chore(api): bump the deps group across 1 directory with 6 updates

[dependabot]

Bumps the deps group with 6 updates in the /api directory:

Package	From	To
sentry-sdk	2.18.0	2.19.0
aiohttp	3.10.10	3.11.7
aioresponses	0.7.6	0.7.7
coverage	7.6.4	7.6.8
poetry	1.8.3	1.8.4
tomli	2.0.2	2.1.0

Updates sentry-sdk from 2.18.0 to 2.19.0

Release notes

Sourced from sentry-sdk's releases.

2.19.0

Various fixes & improvements

• New: introduce rust_tracing integration. See https://docs.sentry.io/platforms/python/integrations/rust_tracing/ (#3717) by @​matt-codecov
• Auto enable Litestar integration (#3540) by @​provinzkraut
• Deprecate sentry_sdk.init context manager (#3729) by @​szokeasaurusrex
• feat(spotlight): Send PII to Spotlight when no DSN is set (#3804) by @​BYK
• feat(spotlight): Add info logs when Sentry is enabled (#3735) by @​BYK
• feat(spotlight): Inject Spotlight button on Django (#3751) by @​BYK
• feat(spotlight): Auto enable cache_spans for Spotlight on DEBUG (#3791) by @​BYK
• fix(logging): Handle parameter stack_info for the LoggingIntegration (#3745) by @​gmcrocetti
• fix(pure-eval): Make sentry-sdk[pure-eval] installable with pip==24.0 (#3757) by @​sentrivana
• fix(rust_tracing): include_tracing_fields arg to control unvetted data in rust_tracing integration (#3780) by @​matt-codecov
• fix(aws) Fix aws lambda tests (by reducing event size) (#3770) by @​antonpirker
• fix(arq): fix integration with Worker settings as a dict (#3742) by @​saber-solooki
• fix(httpx): Prevent Sentry baggage duplication (#3728) by @​szokeasaurusrex
• fix(falcon): Don't exhaust request body stream (#3768) by @​szokeasaurusrex
• fix(integrations): Check retries_left before capturing exception (#3803) by @​malkovro
• fix(openai): Use name instead of description (#3807) by @​sourceful-rob
• test(gcp): Only run GCP tests when they should (#3721) by @​szokeasaurusrex
• chore: Shorten CI workflow names (#3805) by @​sentrivana
• chore: Test with pyspark prerelease (#3760) by @​sentrivana
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#3792) by @​dependabot
• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3691) by @​dependabot

Changelog

Sourced from sentry-sdk's changelog.

2.19.0

Various fixes & improvements

• New: introduce rust_tracing integration. See https://docs.sentry.io/platforms/python/integrations/rust_tracing/ (#3717) by @​matt-codecov
• Auto enable Litestar integration (#3540) by @​provinzkraut
• Deprecate sentry_sdk.init context manager (#3729) by @​szokeasaurusrex
• feat(spotlight): Send PII to Spotlight when no DSN is set (#3804) by @​BYK
• feat(spotlight): Add info logs when Sentry is enabled (#3735) by @​BYK
• feat(spotlight): Inject Spotlight button on Django (#3751) by @​BYK
• feat(spotlight): Auto enable cache_spans for Spotlight on DEBUG (#3791) by @​BYK
• fix(logging): Handle parameter stack_info for the LoggingIntegration (#3745) by @​gmcrocetti
• fix(pure-eval): Make sentry-sdk[pure-eval] installable with pip==24.0 (#3757) by @​sentrivana
• fix(rust_tracing): include_tracing_fields arg to control unvetted data in rust_tracing integration (#3780) by @​matt-codecov
• fix(aws) Fix aws lambda tests (by reducing event size) (#3770) by @​antonpirker
• fix(arq): fix integration with Worker settings as a dict (#3742) by @​saber-solooki
• fix(httpx): Prevent Sentry baggage duplication (#3728) by @​szokeasaurusrex
• fix(falcon): Don't exhaust request body stream (#3768) by @​szokeasaurusrex
• fix(integrations): Check retries_left before capturing exception (#3803) by @​malkovro
• fix(openai): Use name instead of description (#3807) by @​sourceful-rob
• test(gcp): Only run GCP tests when they should (#3721) by @​szokeasaurusrex
• chore: Shorten CI workflow names (#3805) by @​sentrivana
• chore: Test with pyspark prerelease (#3760) by @​sentrivana
• build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#3792) by @​dependabot
• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#3691) by @​dependabot

