Bump the minor-patch-dependencies group with 4 updates

[dependabot]

Bumps the minor-patch-dependencies group with 4 updates: dockerflow, pytest, cryptography and taskcluster.

Updates dockerflow from 2024.1.0 to 2024.2.0

Release notes

Sourced from dockerflow's releases.

2024.2.0

What's Changed

• Add integration for FastAPI by @​grahamalama in mozilla-services/python-dockerflow#81
• Python 3.12 support by @​leplatrem in mozilla-services/python-dockerflow#93
• Stop testing for Python 3.7 by @​leplatrem in mozilla-services/python-dockerflow#94
• Add developer docs and fix release process by @​leplatrem in mozilla-services/python-dockerflow#92

Full Changelog: mozilla-services/python-dockerflow@2024.1.0...2024.2.0

Changelog

Sourced from dockerflow's changelog.

2024.2.0

- Stop testing Python 3.7 ([#94](https://github.com/mozilla-services/python-dockerflow/issues/94))


Add support for Python 3.12 (#93)


Add support for FastAPI >= 0.100 (#81)


Add developer docs and fix release process (#92)

Commits

• 2ba0254 Align upload/download artifacts actions versions
• 6aaf5c1 Do not restrict FastAPI testing to 0.100 only
• 46c490f Update changelog for 2024.2.0
• 9f6a0ec Add integration for FastAPI (#81)
• 6c032ec Python 3.12 support (#93)
• 2c729ff Stop testing for Python 3.7 (#94)
• 997f481 Add developer docs and fix release process (#92)
• See full diff in compare view

Updates pytest from 8.0.1 to 8.0.2

Release notes

Sourced from pytest's releases.

8.0.2

pytest 8.0.2 (2024-02-24)

Bug Fixes

• #11895: Fix collection on Windows where initial paths contain the short version of a path (for example c:\PROGRA~1\tests).
• #11953: Fix an IndexError crash raising from getstatementrange_ast.
• #12021: Reverted a fix to [--maxfail]{.title-ref} handling in pytest 8.0.0 because it caused a regression in pytest-xdist whereby session fixture teardowns may get executed multiple times when the max-fails is reached.

Commits

• 31afeeb Prepare release version 8.0.2
• 1b00a2f Merge pull request #12025 from pytest-dev/backport-12022-to-8.0.x
• ff2f66d [8.0.x] Revert "Fix teardown error reporting when --maxfail=1 (#11721)"
• 8a8eed6 [8.0.x] Fix collection of short paths on Windows (#12024)
• 74346f0 [8.0.x] Allow Sphinx 7.x (#12005)
• b7657b4 [8.0.x] Disallow Sphinx 6 and 7 (#12001)
• feb7c5e Merge pull request #11999 from pytest-dev/backport-11996-to-8.0.x
• 0909655 [8.0.x] code: fix IndexError crash in getstatementrange_ast
• 68524d4 Merge pull request #11993 from pytest-dev/release-8.0.1
• See full diff in compare view

Updates cryptography from 42.0.4 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23

* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:

Commits

• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• See full diff in compare view

Updates taskcluster from 60.3.5 to 60.4.0

Release notes

Sourced from taskcluster's releases.

v60.4.0

USERS

▶ [minor] #6845 D2G now provides support for the (discontinued) disableSeccomp capability which was removed from Docker Worker, but was still used by the bugmon fuzzing project in the Community taskcluster environment. This was added to ease the migration path of this project from Docker Worker to Generic Worker.

▶ [patch] #6848 Fix an issue where an interactive session would close up when the shell would output invalid UTF-8.

▶ [patch] #6850 Add a proper TERM environment variable to interative sessions. This helps with some ncurses apps and tmux for example.

OTHER

▶ Additional change not described here: #6852.

Automated Package Updates

• build(deps): bump ip from 2.0.0 to 2.0.1 (34cb19df2)
• build(deps): bump ip from 1.1.5 to 1.1.9 in /ui (98d1c2c37)
• build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client-test (360fdb2af)
• build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client (19094b0d6)

Changelog

Sourced from taskcluster's changelog.

v60.4.0

USERS

▶ [minor] #6845 D2G now provides support for the (discontinued) disableSeccomp capability which was removed from Docker Worker, but was still used by the bugmon fuzzing project in the Community taskcluster environment. This was added to ease the migration path of this project from Docker Worker to Generic Worker.

▶ [patch] #6848 Fix an issue where an interactive session would close up when the shell would output invalid UTF-8.

▶ [patch] #6850 Add a proper TERM environment variable to interative sessions. This helps with some ncurses apps and tmux for example.

OTHER

▶ Additional change not described here: #6852.

Automated Package Updates

• build(deps): bump ip from 2.0.0 to 2.0.1 (34cb19df2)
• build(deps): bump ip from 1.1.5 to 1.1.9 in /ui (98d1c2c37)
• build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client-test (360fdb2af)
• build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client (19094b0d6)

Commits

• f552773 v60.4.0
• a12793e Merge pull request #6853 from taskcluster/issue6852
• e9ee3b9 Merge pull request #6851 from Eijebong/add-term-env-variable-to-interactive
• 6578f7a Merge pull request #6846 from taskcluster/issue6845
• c306f37 Issue 6852 - increase max retry count in TestExponentialBackoffFailure
• 2bbbbb2 Collapse diffs for generated d2g code in PRs
• 8535ebd D2G: add test for disableSeccomp
• b9afcbb Merge pull request #6849 from Eijebong/fix-invalid-utf8-interactive
• e04e4d9 Add a proper TERM environment variable to interactive sessions
• 999c35f Don't close the websocket when invalid UTF-8 is output by an interactive session
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The minor update of this production dependency was not automatically approved. For production dependencies, these semver updates can be automatically approved: patch