id,node_id,number,title,user,user_label,state,locked,assignee,assignee_label,milestone,milestone_label,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,repo_label,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason 1026379132,PR_kwDOBm6k_c4tM0JV,1489,"Update pyyaml requirement from ~=5.3 to >=5.3,<7.0",49699333,dependabot[bot],closed,0,,,,,3,2021-10-14T13:09:33Z,2021-10-14T18:10:43Z,2021-10-14T18:10:42Z,CONTRIBUTOR,simonw/datasette/pulls/1489,"Updates the requirements on [pyyaml](https://github.com/yaml/pyyaml) to permit the latest version.

Changelog

Sourced from pyyaml's changelog.

6.0 (2021-10-13)

yaml/pyyaml#327 -- Change README format to Markdown

yaml/pyyaml#483 -- Add a test for YAML 1.1 types

yaml/pyyaml#497 -- fix float resolver to ignore . and ._

yaml/pyyaml#550 -- drop Python 2.7

yaml/pyyaml#553 -- Fix spelling of “hexadecimal”

yaml/pyyaml#556 -- fix representation of Enum subclasses

yaml/pyyaml#557 -- fix libyaml extension compiler warnings

yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors

yaml/pyyaml#561 -- always require Loader arg to yaml.load()

yaml/pyyaml#564 -- remove remaining direct distutils usage

5.4.1 (2021-01-20)

yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA

yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader

yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup

yaml/pyyaml#392 -- Fix py2 copy support for timezone objects

yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

yaml/pyyaml#290 -- Use is instead of equality for comparing with None

yaml/pyyaml#270 -- Fix typos and stylistic nit

yaml/pyyaml#309 -- Fix up small typo

yaml/pyyaml#161 -- Fix handling of slots

yaml/pyyaml#358 -- Allow calling add_multi_constructor with None

yaml/pyyaml#285 -- Add use of safe_load() function in README

yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff

yaml/pyyaml#359 -- Use full_load in yaml-highlight example

yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython

yaml/pyyaml#329 -- Fix for Python 3.10

yaml/pyyaml#310 -- Increase size of index, line, and column fields

yaml/pyyaml#260 -- Remove some unused imports

yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such

yaml/pyyaml#363 -- Add tests for timezone

5.2 (2019-12-02)

... (truncated)

Commits

8cdff2c 6.0 release
a4fb55e Update Python 3.10 versions for Windows build
e45b964 Add Python 3.10 to tox.ini
4808fba 6.0b1 release
d5aba40 Omnibus CI/artifact build update
a6d384c Various setup fixes
8f3f979 No longer using appveyor
c274365 The yaml.load{,_all} functions require Loader= now
2f87ac4 Add a basic test file for yaml.load and yaml.dump
7bd92df Makefile tweaks
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

",107914493,datasette,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/1489/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0, 1180778860,PR_kwDOBm6k_c41BFWj,1685,"Update jinja2 requirement from <3.1.0,>=2.10.3 to >=2.10.3,<3.2.0",49699333,dependabot[bot],closed,0,,,,,3,2022-03-25T13:12:13Z,2022-09-05T18:36:49Z,2022-09-05T18:36:48Z,CONTRIBUTOR,simonw/datasette/pulls/1685,"Updates the requirements on [jinja2](https://github.com/pallets/jinja) to permit the latest version.

Release notes

Sourced from jinja2's releases.

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0

Milestone: https://github.com/pallets/jinja/milestone/8?closed=1

MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

Changelog

Sourced from jinja2's changelog.

Version 3.1.0

Released 2022-03-24

Drop support for Python 3.6. :pr:1534

Remove previously deprecated code. :pr:1544

WithExtension and AutoEscapeExtension are built-in now.

contextfilter and contextfunction are replaced by pass_context. evalcontextfilter and evalcontextfunction are replaced by pass_eval_context. environmentfilter and environmentfunction are replaced by pass_environment.

Markup and escape should be imported from MarkupSafe.

Compiled templates from very old Jinja versions may need to be recompiled.

