Closed Bug 1846886 Opened 2 years ago Closed 2 years ago

[wpt-sync] Sync PR 41307 - Bump jsonschema from 4.17.3 to 4.18.6 in /tools

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 41307 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/41307
Details from upstream follow.

dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> wrote:

Bump jsonschema from 4.17.3 to 4.18.6 in /tools

Bumps jsonschema from 4.17.3 to 4.18.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/releases">jsonschema's releases</a>.</em></p>
<blockquote>
<h2>v4.18.6</h2>
<!-- raw HTML omitted -->
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.5...v4.18.6">https://github.com/python-jsonschema/jsonschema/compare/v4.18.5...v4.18.6</a></p>
<h2>v4.18.5</h2>
<!-- raw HTML omitted -->
<ul>
<li>Declare support for Py3.12</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.4...v4.18.5">https://github.com/python-jsonschema/jsonschema/compare/v4.18.4...v4.18.5</a></p>
<h2>v4.18.4</h2>
<!-- raw HTML omitted -->
<ul>
<li>Improve the hashability of wrapped referencing exceptions when they contain hashable data.</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.3...v4.18.4">https://github.com/python-jsonschema/jsonschema/compare/v4.18.3...v4.18.4</a></p>
<h2>v4.18.3</h2>
<!-- raw HTML omitted -->
<ul>
<li>Properly preserve <code>applicable_validators</code> in extended validators.
Specifically, validators extending early drafts where siblings of <code>$ref</code> were ignored will properly ignore siblings in the extended validator.</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.2...v4.18.3">https://github.com/python-jsonschema/jsonschema/compare/v4.18.2...v4.18.3</a></p>
<h2>v4.18.2</h2>
<!-- raw HTML omitted -->
<ul>
<li>Fix an additional regression with the deprecated <code>jsonschema.RefResolver</code> and pointer resolution.</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.1...v4.18.2">https://github.com/python-jsonschema/jsonschema/compare/v4.18.1...v4.18.2</a></p>
<h2>v4.18.1</h2>
<!-- raw HTML omitted -->
<ul>
<li>Fix a regression with jsonschema.RefResolver based resolution when used in combination with a custom validation dialect (via jsonschema.validators.create).</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.18.0...v4.18.1">https://github.com/python-jsonschema/jsonschema/compare/v4.18.0...v4.18.1</a></p>
<h2>v4.18.0</h2>
<h2>What's Changed</h2>
<p>This release majorly rehauls the way in which JSON Schema reference resolution is configured.
It does so in a way that <em>should</em> be backwards compatible, preserving old behavior whilst emitting deprecation warnings.</p>
<ul>
<li><code>jsonschema.RefResolver</code> is now deprecated in favor of the new <a href="https://github.com/python-jsonschema/referencing/">referencing library</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst">jsonschema's changelog</a>.</em></p>
<blockquote>
<h1>v4.18.6</h1>
<ul>
<li>Set a <code>jsonschema</code> specific user agent when automatically retrieving remote references (which is deprecated).</li>
</ul>
<h1>v4.18.5</h1>
<ul>
<li>Declare support for Py3.12</li>
</ul>
<h1>v4.18.4</h1>
<ul>
<li>Improve the hashability of wrapped referencing exceptions when they contain hashable data.</li>
</ul>
<h1>v4.18.3</h1>
<ul>
<li>Properly preserve <code>applicable_validators</code> in extended validators.
Specifically, validators extending early drafts where siblings of <code>$ref</code> were ignored will properly ignore siblings in the extended validator.</li>
</ul>
<h1>v4.18.2</h1>
<ul>
<li>Fix an additional regression with the deprecated <code>jsonschema.RefResolver</code> and pointer resolution.</li>
</ul>
<h1>v4.18.1</h1>
<ul>
<li>Fix a regression with <code>jsonschema.RefResolver</code> based resolution when used in combination with a custom validation dialect (via <code>jsonschema.validators.create</code>).</li>
</ul>
<h1>v4.18.0</h1>
<p>This release majorly rehauls the way in which JSON Schema reference resolution is configured.
It does so in a way that <em>should</em> be backwards compatible, preserving old behavior whilst emitting deprecation warnings.</p>
<ul>
<li><code>jsonschema.RefResolver</code> is now deprecated in favor of the new <code>referencing library <https://github.com/python-jsonschema/referencing/&gt;</code>_.
<code>referencing</code> will begin in beta, but already is more compliant than the existing <code>$ref</code> support.
This change is a culmination of a meaningful chunk of work to make <code>$ref</code> resolution more flexible and more correct.
Backwards compatibility <em>should</em> be preserved for existing code which uses <code>RefResolver</code>, though doing so is again now deprecated, and all such use cases should be doable using the new APIs.
Please file issues on the <code>referencing</code> tracker if there is functionality missing from it, or here on the <code>jsonschema</code> issue tracker if you have issues with existing code not functioning the same, or with figuring out how to change it to use <code>referencing</code>.
In particular, this referencing change includes a change concerning <em>automatic</em> retrieval of remote references (retrieving <code>http://foo/bar</code> automatically within a schema).
This behavior has always been a potential security risk and counter to the recommendations of the JSON Schema specifications; it has survived this long essentially only for backwards compatibility reasons, and now explicitly produces warnings.
The <code>referencing</code> library itself will <em>not</em> automatically retrieve references if you interact directly with it, so the deprecated behavior is only triggered if you fully rely on the default <code>$ref</code> resolution behavior and also include remote references in your schema, which will still be retrieved during the deprecation period (after which they will become an error).</li>
<li>Support for Python 3.7 has been dropped, as it is nearing end-of-life.
This should not be a "visible" change in the sense that <code>requires-python</code> has been updated, so users using 3.7 should still receive <code>v4.17.3</code> when installing the library.</li>
<li>On draft 2019-09, <code>unevaluatedItems</code> now properly does <em>not</em> consider items to be evaluated by an <code>additionalItems</code> schema if <code>items</code> is missing from the schema, as the specification says in this case that <code>additionalItems</code> must be completely ignored.</li>
<li>Fix the <code>date</code> format checker on Python 3.11 (when format assertion behavior is enabled), where it was too liberal (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1076">#1076</a>).</li>
<li>Speed up validation of <code>unevaluatedProperties</code> (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1075">#1075</a>).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/4e999e07080a654d15e2e92757d8f07f741429b9"><code>4e999e0</code></a> Set a library-specific user agent when automatically retrieving $refs.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/4fdc3658207a3ca15efb72740d3b1c310098d140"><code>4fdc365</code></a> Declare support for 3.12.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/d012f8fb958881f3522303be44e674fb77c230e8"><code>d012f8f</code></a> Avoid a spurious DeprecationWarning in the docs build.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/b3f9d0ece6146bfd52e5de67aeb6a04563dd74e7"><code>b3f9d0e</code></a> Make the noxfile support passing a less temporary directory for building docs.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/a7ebc41ac92537741beb2cba70b9bb359d1fdbc6"><code>a7ebc41</code></a> Merge pull request <a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1147">#1147</a> from python-jsonschema/pre-commit-ci-update-config</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/0a97e181a5ca6adcce14aeea76d850bacda83bda"><code>0a97e18</code></a> [pre-commit.ci] pre-commit autoupdate</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/d8744fe9f1aaf1790fd53c2b39e230500bd36d36"><code>d8744fe</code></a> Enable another ruff ruleset.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/8dbcf2a37630b50d2376a9d67af3f07022f9f4d1"><code>8dbcf2a</code></a> More correct listing of nox envs for the GitHub actions workflow</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/28778ee2e1677cf91296395e55a9548bdf1d6096"><code>28778ee</code></a> Update docs requirements, fixing the noxenv to do so.</li>
<li><a href="https://github.com/python-jsonschema/jsonschema/commit/7a2da6bd0d38b3a4d4822f1326c03d7b3e9bc440"><code>7a2da6b</code></a> Pull in another microbenchmark that can be improved later.</li>
<li>Additional commits viewable in <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.17.3...v4.18.6">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

PR 41307 applied with additional changes from upstream: a892853388f877b7dd240283fd671d503fd4cba0
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.