty. :issue:2985

Version 3.1.0

Released 2024-10-31

• Drop support for Python 3.8. :pr:2966

• Remove previously deprecated code. :pr:2967

• Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. :issue:2964

• OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. :issue:2968

• Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.

  • Dict values are always str | None. Setting properties will convert

... (truncated)

Commits

• 6389612 release version 3.1.3
• ba15683 wrap IPv6 SERVER_NAME in [] (#2997)
• d99f72d wrap IPv6 SERVER_NAME in []
• ea93b54 restrict containers accepted by multi (#2995)
• 598bb1d restrict containers accepted by multi
• 1a1728e start version 3.1.3
• 4fd7073 release version 3.1.2 (#2992)
• 4764684 release version 3.1.2
• 1803db6 Headers is not MutableMapping (#2991)
• ac87bf8 Headers is not MutableMapping
• Additional commits viewable in compare view

Updates xgboost from 2.1.2 to 2.1.3

Release notes

Sourced from xgboost's releases.

2.1.3 Patch release

The 2.1.3 patch release makes the following bug fixes:

• [pyspark] Support large model size (#10984).
• Fix rng for the column sampler (#10998).
• Handle cudf.pandas proxy objects properly (#11014).

Additional artifacts:

You can verify the downloaded packages by running the following command on your Unix shell:

echo "<hash> <artifact>" | shasum -a 256 --check

90b1b7b770803299b337dd9b9206760d9c16f418403c77acce74b350c6427667  xgboost-2.1.3.tar.gz
96b41da84769920408c5733d05fa2d56b53feeefd209e3d96842cf9c266e27ea  xgboost_r_gpu_linux_2.1.3.tar.gz

Experimental binary packages for R with CUDA enabled

• xgboost_r_gpu_linux_2.1.3.tar.gz: Download

Source tarball

• xgboost.tar.gz: Download

Commits

• 600be4d Bump version to 2.1.3. (#11019)
• 6676f56 [bp] Handle cudf.pandas proxy objects properly (#11014) (#11018)
• 7b675da [bp] Fix rng for the column sampler. (#10998) (#11004)
• 5973d60 [bp][spark] Make xgboost spark support large model size (#10984) (#11005)
• See full diff in compare view

Updates boto3 from 1.35.43 to 1.35.72

Commits

• 054b892 Merge branch 'release-1.35.72'
• 2bd4640 Bumping version to 1.35.72
• 8cfe463 Add changelog entries from botocore
• 57997d9 Merge branch 'release-1.35.71'
• 2c3b93f Merge branch 'release-1.35.71' into develop
• ab26d01 Bumping version to 1.35.71
• d00e0ba Add changelog entries from botocore
• aad0b17 Merge branch 'release-1.35.70'
• e2a8522 Merge branch 'release-1.35.70' into develop
• b51f07a Bumping version to 1.35.70
• Additional commits viewable in compare view

Updates pymarkdownlnt from 0.9.22 to 0.9.25

Release notes

Sourced from pymarkdownlnt's releases.

Version 0.9.25 - Date: 2024-11-07

While it seems like we have been working on the fixing for Rule Md031 forever, that time is starting to come to an end. We have a solid list of what is left to test, and we are confident that we will finish it before the new year. (Hope we did not just jinx ourselves!) As with the last couple of releases, we are testing variations of containers, container starts, and container ends, all to ensure we have confidence that our test scenarios are thorough. At this point, we are very confident with any nesting of up to three containers, will our confidence for nesting scenarios of up to four containers at a high level as well. Following close behind that is our fix mode for Rule Md031 which is the stressor for the nested containers. We are not always happy that we started working on the fix mode for Rule Md031, but we are happy that it uncovered some issues in our parser that we could quickly fix.

But we continue to need our users to help us out. If you are scanning any Markdown documents and the results seem off, please file an issue. If you are starting to use our fix mode on your Markdown documents and there are issues, please file an issue. We appreciate any help that we can get to improve the project for everyone!

Added

• Issue 1233
• Issue 1234
• Issue 1235
  • Adding more comprehensive "drop X" tests where multiple levels of containers are involved, and then dropping one or more of those containers in a single line.

Fixed

• Issue 1208
  • Fixed issue with blank lines separated with pragmas not being understood properly.
• Issue 1233
• Issue 1234
• Issue 1235
  • Adding new "drop_x" tests and resolve any scan issues with them.
• Issue 1243
• Issue 1245
  • Handling leading spaces in __fix_spacing function now that data is present.
• Issue 1247
  • In 3+ drop cases with only lists and no block quotes, indent is not calculated properly on rehydrate. This in turn causes the fixed text to be wrong.
• Issue 1250
  • Batch of fixes for cases when Md031 is trying to properly space a fenced code block after dropping 2 containers.

Changed

• Issue 1231)
  • Moved triple nested container tests into their own test_nested_three_* files for better readability.

Version 0.9.24 - Date: 2024-10-06

This release continued our focus on enabling fixing for Rule Md031 and uncovering any issues with the more deeply nested container cases. This has meant introducing a new helper class to assist in the tracking of a given line to the container tokens used to provide container-based indenting for that line. This is very important for Rule Md031, and has already proveded to be useful in a partial rewrite of some of the logic for Md027.

While we find the odd parsing error, those issues are now rare to find in container nesting of three container or less, especially compared to finding issues with our new fix logic. Still, we continue to try different combinations of containers elements and leaf elements, verifying that PyMarkdown creates the correct HTML and correct Markdown from our parsed format.

That is where we still need our users to help us out. If you are scanning any Markdown documents and the results seem off, please file an issue. If you are starting to use our fix mode on your Markdown documents and there are issues, please file an issue. We appreciate any help that we can get to improve the project for everyone!

Added

• Issue 1212
  • added cases to Md031 for SetExt
  • added extra test cases and resolution to other cases

Fixed

... (truncated)

Commits

• 2a59cab Version 0.9.25 (#1254)
• fe26f2c jackdewinter/pymarkdown#1208 (#1253)
• 2a9931e jackdewinter/pymarkdown#1250 (#1251)
• 50a1e94 jackdewinter/pymarkdown#1247 (#1248)
• cee1f3f jackdewinter/pymarkdown#1245 (#1246)
• 911e871 jackdewinter/pymarkdown#1233 (#1241)
• 3335836 jackdewinter/pymarkdown#1231 (#1232)
• f21de30 Version 0.9.24 (#1228)
• 41bcdae Updating API Documentation (#1227)
• 2bce8ca Fixing Md031 issues with fixes and deeply nested containers. (#1225)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.