Commits

• 039c220 Updated changelog
• c83e742 release: 2.19.0
• 8fe5bb4 feat: Send PII to Spotlight when no DSN is set (#3804)
• 295dd8d Auto enable Litestar integration (#3540)
• bd50c38 fix(httpx): Prevent Sentry baggage duplication (#3728)
• e9ec6c1 test(gcp): Only run GCP tests when they should (#3721)
• aa6e8fd fix(falcon): Don't exhaust request body stream (#3768)
• 3e28853 fix(integrations): Check retries_left before capturing exception (#3803)
• 01146bd fix(openai): Use name instead of description (#3807)
• d894fc2 Shorten CI workflow names (#3805)
• Additional commits viewable in compare view

Updates aiohttp from 3.10.10 to 3.11.7

Release notes

Sourced from aiohttp's releases.

3.11.7

Bug fixes

• Fixed the HTTP client not considering the connector's force_close value when setting the Connection header -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10003.

Miscellaneous internal changes

• Improved performance of serializing HTTP headers -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10014.

---

3.11.6

Bug fixes

• Restored the force_close method to the ResponseHandler -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9997.

---

3.11.5

Bug fixes

• Fixed the ANY method not appearing in :meth:~aiohttp.web.UrlDispatcher.routes -- by :user:bdraco.

  Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.11.7 (2024-11-21)

Bug fixes

• Fixed the HTTP client not considering the connector's force_close value when setting the Connection header -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10003.

Miscellaneous internal changes

• Improved performance of serializing HTTP headers -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10014.

---

3.11.6 (2024-11-19)

Bug fixes

• Restored the force_close method to the ResponseHandler -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9997.

---

3.11.5 (2024-11-19)

... (truncated)

Commits

• bf04a1b Release 3.11.7 (#10019)
• ed15e88 [PR #10014/50d23aee backport][3.11] Improve performance of serializing header...
• 5bcf07d [PR #9961/c984a44b backport][3.11] Disable Python 3.14 builds (#10012)
• c82c58a [PR #10003/78d1be5 backport][3.11] Fix client connection header not reflectin...
• 496f649 [PR #10004/a334eef7 backport][3.11] Avoid building skip_headers in `ClientS...
• d030c05 Increment version to 3.11.7.dev0 (#10002)
• ff9602d Release 3.11.6 (#10000)
• b7e3b30 [PR #9997/8c36b51 backport][3.11] Restore the force_close method to the `...
• 81c33ec [PR #9991/7bbbd126 backport][3.11] Increase allowed benchmark run time to 7 m...
• 25b49dc Increment version to 3.11.6.dev0 (#9993)
• Additional commits viewable in compare view

Updates aioresponses from 0.7.6 to 0.7.7

Commits

• 03ecf38 fix: invalid rst code
• 827d4c2 Merge pull request #262 from bdraco/3110_compat
• e909123 Fix compat with aiohttp 3.11.0+
• b83af20 Merge pull request #233 from outp1/master
• 64a4190 Merge pull request #251 from chs2/feat/callable-raise-for-status
• bd79310 Merge pull request #256 from DanielNoord/patch-1
• cee22fc Update __version__ to latest released version
• bb940b4 Merge pull request #254 from gaby/packaging
• 3e89430 Add packaging to requirements.txt
• 91019b4 feat: support raise_for_status as callable
• Additional commits viewable in compare view

Updates coverage from 7.6.4 to 7.6.8

Changelog

Sourced from coverage's changelog.

Version 7.6.8 — 2024-11-23

• Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn't true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896_.

• Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, "line 4 didn't jump to line 5 because line 4 was never true, and it didn't jump to line 7 because line 4 was always true." This was also shown in issue 1896_.

.. _issue 1896: nedbat/coveragepy#1896

.. _changes_7-6-7:

Version 7.6.7 — 2024-11-15

• Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn.

.. _changes_7-6-6:

Version 7.6.6 — 2024-11-15

• One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891_. The assert has been removed.

.. _issue 1891: nedbat/coveragepy#1891

.. _changes_7-6-5:

Version 7.6.5 — 2024-11-14

• Fix: fine-tuned the exact Python version (3.12.6) when exiting from with statements changed how they traced. This affected whether people saw the fix for issue 1880_.

• Fix: isolate our code more from mocking in the os module that in rare cases can cause bizarre behavior <pytest-cov-666_>_.

• Refactor: some code unreachable code paths in parser.py were changed to

... (truncated)

Commits

• 6134266 docs: sample HTML for 7.6.8
• 041f963 docs: prep for 7.6.8
• 7fe48b6 build: don't search generated report files
• f219144 docs: start changelog entries with capital letters
• d1a916a fix: a line that branches nowhere must always raise an exception
• 2ace7a2 fix: don't assume 'no branches' means 'not executed' #1896
• 3ed5915 style: all of ci should use underscores
• 0db86f2 build: automate updating readthedocs
• 2a89551 chore: make upgrade (not sure why files became absolute)
• ba9c157 chore: make doc_upgrade
• Additional commits viewable in compare view

Updates poetry from 1.8.3 to 1.8.4

Release notes

Sourced from poetry's releases.

1.8.4

Added

• Add official support for Python 3.13 (#9523).

Changed

• Require virtualenv>=20.26.6 to mitigate potential command injection when running poetry shell in untrusted projects (#9757).

poetry-core (1.9.1)

• Add 3.13 to the list of available Python versions (#747).

Changelog

Sourced from poetry's changelog.

[1.8.4] - 2024-10-14

Added

• Add official support for Python 3.13 (#9523).

Changed

• Require virtualenv>=20.26.6 to mitigate potential command injection when running poetry shell in untrusted projects (#9757).

poetry-core (1.9.1)

• Add 3.13 to the list of available Python versions (#747).

Commits

• 6a071c1 release: bump version to 1.8.4
• 8d2a341 backport release workflow from main branch
• b8546d7 python 3.13 in workflows (#9523)
• 0329bca Bump virtualenv to 20.26.6
• a2d09a1 fix changelog (#9399)
• See full diff in compare view

Updates tomli from 2.0.2 to 2.1.0

Changelog

Sourced from tomli's changelog.

2.1.0

• Deprecated
  • Instantiating TOMLDecodeError with free-form arguments. msg, doc and pos arguments should be given.
• Added
  • msg, doc, pos, lineno and colno attributes to TOMLDecodeError

Commits

• d6e045b Bump version: 2.0.2 → 2.1.0
• d1d6a85 Add attributes to TOMLDecodeError. Deprecate free-form __init__ args (#238)
• 59ed9ef Add a comment about implicit lru_cache bound
• 9d25b3f Test against Python 3.13 final (#237)
• f57fb66 Add test coverage for text mode error (#231)
• 4be816b Convert tox config to native TOML
• e2f8d2d Merge pull request #233 from hukkin/version-2.0.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[bhearsum]

Dependabot seems immensely broken. It claims to be updating poetry, but it's actually removing it?

[ahal]

The fact that poetry was in poetry.lock in the first place also seems immensely broken. We definitely don't want poetry in there, so I'd be inclined to land this patch regardless of what dependabot is reporting.

[bhearsum]

poetry and its dependencies are getting removed for reasons I don't fully understand. This has happened before though, and hasn't caused issues, and I don't have the energy to debug it at the moment.