Legacy resolve mode for Context subclasses is no longer supported. Override resolve_or_missing instead of resolve.

unicode_urlencode is renamed to url_quote.

Add support for native types in macros. :issue:1510

The {% trans %} tag can use pgettext and npgettext by passing a context string as the first token in the tag, like {% trans "title" %}. :issue:1430

Update valid identifier characters from Python 3.6 to 3.7. :pr:1571

Filters and tests decorated with @async_variant are pickleable. :pr:1612

Add items filter. :issue:1561

Subscriptions ([0], etc.) can be used after filters, tests, and calls when the environment is in async mode. :issue:1573

The groupby filter is case-insensitive by default, matching other comparison filters. Added the case_sensitive parameter to control this. :issue:1463

Windows drive-relative path segments in template names will not result in FileSystemLoader and PackageLoader loading from drive-relative paths. :pr:1621

Version 3.0.3

Released 2021-11-09

Fix traceback rewriting internals for Python 3.10 and 3.11. :issue:1535

Fix how the native environment treats leading and trailing spaces when parsing values on Python 3.10. :pr:1537

... (truncated)

Commits

84c0e2c Merge pull request #1625 from pallets/release-3.1.0
7b0c47f release version 3.1.0
ede0f98 Merge pull request #1621 from pallets/template-safe-path
040088a use posixpath.join when loading template names
a292075 Merge pull request #1620 from janfilips/patch-1
6e4df02 Fix formatting in tricks.rst
3a050b1 Merge pull request #1617 from pallets/docs-prose
4b63cd8 rewrite include statement section
a98d482 clean up faq, move technical discussions
9de99f8 clean up engine comparisons
Additional commits viewable in compare view

Dependabot commands and options

",107914493,datasette,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/1685/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0, 1184850337,PR_kwDOBm6k_c41OrSL,1693,Bump black from 22.1.0 to 22.3.0,49699333,dependabot[bot],closed,0,,,,,3,2022-03-29T13:11:09Z,2022-06-28T13:11:38Z,2022-06-28T13:11:36Z,CONTRIBUTOR,simonw/datasette/pulls/1693,"Bumps [black](https://github.com/psf/black) from 22.1.0 to 22.3.0.

Release notes

Sourced from black's releases.

22.3.0

Preview style

Code cell separators #%% are now standardised to # %% (#2919)

Remove unnecessary parentheses from except statements (#2939)

Remove unnecessary parentheses from tuple unpacking in for loops (#2945)

Avoid magic-trailing-comma in single-element subscripts (#2942)

Configuration

Do not format __pypackages__ directories by default (#2836)

Add support for specifying stable version with --required-version (#2832).

Avoid crashing when the user has no homedir (#2814)

Avoid crashing when md5 is not available (#2905)

Fix handling of directory junctions on Windows (#2904)

Documentation

Update pylint config documentation (#2931)

Integrations

Move test to disable plugin in Vim/Neovim, which speeds up loading (#2896)

Output

In verbose, mode, log when Black is using user-level config (#2861)

Packaging

Fix Black to work with Click 8.1.0 (#2966)

On Python 3.11 and newer, use the standard library's tomllib instead of tomli (#2903)

black-primer, the deprecated internal devtool, has been removed and copied to a separate repository (#2924)

Parser

Black can now parse starred expressions in the target of for and async for statements, e.g for item in *items_1, *items_2: pass (#2879).

Changelog

Sourced from black's changelog.

22.3.0

Preview style

Code cell separators #%% are now standardised to # %% (#2919)

Remove unnecessary parentheses from except statements (#2939)

Remove unnecessary parentheses from tuple unpacking in for loops (#2945)

Avoid magic-trailing-comma in single-element subscripts (#2942)

Configuration

Do not format __pypackages__ directories by default (#2836)

Add support for specifying stable version with --required-version (#2832).

Avoid crashing when the user has no homedir (#2814)

Avoid crashing when md5 is not available (#2905)

Fix handling of directory junctions on Windows (#2904)

Documentation

Update pylint config documentation (#2931)

Integrations

Move test to disable plugin in Vim/Neovim, which speeds up loading (#2896)

Output

In verbose, mode, log when Black is using user-level config (#2861)

Packaging

Fix Black to work with Click 8.1.0 (#2966)

On Python 3.11 and newer, use the standard library's tomllib instead of tomli (#2903)

black-primer, the deprecated internal devtool, has been removed and copied to a separate repository (#2924)

Parser

Black can now parse starred expressions in the target of for and async for statements, e.g for item in *items_1, *items_2: pass (#2879).

Commits

ae2c075 Prepare release 22.3.0 (#2968)
e9681a4 Fix _unicodefun patch code for Click 8.1.0 (#2966)
ac7402c Bump sphinx from 4.4.0 to 4.5.0 in /docs (GH-2959)
f239d22 Enforce no formatting changes for PRs via CI (GH-2951)
bd1e980 Remove unnecessary parentheses from except clauses (#2939)
14d84ba Resolve new flake8-bugbear errors (B020) (GH-2950)
14e5ce5 Remove unnecessary parentheses from tuple unpacking in for loops (#2945)
3800ebd Avoid magic-trailing-comma in single-element subscripts (#2942)
062b549 Github now supports .git-blame-ignore-revs (GH-2948)
5379d4f stub style: remove some possible future changes (#2940)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=black&package-manager=pip&previous-version=22.1.0&new-version=22.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

",107914493,datasette,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/1693/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0, 1375930971,PR_kwDOBm6k_c4_GVBS,1812,Bump furo from 2022.6.21 to 2022.9.15,49699333,dependabot[bot],closed,0,,,,,3,2022-09-16T13:10:45Z,2022-09-16T19:50:53Z,2022-09-16T19:50:52Z,CONTRIBUTOR,simonw/datasette/pulls/1812,"Bumps [furo](https://github.com/pradyunsg/furo) from 2022.6.21 to 2022.9.15.

Changelog

Sourced from furo's changelog.

Changelog

2022.09.15 -- Pragmatic Pistachio

Add a minimum version constraint on pygments.

Add an explicit dependency on sass.

Change right sidebar title from "Contents" to "On this page".

Correctly position sidebars on small screens.

Correctly select only Furo's own svg in related pages nav.

Make numpy-style documentation headers consistent.

Retitle the reference section.

Update npm dependencies.

2022.06.21 -- Opulent Opal

Fix docutils <= 0.17.x compatibility.

Bump to the latest Node.js LTS.

2022.06.04.1 -- Naughty Nickel bugfix

Fix the URL used in the "Edit this page" for Read the Docs builds.

2022.06.04 -- Naughty Nickel

✨ Advertise Sphinx 5 compatibility.

✨ Change to basic-ng as the base theme (from {pypi}sphinx-basic-ng).

Document site-wide announcement banners.

Drop the pin on pygments.

Improve edit button, using basic-ng's edit-this-page component.

Tweak headings to better match what users expect.

Tweak how Sphinx's default HTML is rendered, using docutils post-transforms (this replaces parsing+modifying it with BeautifulSoup).

When built with docutils 0.18, footnotes are rendered differently and stylised differently in Furo.

2022.04.07 -- Magical Mauve

✨ Make sphinx-copybutton look better.

Add margin to indentations in line blocks.

Add styling for non-arabic list styles

Add support for html_baseurl.

... (truncated)

Commits

08e6b38 Prepare release: 2022.09.15
9de7613 Update changelog
a064929 Tweak changelog content style
46f4adc Revert "Add initial theme.conf content for eventual ablog support"
45b839b Set a minimum constraint on pygments
a4af988 [pre-commit.ci] pre-commit autoupdate (#518)
a72186f [pre-commit.ci] pre-commit autoupdate (#504)
9f41ee6 Add initial theme.conf content for eventual ablog support
75e0361 Make numpy-style documentation headers consistent
9d280e6 [pre-commit.ci] pre-commit autoupdate (#487)
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=furo&package-manager=pip&previous-version=2022.6.21&new-version=2022.9.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

---- :books: Documentation preview :books:: https://datasette--1812.org.readthedocs.build/en/1812/ ",107914493,datasette,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/1812/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0,