Bump pex from 2.17.0 to 2.19.0

[dependabot]

Bumps pex from 2.17.0 to 2.19.0.

Release notes

Sourced from pex's releases.

pex 2.19.0

---

2.19.0

This release adds support for a new --pre-resolved-dists resolver as an alternative to the existing Pip resolver, --lock resolver and --pex-repository resolvers. Using --pre-resolved-dists dists/dir/ behaves much like --no-pypi --find-links dists/dir/ except that it is roughly 3x faster.

• Support --pre-resolved-dists resolver. (#2512)

---

file	sha256	size
pex	1b56d778fcf3b9504838277a7a20d6676b9f947aaa4759873830af2e78bf33ab	4310167
pex-linux-aarch64	e61d4fd3d9ad237fdb4de3eae3ab8b4ccd6dcb9927aa3fa6670f6ed41e859563	24051094
pex-linux-x86_64	46c9b66cfff839cae952ec5daa3fa2e98e2d5c095e630a33d10bb050f21b2280	27667352
pex-macos-aarch64	e8751e169c57b4610cd4f21b345c12977e829e5621c438aaebea691e7f6395ea	21522348
pex-macos-x86_64	4f30267de92e407e0a5454155d4dd06f62809197ec341d4083e81e194fcb1f63	22036558

pex 2.18.1

---

2.18.1

This release fixes --scie-name-style platform-parent-dir introduced in #2523. Previously the target platform name also leaked into scies targeting foreign platforms despite using this option.

• Fix --scie-name-style platform-parent-dir. (#2526)

---

file	sha256	size
pex	235e2af0106a933f66c6281c56859b964a7eea45f2ce107364acc39f9d7241ad	4306261
pex-linux-aarch64	84d30ea29bf4c46dbeb8f7eda297f9001ff287bdc1218f27dfe413a2c502bbaf	24047200
pex-linux-x86_64	6964d2d564372c7378e13c2d8042d109fefd5021f76c5663304ab6f7ff7a9329	27663445
pex-macos-aarch64	83d34f66c618c961d4b341992abd1725b739c1ccfb82cff0bf44a2e524431ad1	21518443
pex-macos-x86_64	c0043174cc1c15b1696b3e0c31661b0e3a5706283510ef32078de94dd2409b46	22032653

pex 2.18.0

---

2.18.0

This release adds support for pex3 cache {dir,info,purge} for inspecting and managing the Pex cache. Notably, the pex3 cache purge command is safe in the face of concurrent PEX runs, waiting for in flight PEX runs to complete and blocking new runs from starting once the purge is in progress. N.B.: when using pex3 cache purge it is best to

... (truncated)

Changelog

Sourced from pex's changelog.

2.19.0

This release adds support for a new --pre-resolved-dists resolver as an alternative to the existing Pip resolver, --lock resolver and --pex-repository resolvers. Using --pre-resolved-dists dists/dir/ behaves much like --no-pypi --find-links dists/dir/ except that it is roughly 3x faster.

• Support --pre-resolved-dists resolver. (#2512)

2.18.1

This release fixes --scie-name-style platform-parent-dir introduced in #2523. Previously the target platform name also leaked into scies targeting foreign platforms despite using this option.

• Fix --scie-name-style platform-parent-dir. (#2526)

2.18.0

This release adds support for pex3 cache {dir,info,purge} for inspecting and managing the Pex cache. Notably, the pex3 cache purge command is safe in the face of concurrent PEX runs, waiting for in flight PEX runs to complete and blocking new runs from starting once the purge is in progress. N.B.: when using pex3 cache purge it is best to install Pex with the 'management' extra; e.g.: pip install pex[management]. Alternatively, one of the new Pex scie binary releases can be used.

In order to release a Pex binary that can support the new pex3 cache management commands first class, a set of enhancements to project locking and scie generation were added. When using --project you can now specify extras; e.g.: --project ./the/project-dir[extra1,extra2]. When creating a Pex scie, you can now better control the output files using --scie-only to ensure no PEX file is emitted and --scie-name-style to control how the scie target platform name is mixed into the scie output file name. Additionally, you can request one or more shasum-compatible checksum files be emitted for each scie with --scie-hash-alg.

On the locking front, an obscure bug locking project releases that contain artifacts that mis-report their version number via their file name has been fixed.

Finally, the vendored Pip has had its own vendored CA cert bundle upgraded from that in certifi 2024.7.4 to that in certifi 2024.8.30.

• Fix locking of sdists rejected by Pip. (#2524)
• Add --scie-only & --scie-name-style. (#2523)
• Support --project extras. (#2522)

... (truncated)

Commits

• 5e689f9 Introduce --pre-resolved-dists resolver. (#2512)
• 565092f Get unit tests running stably under xdist. (#2529)
• 1c9ac9e Fix --scie-name-style platform-parent-dir. (#2526)
• d8a60db Add --scie-only & --scie-name-style. (#2523)
• c8a4975 Fix locking of sdists rejected by Pip. (#2524)
• 9832e0b Support --project extras. (#2522)
• 409a8d6 Upgrade to the latest batch of CPythons. (#2521)
• 5095f51 Support shasum file gen via --scie-hash-alg. (#2520)
• ba080cb Support tox -e gen-scie-platform -- --all.
• 00f520c Disambiguate artifact names.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
src/dbt_bouncer
config_file_validator.py	46	2	96%	81, 87
parsers.py	142	2	99%	195, 453
runner.py	76	4	95%	134, 170–171, 232
utils.py	101	19	81%	42, 47, 136–154, 177
src/dbt_bouncer/checks/manifest
check_models.py	200	1	99%	599
check_unit_tests.py	24	2	92%	69, 121
src/dbt_bouncer/checks/run_results
check_run_results.py	22	2	91%	56–57
TOTAL	1013	32	97%

Tests	Skipped	Failures	Errors	Time
1	0 💤	0 ❌	0 🔥	12.976s ⏱️

[dependabot]

A newer version of pex exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.