Bump the pip group across 1 directory with 9 updates

[dependabot]

Bumps the pip group with 9 updates in the / directory:

Package	From	To
lxml	3.6.0	4.9.1
flask	0.10.1	2.2.5
flask-admin	1.4.0	1.5.3
scrapy	1.1.0	2.11.2
numpy	1.11.0	1.22.0
scikit-learn	0.17.1	0.23.1
scipy	0.17.0	1.13.0
scrapy-splash	0.7	0.8.0
requests	2.10.0	2.31.0

Updates lxml from 3.6.0 to 4.9.1

Changelog

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

• A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

• GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

• Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

• Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

• GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

4.8.0 (2022-02-17)

Features added

• GH#337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

• The ElementMaker now supports QName values as tags, which always override the default namespace of the factory.

Bugs fixed

• GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.

... (truncated)

Commits

• d01872c Prevent parse failure in new test from leaking into later test runs.
• d65e632 Prepare release of lxml 4.9.1.
• 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
• 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
• 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
• b9f7074 Remove debug print from test.
• b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
• 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
• 853c9e9 Prepare release of 4.9.0.
• d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
• Additional commits viewable in compare view

Updates flask from 0.10.1 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

• Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
• Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
• Milestone: https://github.com/pallets/flask/milestone/27?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/flask/milestone/26?closed=1

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/flask/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/flask/milestone/23?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/flask/milestone/19?closed=1

2.1.3

• Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-3
• Milestone: https://github.com/pallets/flask/milestone/22?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/flask/milestone/21?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

• Update for compatibility with Werkzeug 2.3.3.
• Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

• Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

• Autoescape is enabled by default for .svg template files. :issue:4831
• Fix the type of template_folder to accept pathlib.Path. :issue:4892
• Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

• Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
• Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

• Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

• 47af817 release version 2.2.5
• afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
• 8646edc set Vary: Cookie header consistently for session
• a6367da Merge pull request #5108 from pallets/werkzeug-compat
• 3fbfbad werkzeug 2.3.3 compatibility
• 726d3f4 start version 2.2.5
• ddc7acc Merge pull request #5081 from pallets/release-2.2.4
• 74e0329 release version 2.2.4
• 2d46068 update dev env
• 64bc458 update dev dependencies
• Additional commits viewable in compare view

Updates flask-admin from 1.4.0 to 1.5.3

Release notes

Sourced from flask-admin's releases.

v1.5.3

• Fixed XSS vulnerability
• Support nested categories in the navbar menu
• SQLAlchemy
  • sort on multiple columns with column_default_sort
  • sort on related models in column_sortable_list
  • fix: inline model forms can now also be used for models with multiple primary keys
  • support for using mapped column_property
• Upgrade Leaflet and Leaflet.draw plugins, used for geoalchemy integration
• Specify minimum_input_length for ajax widget
• Peewee: support composite keys
• MongoEngine: when searching/filtering the input is now regarded as case-insensitive by default
• FileAdmin
  • handle special characters in filename
  • fix a bug with listing directories on Windows
  • avoid raising an exception when unknown sort parameter is encountered
• WTForms 3 support

1.5.2

• Fixed XSS vulnerability
• Fixed Peewee support
• Added detail view column formatters
• Updated Flask-Login example to work with the newer version of the library
• Various SQLAlchemy-related fixes
• Various Windows related fixes for the file admin

v1.5.0

• Fixed CSRF generation logic for multi-process deployments
• Added WTForms >= 3.0 support
• Flask-Admin would not recursively save inline models, allowing arbitrary nesting
• Added configuration properties that allow injection of additional CSS and JS dependencies into templates without overriding them
• SQLAlchemy backend
  • Updated hybrid property detection using new SQLAlchemy APIs
  • Added support for association proxies
  • Added support for remote hybrid properties filters
  • Added support for ARRAY column type
• Localization-related fixes
• MongoEngine backend is now properly formats model labels
• Improved Google App Engine support:
  • Added TextProperty, KeyProperty and SelectField support
  • Added support for form_args, excluded_columns, page_size and after_model_update
• Fixed URL generation with localized named filters
• FileAdmin has Bootstrap 2 support now
• Geoalchemy support fixes
  • Use Google Places (by default) for place search
• Updated translations
• Bug fixes

... (truncated)

Changelog

Sourced from flask-admin's changelog.

