Closed Bug 1843193 Opened 2 years ago Closed 2 years ago

[wpt-sync] Sync PR 41006 - Bump jsonschema from 4.17.3 to 4.18.2 in /tools

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 41006 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/41006
Details from upstream follow.

dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> wrote:

Bump jsonschema from 4.17.3 to 4.18.2 in /tools

Bumps jsonschema from 4.17.3 to 4.18.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/releases">jsonschema's releases</a>.</em></p>
<blockquote>
<h2>v4.18.2</h2>
<!-- raw HTML omitted -->
<ul>
<li>Fix an additional regression with the deprecated <code>jsonschema.RefResolver</code> and pointer resolution.</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.1...v4.18.2">https://github.com/python-jsonschema/jsonschema/compare/v4.18.1...v4.18.2</a></p>
<h2>v4.18.1</h2>
<!-- raw HTML omitted -->
<ul>
<li>Fix a regression with jsonschema.RefResolver based resolution when used in combination with a custom validation dialect (via jsonschema.validators.create).</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.0...v4.18.1">https://github.com/python-jsonschema/jsonschema/compare/v4.18.0...v4.18.1</a></p>
<h2>v4.18.0</h2>
<h2>What's Changed</h2>
<p>This release majorly rehauls the way in which JSON Schema reference resolution is configured.
It does so in a way that <em>should</em> be backwards compatible, preserving old behavior whilst emitting deprecation warnings.</p>
<ul>
<li><code>jsonschema.RefResolver</code> is now deprecated in favor of the new <a href="https://github.com/python-jsonschema/referencing/">referencing library</a>.
<code>referencing</code> will begin in beta, but already is more compliant than the existing <code>$ref</code> support.
This change is a culmination of a meaningful chunk of work to make <code>$ref</code> resolution more flexible and more correct.
Backwards compatibility <em>should</em> be preserved for existing code which uses <code>RefResolver</code>, though doing so is again now deprecated, and all such use cases should be doable using the new APIs.
Please file issues on the <code>referencing</code> tracker if there is functionality missing from it, or here on the <code>jsonschema</code> issue tracker if you have issues with existing code not functioning the same, or with figuring out how to change it to use <code>referencing</code>.
In particular, this referencing change includes a change concerning <em>automatic</em> retrieval of remote references (retrieving <code>http://foo/bar</code> automatically within a schema).
This behavior has always been a potential security risk and counter to the recommendations of the JSON Schema specifications; it has survived this long essentially only for backwards compatibility reasons, and now explicitly produces warnings.
The <code>referencing</code> library itself will <em>not</em> automatically retrieve references if you interact directly with it, so the deprecated behavior is only triggered if you fully rely on the default <code>$ref</code> resolution behavior and also include remote references in your schema, which will still be retrieved during the deprecation period (after which they will become an error).</li>
<li>Support for Python 3.7 has been dropped, as it is nearing end-of-life.
This should not be a "visible" change in the sense that <code>requires-python</code> has been updated, so users using 3.7 should still receive <code>v4.17.3</code> when installing the library.</li>
<li>On draft 2019-09, <code>unevaluatedItems</code> now properly does <em>not</em> consider items to be evaluated by an <code>additionalItems</code> schema if <code>items</code> is missing from the schema, as the specification says in this case that <code>additionalItems</code> must be completely ignored.</li>
<li>Fix the <code>date</code> format checker on Python 3.11 (when format assertion behavior is enabled), where it was too liberal (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1076">#1076</a>).</li>
<li>Speed up validation of <code>unevaluatedProperties</code> (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1075">#1075</a>).</li>
</ul>
<h2>Deprecations</h2>
<ul>
<li><code>jsonschema.RefResolver</code> -- see above for details on the replacement</li>
<li><code>jsonschema.RefResolutionError</code> -- see above for details on the replacement</li>
<li>relying on automatic resolution of remote references -- see above for details on the replacement</li>
<li>importing <code>jsonschema.ErrorTree</code> -- instead import it via <code>jsonschema.exceptions.ErrorTree</code></li>
<li>importing <code>jsonschema.FormatError</code> -- instead import it via <code>jsonschema.exceptions.FormatError</code></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/DanielNoord"><code>@​DanielNoord</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1021">python-jsonschema/jsonschema#1021</a></li>
<li><a href="https://github.com/aryanA101a"><code>@​aryanA101a</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1063">python-jsonschema/jsonschema#1063</a></li>
<li><a href="https://github.com/jvtm"><code>@​jvtm</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1076">python-jsonschema/jsonschema#1076</a></li>
<li><a href="https://github.com/ikonst"><code>@​ikonst</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1075">python-jsonschema/jsonschema#1075</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.17.3...v4.18.0">https://github.com/python-jsonschema/jsonschema/compare/v4.17.3...v4.18.0</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst">jsonschema's changelog</a>.</em></p>
<blockquote>
<h1>v4.18.2</h1>
<ul>
<li>Fix an additional regression with the deprecated <code>jsonschema.RefResolver</code> and pointer resolution.</li>
</ul>
<h1>v4.18.1</h1>
<ul>
<li>Fix a regression with <code>jsonschema.RefResolver</code> based resolution when used in combination with a custom validation dialect (via <code>jsonschema.validators.create</code>).</li>
</ul>
<h1>v4.18.0</h1>
<p>This release majorly rehauls the way in which JSON Schema reference resolution is configured.
It does so in a way that <em>should</em> be backwards compatible, preserving old behavior whilst emitting deprecation warnings.</p>
<ul>
<li><code>jsonschema.RefResolver</code> is now deprecated in favor of the new <code>referencing library <https://github.com/python-jsonschema/referencing/&gt;</code>_.
<code>referencing</code> will begin in beta, but already is more compliant than the existing <code>$ref</code> support.
This change is a culmination of a meaningful chunk of work to make <code>$ref</code> resolution more flexible and more correct.
Backwards compatibility <em>should</em> be preserved for existing code which uses <code>RefResolver</code>, though doing so is again now deprecated, and all such use cases should be doable using the new APIs.
Please file issues on the <code>referencing</code> tracker if there is functionality missing from it, or here on the <code>jsonschema</code> issue tracker if you have issues with existing code not functioning the same, or with figuring out how to change it to use <code>referencing</code>.
In particular, this referencing change includes a change concerning <em>automatic</em> retrieval of remote references (retrieving <code>http://foo/bar</code> automatically within a schema).
This behavior has always been a potential security risk and counter to the recommendations of the JSON Schema specifications; it has survived this long essentially only for backwards compatibility reasons, and now explicitly produces warnings.
The <code>referencing</code> library itself will <em>not</em> automatically retrieve references if you interact directly with it, so the deprecated behavior is only triggered if you fully rely on the default <code>$ref</code> resolution behavior and also include remote references in your schema, which will still be retrieved during the deprecation period (after which they will become an error).</li>
<li>Support for Python 3.7 has been dropped, as it is nearing end-of-life.
This should not be a "visible" change in the sense that <code>requires-python</code> has been updated, so users using 3.7 should still receive <code>v4.17.3</code> when installing the library.</li>
<li>On draft 2019-09, <code>unevaluatedItems</code> now properly does <em>not</em> consider items to be evaluated by an <code>additionalItems</code> schema if <code>items</code> is missing from the schema, as the specification says in this case that <code>additionalItems</code> must be completely ignored.</li>
<li>Fix the <code>date</code> format checker on Python 3.11 (when format assertion behavior is enabled), where it was too liberal (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1076">#1076</a>).</li>
<li>Speed up validation of <code>unevaluatedProperties</code> (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1075">#1075</a>).</li>
</ul>
<h2>Deprecations</h2>
<ul>
<li><code>jsonschema.RefResolver</code> -- see above for details on the replacement</li>
<li><code>jsonschema.RefResolutionError</code> -- see above for details on the replacement</li>
<li>relying on automatic resolution of remote references -- see above for details on the replacement</li>
<li>importing <code>jsonschema.ErrorTree</code> -- instead import it via <code>jsonschema.exceptions.ErrorTree</code></li>
<li>importing <code>jsonschema.FormatError</code> -- instead import it via <code>jsonschema.exceptions.FormatError</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/52c2419625e875e7e7c8124bcbfae8cde92bbda3"><code>52c2419</code></a> Fix an additional regression with RefResolver and pointer resolution.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/90ea77961987da03188f5b9972631f89d20c4798"><code>90ea779</code></a> Fix a regression with RefResolver-based resolution in newly created drafts</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/56d57e7d3a7621b27aae50d02cce4e59a5c12599"><code>56d57e7</code></a> Merge pull request <a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1122">#1122</a> from python-jsonschema/pre-commit-ci-update-config</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/6edfe242921a9496af7fe5641607a05cf2868052"><code>6edfe24</code></a> [pre-commit.ci] pre-commit autoupdate</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/273d4dd6ca156bff5da6f45d552ad1104d639e10"><code>273d4dd</code></a> Twewak the build noxenv again.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/4817d36a72d437083e754411e4052bd635fc5bdc"><code>4817d36</code></a> Don't use nox.session.create_tmp.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/7046da13cf41fcfa355fcd68097e75fa03c1f0fc"><code>7046da1</code></a> Make everywhere use the newer attrs APIs.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/e30b48e049c46ca27e2bee54632dda8855c67672"><code>e30b48e</code></a> Minor grammar fix.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/1fe3f9fb86ff1dfbe5c692d6b34bc747a5917539"><code>1fe3f9f</code></a> Merge pull request <a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1111">#1111</a> from python-jsonschema/pre-commit-ci-update-config</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/e2998b73fd7e05b61be9f5a7638d0c6f03ac6a47"><code>e2998b7</code></a> [pre-commit.ci] pre-commit autoupdate</li>
<li>Additional commits viewable in <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.17.3...v4.18.2">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.