chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
Flask (changelog)	==3.0.3 -> ==3.1.0						minor
Werkzeug (changelog)	==3.0.6 -> ==3.1.3						minor
blinker	==1.8.2 -> ==1.9.0						minor
gradle (source)	8.10.2 -> 8.11.1						minor
python	3.11.4-slim -> 3.13.0-slim					final	minor
reqwest	0.12.4 -> 0.12.9					dependencies	patch
org.springframework.boot	3.3.5 -> 3.4.0					plugin	minor

---

Release Notes

pallets/flask (Flask)

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

pallets-eco/blinker (blinker)

v1.9.0

Compare Source

Released 2024-11-08

• Drop support for Python 3.8. :pr:175
• Remove previously deprecated __version__, receiver_connected,
  Signal.temporarily_connected_to and WeakNamespace. :pr:172
• Skip weakref signal cleanup if the interpreter is shutting down.
  :issue:173

gradle/gradle (gradle)

v8.11.1

Compare Source

v8.11: 8.11

Compare Source

The Gradle team is excited to announce Gradle 8.11.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Adam,
alyssoncs,
Bilel MEDIMEGH,
Björn Kautler,
Chuck Thomas,
Daniel Lacasse,
Finn Petersen,
JK,
Jérémie Bresson,
luozexuan,
Mahdi Hosseinzadeh,
Markus Gaisbauer,
Matthew Haughton,
Matthew Von-Maszewski,
ploober,
Siarhei,
Titus James,
vrp0211

Upgrade instructions

Switch your build to use Gradle 8.11 by updating your wrapper:

./gradlew wrapper --gradle-version=8.11

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

seanmonstar/reqwest (reqwest)

v0.12.9

Compare Source

• Add tls::CertificateRevocationLists support.
• Add crate features to enable webpki roots without selecting a rustls provider.
• Fix connection_verbose() to output read logs.
• Fix multipart::Part::file() to automatically include content-length.
• Fix proxy to internally no longer cache system proxy settings.

v0.12.8

Compare Source

• Add support for SOCKS4 proxies.
• Add multipart::Form::file() method for adding files easily.
• Add Body::wrap() to wrap any http_body::Body type.
• Fix the pool configuration to use a timer to remove expired connections.

v0.12.7

Compare Source

• Revert adding impl Service<http::Request<_>> for Client.

v0.12.6

Compare Source

• Add support for danger_accept_invalid_hostnames for rustls.
• Add impl Service<http::Request<Body>> for Client and &'_ Client.
• Add support for !Sync bodies in Body::wrap_stream().
• Enable happy eyeballs when hickory-dns is used.
• Fix Proxy so that HTTP(S)_PROXY values take precendence over ALL_PROXY.
• Fix blocking::RequestBuilder::header() from unsetting sensitive on passed header values.

v0.12.5

Compare Source

• Add blocking::ClientBuilder::dns_resolver() method to change DNS resolver in blocking client.
• Add http3 feature back, still requiring reqwest_unstable.
• Add rustls-tls-no-provider Cargo feature to use rustls without a crypto provider.
• Fix Accept-Encoding header combinations.
• Fix http3 resolving IPv6 addresses.
• Internal: upgrade to rustls 0.23.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: showcases/rocket/Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path showcases/rocket/Cargo.toml --package reqwest@0.12.4 --precise 0.12.9
    Updating crates.io index
error: failed to select a version for `reqwest`.
    ... required by package `hurl-rocket v0.1.0 (/tmp/renovate/repos/github/SilenLoc/baselOne2024/showcases/rocket)`
versions that meet the requirements `^0.12` are: 0.12.9

the package `hurl-rocket` depends on `reqwest`, with features: `rustls-pki-types` but `reqwest` does not have these features.
 It has an optional dependency with that name, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.


failed to select a version for `reqwest` which could resolve this conflict