1.5.3

• Fixed XSS vulnerability
• Support nested categories in the navbar menu
• SQLAlchemy
  • sort on multiple columns with column_default_sort
  • sort on related models in column_sortable_list
  • show searchable fields in search input's placeholder text
  • fix: inline model forms can now also be used for models with multiple primary keys
  • support for using mapped column_property
• Upgrade Leaflet and Leaflet.draw plugins, used for geoalchemy integration
• Specify minimum_input_length for ajax widget
• Peewee: support composite keys
• MongoEngine: when searching/filtering the input is now regarded as case-insensitive by default
• FileAdmin
  • handle special characters in filename
  • fix a bug with listing directories on Windows
  • avoid raising an exception when unknown sort parameter is encountered
• WTForms 3 support

1.5.2

• Fixed XSS vulnerability
• Fixed Peewee support
• Added detail view column formatters
• Updated Flask-Login example to work with the newer version of the library
• Various SQLAlchemy-related fixes
• Various Windows related fixes for the file admin

1.5.1

• Dropped Python 2.6 support
• Fixed SQLAlchemy >= 1.2 compatibility
• Fixed Pewee 3.0 compatibility
• Fixed max year for a combo date inline editor
• Lots of small bug fixes

1.5.0

• Fixed CSRF generation logic for multi-process deployments
• Added WTForms >= 3.0 support
• Flask-Admin would not recursively save inline models, allowing arbitrary nesting
• Added configuration properties that allow injection of additional CSS and JS dependencies into templates without overriding them
• SQLAlchemy backend
  • Updated hybrid property detection using new SQLAlchemy APIs
  • Added support for association proxies

... (truncated)

Commits

• 0528221 Bumped version, updated changelog
• 8af10e0 Merge pull request #1699 from lbhsot/master
• 1939762 Merge pull request #1779 from alanhamlett/master
• c4715f0 fix flake8
• 402e9a7 use Markupsafe to support WTForms 3
• 829c24d Merge pull request #1751 from nurockplayer/master
• 801a50b Merge pull request #1756 from GrayAn/checkboxlist
• ff861de escape_html function was removed as non-existent in the too old and
• dddfca9 SQLA fields API is now shown in the documentation
• 2d6f7dd Alternative field for many-to-many relationship, appears as list of
• Additional commits viewable in compare view

Updates scrapy from 1.1.0 to 2.11.2

Release notes

Sourced from scrapy's releases.

2.11.2

Mostly bug fixes, including security bug fixes.

See the full changelog.

2.11.1

• Security bug fixes.
• Support for Twisted >= 23.8.0.
• Documentation improvements.

See the full changelog.

2.11.0

• Spiders can now modify settings in their from_crawler methods, e.g. based on spider arguments.
• Periodic logging of stats.
• Bug fixes.

See the full changelog.

2.10.1

Marked Twisted >= 23.8.0 as unsupported.

2.10.0

• Added Python 3.12 support, dropped Python 3.7 support.
• The new add-ons framework simplifies configuring 3rd-party components that support it.
• Exceptions to retry can now be configured.
• Many fixes and improvements for feed exports.

See the full changelog.

2.9.0

• Per-domain download settings.
• Compatibility with new cryptography and new parsel.
• JMESPath selectors from the new parsel.
• Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

• Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older
• Bug fixes

See the full changelog

2.7.0

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.11.2 (2024-05-14)

Security bug fixes

-   Redirects to non-HTTP protocols are no longer followed. Please, see the
    `23j4-mw76-5v7h security advisory`_ for more information. (:issue:`457`)
.. _23j4-mw76-5v7h security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h



The Authorization header is now dropped on redirects to a different
scheme (http:// or https://) or port, even if the domain is the
same. Please, see the 4qqq-9vqf-3h3f security advisory_ for more
information.
.. _4qqq-9vqf-3h3f security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f


