build(deps): bump the general group with 2 updates

[dependabot]

Bumps the general group with 2 updates: packaging and wheel.

Updates packaging from 24.1 to 24.2

Release notes

Sourced from packaging's releases.

24.2

What's Changed

• The source is auto-formatted with ruff, not black by @​DimitriPapadopoulos in pypa/packaging#798
• Bump the github-actions group across 1 directory with 3 updates by @​dependabot in pypa/packaging#813
• Apply ruff rules (RUF) by @​DimitriPapadopoulos in pypa/packaging#800
• Fix typo in Version __str__ by @​aryanpingle in pypa/packaging#817
• Bump the github-actions group with 3 updates by @​dependabot in pypa/packaging#819
• Get rid of duplicate test cases by @​DimitriPapadopoulos in pypa/packaging#821
• Fix doc for canonicalize_version and a typo in a docstring by @​Laurent-Dx in pypa/packaging#801
• docs: public/base_version comparison by @​henryiii in pypa/packaging#818
• Apply ruff/bugbear rules (B) by @​DimitriPapadopoulos in pypa/packaging#787
• Apply ruff/pyupgrade rules (UP) by @​DimitriPapadopoulos in pypa/packaging#786
• Add a changelog entry for dropping Python 3.7 support by @​alexwlchan in pypa/packaging#824
• Patch python_full_version unconditionally by @​jaraco in pypa/packaging#825
• Refactor canonicalize_version by @​jaraco in pypa/packaging#793
• Allow creating a SpecifierSet from a list of specifiers by @​pfmoore in pypa/packaging#777
• Fix uninformative error message by @​abravalheri in pypa/packaging#830
• Fix prerelease detection for > and < by @​notatallshaw in pypa/packaging#794
• Bump the github-actions group across 1 directory with 4 updates by @​dependabot in pypa/packaging#839
• Add support for PEP 730 iOS tags. by @​freakboy3742 in pypa/packaging#832
• Update the changelog to reflect 24.1 changes by @​pradyunsg in pypa/packaging#840
• Mention updating changelog in release process by @​pradyunsg in pypa/packaging#841
• Add a comment as to why Metadata.name isn't normalized by @​brettcannon in pypa/packaging#842
• Use !r formatter for error messages with filenames. by @​Carreau in pypa/packaging#844
• PEP 639: Implement License-Expression and License-File by @​ewdurbin in pypa/packaging#828
• Bump the github-actions group with 4 updates by @​dependabot in pypa/packaging#852
• Upgrade to latest mypy by @​hauntsaninja in pypa/packaging#853
• Extraneous quotes by @​ewdurbin in pypa/packaging#848

New Contributors

• @​aryanpingle made their first contribution in pypa/packaging#817
• @​Laurent-Dx made their first contribution in pypa/packaging#801
• @​alexwlchan made their first contribution in pypa/packaging#824
• @​jaraco made their first contribution in pypa/packaging#825
• @​notatallshaw made their first contribution in pypa/packaging#794
• @​freakboy3742 made their first contribution in pypa/packaging#832
• @​Carreau made their first contribution in pypa/packaging#844
• @​ewdurbin made their first contribution in pypa/packaging#828

Full Changelog: pypa/packaging@24.1...24.2

Changelog

Sourced from packaging's changelog.

24.2 - 2024-11-08

* PEP 639: Implement License-Expression and License-File (:issue:`828`)
* Use ``!r`` formatter for error messages with filenames (:issue:`844`)
* Add support for PEP 730 iOS tags (:issue:`832`)
* Fix prerelease detection for ``>`` and ``<`` (:issue:`794`)
* Fix uninformative error message (:issue:`830`)
* Refactor ``canonicalize_version`` (:issue:`793`)
* Patch python_full_version unconditionally (:issue:`825`)
* Fix doc for ``canonicalize_version`` to mention ``strip_trailing_zero`` and a typo in a docstring (:issue:`801`)
* Fix typo in Version ``__str__`` (:issue:`817`)
* Support creating a ``SpecifierSet`` from an iterable of ``Specifier`` objects (:issue:`775`)

Commits

• d8e3b31 Bump for release
• 2de393d Update changelog for release
• 9c66f5c Remove extraneous quotes in f-strings by using !r (#848)
• 4dc334c Upgrade to latest mypy (#853)
• d1a9f93 Bump the github-actions group with 4 updates (#852)
• 029f415 PEP 639: Implement License-Expression and License-File (#828)
• 6c338a8 Use !r formatter for error messages with filenames. (#844)
• 28e7da7 Add a comment as to why Metadata.name isn't normalized (#842)
• ce0d79c Mention updating changelog in release process (#841)
• ac5bdf3 Update the changelog to reflect 24.1 changes (#840)
• Additional commits viewable in compare view

Updates wheel from 0.44.0 to 0.45.0

Release notes

Sourced from wheel's releases.

0.45.0

• Refactored the convert command to not need setuptools to be installed

• Don't configure setuptools logging unless running bdist_wheel

• Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

  Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri)

Changelog

Sourced from wheel's changelog.

Release Notes

0.45.0 (2024-11-08)

• Refactored the convert command to not need setuptools to be installed

• Don't configure setuptools logging unless running bdist_wheel

• Added a redirection from wheel.bdist_wheel.bdist_wheel to setuptools.command.bdist_wheel.bdist_wheel to improve compatibility with setuptools' latest fixes.

  Projects are still advised to migrate away from the deprecated module and import the setuptools' implementation explicitly. (PR by @​abravalheri)

0.44.0 (2024-08-04)

• Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)
• Deprecated the bdist_wheel module, as the code was migrated to setuptools itself

0.43.0 (2024-03-11)

• Dropped support for Python 3.7
• Updated vendored packaging to 24.0

0.42.0 (2023-11-26)

• Allowed removing build tag with wheel tags --build ""
• Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
• Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
• Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

• Updated vendored packaging to 23.2
• Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

• Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
• Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)
• Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

... (truncated)

Commits

• d78f0e3 Created a new release
• f064c69 Added license files for vendored packaging
• 68387af Only configure setuptools logging if bdist_wheel is imported (#641)
• c81f5c9 Refactored the wheel convert command to not require setuptools (#640)
• e43464d Adjusted target Python versions in GitHub CI
• e9894e7 Tweaked pytest settings to make the tracebacks easier to read
• baf6bf8 Removed Cirrus CI configuration
• 28c1ba1 Improved compatibility with future versions of setuptools (#638)
• 9254a4f Exclude @overload and if TYPE_CHECKING: from coverage checks
• d841597 [pre-commit.ci] pre-commit autoupdate (#635)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

requirements.txt

Package	Version	License	Issue Type
packaging	24.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/packaging	24.2	🟢 7.6	Details Check Score Reason Code-Review 🟢 8 Found 22/25 approved changesets -- score normalized to 8 Maintained 🟢 10 19 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 4 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing 🟢 10 project is fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/wheel	0.45.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 9/27 approved changesets -- score normalized to 3 Maintained 🟢 8 9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3

Scanned Files

• requirements.txt

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud