Bump the pip group across 5 directories with 7 updates

[dependabot]

Bumps the pip group with 2 updates in the /pyperformance/data-files/benchmarks/bm_django_template directory: django and sqlparse.
Bumps the pip group with 2 updates in the /pyperformance/data-files/benchmarks/bm_dulwich_log directory: certifi and urllib3.
Bumps the pip group with 1 update in the /pyperformance/data-files/benchmarks/bm_mako directory: mako.
Bumps the pip group with 1 update in the /pyperformance/data-files/benchmarks/bm_sympy directory: mpmath.
Bumps the pip group with 1 update in the /pyperformance/data-files/benchmarks/bm_tornado_http directory: tornado.

Updates django from 3.2.4 to 4.2.21

Commits

• 87175d2 [4.2.x] Bumped version for 4.2.21 release.
• 9cd8028 [4.2.x] Fixed CVE-2025-32873 -- Mitigated potential DoS in strip_tags().
• ca31ca0 [4.2.x] Changed packing recommendation to use pyproject.toml in reusable apps...
• f4bd564 [4.2.x] Adjusted GitHub Action workflow to test Python versions based off pyp...
• 3456eee [4.2.x] Fixed #35980 -- Updated setuptools to normalize package names in buil...
• afe52d8 [4.2.x] Migrated setuptools configuration to pyproject.toml.
• 35c34ed [4.2.x] Removed obsolete rpm-related install code.
• 93973d4 [4.2.x] Added upcoming security release to release notes.
• b3df753 [4.2.x] Refs #36341 -- Added release note for 4.2.21 for fix in wordwrap temp...
• e61e3da [4.2.x] Fixed #36341 -- Preserved whitespaces in wordwrap template filter.
• Additional commits viewable in compare view

Updates sqlparse from 0.4.1 to 0.5.0

Changelog

Sourced from sqlparse's changelog.

Release 0.5.0 (Apr 13, 2024)

Notable Changes

• Drop support for Python 3.5, 3.6, and 3.7.
• Python 3.12 is now supported (pr725, by hugovk).
• IMPORTANT: Fixes a potential denial of service attack (DOS) due to recursion error for deeply nested statements. Instead of recursion error a generic SQLParseError is raised. See the security advisory for details: GHSA-2m57-hf25-phgg The vulnerability was discovered by @​uriyay-jfrog. Thanks for reporting!

Enhancements

• Splitting statements now allows to remove the semicolon at the end. Some database backends love statements without semicolon (issue742).
• Support TypedLiterals in get_parameters (pr749, by Khrol).
• Improve splitting of Transact SQL when using GO keyword (issue762).
• Support for some JSON operators (issue682).
• Improve formatting of statements containing JSON operators (issue542).
• Support for BigQuery and Snowflake keywords (pr699, by griffatrasgo).
• Support parsing of OVER clause (issue701, pr768 by r33s3n6).

Bug Fixes

• Ignore dunder attributes when creating Tokens (issue672).
• Allow operators to precede dollar-quoted strings (issue763).
• Fix parsing of nested order clauses (issue745, pr746 by john-bodley).
• Thread-safe initialization of Lexer class (issue730).
• Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on pr719 by josuc1, thanks for bringing this up!).
• Fix parsing of PRIMARY KEY (issue740).

Other

• Optimize performance of matching function (pr799, by admachainz).

Release 0.4.4 (Apr 18, 2023)

Notable Changes

• IMPORTANT: This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @​erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting!

... (truncated)

Commits

• ddbd0ec Bump version.
• 29f2e0a Raise recursion limit for tests.
• b4a39d9 Raise SQLParseError instead of RecursionError.
• f1bcf2f Update AUHTORS and Changelog.
• e03b74e Fix Function.get_parameters(), add Funtion.get_window()
• 617b8f6 Add OVER clause, and group it into Function (fixes #701)
• d8f8147 Update AUHTORS and Changelog.
• 012c9f1 Optimize sqlparse.utils.imt().
• 46971e5 Fix parsing of PRIMARY KEY (fixes #740).
• fc4b0be Code cleanup.
• Additional commits viewable in compare view

Updates certifi from 2021.5.30 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• Additional commits viewable in compare view

Updates urllib3 from 1.26.5 to 1.26.19

Release notes

Sourced from urllib3's releases.

1.26.19

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

Full Changelog: urllib3/urllib3@1.26.18...1.26.19

Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.

1.26.18

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

1.26.16

• Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954)

1.26.15

• Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645)
• Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899)
• Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901)

1.26.14

• Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850)
• Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module.

1.26.13

• Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.
• Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
• Fixed a deprecation warning when using cryptography v39.0.0.
• Removed the <4 in the Requires-Python packaging metadata field.

1.26.12

• Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.

1.26.11

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors.

⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

• Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.

... (truncated)

Changelog

Sourced from urllib3's changelog.

1.26.19 (2024-06-17)

• Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
• Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)

1.26.18 (2023-10-17)

• Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

1.26.16 (2023-05-23)

• Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) <https://github.com/urllib3/urllib3/pull/2954>_)

1.26.15 (2023-03-10)

• Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) <https://github.com/urllib3/urllib3/issues/2645>__)
• Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ([#2899](https://github.com/urllib3/urllib3/issues/2899) <https://github.com/urllib3/urllib3/issues/2899>__)
• Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) <https://github.com/urllib3/urllib3/issues/2901>__)

1.26.14 (2023-01-11)

• Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) <https://github.com/urllib3/urllib3/issues/2850>__)
• Removed deprecated getheaders() calls in contrib module. Fixed the type hint of PoolKey.key_retries by adding bool to the union. ([#2865](https://github.com/urllib3/urllib3/issues/2865) <https://github.com/urllib3/urllib3/issues/2865>__)

1.26.13 (2022-11-23)

• Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.
• Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
• Fixed a deprecation warning when using cryptography v39.0.0.
• Removed the <4 in the Requires-Python packaging metadata field.

1.26.12 (2022-08-22)

• Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue <https://github.com/urllib3/urllib3/issues/2680>_

... (truncated)

Commits

• d9d85c8 Release 1.26.19
• 8528b63 [1.26] Fix downstream tests (#3409)
• 40b6d16 Merge pull request from GHSA-34jh-p97f-mpxf
• 29cfd02 Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)
• b600643 [1.26] Bump RECENT_DATE (#3404)
• 7e2d389 [1.26] Fix running CPython 2.7 tests in CI (#3137)
• 9c2c230 Release 1.26.18 (#3159)
• b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4
• 944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport
• c9016bf Release 1.26.17
• Additional commits viewable in compare view

Updates mako from 1.1.4 to 1.2.2

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

• [bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

  References: #366

1.2.1

Released: Thu Jun 30 2022

bug

• [bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

  References: #360

misc

• [performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

  References: #361

1.2.0

Released: Thu Mar 10 2022

changed

• [changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

  References: #351

• [changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

• See full diff in compare view

Updates mpmath from 1.2.1 to 1.3.0

Release notes

Sourced from mpmath's releases.

1.3.0

Security issues:

• Fixed ReDOS vulnerability in mpmathify() (CVE-2021-29063) (Vinzent Steinberg)

Features:

• Added quadsubdiv() for numerical integration with adaptive path splitting (Fredrik Johansson)
• Added the Cohen algorithm for inverse Laplace transforms (Guillermo Navas-Palencia)
• Some speedup of matrix multiplication (Fredrik Johansson)
• Optimizations to Carlson elliptic integrals (Paul Masson)
• Added signal functions (squarew(), trianglew(), sawtoothw(), unit_triangle() sigmoidw()) (Nike Dattani, Deyan Mihaylov, Tina Yu)

Bug fixes:

• Correct mpf initialization from tuple for finf and fninf (Sergey B Kirpichev)
• Support QR decomposition for matrices of width 0 and 1 (Clemens Hofreither)
• Fixed some cases where elliprj() gave inaccurate results (Fredrik Johansson)
• Fixed cases where digamma() hangs for complex input (Fredrik Johansson)
• Fixed cases of polylog() with integer-valued parameter with complex type (Fredrik Johansson)
• Fixed fp.nsum() with Euler-Maclaurin algorithm (Fredrik Johansson)

Maintenance:

• Dropped support for Python 3.4 (Sergey B Kirpichev)
• Documentation cleanup (Sergey B Kirpichev)
• Removed obsolete files (Sergey B Kirpichev)
• Added options to runtests.py to skip tests and exit on failure (Jonathan Warner)

Changelog

Sourced from mpmath's changelog.

--1.4.0-- Released TBD

Features:

• Support underscores as digit separators per PEP 515, see #661 (Sergey B Kirpichev)
• Add rationals converter for mpf's, see #666 (Sergey B Kirpichev)
• Rewrite bernpoly/eulerpoly to avoid dependency on bernoulli(1) convention, see #700 (Sergey B Kirpichev)
• Support base kwarg for from_str(), see #703 (Jonathan Warner, Sergey B Kirpichev)
• Support randmatrix() for mp.iv and mp contexts, see #527 (Maximilian Gaukler)
• Added rand() function for matrices, see #610 (Jan-Philipp Hoffmann)
• Add plus flag to select the B_1 sign convention for bernoulli/bernfrac, see #724 (Jeremy Tan Jie Rui, Sergey B Kirpichev)
• Add mpf.as_integer_ratio() method, support construction of mpf from Decimal objects, see #731 (Sergey B Kirpichev)
• Expose lower/upper_gamma functions, see #740 (Sergey B Kirpichev)
• Support mpc initialization from string, see #743 (Sergey B Kirpichev)
• Support asinh/acosh/atanh in the fp context, see #750 (Sergey B Kirpichev)
• Support binary/octal/hexadecimal string output, see #711 (Jonathan Warner, Sergey B Kirpichev)
• Support pickling for matrices and mpi, see #761 (Sergey B Kirpichev)
• Support matrix.array() dunder method, see #767 (Sergey B Kirpichev)
• Support more number syntaxes, see #778 (Sergey B Kirpichev)
• Run mpmath as a module for interactive work, see #773, #923, #931, #936, #939 and #954 (Sergey B Kirpichev)
• Add signed option to to_man_exp(), see #783 (Sergey B Kirpichev)
• Add fp.hypot, see #798 (Sergey B Kirpichev)
• Support inf/nan's in ctx.almosteq(), #802 (Sergey B Kirpichev)
• Implement mpf.format(), see #819, #831, #850, #859, #857, #862, #881 and #944 (Javier Garcia, Sergey B Kirpichev)
• Support conversion from scalar ndarray's, see #821 (Sergey B Kirpichev)
• Support rounding modes in mpf.format, see #823, #831 and #834 (Javier Garcia, Sergey B Kirpichev)
• Support '%' presentation type for mpf, see #847 (Sergey B Kirpichev)
• Support gmpy2-like rounding modes in to_str(), see #830 (Javier Garcia)
• Implement 'a'/'A' formating types for mpf.format, see #841 and #870 (Sergey B Kirpichev)
• Add mpc.format(), see #855 (Sergey B Kirpichev)
• Now mpf.round() returns mpf, see #826 (Sergey B Kirpichev)
• Support 'b' (binary) format type for mpf/mpc, see #867 (Sergey B Kirpichev)
• Implement mpf.floordiv() and mpf.divmod(), see #873 (Sergey B Kirpichev)
• Add parameters for MPContext constructor, see #876 (Sergey B Kirpichev)
• Add MPFR-compatible aliases for rounding modes, see #892 (Sergey B Kirpichev)
• Support negative indexes in matrix, see #897 (Riccardo Orsi)

... (truncated)

Commits

• b5c0450 version 1.3.0
• a27581c Merge pull request #656 from cclauss/patch-2
• 9d7884b don't use .ae method in library code
• 967de83 Downgrade to ubuntu-20.04 for Py35 and Py36
• 6425c6a build: strategy: fail-fast: false
• e2341c7 GitHub Actions: Test on Python 3.11 production release
• 1258e33 fix failing doctests
• b7c15d6 include signals documentation; remove duplicate docstrings
• 1b476ea update doc building instructions
• 5f57beb Merge pull request #646 from cclauss/patch-1
• Additional commits viewable in compare view

Updates tornado from 6.2 to 6.5.1

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0

... (truncated)

Commits

• b5586f3 Merge pull request #3503 from bdarnell/multipart-utf8
• 62c2764 Release notes for v6.5.1
• 170a58a httputil: Fix support for non-latin1 filenames in multipart uploads
• ab5f354 Merge pull request #3498 from bdarnell/final-6.5
• 3623024 Final release notes for 6.5.0
• b39b892 Merge pull request #3497 from bdarnell/multipart-log-spam
• cc61050 httputil: Raise errors instead of logging in multipart/form-data parsing
• ae4a4e4 asyncio: Preserve contextvars across SelectorThread on Windows (#3479)
• 197ff13 Merge pull request #3496 from bdarnell/undeprecate-set-event-loop
• c3d906c requirements: Upgrade tox to 4.26.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.