When using system proxy settings that are different for http:// and
https://, redirects to a different URL scheme will now also trigger the
corresponding change in proxy settings for the redirected request. Please,
see the jm3v-qxmh-hxwv security advisory_ for more information.
(:issue:767)
.. _jm3v-qxmh-hxwv security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv


:attr:Spider.allowed_domains <scrapy.Spider.allowed_domains> is now
enforced for all requests, and not only requests from spider callbacks.
(:issue:1042, :issue:2241, :issue:6358)


:func:~scrapy.utils.iterators.xmliter_lxml no longer resolves XML
entities. (:issue:6265)


defusedxml_ is now used to make
:class:scrapy.http.request.rpc.XmlRpcRequest more secure.
(:issue:6250, :issue:6251)
.. _defusedxml: https://github.com/tiran/defusedxml


Bug fixes

-   Restored support for brotlipy_, which had been dropped in Scrapy 2.11.1 in
    favor of brotli_. (:issue:`6261`)
.. _brotli: https://github.com/google/brotli

.. note:: brotlipy is deprecated, both in Scrapy and upstream. Use brotli
    instead if you can.

</tr></table>

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/scrapy/scrapy/commit/e8cb5a03b382b98f2c8945355076390f708b918d&quot;&gt;&lt;code&gt;e8cb5a0&lt;/code&gt;&lt;/a> Bump version: 2.11.1 → 2.11.2</li>

<li><a href="https://github.com/scrapy/scrapy/commit/2c031f4061ae9bf486cc9e2a699355450638e8c2&quot;&gt;&lt;code&gt;2c031f4&lt;/code&gt;&lt;/a> Set the release date of 2.11.2</li>

<li><a href="https://github.com/scrapy/scrapy/commit/3ffa17c0204deb3bdf2c7c60f5a56c9f777698c6&quot;&gt;&lt;code&gt;3ffa17c&lt;/code&gt;&lt;/a> Use posargs for pypy3-pinned</li>

<li><a href="https://github.com/scrapy/scrapy/commit/c6a8f0e4d945622a7e71adf635e272b66eddbbd0&quot;&gt;&lt;code&gt;c6a8f0e&lt;/code&gt;&lt;/a> Update VERSION references</li>

<li><a href="https://github.com/scrapy/scrapy/commit/60d2577284128cd0cf4af54745730da4a9005177&quot;&gt;&lt;code&gt;60d2577&lt;/code&gt;&lt;/a> Merge remote-tracking branch '23j4/2.11.2-release-notes' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6&quot;&gt;&lt;code&gt;36287cb&lt;/code&gt;&lt;/a> Merge branch 'redirect-protocols' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/f138d5d1450ef38ee077c2472c136c70d8d673e8&quot;&gt;&lt;code&gt;f138d5d&lt;/code&gt;&lt;/a> Merge branch 'environ-proxy-protocol' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8&quot;&gt;&lt;code&gt;1d0502f&lt;/code&gt;&lt;/a> Merge branch 'advisory-fix' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/bb948af00babe545a7fb52700f4ba1424d206677&quot;&gt;&lt;code&gt;bb948af&lt;/code&gt;&lt;/a> Release notes for 2.11.2 (<a href="https://redirect.github.com/scrapy/scrapy/issues/6359&quot;&gt;#6359&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/scrapy/scrapy/commit/5ad9433dd59cd8436ce33bf2c44796516eef4c3c&quot;&gt;&lt;code&gt;5ad9433&lt;/code&gt;&lt;/a> Merge remote-tracking branch 'scrapy/2.11' into 2.11</li>

<li>Additional commits viewable in <a href="https://github.com/scrapy/scrapy/compare/1.1.0...2.11.2&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates numpy from 1.11.0 to 1.22.0

Release notes
Sourced from numpy's releases.

v1.22.0
NumPy 1.22.0 Release Notes
NumPy 1.22.0 is a big release featuring the work of 153 contributors
spread over 609 pull requests. There have been many improvements,
highlights are:

Annotations of the main namespace are essentially complete. Upstream
is a moving target, so there will likely be further improvements,
but the major work is done. This is probably the most user visible
enhancement in this release.
A preliminary version of the proposed Array-API is provided. This is
a step in creating a standard collection of functions that can be
used across application such as CuPy and JAX.
NumPy now has a DLPack backend. DLPack provides a common interchange
format for array (tensor) data.
New methods for quantile, percentile, and related functions. The
new methods provide a complete set of the methods commonly found in
the literature.
A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for
commonly used functions, improvements to F2PY, and better documentation.
The Python versions supported in this release are 3.8-3.10, Python 3.7
has been dropped. Note that 32 bit wheels are only provided for Python
3.8 and 3.9 on Windows, all other wheels are 64 bits on account of
Ubuntu, Fedora, and other Linux distributions dropping 32 bit support.
All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix
the occasional problems encountered by folks using truly huge arrays.
Expired deprecations
Deprecated numeric style dtype strings have been removed
Using the strings "Bytes0", "Datetime64", "Str0", "Uint32",
and "Uint64" as a dtype will now raise a TypeError.
(gh-19539)
Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio
numpy.loads was deprecated in v1.15, with the recommendation that
users use pickle.loads instead. ndfromtxt and mafromtxt were both
deprecated in v1.17 - users should use numpy.genfromtxt instead with
the appropriate value for the usemask parameter.
(gh-19615)


... (truncated)


Commits

4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
fd66547 REL: Prepare for the NumPy 1.22.0 release.
125304b wip
c283859 Merge pull request #20682 from charris/backport-20416
5399c03 Merge pull request #20681 from charris/backport-20954
f9c45f8 Merge pull request #20680 from charris/backport-20663
794b36f Update armccompiler.py
d93b14e Update test_public_api.py
7662c07 Update init.py
311ab52 Update armccompiler.py
Additional commits viewable in compare view




Updates scikit-learn from 0.17.1 to 0.23.1

Release notes
Sourced from scikit-learn's releases.

scikit-learn 0.23.1
We're happy to announce the 0.23.1 release which fixes a few issues affecting many users, namely: K-Means should be faster for small sample sizes, and the representation of third-party estimators was fixed.
You can check this version out using:
    pip install -U scikit-learn
You can see the changelog here: https://scikit-learn.org/stable/whats_new/v0.23.html#version-0-23-1
The conda-forge builds will be available shortly, which you can then install using:
    conda install -c conda-forge scikit-learn
scikit-learn 0.23.0
We're happy to announce the 0.23 release. You can read
the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_0_23_0.html
and the long version of the change log under https://scikit-learn.org/stable/whats_new/v0.23.html#version-0-23-0
This version supports Python versions 3.6 to 3.8.
Scikit-learn 0.22.2.post1
We're happy to announce the 0.22.2.post1 bugfix release.
The 0.22.2.post1 release includes a packaging fix for the source distribution
but the content of the packages is otherwise identical to the content of the
wheels with the 0.22.2 version (without the .post1 suffix).
Change log under https://scikit-learn.org/stable/whats_new/v0.22.html#changes-0-22-2.
This version supports Python versions 3.5 to 3.8.
Scikit-learn 0.22.1
We're happy to announce the 0.22.1 bugfix release.
Change log under https://scikit-learn.org/stable/whats_new/v0.22.html#changes-0-22-1.
This version supports Python versions 3.5 to 3.8.
Scikit-learn 0.22.0
We're happy to announce the 0.22 release. You can read
the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_0_22_0.html
and the long version of the change log under https://scikit-learn.org/stable/whats_new/v0.22.html#changes-0-22.
This version supports Python versions 3.5 to 3.8.
Scikit-learn 0.21.3
A bug fix and documentation release, fixing regressions and other issues released in version 0.21. See change log at https://scikit-learn.org/0.21/whats_new/v0.21.html
Scikit-learn 0.21.2
This version fixes a few bugs released in 0.21.1.
Scikit-learn version 0.21.1


... (truncated)


Commits

fd23727 MNT Completes position arg deprecation (#17272)
467d95f DOC Add threadpoolctl requirement to documentation (#17273)
256afb3 DOC prepare whats_new for 0.23.1 (#17270)
3905fc0 MNT bump version to 0.23.1
2431ea3 BUG Fixes cython code for ppc arch (#17201)
04e485e DOC avoid FutureWarnings for deprecations examples (#17264)
1dfc42a DOC Fix parametrize_with_checks link (#17263)
25e6fd1 DOC Add explanation of why iterative imputer is experimental (#17115)
6088842 DOC Update plot_column_transformer to notebook style (#17028)
c19aa54 MNT Fix incorrect source code link for wrapped objects (#17247)
Additional commits viewable in compare view




Updates scipy from 0.17.0 to 1.13.0

Release notes
Sourced from scipy's releases.

SciPy 1.13.0 Release Notes
SciPy 1.13.0 is the culmination of 3 months of hard work. This
out-of-band release aims to support NumPy 2.0.0, and is backwards
compatible to NumPy 1.22.4. The version of OpenBLAS used to build
the PyPI wheels has been increased to 0.3.26.dev.
This release requires Python 3.9+ and NumPy 1.22.4 or greater.
For running on PyPy, PyPy3 6.0+ is required.
Highlights of this release

Support for NumPy 2.0.0.
Interactive examples have been added to the documentation, allowing users
to run the examples locally on embedded Jupyterlite notebooks in their
browser.
Preliminary 1D array support for the COO and DOK sparse formats.
Several scipy.stats functions have gained support for additional
axis, nan_policy, and keepdims arguments. scipy.stats also
has several performance and accuracy improvements.

New features
scipy.integrate improvements

The terminal attribute of scipy.integrate.solve_ivp events
callables now additionally accepts integer values to specify a number
of occurrences required for termination, rather than the previous restriction
of only accepting a bool value to terminate on the first registered
event.

scipy.io improvements

scipy.io.wavfile.write has improved dtype input validation.

scipy.interpolate improvements

The Modified Akima Interpolation has been added to
interpolate.Akima1DInterpolator, available via the new method
argument.
New method BSpline.insert_knot inserts a knot into a BSpline instance.
This routine is similar to the module-level scipy.interpolate.insert
function, and works with the BSpline objects instead of tck tuples.



... (truncated)


Commits

7dcd8c5 REL: 1.13.0 release commit [wheel build]
15a69da Merge pull request #20375 from tylerjereddy/treddy_prep_1_13_0_final
4cbb9e8 DOC: PR 20375 revisions
2431661 MAINT: PR 20375 revisions [wheel build]
b85940a DOC, REL: set 1.13.0 final unreleased
13c30bd MAINT: spatial: simplify meson.build
abb04b2 MAINT: spatial: use cython_lapack in spatial/_qhull.pyx
729ff0f BUG: interpolate: Fix wrong warning message if degree=-1 in `interpolate.RBFI...
8d82b0a MAINT, BUG: bump OpenBLAS (#20362)
0e67a72 MAINT: backport amos license update
Additional commits viewable in compare view




Updates scrapy-splash from 0.7 to 0.8.0

Release notes
Sourced from scrapy-splash's releases.

0.8.0


Security bug fix:
If you use HttpAuthMiddleware (i.e. the http_user and http_pass spider attributes) for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to True.
Use the new SPLASH_USER and SPLASH_PASS settings instead to set your Splash authentication credentials safely.


Responses now expose the HTTP status code and headers from Splash as response.splash_response_status and response.splash_response_headers (#158)


The meta argument passed to the scrapy_splash.request.SplashRequest constructor is no longer modified (#164)


Website responses with 400 or 498 as HTTP status code are no longer handled as the equivalent Splash responses (#158)


Cookies are no longer sent to Splash itself (#156)


scrapy_splash.utils.dict_hash now also works with obj=None (225793b)


Our test suite now includes integration tests (#156) and tests can be run in parallel (6fb8c41)


There’s a new ‘Getting help’ section in the README.rst file (#161, #162), the documentation about SPLASH_SLOT_POLICY has been improved (#157) and a typo as been fixed (#121)


Made some internal improvements (ee5000d, 25de545, 2aaa79d)





Changelog
Sourced from scrapy-splash's changelog.

0.8.0 (2021-10-05)


Security bug fix:
If you use HttpAuthMiddleware_ (i.e. the http_user and http_pass
spider attributes) for Splash authentication, any non-Splash request will
expose your credentials to the request target. This includes robots.txt
requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to
True.
Use the new SPLASH_USER and SPLASH_PASS settings instead to set
your Splash authentication credentials safely.
.. _HttpAuthMiddleware: http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth


Responses now expose the HTTP status code and headers from Splash as
response.splash_response_status and
response.splash_response_headers (#158)


The meta argument passed to the scrapy_splash.request.SplashRequest
constructor is no longer modified (#164)


Website responses with 400 or 498 as HTTP status code are no longer
handled as the equivalent Splash responses (#158)


Cookies are no longer sent to Splash itself (#156)


scrapy_splash.utils.dict_hash now also works with obj=None
(225793b)


Our test suite now includes integration tests (#156) and tests can be run
in parallel (6fb8c41)


There’s a new ‘Getting help’ section in the README.rst file (#161,
#162), the documentation about SPLASH_SLOT_POLICY has been improved
(#157) and a typo as been fixed (#121)


Made some internal improvements (ee5000d, 25de545, 2aaa79d)


0.7.2 (2017-03-30)

fixed issue with response type detection.

0.7.1 (2016-12-20)

Scrapy 1.0.x support is back;



... (truncated)


Commits

b42e191 README.rst: remove :ref: usage
e942d28 CHANGES.rst: update 0.8.0 release date
8643db2 CHANGES.rst: remove :ref: usage
263418a GitHub Actions: use the official codecov action (#293)
2b253e5 Implement SPLASH_USER and SPLASH_PASS
783c58d Version bump for 0.8.0 (#230)
c96e00b Travis CI → GitHub Actions (#292)
e40ca4f TST test for GH-164
f05c870 Merge pull request #164 from whalebot-helmsman/master
6658431 use a copy instead of changing external dict
Additional commits viewable in compare view




Updates requests from 2.10.0 to 2.31.0

Release notes
Sourced from requests's releases.

v2.31.0
2.31.0 (2023-05-22)
Security


Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of Proxy-Authorization headers to destination servers when
following HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a Proxy-Authorization header that is attached to the request to
authenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the Proxy-Authorization header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are strongly encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our Github Security Advisory
and CVE-2023-32681.


v2.30.0
2.30.0 (2023-05-03)
Dependencies


⚠️ Added support for urllib3 2.0. ⚠️
This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to urllib3<2.


v2.29.0
2.29.0 (2023-04-26)
Improvements

Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (#6226)
Requests relaxes header component requirements to support bytes/str subclasses. (#6356)



... (truncated)


Changelog
Sourced from requests's changelog.

2.31.0 (2023-05-22)
Security


Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of Proxy-Authorization headers to destination servers when
following HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a Proxy-Authorization header that is attached to the request to
authenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the Proxy-Authorization header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are strongly encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our Github Security Advisory
and CVE-2023-32681.


2.30.0 (2023-05-03)
Dependencies


⚠️ Added support for urllib3 2.0. ⚠️
This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to urllib3<2.


2.29.0 (2023-04-26)
Improvements

Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (#6226)
Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)


... (truncated)


Commits

147c851 v2.31.0
74ea7cf Merge pull request from GHSA-j8r2-6x86-q33q
3022253 test on pypy 3.8 and pypy 3.9 on windows and macos (#6424)
b639e66 test on py3.12 (#6448)
d3d5044 Fixed a small typo (#6452)
2ad18e0 v2.30.0
f2629e9 Remove strict parameter (#6434)
87d63de v2.29.0
51716c4 enable the warnings plugin (#6416)
a7da1ab try on ubuntu 22.04 (#6418)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

You can disable automated security fix PRs for this repo from the Security Alerts page.