Skip to content

chore(deps): bump the pip group across 1 directory with 4 updates #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the pip group across 1 directory with 4 updates #28

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 2, 2025

Bumps the pip group with 4 updates in the /config directory: cryptography, mcp, starlette and pypdf.

Updates cryptography from 41.0.7 to 44.0.1

Changelog

Sourced from cryptography's changelog.

44.0.1 - 2025-02-11


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
* We now build ``armv7l`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``manylinux_2_34`` wheels and publish them to PyPI.

.. _v44-0-0:


44.0.0 - 2024-11-27

  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
  • Deprecated Python 3.7 support. Python 3.7 is no longer supported by the Python core team. Support for Python 3.7 will be removed in a future cryptography release.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
  • macOS wheels are now built against the macOS 10.13 SDK. Users on older versions of macOS should upgrade, or they will need to build cryptography themselves.
  • Enforce the :rfc:5280 requirement that extended key usage extensions must not be empty.
  • Added support for timestamp extraction to the :class:~cryptography.fernet.MultiFernet class.
  • Relax the Authority Key Identifier requirements on root CA certificates during X.509 verification to allow fields permitted by :rfc:5280 but forbidden by the CA/Browser BRs.
  • Added support for :class:~cryptography.hazmat.primitives.kdf.argon2.Argon2id when using OpenSSL 3.2.0+.
  • Added support for the :class:~cryptography.x509.Admissions certificate extension.
  • Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der, :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem, and :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime.

.. _v43-0-3:

43.0.3 - 2024-10-18


* Fixed release metadata for ``cryptography-vectors``

.. _v43-0-2:


43.0.2 - 2024-10-18

  • Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

... (truncated)

Commits

Updates mcp from 1.19.0 to 1.23.0

Release notes

Sourced from mcp's releases.

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

What's Changed

... (truncated)

Commits
  • d3a1841 Merge commit from fork
  • fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
  • f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
  • 281fd47 Add SSE polling support (SEP-1699) (#1654)
  • 2cd178a Add on_session_created callback option (#1710)
  • c92bb2f SEP-1686: Tasks (#1645)
  • 5983a65 Skip empty SSE data to avoid parsing errors (#1670)
  • 02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
  • 27279bc Update doc string on custom_route (#1660)
  • f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
  • Additional commits viewable in compare view

Updates starlette from 0.44.0 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Version 0.48.0

Added

  • Add official Python 3.14 support #3013.

Changed

New Contributors

Full Changelog: Kludex/starlette@0.47.3...0.48.0

... (truncated)

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

0.48.0 (September 13, 2025)

Added

  • Add official Python 3.14 support #3013.

Changed

0.47.3 (August 24, 2025)

Fixed

  • Use asyncio.iscoroutinefunction for Python 3.12 and older #2984.

0.47.2 (July 20, 2025)

Fixed

  • Make UploadFile check for future rollover #2962.

0.47.1 (June 21, 2025)

Fixed

  • Use Self in TestClient.__enter__ #2951.
  • Allow async exception handlers to type-check #2949.

... (truncated)

Commits

Updates pypdf from 5.1.0 to 6.4.0

Release notes

Sourced from pypdf's releases.

Version 6.4.0, 2025-11-23

What's new

Security (SEC)

New Features (ENH)

  • Parse and format comb fields in text widget annotations (#3519) by @​PJBrs

Robustness (ROB)

  • Silently ignore Adobe Ascii85 whitespace for suffix detection (#3528) by @​mbierma

Full Changelog

Version 6.3.0, 2025-11-16

What's new

New Features (ENH)

Bug Fixes (BUG)

Full Changelog

Version 6.2.0, 2025-11-09

What's new

New Features (ENH)

Bug Fixes (BUG)

Documentation (DOC)

Full Changelog

Version 6.1.3, 2025-10-22

What's new

Security (SEC)

Bug Fixes (BUG)

  • PageObject.scale() scales media box incorrectly (#3489) by @​Nid01

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.4.0, 2025-11-23

Security (SEC)

  • Reduce default limit for LZW decoding

New Features (ENH)

  • Parse and format comb fields in text widget annotations (#3519)

Robustness (ROB)

  • Silently ignore Adobe Ascii85 whitespace for suffix detection (#3528)

Full Changelog

Version 6.3.0, 2025-11-16

New Features (ENH)

  • Wrap and align text in flattened PDF forms (#3465)

Bug Fixes (BUG)

  • Fix missing "PreventGC" when cloning (#3520)
  • Preserve JPEG image quality by default (#3516)

Full Changelog

Version 6.2.0, 2025-11-09

New Features (ENH)

  • Add 'strict' parameter to PDFWriter (#3503)

Bug Fixes (BUG)

  • PdfWriter.append fails when there are articles being None (#3509)

Documentation (DOC)

  • Execute docs examples in CI (#3507)

Full Changelog

Version 6.1.3, 2025-10-22

Security (SEC)

  • Allow limiting size of LZWDecode streams (#3502)
  • Avoid infinite loop when reading broken DCT-based inline images (#3501)

Bug Fixes (BUG)

  • PageObject.scale() scales media box incorrectly (#3489)

Robustness (ROB)

  • Fail with explicit exception when image mode is an empty array (#3500)

Full Changelog

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the pip group across 1 directory with 4 updates
b7dec17 
Bumps the pip group with 4 updates in the /config directory: [cryptography](https://github.com/pyca/cryptography), [mcp](https://github.com/modelcontextprotocol/python-sdk), [starlette](https://github.com/Kludex/starlette) and [pypdf](https://github.com/py-pdf/pypdf).


Updates `cryptography` from 41.0.7 to 44.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@41.0.7...44.0.1)

Updates `mcp` from 1.19.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.19.0...v1.23.0)

Updates `starlette` from 0.44.0 to 0.49.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.44.0...0.49.1)

Updates `pypdf` from 5.1.0 to 6.4.0
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@5.1.0...6.4.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mcp
  dependency-version: 1.23.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: starlette
  dependency-version: 0.49.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pypdf
  dependency-version: 6.4.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Dec 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant