Skip to content

Bump the pip group across 1 directory with 12 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 12 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 25, 2024

Bumps the pip group with 12 updates in the / directory:

Package From To
certifi 2022.12.7 2024.7.4
cryptography 36.0.1 42.0.4
django 4.0.7 4.1.13
fiona 1.8.20 1.9.6
gitpython 3.1.30 3.1.41
gunicorn 20.1.0 22.0.0
idna 3.3 3.7
pipreqs 0.4.11 0.4.12
requests 2.27.1 2.32.2
sqlparse 0.4.2 0.5.0
urllib3 1.26.8 1.26.19
zipp 3.7.0 3.19.1

Updates certifi from 2022.12.7 to 2024.7.4

Commits

Updates cryptography from 36.0.1 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20


* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.

.. _v42-0-3:


42.0.3 - 2024-02-15

  • Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.

.. _v42-0-1:


42.0.1 - 2024-01-24

  • Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
  • Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

Updates django from 4.0.7 to 4.1.13

Commits

Updates fiona from 1.8.20 to 1.9.6

Release notes

Sourced from fiona's releases.

1.9.6

This is very likely the last 1.9.x release and fixes several bugs that can't wait until 1.10.0.

Bug fixes

  • Ensure that geometry types in a schema are translated to a linear type, as geometry instances are (#1313).
  • Fix broken stable API documentation on Read The Docs.
  • Remove install requirement of setuptools, a regression introduced in 1.9.5.

1.9.5

Bug fixes

  • Expand keys in schema mismatch exception, resolving #1278.
  • Preserve the null properties and geometry of a Feature when serializing (#1276).

Packaging

  • The distribution name is now officially "fiona", not "Fiona". The import name remains fiona.
  • Builds now require Cython >= 3.0.2 (#1276).
  • PyPI wheels include GDAL 3.6.4, PROJ 9.0.1, and GEOS 3.11.2.
  • PyPI wheels include curl 8.4.0, addressing CVE-2023-38545 and CVE-38546.
  • PyPI wheels are now available for Python 3.12.

1.9.4.post1

Extraneous files were unintentionally packaged in the 1.9.4 wheels. This post1 release excludes them so that wheel contents are as in version 1.9.3.

1.9.4

Version 1.9.4 has important bug fixes and improvements and, in the PyPI wheels, updates GDAL to 3.6.4.

  • The performance of Feature.from_dict() has been improved (#1267).
  • Several sources of meaningless log messages from fiona._geometry about NULL geometries are avoided (#1264).
  • The Parquet driver has been added to the list of supported drivers and will be available if your system's GDAL library links libarrow. Note that fiona wheels on PyPI do not include libarrow as it is rather large.
  • Ensure that fiona._vendor modules are found and included.
  • Bytes type feature properties are now hex encoded when serializing to GeoJSON (#1263).
  • Docstrings for listdir and listlayers have been clarified and harmonized.
  • Nose style test cases have been converted to unittest.TestCase (#1256).
  • The munch package used by fio-filter and fio-calc is now vendored and patched to remove usage of the deprecated pkg_resources module (#1255).

1.9.3

Version 1.9.3 has a handful of important bug fixes and, in the PyPI wheels, upgrades GEOS to 3.11.2.

  • Rasterio CRS objects are compatible with the Collection constructor and are now accepted (#1248).
  • Append mode for fio-load has been enabled (#1237).
  • Reading a GeoJSON with an empty array property can result in a segmentation fault since version 1.9.0. This has been fixed (#1228).

1.9.2

Version 1.9.2 has a handful of important bug fixes.

  • The fio CLI now gets its command entry points using importlib.metadata (#1220). The project has no more runtime dependency on setuptools.
  • Instead of warning, transform_geom() raises an exception when some points can't be reprojected unless the caller opts in to partial reprojection. This restores the behavior of version 1.8.22.

... (truncated)

Changelog

Sourced from fiona's changelog.

1.9.6 (2024-03-07)

  • Ensure that geometry types in a schema are translated to a linear type, as geometry instances are (#1313).
  • Fix broken stable API documentation on Read The Docs (#).
  • Remove install requirement of setuptools, a regression introduced in 1.9.5.

1.9.5 (2023-10-11)

Bug fixes:

  • Expand keys in schema mismatch exception, resolving #1278.
  • Preserve the null properties and geometry of a Feature when serializing (#1276).

Packaging:

  • The distribution name is now officially "fiona", not "Fiona". The import name remains "fiona".
  • Builds now require Cython >= 3.0.2 (#1276).
  • PyPI wheels include GDAL 3.6.4, PROJ 9.0.1, and GEOS 3.11.2.
  • PyPI wheels include curl 8.4.0, addressing CVE-2023-38545 and CVE-38546.
  • PyPI wheels are now available for Python 3.12.

1.9.4.post1 (2023-05-23)

Extraneous files were unintentionally packaged in the 1.9.4 wheels. This post1 release excludes them so that wheel contents are as in version 1.9.3.

1.9.4 (2023-05-16)

  • The performance of Feature.from_dict() has been improved (#1267).
  • Several sources of meaningless log messages from fiona._geometry about NULL geometries are avoided (#1264).
  • The Parquet driver has been added to the list of supported drivers and will be available if your system's GDAL library links libarrow. Note that fiona wheels on PyPI do not include libarrow as it is rather large.
  • Ensure that fiona._vendor modules are found and included.
  • Bytes type feature properties are now hex encoded when serializing to GeoJSON (#1263).
  • Docstrings for listdir and listlayers have been clarified and harmonized.
  • Nose style test cases have been converted to unittest.TestCase (#1256).
  • The munch package used by fio-filter and fio-calc is now vendored and patched to remove usage of the deprecated pkg_resources module (#1255).

1.9.3 (2023-04-10)

... (truncated)

Commits

Updates gitpython from 3.1.30 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates gunicorn from 20.1.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table>

... (truncated)

Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view

Updates idna from 3.3 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

3.4 (2022-09-14) ++++++++++++++++

  • Update to Unicode 15.0.0
  • Migrate to pyproject.toml for build information (PEP 621)
  • Correct another instance where generic exception was raised instead of IDNAError for malformed input
  • Source distribution uses zeroized file ownership for improved reproducibility

Thanks to Seth Michael Larson for contributions to this release.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates pipreqs from 0.4.11 to 0.4.12

Release notes

Sourced from pipreqs's releases.

v0.4.12

I've noticed the PyPi package was not updated in a long time, so I created a new released with the latest changes from last 2 years or so.

Thank you everyone who contributed.

What's Changed

New Contributors

Full Changelog: bndr/pipreqs@v0.4.10...v0.4.12

Changelog

Sourced from pipreqs's changelog.

.. :changelog:

History

Commits

Updates requests from 2.27.1 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates sqlparse from 0.4.2 to 0.5.0

Changelog

Sourced from sqlparse's changelog.

Release 0.5.0 (Apr 13, 2024)

Notable Changes

  • Drop support for Python 3.5, 3.6, and 3.7.
  • Python 3.12 is now supported (pr725, by hugovk).
  • IMPORTANT: Fixes a potential denial of service attack (DOS) due to recursion error for deeply nested statements. Instead of recursion error a generic SQLParseError is raised. See the security advisory for details: GHSA-2m57-hf25-phgg The vulnerability was discovered by @​uriyay-jfrog. Thanks for reporting!

Enhancements

  • Splitting statements now allows to remove the semicolon at the end. Some database backends love statements without semicolon (issue742).
  • Support TypedLiterals in get_parameters (pr749, by Khrol).
  • Improve splitting of Transact SQL when using GO keyword (issue762).
  • Support for some JSON operators (issue682).
  • Improve formatting of statements containing JSON operators (issue542).
  • Support for BigQuery and Snowflake keywords (pr699, by griffatrasgo).
  • Support parsing of OVER clause (issue701, pr768 by r33s3n6).

Bug Fixes

  • Ignore dunder attributes when creating Tokens (issue672).
  • Allow operators to precede dollar-quoted strings (issue763).
  • Fix parsing of nested order clauses (issue745, pr746 by john-bodley).
  • Thread-safe initialization of Lexer class (issue730).
  • Classify TRUNCATE as DDL and GRANT/REVOKE as DCL keywords (based on pr719 by josuc1, thanks for bringing this up!).
  • Fix parsing of PRIMARY KEY (issue740).

Other

  • Optimize performance of matching function (pr799, by admachainz).

Release 0.4.4 (Apr 18, 2023)

Notable Changes

  • IMPORTANT: This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @​erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting!

... (truncated)

Commits
  • ddbd0ec Bump version.
  • 29f2e0a Raise recursion limit for tests.
  • b4a39d9 Raise SQLParseError instead of RecursionError.
  • f1bcf2f Update AUHTORS and Changelog.
  • e03b74e Fix Function.get_parameters(), add Funtion.get_window()
  • 617b8f6 Add OVER clause, and group it into Function (fixes #701)
  • d8f8147 Update AUHTORS and Changelog.
  • 012c9f1 Optimize sqlparse.utils.imt().
  • 46971e5 Fix parsing of PRIMARY KEY (fixes #740).
  • fc4b0be Code cleanup.
  • Additional commits viewable in compare view

Updates urllib3 from 1.26.8 to 1.26.19

Release notes

Sourced from urllib3's releases.

1.26.19

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

Full Changelog: urllib3/urllib3@1.26.18...1.26.19

Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.

1.26.18

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

1.26.16

  • Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954)

1.26.15

1.26.14

  • Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850)
  • Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module.

1.26.13

  • Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.
  • Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.
  • Fixed a deprecation warning when using cryptography v39.0.0.
  • Removed the <4 in the Requires-Python packaging metadata field.

1.26.12

  • Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.

1.26.11

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors.

⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

  • Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.

... (truncated)

Changelog

Sourced from urllib3's changelog.

1.26.19 (2024-06-17)

  • Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
  • Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)

1.26.18 (2023-10-17)

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

  • Added the Cookie header to the list of headers to...

    Description has been truncated

@dependabot
Bump the pip group across 1 directory with 12 updates
3f8fd48 
Bumps the pip group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` |
| [cryptography](https://github.com/pyca/cryptography) | `36.0.1` | `42.0.4` |
| [django](https://github.com/django/django) | `4.0.7` | `4.1.13` |
| [fiona](https://github.com/Toblerity/Fiona) | `1.8.20` | `1.9.6` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.30` | `3.1.41` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |
| [idna](https://github.com/kjd/idna) | `3.3` | `3.7` |
| [pipreqs](https://github.com/bndr/pipreqs) | `0.4.11` | `0.4.12` |
| [requests](https://github.com/psf/requests) | `2.27.1` | `2.32.2` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.4.2` | `0.5.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.8` | `1.26.19` |
| [zipp](https://github.com/jaraco/zipp) | `3.7.0` | `3.19.1` |



Updates `certifi` from 2022.12.7 to 2024.7.4
- [Commits](certifi/python-certifi@2022.12.07...2024.07.04)

Updates `cryptography` from 36.0.1 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@36.0.1...42.0.4)

Updates `django` from 4.0.7 to 4.1.13
- [Commits](django/django@4.0.7...4.1.13)

Updates `fiona` from 1.8.20 to 1.9.6
- [Release notes](https://github.com/Toblerity/Fiona/releases)
- [Changelog](https://github.com/Toblerity/Fiona/blob/main/CHANGES.txt)
- [Commits](Toblerity/Fiona@1.8.20...1.9.6)

Updates `gitpython` from 3.1.30 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.30...3.1.41)

Updates `gunicorn` from 20.1.0 to 22.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@20.1.0...22.0.0)

Updates `idna` from 3.3 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.3...v3.7)

Updates `pipreqs` from 0.4.11 to 0.4.12
- [Release notes](https://github.com/bndr/pipreqs/releases)
- [Changelog](https://github.com/bndr/pipreqs/blob/master/HISTORY.rst)
- [Commits](bndr/pipreqs@v0.4.11...v0.4.12)

Updates `requests` from 2.27.1 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.32.2)

Updates `sqlparse` from 0.4.2 to 0.5.0
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.4.2...0.5.0)

Updates `urllib3` from 1.26.8 to 1.26.19
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.8...1.26.19)

Updates `zipp` from 3.7.0 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.7.0...v3.19.1)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: django
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: fiona
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gitpython
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: idna
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pipreqs
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: sqlparse
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: zipp
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 25, 2024
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Sep 20, 2024

Superseded by #2.

@dependabot dependabot bot closed this Sep 20, 2024
@dependabot dependabot bot deleted the dependabot/pip/pip-e36c6fa3b5 branch September 20, 2024 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant