Bump the pip group across 4 directories with 16 updates

[dependabot]

Bumps the pip group with 3 updates in the /docs directory: jinja2, pymdown-extensions and tornado.
Bumps the pip group with 6 updates in the /emmet-api/requirements directory:

Package	From	To
certifi	2024.6.2	2024.7.4
cryptography	42.0.8	43.0.0
orjson	3.10.5	3.10.6
pillow	10.3.0	10.4.0
pymatgen	2024.4.13	2024.7.18
pymongo	4.7.3	4.8.0

Bumps the pip group with 14 updates in the /emmet-builders/requirements directory:

Package	From	To
jinja2	3.1.3	3.1.4
certifi	2024.2.2	2024.7.4
cryptography	42.0.2	42.0.4
dnspython	2.5.0	2.6.1
idna	3.6	3.7
orjson	3.9.13	3.9.15
pillow	10.2.0	10.3.0
pymatgen	2024.1.27	2024.2.20
pymongo	4.6.1	4.6.3
requests	2.31.0	2.32.2
tqdm	4.66.1	4.66.3
urllib3	2.0.7	2.2.2
aiohttp	3.9.3	3.9.4
scikit-learn	1.4.0	1.5.0

Bumps the pip group with 3 updates in the /emmet-core/requirements directory: certifi, pillow and pymatgen.

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates pymdown-extensions from 9.7 to 10.0

Release notes

Sourced from pymdown-extensions's releases.

10.0

• Break: Snippets: snippets will restrict snippets to ensure they are under the base_path preventing snippets relative to the base_path but not explicitly under it. restrict_base_path can be set to False for legacy behavior.

9.11

• NEW: Emoji: Update to new CDN and use Twemoji 14.1.2.
• NEW: Snippets: Ignore nested snippet section syntax when including a section.

9.10

• NEW: Blocks: Add new experimental general purpose blocks that provide a framework for creating fenced block containers for specialized parsing. A number of extensions utilizing general purpose blocks are included and are meant to be an alternative to (and maybe one day replace): Admonitions, Details, Definition Lists, and Tabbed. Also adds a new HTML plugin for quick wrapping of content with arbitrary HTML elements.
• NEW: Highlight: When enabling line spans and/or line anchors, if a code block has an ID associated with it, line ids will be generated using that code ID instead of the code block count.
• NEW: Snippets: Expand section syntax to allow section names with - and _.
• NEW: Snippets: When check_paths is enabled, and a specified section is not found, raise an error.
• NEW: Snippets: Add new experimental feature dedent_sections that will de-indent (remove any common leading whitespace from every line in text) from that block of text.
• NEW: MagicLink: Update GitLab links to match recent changes and to be more correct.
• NEW: MagicLink: Relax required hash length when performing link shortening.

9.10b5

• NEW: Blocks: Add type_multi and type_none validators.
• NEW: Blocks: Rename on_parse to on_validate and pass in parent element as context for validation.
• NEW: Blocks: When a block uses raw mode, allow content to be indented to avoid conflicts with HTML parser. raw blocks should be indented and are now documented as such. The results will be dedented up to Python Markdown's tab length, so intentional indentation is still possible. raw blocks with no indentation will still work, but may have conflicts with other extensions.
• FIX: Blocks: Commenting out all YAML options will not cause a block to invalidate.

9.10b4

• NEW: Blocks: Add on_inline_end event.

9.10b3

• NEW: Blocks: Ensure inline mode is handled properly.
• NEW: Blocks: When using raw mode, ensure HTML stashed content is extracted.
• NEW: HTML: The Blocks HTML extension should use inline specifier instead of span.

9.10b2

• NEW: Blocks: Add new experimental general purpose blocks that provide a framework for creating fenced block containers for specialized parsing. A number of extensions utilizing general purpose blocks are included and are meant

... (truncated)

Commits

• 5e75073 Update JS doc deps
• b7bb487 Merge pull request from GHSA-jh85-wwv9-24hv
• a8fb966 Update JS doc deps
• 75d17e3 Update changelog
• c3580c5 Update to use latest Twemoji release (#2004)
• 442011d Update bad links
• 5bda09f Update JS doc deps
• 61b4571 Ignore nested snippet sections (#2003)
• 07e4b90 Corrected a typo: "be" missing (#1991)
• 59efa28 Update JS doc deps
• Additional commits viewable in compare view

Updates tornado from 6.2 to 6.4.1

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0 releases/v2.3.0

... (truncated)

Commits

• 2a0e1d1 Merge pull request #3388 from bdarnell/release-641
• b7af4e8 Release notes and version bump for version 6.4.1
• d65f6e7 Merge pull request #3387 from bdarnell/chunked-parsing
• 8d721a8 httputil: Only strip tabs and spaces from header values
• 7786f09 Merge pull request #3386 from bdarnell/curl-crlf
• fb119c7 http1connection: Stricter handling of transfer-encoding
• b0ffc58 curl_httpclient,http1connection: Prohibit CR and LF in headers
• 0efa9a4 Merge pull request #3385 from bdarnell/update-black
• 2757c6e Merge pull request #3384 from tornadoweb/dependabot/pip/requests-2.32.2
• 291d1b6 *: Update black
• Additional commits viewable in compare view

Updates certifi from 2024.6.2 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• See full diff in compare view

Updates cryptography from 42.0.8 to 43.0.0

Changelog

Sourced from cryptography's changelog.

43.0.0 - 2024-07-20

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
  removed.  Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
  now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
  considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
  now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
  insecure cryptographic primitives.
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
  deprecated in 37.0.0, have been added to this module. They will be removed
  from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
  and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
  :doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
  They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
  :mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
  form of :class:`~cryptography.x509.verification.ClientVerifier`,
  :class:`~cryptography.x509.verification.VerifiedClient`, and
  ``PolicyBuilder``
  :meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
  :attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
  and Certificate Signing Request
  :attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
  to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
  Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
  timezone-aware alternative to the naïve ``datetime`` attribute
  :attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
  :meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
  :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table> 

... (truncated)

Commits

• ebf14f2 bump for 43.0.0 and update changelog (#11311)
• 42788a0 Fix exchange with keys that had Q automatically computed (#11309)
• 2dbdfb8 don't assign unused name (#11310)
• ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
• 4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
• f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
• a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
• 2fe32b2 Bump mypy from 1.10.1 to 1.11.0 (#11303)
• ee24e82 Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)
• 7249ccd Bump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)
• Additional commits viewable in compare view

Updates orjson from 3.10.5 to 3.10.6

Release notes

Sourced from orjson's releases.

3.10.6

Changed

• Improve performance.

Changelog

Sourced from orjson's changelog.

3.10.6 - 2024-07-02

Changed

• Improve performance.

Commits

• c24e4ab 3.10.6
• c369ea4 str various refactor and perf
• 9382058 xxh3_64()
• 95c86e5 cargo update, build misc
• See full diff in compare view

Updates pillow from 10.3.0 to 10.4.0

Release notes

Sourced from pillow's releases.

10.4.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.4.0.html

Changes

• Raise FileNotFoundError if show_file() path does not exist #8178 [@​radarhere]
• Improved reading 16-bit TGA images with colour #7965 [@​Yay295]
• Fixed processing multiple JPEG EXIF markers #8127 [@​radarhere]
• Do not preserve EXIFIFD tag by default when saving TIFF images #8110 [@​radarhere]
• Added ImageFont.load_default_imagefont() #8086 [@​radarhere]
• Added Image.WARN_POSSIBLE_FORMATS #8063 [@​radarhere]
• Do not presume "xmp" info simply because "XML:com.adobe.xmp" info exists #8173 [@​radarhere]
• Remove zero-byte end padding when parsing any XMP data #8171 [@​radarhere]
• Do not detect Ultra HDR images as MPO #8056 [@​radarhere]
• Raise SyntaxError specific to JP2 #8146 [@​Yay295]
• Do not use first frame duration for other frames when saving APNG images #8104 [@​radarhere]
• Consider I;16 pixel size when using a 1 mode mask #8112 [@​radarhere]
• When saving multiple PNG frames, convert to mode rather than raw mode #8087 [@​radarhere]
• Added byte support to FreeTypeFont #8141 [@​radarhere]
• Allow float center for rotate operations #8114 [@​radarhere]
• Do not read layers immediately when opening PSD images #8039 [@​radarhere]
• Restore original thread state #8065 [@​radarhere]
• Read IM and TIFF images as RGB, rather than RGBX #7997 [@​radarhere]
• Only preserve TIFF IPTC_NAA_CHUNK tag if type is BYTE or UNDEFINED #7948 [@​radarhere]
• Prevent extra EPS header validations #8144 [@​Yay295]
• Clarify ImageDraw2 error message when size is missing #8165 [@​radarhere]
• Support unpacking more rawmodes to RGBA palettes #7966 [@​radarhere]
• Removed support for Qt 5 #8159 [@​radarhere]
• Improve ImageFont.freetype support for XDG directories on Linux #8135 [@​mamg22]
• Improved consistency of XMP handling #8069 [@​radarhere]
• Use pkg-config to help find libwebp and raqm #8142 [@​radarhere]
• Renamed C transform2 to transform #8113 [@​radarhere]
• Updated nasm to 2.16.03 #7990 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8100 [@​pre-commit-ci]
• Updated ImageCms.createProfile colorTemp default and docstring #8096 [@​radarhere]
• Added ImageDraw circle() #8085 [@​void4]
• Don't reuse variable name #8082 [@​Yay295]
• Use functools.cached_property in GifImagePlugin #8037 [@​radarhere]
• Add mypy target to Makefile #8077 [@​Yay295]
• Added Python 3.13 beta wheels #8071 [@​radarhere]
• Parse _version contents instead of using exec() #8050 [@​radarhere]
• Lint fixes #8068 [@​radarhere]
• Fix type errors #8064 [@​radarhere]
• Added MPEG accept function #7999 [@​radarhere]
• Added more modes to Image.MODES #7984 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8044 [@​pre-commit-ci]
• Do not use percent format in strings #8045 [@​radarhere]
• Changed string formatting to f-strings #8043 [@​mrKazzila]
• Removed direct invocation of setup.py #8027 [@​radarhere]
• Update ExifTags.py #8020 [@​CTimmerman]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.4.0 (2024-07-01)

• Raise FileNotFoundError if show_file() path does not exist #8178 [radarhere]

• Improved reading 16-bit TGA images with colour #7965 [Yay295, radarhere]

• Deprecate non-image ImageCms modes #8031 [radarhere]

• Fixed processing multiple JPEG EXIF markers #8127 [radarhere]

• Do not preserve EXIFIFD tag by default when saving TIFF images #8110 [radarhere]

• Added ImageFont.load_default_imagefont() #8086 [radarhere]

• Added Image.WARN_POSSIBLE_FORMATS #8063 [radarhere]

• Remove zero-byte end padding when parsing any XMP data #8171 [radarhere]

• Do not detect Ultra HDR images as MPO #8056 [radarhere]

• Raise SyntaxError specific to JP2 #8146 [Yay295, radarhere]

• Do not use first frame duration for other frames when saving APNG images #8104 [radarhere]

• Consider I;16 pixel size when using a 1 mode mask #8112 [radarhere]

• When saving multiple PNG frames, convert to mode rather than raw mode #8087 [radarhere]

• Added byte support to FreeTypeFont #8141 [radarhere]

• Allow float center for rotate operations #8114 [radarhere]

• Do not read layers immediately when opening PSD images #8039 [radarhere]

... (truncated)

Commits

• 9b4fae7 10.4.0 version bump
• b55d74b Update CHANGES.rst [ci skip]
• 8daf550 Merge pull request #8178 from radarhere/imageshow
• c6d8c58 Merge pull request #7965 from Yay295/patch-3
• c9ec76a Raise FileNotFoundError if show_file() path does not exist
• b48d175 Update CHANGES.rst [ci skip]
• 4d6dff3 Merge pull request #8031 from radarhere/imagingcms_modes
• 70b3815 Merge pull request #8127 from radarhere/multiple_exif_markers
• 88cd6d4 Rearranged comments
• 41426a6 Merge pull request #8110 from radarhere/exififd
• Additional commits viewable in compare view

Updates pymatgen from 2024.4.13 to 2024.7.18

Release notes

Sourced from pymatgen's releases.

v2024.7.18

layout: default title: Change Log

v2024.6.10

layout: default title: Change Log

v2024.6.4

What's Changed

🐛 Bug Fixes

• Run CI with two different uv resolution strategies: highest and lowest-direct by @​janosh in materialsproject/pymatgen#3852
• Fix filter condition for warn msg of unphysical site occupancy in io.cif by @​DanielYang59 in materialsproject/pymatgen#3853

🛠 Enhancements

• Add new .pmgrc.yaml setting PMG_VASP_PSP_SUB_DIRS: dict[str, str] by @​janosh in materialsproject/pymatgen#3858

📖 Documentation

• Clarify argument shift for SlabGenerator.get_slab by @​DanielYang59 in materialsproject/pymatgen#3748

🚧 CI

• Add CI run without 'optional' deps installed by @​janosh in materialsproject/pymatgen#3857

Full Changelog: materialsproject/pymatgen@v2024.5.31...v2024.6.4

v2024.5.31

What's Changed

🐛 Bug Fixes

• Make Beautifulsoup optional by @​ab5424 in materialsproject/pymatgen#3774
• Fix overlayed subplots in BSPlotterProjected.get_projected_plots_dots() by @​janosh in materialsproject/pymatgen#3798
• Fix _get_dipole_info for DDEC6 ChargemolAnalysis and add test case by @​JonathanSchmidt1 in materialsproject/pymatgen#3801
• Cp2kOutput.parse_initial_structure() use regex for line matching to allow arbitrary white space between Atom/Kind/Element/... by @​janosh in materialsproject/pymatgen#3810
• Fix the minor document error in POTCAR Setup. by @​hongyi-zhao in materialsproject/pymatgen#3834
• Use isclose over == for overlap position check in SlabGenerator.get_slabs by @​DanielYang59 in materialsproject/pymatgen#3825
• [Deprecation] Replace Element property is_rare_earth_metal with is_rare_earth to include Y and Sc by @​DanielYang59 in materialsproject/pymatgen#3817

🛠 Enhancements

• Add is_radioactive property to Element class by @​AntObi in materialsproject/pymatgen#3804
• Add a from_ase_atoms() method to Structure by @​Andrew-S-Rosen in materialsproject/pymatgen#3812
• Adapt to the latest version of PWmat output file by @​lhycms in materialsproject/pymatgen#3823
• Update VASP sets to transition atomate2 to use pymatgen input sets exclusively by @​esoteric-ephemera in materialsproject/pymatgen#3835 (slightly breaking, see #3860 for details)

📖 Documentation

• Imperative get_... method and @property doc strings by @​janosh in materialsproject/pymatgen#3802
• Doc string standardization by @​janosh in materialsproject/pymatgen#3805

🧹 House-Keeping

• Add types for core.(molecular_orbitals|operations|sites|spectrum|tensor|xcfunc) by @​DanielYang59 in materialsproject/pymatgen#3829
• Move test structures out of util directory by @​DanielYang59 in materialsproject/pymatgen#3831

🧪 Tests

• Improve type annotations for core.(trajectory/units) by @​DanielYang59 in materialsproject/pymatgen#3832

... (truncated)

Changelog

Sourced from pymatgen's changelog.

v2024.7.18

• Fix setuptools for packaging (#3934)
• Improve Keep Redundant Spaces algorithm for PatchedPhaseDiagram (#3900)
• Add electronic structure methods for Species (#3902)
• Migrate spglib to new SpglibDataset format with version 2.5.0 (#3923)
• SpaceGroup changes (#3859)
• Add MD input set to FHI-aims (#3896)

v2024.6.10

• Fix bug in update_charge_from_potcar (#3866)
• Fix bug in VASP parameter parsing (@​mkhorton)
• Add strict_anions option to MaterialsProject2020Compatibility (@​mkhorton)
• Slightly more robust MSONAtoms handling (@​Andrew-S-Rosen)
• Bug fix: handle non-integer oxidation states in Species (@​esoteric-ephemera)
• Revert change that removed test structure files from pymatgen source.

v2024.6.4

🐛 Bug Fixes

• Run CI with two different uv resolution strategies: highest and lowest-direct by @​janosh in materialsproject/pymatgen#3852
• Fix filter condition for warn msg of unphysical site occupancy in io.cif by @​DanielYang59 in materialsproject/pymatgen#3853

🛠 Enhancements

• Add new .pmgrc.yaml setting PMG_VASP_PSP_SUB_DIRS: dict[str, str] by @​janosh in materialsproject/pymatgen#3858

📖 Documentation

• Clarify argument shift for SlabGenerator.get_slab by @​DanielYang59 in materialsproject/pymatgen#3748

🚧 CI

• Add CI run without 'optional' deps installed by @​janosh in materialsproject/pymatgen#3857

Full Changelog: materialsproject/pymatgen@v2024.5.31...v2024.6.4

2024.5.31

🐛 Bug Fixes

• Make Beautifulsoup optional by @​ab5424 in materialsproject/pymatgen#3774
• Fix overlayed subplots in BSPlotterProjected.get_projected_plots_dots() by @​janosh in materialsproject/pymatgen#3798
• Fix _get_dipole_info for DDEC6 ChargemolAnalysis and add test case by @​JonathanSchmidt1 in materialsproject/pymatgen#3801
• Cp2kOutput.parse_initial_structure() use regex for line matching to allow arbitrary white space between Atom/Kind/Element/... by @​janosh in materialsproject/pymatgen#3810
• Fix the minor document error in POTCAR Setup. by @​hongyi-zhao in materialsproject/pymatgen#3834
• Use isclose over == for overlap position check in SlabGenerator.get_slabs by @​DanielYang59 in materialsproject/pymatgen#3825
• [Deprecation] Replace Element property is_rare_earth_metal with is_rare_earth to include Y and Sc by @​DanielYang59 in materialsproject/pymatgen#3817

🛠 Enhancements

... (truncated)

Commits

• 27d90b7 Update docs
• 380d2f2 [Hot Fix] Fix setuptools for pymatgen packaging (#3934)
• 0234182 Improve Keep Redundant Spaces algorithm for PatchedPhaseDiagram (#3900)
• 454aa5e Add electronic structure methods for Species (#3902)
• 58e8a35 Migrate spglib to new SpglibDataset format with version 2.5.0 (#3923)
• 106e8f5 Fix analyzer tests.
• e9e6e34 Set mac test to 3.10.
• f3cd079 Use >3,9
• a1e774b Use 3.x designation in python version to test latest version on ubuntu
• d0ed5d7 Use newer pytjon for linting.
• Additional commits viewable in compare view

Updates pymongo from 4.7.3 to 4.8.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.8.0

Changes in Version 4.8.0

PyMongo 4.8 brings a number of improvements including:

• The handshake metadata for "os.name" on Windows has been simplified to "Windows" to improve import time.
• The repr of bson.binary.Binary is now redacted when the subtype is SENSITIVE_SUBTYPE(8).
• Secure Software Development Life Cycle automation for release process. GitHub Releases now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.
• Fixed a bug in change streams where both startAtOperationTime and resumeToken could be added to a retry attempt, which caused the retry to fail.
• Fallback to stdlib ssl module when pyopenssl import fails with AttributeError.
• Improved performance of MongoClient operations, especially when many operations are being run concurrently.

Unavoidable breaking changes

• Since we are now using hatch as our build backend, we no longer have a usable setup.py file and require installation using pip. Attempts to invoke the setup.py file will raise an exception. Additionally, pip >= 21.3 is now required for editable installs.

Issues Resolved

See the PyMongo 4.8 release notes in JIRA for the list of resolved issues in this release.

---

Full Changelog: mongodb/mongo-python-driver@4.7.1...4.8.0

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.8.0

.. warning:: PyMongo 4.8 drops support for Python 3.7 and PyPy 3.8: Python 3.8+ or PyPy 3.9+ is now required.

PyMongo 4.8 brings a number of improvements including:

• The handshake metadata for "os.name" on Windows has been simplified to "Windows" to improve import time.
• The repr of bson.binary.Binary is now redacted when the subtype is SENSITIVE_SUBTYPE(8).
• Secure Software Development Life Cycle automation for release process. GitHub Releases now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.
• Fixed a bug in change streams where both startAtOperationTime and resumeToken could be added to a retry attempt, which caused the retry to fail.
• Fallback to stdlib ssl module when pyopenssl import fails with AttributeError.
• Improved performance of MongoClient operations, especially when many operations are being run concurrently.

Unavoidable breaking changes ............................

• Since we are now using hatch as our build backend, we no longer have a usable setup.py file and require installation using pip. Attempts to invoke the setup.py file will raise an exception. Additionally, pip >= 21.3 is now required for editable installs.

Issues Resolved ...............

See the PyMongo 4.8 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.8 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37057

Commits

• d504d14 BUMP 4.8.0
• ab9e748 PYTHON-4515 Improve 4.8 changelog (#1713)
• 2fdf707 PYTHON-4507 [v4.8] pip>=21.3 is required for editable installs (#1711)
• 5139adb PYTHON-4515 [v4.8] Update changelog for 4.8 (#1710)
• b3c55ff BUMP 4.8.0.dev1
• 113b9da BUMP 4.8.0b0
• 585411a PYTHON-4388 [v4.8] Fix security events handling in release workflow again (#1...
• f1f4938 PYTHON-4388 [v4.8] Fix permissions in release workflow (#1708)
• a0d232b PYTHON-4499 [v4.8] Log pymongo.connection at DEBUG without EventListeners (#1...
• 14ed482 PYTHON-4388 [v4.8] Fix dist handling in SSDLC workflow (#1706)
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, lin...

  Description has been truncated