Skip to content

fix(deps): update website-backend#82

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/website-backend
Open

fix(deps): update website-backend#82
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/website-backend

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Aug 5, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
Flask-Caching (changelog) ==2.3.1==2.4.0 age confidence
Flask-Compress ==1.17==1.24 age confidence
cvss (changelog) ==3.4==3.6 age confidence
google-auth ==2.38.0==2.49.2 age confidence
google-cloud-logging (source) ==3.11.4==3.15.0 age confidence
google-cloud-ndb (source) ==2.3.2==2.4.2 age confidence
markdown2 ==2.5.3==2.5.5 age confidence
packageurl-python ==0.16.0==0.17.6 age confidence
pylint (changelog) 3.3.53.3.9 age confidence
whitenoise (changelog) ==6.9.0==6.12.0 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

pallets-eco/flask-caching (Flask-Caching)

v2.4.0

Compare Source

2026-04-17

  • Modernize project setup
  • Update intersphinx_mapping for Sphinx 8 compatibility. :pr:599, :issue:598
  • Pass CACHE_OPTIONS as kwargs to redis_from_url. :pr:591
  • Pass sentinel_kwargs to redis client via CACHE_OPTIONS :pr:626
  • Fix response_hit_indication return True always. :pr:579, :pr:596, :issue:595, :issue:570
colour-science/flask-compress (Flask-Compress)

v1.24

Compare Source

  • add mypy annotations and mark it as checkable, #​76 by @​orborde
  • enable trusted publishing, allowing GitHub Actions to publish releases to PyPI without long lived credentials, #​78 by @​alexprengere

v1.23

Compare Source

  • add gzip to supported algorithms for streaming responses, but not in the COMPRESS_ALGORITHM_STREAMING default values, so users have to explicitly enable it
  • add Windows and MacOS to the list of platforms tested on GitHub Actions

v1.22

Compare Source

  • fix possible RuntimeError when applying compression to a streaming endpoint
  • no longer apply make_conditional to streaming responses, as it had the effect of buffering the entire response, which defeats the purpose of streaming responses, unless the request.endpoint is in a new COMPRESS_STREAMING_ENDPOINT_CONDITIONAL config option, which defaults to ["static"]

As serving static content with Flask is using streaming responses, we wanted to preserve the correct handling of conditional requests (i.e. 304 Not Modified responses) for static content, while avoiding buffering the entire response when compressing streaming responses for other endpoints

v1.21

Compare Source

  • compressing streaming responses is now supported:
    • the previous behavior was:
      • if COMPRESS_STREAMS was True (the default), streaming responses were compressed in 1 sitting using response.get_data(), meaning streaming responses were compressed but not streamed
      • if COMPRESS_STREAMS was False, streaming responses were not compressed at all
    • the new behavior is:
      • if COMPRESS_STREAMS is True, streaming responses are compressed chunk-by-chunk using response.iter_encoded(), which means that streaming responses are compressed and streamed
      • if COMPRESS_STREAMS is False, streaming responses are not compressed at all, as before.
    • we have a new COMPRESS_ALGORITHM_STREAMING config option to specify the compression algorithm to use for streaming responses, which defaults to ["zstd", "br", "deflate"], as "gzip" is not suitable for streaming compression.
    • ⚠️ serving static content with Flask is actually using streaming responses, so if you enable streaming compression, static content will be compressed chunk-by-chunk as well, which may not be what you want.

v1.20

Compare Source

  • the new COMPRESS_EVALUATE_CONDITIONAL_REQUEST config option is now True by default

v1.19

Compare Source

  • Use backports.zstd instead of pyzstd, #​63 by @​alexprengere
  • Add new behaviours to improve Etag compatibility, #​67, by @​jlopex
    • weak etags are no longer modified by flask-compress
    • add new COMPRESS_EVALUATE_CONDITIONAL_REQUEST config option to call response.make_conditional(request) after compression, this ensures that 304 Not Modified responses are correctly generated when the client sends conditional requests with If-None-Match (defaults to False)

v1.18

Compare Source

  • Support, and test against, Python 3.14, see #​61 by @​kurtmckee
  • Migrate from zstandard to pyzstd, which is now included in the Python 3.14 standard library, also part of #​61
  • Restore flask_compress.DictCache() that is needed to configure Flask-Compress with caching, without relying on Flask-Caching
RedHatProductSecurity/cvss (cvss)

v3.6

Compare Source

Fix incorrect release in PyPI

googleapis/google-auth-library-python (google-auth)

v2.48.0

Compare Source

Features
Bug Fixes

v2.47.0

Compare Source

Features
Bug Fixes

v2.46.0

Compare Source

Documentation
Features
Bug Fixes

v2.45.0

Compare Source

Features

v2.44.0

Compare Source

Features
Bug Fixes

v2.43.0

Compare Source

Features
  • Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#​1859) Add public wrapper for check_use_client_cert which enables mTLS if
    GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert
    sources detected. Also, fix check_use_client_cert to return boolean
    value.
    Change #​1848 added the check_use_client_cert method that helps know if
    client cert should be used for mTLS connection. However, that was in a
    private class, thus, created a public wrapper of the same function so
    that it can be used by python Client Libraries. Also, updated
    check_use_client_cert to return a boolean value instead of existing
    string value for better readability and future scope.
    --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
  • Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#​1848) The Python SDK will use a hybrid approach for mTLS enablement:
  • If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set
    (either true or false), the SDK will respect that setting. This is
    necessary for test scenarios and users who need to explicitly control
    mTLS behavior.
  • If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not
    set, the SDK will automatically enable mTLS only if it detects Managed
    Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF)
    certificate sources. In other cases where the variable is not set, mTLS
    will remain disabled.
    ** This change also adds the helper method check_use_client_cert and
    it's unit test, which will be used for checking the criteria for setting
    the mTLS to true
    ** This change is only for Auth-Library, other changes will be created
    for Client-Library use-cases.
    --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

v2.42.1

Compare Source

Bug Fixes

v2.42.0

Compare Source

Features
Bug Fixes

v2.41.1

Compare Source

Bug Fixes

v2.41.0

Compare Source

Features
Bug Fixes
Documentation

v2.40.3

Compare Source

Bug Fixes

v2.40.2

Compare Source

Bug Fixes
  • Remove sync response logs in AuthorizedSession (97ed1c8)
  • Update test to consider new error message from cryptography (#​1765) (44e38b6)

v2.40.1

Compare Source

Bug Fixes

v2.40.0

Compare Source

Features
Bug Fixes
  • Correct webauthn JSON parsing to be compliant with standard. (#​1658) (0c5ef36)

v2.39.0

Compare Source

Features
  • Adds GA support for X.509 workload identity federation (#​1695) (7495960)
Bug Fixes
googleapis/google-cloud-python (google-cloud-logging)

v3.15.0: google-cloud-logging: v3.15.0

Compare Source

v3.15.0 (2026-03-26)

v3.14.0

Compare Source

v3.13.0

v3.12.1: google-cloud-vision 3.12.1

Bug Fixes

v3.12.0: google-cloud-vision 3.12.0

3.12.0 (2026-01-09)
trentm/python-markdown2 (markdown2)

v2.5.5

Compare Source

v2.5.4

Compare Source

package-url/packageurl-python (packageurl-python)

v0.17.6

Compare Source

  • Enhance url2purl to support commit hashes parsing (GitHub, GitLab, and Bitbucket)
    #​211

  • Adjust validation function
    #​206

  • Add validation function
    #​205

v0.17.5

Compare Source

  • Remove support for getting download URL for qpkg in purl2url.
    #​203

  • Add tests for latest purl-spec
    #​202

v0.17.4

Compare Source

  • Add support for getting download URL for debian, apk, qpkg in purl2url.
    #​201

v0.17.3

Compare Source

  • Add support for getting download URL for Luarocks, Conda, Alpm in purl2url.
    #​199
  • Fix Incorrect download url from build_golang_download_url()
    #​198

v0.17.2

Compare Source

  • Add support for getting download URL for Golang, Hex, Pub and Swift in purl2url.
    #​195

v0.17.1

Compare Source

  • Define "pkg" as a PackageURL SCHEME class attribute.
    #​184

  • Add support for Maven in purl2url.
    #​177

v0.17.0

Compare Source

  • Fix qualifiers type annotations.
    #​169

  • Fix parsing of names and namespaces with colons.
    #​152

pylint-dev/pylint (pylint)

v3.3.9

Compare Source

What's new in Pylint 3.3.9?

Release date: 2025-10-05

False Positives Fixed

  • Fix used-before-assignment for PEP 695 type aliases and parameters.

    Closes #​9815

  • No longer flag undeprecated functions in importlib.resources as deprecated.

    Closes #​10593

  • Fix false positive inconsistent-return-statements when using quit() or exit() functions.

    Closes #​10508

  • Fix false positive undefined-variable (E0602) for for-loop variable shadowing patterns like for item in item: when the variable was previously defined.

    Closes #​10562

Other Bug Fixes

  • Fixed crash in 'unnecessary-list-index-lookup' when starting an enumeration using
    minus the length of an iterable inside a dict comprehension when the len call was only
    made in this dict comprehension, and not elsewhere. Also changed the approach,
    to use inference in all cases but the simple ones, so we don't have to fix crashes
    one by one for arbitrarily complex expressions in enumerate.

    Closes #​10510

v3.3.8

Compare Source

What's new in Pylint 3.3.8?

Release date: 2025-08-09

This patch release includes an exceptional fix for a false negative issue. For details, see: #​10482 (comment)

False Positives Fixed

  • Fix false positives for possibly-used-before-assignment when variables are exhaustively
    assigned within a match block.

    Closes #​9668

  • Fix false positive for missing-raises-doc and missing-yield-doc when the method length is less than docstring-min-length.

    Refs #​10104

  • Fix a false positive for unused-variable when multiple except handlers bind the same name under a try block.

    Closes #​10426

False Negatives Fixed

  • Fix false-negative for used-before-assignment with from __future__ import annotations in function definitions.

    Refs #​10482

Other Bug Fixes

  • Fix a bug in Pyreverse where aggregations and associations were included in diagrams regardless of the selected --filter-mode (such as PUB_ONLY, ALL, etc.).

    Closes #​10373

  • Fix double underscores erroneously rendering as bold in pyreverse's Mermaid output.

    Closes #​10402

v3.3.7

Compare Source

What's new in Pylint 3.3.7?

Release date: 2025-05-04

False Positives Fixed

  • Comparisons between two calls to type() won't raise an unidiomatic-typecheck warning anymore, consistent with the behavior applied only for == previously.

    Closes #​10161

Other Bug Fixes

  • Fixed a crash when importing a class decorator that did not exist with the same name as a class attribute after the class definition.

    Closes #​10105

  • Fix a crash caused by malformed format strings when using .format with keyword arguments.

    Closes #​10282

  • Using a slice as a class decorator now raises a not-callable message instead of crashing. A lot of checks that dealt with decorators (too many to list) are now shortcut if the decorator can't immediately be inferred to a function or class definition.

    Closes #​10334

Other Changes

  • The algorithm used for no-member suggestions is now more efficient and cuts the
    calculation when the distance score is already above the threshold.

    Refs #​10277

v3.3.6

Compare Source

What's new in Pylint 3.3.6?

Release date: 2025-03-20

False Positives Fixed

  • Fix a false positive for used-before-assignment when an inner function's return type
    annotation is a class defined at module scope.

    Closes #​9391

evansd/whitenoise (whitenoise)

v6.12.0

Compare Source

v6.11.0

Compare Source

v6.10.0

Compare Source

Configuration

📅 Schedule: (in timezone Australia/Sydney)

  • Branch creation
    • "before 6am on wednesday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Aug 5, 2025
@renovate
Copy link
Copy Markdown
Author

renovate Bot commented Aug 5, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: gcp/website/poetry.lock
Updating dependencies
Resolving dependencies...

Creating virtualenv website-backend-qe55Qd0--py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

Because osv (0.0.22) @ file:///tmp/renovate/repos/github/another-rex/osv.dev depends on both packageurl-python (0.16.0) and packageurl-python (0.16.0), packageurl-python is required.
So, because website-backend depends on packageurl-python (0.17.6), version solving failed.

@renovate renovate Bot force-pushed the renovate/website-backend branch from 863be82 to 15524ff Compare August 7, 2025 03:58
@renovate renovate Bot changed the title fix(deps): lock file maintenance website-backend chore(deps): lock file maintenance website-backend Aug 22, 2025
@renovate renovate Bot force-pushed the renovate/website-backend branch from 15524ff to 24a2c52 Compare September 10, 2025 07:41
@renovate renovate Bot force-pushed the renovate/website-backend branch from 24a2c52 to beb8112 Compare September 19, 2025 06:29
@renovate renovate Bot force-pushed the renovate/website-backend branch 2 times, most recently from 7c7787e to 80115ba Compare October 1, 2025 23:01
@renovate renovate Bot force-pushed the renovate/website-backend branch from 80115ba to 61d5c45 Compare October 21, 2025 00:10
@renovate renovate Bot force-pushed the renovate/website-backend branch from 61d5c45 to 85dbb45 Compare November 1, 2025 12:08
@renovate renovate Bot force-pushed the renovate/website-backend branch from 85dbb45 to f6fd0b4 Compare November 9, 2025 11:46
@renovate renovate Bot force-pushed the renovate/website-backend branch 3 times, most recently from da95f1a to eea1563 Compare December 2, 2025 04:51
@renovate renovate Bot force-pushed the renovate/website-backend branch from eea1563 to c627c66 Compare December 16, 2025 22:33
@renovate renovate Bot force-pushed the renovate/website-backend branch 2 times, most recently from 919b9fc to e736e35 Compare January 7, 2026 07:36
@renovate renovate Bot force-pushed the renovate/website-backend branch from e736e35 to 6c3a595 Compare January 27, 2026 03:34
@renovate renovate Bot changed the title chore(deps): lock file maintenance website-backend fix(deps): update website-backend Feb 13, 2026
@renovate renovate Bot force-pushed the renovate/website-backend branch 3 times, most recently from d1630b3 to b0f653e Compare March 8, 2026 10:06
@renovate renovate Bot force-pushed the renovate/website-backend branch from b0f653e to 0a293e6 Compare March 13, 2026 01:37
@renovate renovate Bot force-pushed the renovate/website-backend branch 2 times, most recently from ddf8d2f to 6453f37 Compare April 1, 2026 23:50
@renovate renovate Bot force-pushed the renovate/website-backend branch from 6453f37 to 0817155 Compare April 4, 2026 20:46
@renovate renovate Bot force-pushed the renovate/website-backend branch from 0817155 to 9594630 Compare April 15, 2026 12:10
@renovate renovate Bot force-pushed the renovate/website-backend branch from 9594630 to 3ba92a0 Compare April 17, 2026 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants