Deps: Bump the python-packages group with 11 updates

[dependabot]

Bumps the python-packages group with 11 updates:

Package	From	To
django	2.2.28	4.2.5
djangorestframework	3.11.2	3.14.0
weasyprint	59.0	60.1
rope	1.9.0	1.10.0
pylint	2.17.5	2.17.7
cffi	1.15.1	1.16.0
charset-normalizer	3.2.0	3.3.0
fonttools	4.42.1	4.43.0
packaging	23.1	23.2
rich	13.5.3	13.6.0
urllib3	2.0.4	2.0.5

Updates django from 2.2.28 to 4.2.5

Commits

• b8b2f74 [4.2.x] Bumped version for 4.2.5 release.
• 9c51b4d [4.2.x] Fixed CVE-2023-41164 -- Fixed potential DoS in django.utils.encoding....
• acfb427 [4.2.x] Fixed #34803 -- Fixed queryset crash when filtering againts deeply ne...
• 55a0b9c [4.2.x] Added stub release notes and release date for 4.2.5, 4.1.11, and 3.2.21.
• 8e8c318 [4.2.x] Avoided counting exceptions in AsyncClient docs.
• dcb9d7a [4.2.x] Improved formset docs by using a set instead of a list in the custom ...
• f55b420 [4.2.x] Fixed #34781 -- Updated logging ref docs for django.server's request ...
• 46b2b08 [4.2.x] Fixed #34779 -- Avoided unnecessary selection of non-nullable m2m fie...
• d34db66 [4.2.x] Fixed #34773 -- Fixed syncing DEFAULT_FILE_STORAGE/STATICFILES_STORAG...
• a22aeef [4.2.x] Fixed #15799 -- Doc'd that Storage._open() should raise FileNotFoundE...
• Additional commits viewable in compare view

Updates djangorestframework from 3.11.2 to 3.14.0

Release notes

Sourced from djangorestframework's releases.

Version 3.14.0

• Django 2.2 is no longer supported. #8662
• Django 4.1 compatibility. #8591
• Add --api-version CLI option to generateschema management command. #8663
• Enforce is_valid(raise_exception=False) as a keyword-only argument. #7952
• Stop calling set_context on Validators. #8589
• Return NotImplemented from ErrorDetails.__ne__. #8538
• Don't evaluate DateTimeField.default_timezone when a custom timezone is set. #8531
• Make relative URLs clickable in Browseable API. #8464
• Support ManyRelatedField falling back to the default value when the attribute specified by dot notation doesn't exist. Matches ManyRelatedField.get_attribute to Field.get_attribute. #7574
• Make schemas.openapi.get_reference public. #7515
• Make ReturnDict support dict union operators on Python 3.9 and later. #8302
• Update throttling to check if request.user is set before checking if the user is authenticated. #8370

Version 3.13.1

• Revert schema naming changes with function based @api_view. #8297

Version 3.13.0

• Django 4.0 compatability. #8178
• Add max_length and min_length options to ListSerializer. #8165
• Add get_request_serializer and get_response_serializer hooks to AutoSchema. #7424
• Fix OpenAPI representation of null-able read only fields. #8116
• Respect UNICODE_JSON setting in API schema outputs. #7991
• Fix for RemoteUserAuthentication. #7158
• Make Field constructors keyword-only. #7632

3.12.4

No release notes provided.

Commits

• 2da473c Add 3.14 announcement to the docs
• 58e0a69 Update setup.py to drop Django 2.2 and update release notes (#8666)
• 11bfda9 both statement have dupplicate bodies (#8633)
• 058424c docs: delete duplicate explanation (#8641)
• eb88dfc Add --api-version CLI option to generateschema (#8663)
• f34f156 Remove old deprecation classes for 3.14 release (#8664)
• c6cafc9 Update release-notes.md
• f8b3f38 Update supported versions for 3.14 release (#8662)
• b658915 Version 3.14.0 proposal (#8599)
• 51f1aff Revert 8552 (#8661)
• Additional commits viewable in compare view

Updates weasyprint from 59.0 to 60.1

Release notes

Sourced from weasyprint's releases.

v60.1

Bug fixes

• #1973: Fix crash caused by wrong UTF-8 indices

Contributors

• Guillaume Ayoub

Backers and sponsors

• Spacinov
• Kobalt
• Grip Angebotssoftware
• Manuel Barkhau
• SimonSoft
• Menutech
• KontextWork
• NCC Group
• René Fritz
• Nicola Auchmuty
• Syslifters
• Hammerbacher
• TrainingSparkle
• Daniel Kucharski
• Healthchecks.io
• Yanal-Yvez Fargialla
• WakaTime
• Paheko
• Synapsium
• DocRaptor

v60.0

Read about this release on our blog.

New features

• #1903: Print form fields
• #1922: Add support for textLength and lengthAdjust in SVG text elements
• #1965: Handle tag
• #1970: Handle y offset of glyphs
• #1909: Add a --timeout option

Bug fixes

• #1887: Fix footnote-call displayed incorrectly for some fonts
• #1890: Fix page-margin boxes layout algorithm
• #1908: Fix IndexError when rendering PDF version 1.4
• #1906: Apply text transformations to first-letter pseudo elements
• #1915: Avoid footnote appearing before its call

... (truncated)

Changelog

Sourced from weasyprint's changelog.

Version 60.1

Released on 2023-09-29.

Bug fixes:

• [#1973](https://github.com/Kozea/WeasyPrint/issues/1973) <https://github.com/Kozea/WeasyPrint/issues/1973>_: Fix crash caused by wrong UTF-8 indices

Contributors:

• Guillaume Ayoub

Backers and sponsors:

• Spacinov
• Kobalt
• Grip Angebotssoftware
• Manuel Barkhau
• SimonSoft
• Menutech
• KontextWork
• NCC Group
• René Fritz
• Nicola Auchmuty
• Syslifters
• Hammerbacher
• TrainingSparkle
• Daniel Kucharski
• Healthchecks.io
• Yanal-Yvez Fargialla
• WakaTime
• Paheko
• Synapsium
• DocRaptor

Version 60.0

Released on 2023-09-25.

New features:

• [#1903](https://github.com/Kozea/WeasyPrint/issues/1903) <https://github.com/Kozea/WeasyPrint/issues/1903>_: Print form fields
• [#1922](https://github.com/Kozea/WeasyPrint/issues/1922) <https://github.com/Kozea/WeasyPrint/pull/1922>_: Add support for textLength and lengthAdjust in SVG text elements
• [#1965](https://github.com/Kozea/WeasyPrint/issues/1965) <https://github.com/Kozea/WeasyPrint/issues/1965>_:

... (truncated)

Commits

• 01c5e97 Version 60.1
• f5640de Use UTF-8 indices really everywhere
• 563d775 Use "main" as default branch name
• dc6d3fa Version 60.0
• 9596307 Merge pull request #1970 from gauravsamudra/handle-y-offset-of-glyphs
• a8ff8a6 Remove extra line
• cee2a17 Merge pull request #1971 from azhar316/feat-timeout
• d51e211 Fix text rise value
• 29625c6 Fix import order
• 3d91de1 Fix comma removal
• Additional commits viewable in compare view

Updates rope from 1.9.0 to 1.10.0

Changelog

Sourced from rope's changelog.

Release 1.10.0

• #708, #709 Add support for Python 3.12

Commits

• a5fa15b Update CHANGELOG.md
• 0bee51e Bump version
• ef3613b Black
• 00e937c Add build.os key to .readthedocs.yaml
• 3049f35 Update .readthedocs.yaml to use build.tools.python key
• 68630e3 Update readthedocs to use Python 3.11
• cd34ac5 Update current year to 2023
• 11316ec Replace pkg_resources to use importlib
• c4c77d5 Fix deprecation warnings
• 677111a Merge pull request #709 from python-rope/lieryan-py312
• Additional commits viewable in compare view

Updates pylint from 2.17.5 to 2.17.7

Commits

• dade880 Bump pylint to 2.17.7, update changelog (#9084)
• c2907a9 Upgrade astroid to 2.15.8 on 2.17.x branch (#9081)
• aed51a6 Fix crash in refactoring checker from unaryop with variable (#9075) (#9076)
• b8a7cc5 Bump pylint to 2.17.6, update changelog (#9064)
• a88fbd7 Upgrade astroid to 2.15.7
• aea47d1 [unbalanced-tuple-unpacking] Add a regression tests for #7710
• 24786fa Fix Pyreverse duplicate arrows bug (#9029) (#9039)
• 259fbd2 Fix Pyreverse optional annotation bug (#9016) (#9019)
• 094a774 Fix Pyreverse duplicate annotations (#9012) (#9017)
• 79aac5b Fix duplicate fields Pyreverse bug (#9004) (#9011)
• Additional commits viewable in compare view

Updates cffi from 1.15.1 to 1.16.0

Release notes

Sourced from cffi's releases.

v1.16.0

• Add support for Python 3.12. With the removal of distutils from Python 3.12, projects using CFFI features that depend on distutils at runtime must add a dependency on setuptools to function under Python 3.12+. CFFI does not declare a runtime setuptools requirement to avoid an unnecessary dependency for projects that do not require it.
• Drop support for end-of-life Python versions (2.7, 3.6, 3.7).
• Add support for PEP517 builds; setuptools is now a required build dependency.
• Declare python_requires metadata for Python 3.8+. This allows unsupported Pythons to continue using previously released sdists and wheels.
• Move project source under src/; a more standard layout that also enables CI to more easily catch packaging errors.

v1.16.0rc2

• Fix packaging issue in v1.16.0rc1.
• Rearrange project sources (src/ layout) so packaging tests can properly detect similar issues in the future.

Full Changelog: python-cffi/cffi@v1.16.0rc1...v1.16.0rc2

v1.16.0rc1

• Add support for Python 3.12. With the removal of distutils from Python 3.12, projects using CFFI features that depend on distutils at runtime must add a dependency on setuptools to function under Python 3.12+. CFFI does not declare a runtime setuptools requirement to avoid an unnecessary dependency for projects that do not require it.
• Drop support for end-of-life Python versions (2.7, 3.6, 3.7).
• Move project home to python-cffi/cffi on GitHub.
• Add support for PEP517 builds; setuptools is now a required build dependency.
• Declare python_requires metadata for Python 3.8+. This allows unsupported Pythons to continue using previously released sdists and wheels.
• Add missing calls to PyObject_GC_UnTrack to avoid ResourceWarning 15c4b71d5e3f2295c0e4773e99b23ac751e02534

Commits

• ba44abd release 1.16.0 (#17)
• c0ad8d9 Add a tool to update release version numbers (#15)
• e20c65d Release 1.16.0rc2 (#13)
• e98d1bb upgrade setup-qemu-action (#8) (#9)
• 158bc5b add a summary job check for easier automated gating (#6) (#7)
• c062f2c enable weekly 1pm Monday scheduled CI run on release-1.16 (#5)
• e847033 make self-hosted aarch64 mac jobs conditional-ish
• 57ff08e remove obsolete test
• ff11e92 release 1.16.0rc1
• 0dc7805 prepare for 1.16.0rc1
• Additional commits viewable in compare view

Updates charset-normalizer from 3.2.0 to 3.3.0

Release notes

Sourced from charset-normalizer's releases.

Release 3.3.0

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encodings that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Changelog

Sourced from charset-normalizer's changelog.

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encoding that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.7

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Commits

• 165211a 🔖 Release 3.3.0 (#353)
• 5aed9a4 🐛 Fix unreachable code in the sorting algorithm of CharsetMatch (#352)
• 061a71b ⬆️ Bump actions/checkout from 4.0.0 to 4.1.0 (#348)
• 88df580 ⬆️ Bump github/codeql-action from 2.21.7 to 2.21.9 (#351)
• aa0234b ⬆️ Bump pypa/cibuildwheel from 2.15.0 to 2.16.0 (#349)
• 58f69f7 ⬆️ Bump github/codeql-action from 2.21.5 to 2.21.7 (#345)
• e7c2d8e ⬆️ Bump docker/setup-qemu-action from 2.2.0 to 3.0.0 (#346)
• 5abf47f ⬆️ Bump pytest from 7.4.1 to 7.4.2 (#342)
• 50a138e ⬆️ Bump actions/checkout from 3.6.0 to 4.0.0 (#343)
• 5da7047 ⬆️ Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#344)
• Additional commits viewable in compare view

Updates fonttools from 4.42.1 to 4.43.0

Release notes

Sourced from fonttools's releases.

4.43.0

• [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
• [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
• [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
• [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
• Added support for Python 3.12 (#3283).

Changelog

Sourced from fonttools's changelog.

4.43.0 (released 2023-09-29)

• [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
• [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
• [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
• [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
• Added support for Python 3.12 (#3283).

Commits

• 145460e Release 4.43.0
• 64f3fd8 Update changelog [skip ci]
• 7aea49e Merge pull request #3283 from hugovk/main
• 4470c44 Bump requirements.txt to support Python 3.12
• 0c87cba Bump scipy for Python 3.12 support
• eda6fa5 Add support for Python 3.12
• 0e033b0 Bump reportlab from 3.6.12 to 3.6.13 in /Doc
• 6012643 [iup] Work around cython bug
• b14268a [iup] Remove copy/pasta
• 0a3360e [varLib.avar] New module to compile avar from .designspace file
• Additional commits viewable in compare view

Updates packaging from 23.1 to 23.2

Release notes

Sourced from packaging's releases.

23.2

What's Changed

• parse_marker should consume the entire source string by @​mwerschy in pypa/packaging#687
• Create a Security Policy file by @​joycebrum in pypa/packaging#695
• Add python 3.12 to CI by @​mayeut in pypa/packaging#689
• Remove URL validation from requirement parsing by @​uranusjr in pypa/packaging#684
• Add types for packaging.version._Version by @​hauntsaninja in pypa/packaging#665
• Add PyPy 3.10 to CI by @​mayeut in pypa/packaging#699
• Remove unused argument in _manylinux._is_compatible by @​mayeut in pypa/packaging#700
• Canonicalize names for requirements comparison by @​astrojuanlu in pypa/packaging#696
• Add platform tag support for LoongArch by @​loongson-zn in pypa/packaging#693
• Ability to install armv7l manylinux/musllinux wheels on armv8l by @​mayeut in pypa/packaging#690
• Include CHANGELOG.rst in sdist by @​astrojuanlu in pypa/packaging#704
• Update pyupgrade to Python 3.7+ by @​fangchenli in pypa/packaging#580
• Fix version pattern pre-releases by @​deathaxe in pypa/packaging#705
• Fix typos found by codespell by @​DimitriPapadopoulos in pypa/packaging#706
• Support enriched metadata by @​brettcannon in pypa/packaging#686
• Correct rST syntax in CHANGELOG.rst by @​atugushev in pypa/packaging#709
• fix: platform tag for GraalPy by @​mayeut in pypa/packaging#711
• Document that this library uses a calendar-based versioning scheme by @​faph in pypa/packaging#717
• fix: Update copyright date for docs by @​garrypolley in pypa/packaging#713
• Bump pip version to avoid known vulnerabilities by @​joycebrum in pypa/packaging#720
• Typing annotations fixed in version.py by @​jolaf in pypa/packaging#723
• parse_{sdist,wheel}_filename: don't raise InvalidVersion by @​SpecLad in pypa/packaging#721
• Fix code blocks in CHANGELOG.md by @​edmorley in pypa/packaging#724

New Contributors

• @​mwerschy made their first contribution in pypa/packaging#687
• @​joycebrum made their first contribution in pypa/packaging#695
• @​astrojuanlu made their first contribution in pypa/packaging#696
• @​loongson-zn made their first contribution in pypa/packaging#693
• @​fangchenli made their first contribution in pypa/packaging#580
• @​deathaxe made their first contribution in pypa/packaging#705
• @​DimitriPapadopoulos made their first contribution in pypa/packaging#706
• @​atugushev made their first contribution in pypa/packaging#709
• @​faph made their first contribution in pypa/packaging#717
• @​garrypolley made their first contribution in pypa/packaging#713
• @​jolaf made their first contribution in pypa/packaging#723
• @​SpecLad made their first contribution in pypa/packaging#721
• @​edmorley made their first contribution in pypa/packaging#724

Full Changelog: pypa/packaging@23.1...23.2

Changelog

Sourced from packaging's changelog.

23.2 - 2023-10-01

* Document calendar-based versioning scheme (:issue:`716`)
* Enforce that the entire marker string is parsed (:issue:`687`)
* Requirement parsing no longer automatically validates the URL (:issue:`120`)
* Canonicalize names for requirements comparison (:issue:`644`)
* Introduce ``metadata.Metadata`` (along with ``metadata.ExceptionGroup`` and ``metadata.InvalidMetadata``; :issue:`570`)
* Introduce the ``validate`` keyword parameter to ``utils.validate_name()`` (:issue:`570`)
* Introduce ``utils.is_normalized_name()`` (:issue:`570`)
* Make ``utils.parse_sdist_filename()`` and ``utils.parse_wheel_filename()``
  raise ``InvalidSdistFilename`` and ``InvalidWheelFilename``, respectively,
  when the version component of the name is invalid

Commits

• b3a5d7d Bump for release
• d7ce40d Fix code blocks in CHANGELOG.md (#724)
• 524b701 parse_{sdist,wheel}_filename: don't raise InvalidVersion (#721)
• b509bef Typing annotations fixed (#723)
• 0206c39 Bump pip version to avoid known vulnerabilities (#720)
• 7023537 fix: Update copyright date for docs (#713)
• 39786bb Document use of calendar-based versioning scheme (#717)
• c1346df fix: Detect when a platform is 32-bit more accurately (#711)
• 7e68d82 Correct rST syntax in CHANGELOG.rst (#709)
• 61e6efb Support enriched metadata in packaging.metadata (#686)
• Additional commits viewable in compare view

Updates rich from 13.5.3 to 13.6.0

Release notes

Sourced from rich's releases.

The Python 3.12 release

Mostly a meta update in readiness for the release of Python3.12

[13.6.0] - 2023-09-30

Added

• Added Python 3.12 to classifiers.

Changelog

Sourced from rich's changelog.

[13.6.0] - 2023-09-30

Added

• Added Python 3.12 to classifiers.

Commits

• e9f75c9 Merge branch 'py312'
• 35b64f1 Merge pull request #3139 from Textualize/py312
• c8ff546 version bump
• 3f8c4af tests for 3.12
• ef90daf enable py312
• See full diff in compare view

Updates urllib3 from 2.0.4 to 2.0.5

Release notes

Sourced from urllib3's releases.

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

Changelog

Sourced from urllib3's changelog.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)

Commits

• d9f85a7 Release 2.0.5
• d41f412 Undeprecate pyOpenSSL module (#3127)
• b6c04cb Fix a link to "absolute URI" definition (#3128)
• af7c78f refactor: change double conditional to one (#3118)
• 34c13c8 Refer to current internet standards in docs on proxies (#3124)
• a3e94f2 Fix a name of an attribute in docs (#3125)
• da69d4f Fix docs build (#3123)
• 18831e5 Bump actions/checkout from 3.6.0 to 4.0.0 (#3116)
• cf8e184 Unquote all GitHub Action names to fix auto-updating comments (#3121)
• 26c1b3f Unquote GitHub Action name to test auto-updating comments
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
django	[>= 3.a, < 4]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

Merging #821 (7df241b) into main (45cc2ce) will increase coverage by 0.07%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #821      +/-   ##
==========================================
+ Coverage   88.58%   88.65%   +0.07%     
==========================================
  Files          35       35              
  Lines        1331     1331              
==========================================
+ Hits         1179     1180       +1     
+ Misses        152      151       -1     

see 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[timopollmeier]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.