Update dependency Loguru to v0.5.3 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Loguru (changelog)	0.5.1 → 0.5.3
loguru (changelog)	==0.5.1 → ==0.5.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

loguru logs sensitive information

CVE-2022-0338 / GHSA-39ph-wr67-j4xq

More information

Details

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-0338
• https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
• https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0
• https://github.com/pypa/advisory-database/tree/main/vulns/loguru/PYSEC-2022-14.yaml
• https://github.com/advisories/GHSA-39ph-wr67-j4xq

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

Delgan/loguru (Loguru)

v0.5.3

Compare Source

=====================

• Fix child process possibly hanging at exit while combining enqueue=True with third party library like uwsgi (#&#8203;309 <https://github.com/Delgan/loguru/issues/309>, thanks @dstlmrk <https://github.com/dstlmrk>).
• Fix possible exception during formatting of non-string messages (#&#8203;331 <https://github.com/Delgan/loguru/issues/331>_).

v0.5.2

Compare Source

=====================

• Fix AttributeError within handlers using serialize=True when calling logger.exception() outside of the context of an exception (#&#8203;296 <https://github.com/Delgan/loguru/issues/296>_).
• Fix error while logging an exception containing a non-picklable value to a handler with enqueue=True (#&#8203;298 <https://github.com/Delgan/loguru/issues/298>_).
• Add support for async callable classes (with __call__ method) used as sinks (#&#8203;294 <https://github.com/Delgan/loguru/pull/294>, thanks @jessekrubin <https://github.com/jessekrubin>).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

The "poetry.dev-dependencies" section is deprecated and will be removed in a future version. Use "poetry.group.dev.dependencies" instead.
Creating virtualenv biquery-sql-etl-GhDBIcS2-py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

The lock file is not compatible with the current version of Poetry.
Regenerate the lock file with the `poetry lock` command.