-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the pip group across 2 directories with 12 updates #4
base: master
Are you sure you want to change the base?
Conversation
Updates the requirements on [fastapi](https://github.com/tiangolo/fastapi), [jinja2](https://github.com/pallets/jinja), [pydantic](https://github.com/pydantic/pydantic), [requests](https://github.com/psf/requests), [starlette](https://github.com/encode/starlette), [urllib3](https://github.com/urllib3/urllib3), [setuptools](https://github.com/pypa/setuptools), [streamlit](https://github.com/streamlit/streamlit), [aiohttp](https://github.com/aio-libs/aiohttp), [tqdm](https://github.com/tqdm/tqdm), [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [onnx](https://github.com/onnx/onnx) to permit the latest version. Updates `fastapi` to 0.111.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.1.11...0.111.1) Updates `jinja2` to 3.1.4 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.0.0...3.1.4) Updates `pydantic` to 2.8.2 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v0.0.2...v2.8.2) Updates `requests` to 2.32.3 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v0.2.0...v2.32.3) Updates `starlette` to 0.37.2 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](encode/starlette@0.1.0...0.37.2) Updates `urllib3` to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@0.3...2.2.2) Updates `setuptools` to 70.3.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@0.6...v70.3.0) Updates `streamlit` to 1.36.0 - [Release notes](https://github.com/streamlit/streamlit/releases) - [Commits](streamlit/streamlit@1.13.0...1.36.0) Updates `aiohttp` to 3.9.5 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.0...v3.9.5) Updates `fastapi` to 0.111.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.1.11...0.111.1) Updates `tqdm` to 4.66.4 - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](tqdm/tqdm@v4.57.0...v4.66.4) Updates `scikit-learn` to 1.5.1 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@0.22.2...1.5.1) Updates `onnx` to 1.16.1 - [Release notes](https://github.com/onnx/onnx/releases) - [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md) - [Commits](onnx/onnx@v0.1...v1.16.1) --- updated-dependencies: - dependency-name: fastapi dependency-type: direct:production dependency-group: pip - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip - dependency-name: pydantic dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-type: direct:production dependency-group: pip - dependency-name: starlette dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip - dependency-name: setuptools dependency-type: direct:production dependency-group: pip - dependency-name: streamlit dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip - dependency-name: fastapi dependency-type: direct:production dependency-group: pip - dependency-name: tqdm dependency-type: direct:production dependency-group: pip - dependency-name: scikit-learn dependency-type: direct:production dependency-group: pip - dependency-name: onnx dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>
DryRun Security SummaryThe pull request updates the application's dependencies across several requirement files, including version updates for libraries like Streamlit, Panel, FastAPI, Jinja2, Pydantic, Requests, and urllib3, as well as the addition of a new dependency on the Expand for full summarySummary: The changes in this pull request involve updates to the application's dependencies across several requirement files. The key changes include:
From an application security perspective, these changes do not introduce any obvious security vulnerabilities. However, it is important to thoroughly review the release notes and changelogs of the updated dependencies to ensure that there are no known security issues or breaking changes that could impact the application's security posture. Additionally, it is recommended to have a comprehensive testing strategy and security scanning tools in place to validate the application's behavior and catch any potential security issues introduced by these dependency updates. Files Changed:
Code AnalysisWe ran Riskiness🟢 Risk threshold not exceeded. |
Updates the requirements on fastapi, jinja2, pydantic, requests, starlette, urllib3, setuptools, streamlit, aiohttp, tqdm, scikit-learn and onnx to permit the latest version.
Updates
fastapi
to 0.111.1Release notes
Sourced from fastapi's releases.
... (truncated)
Commits
b199364
🔖 Release version 0.111.138db0a5
📝 Update release notes0f22c76
📝 Update release notes4d3ef06
➖ Remove orjson and ujson from default dependencies (#11842)7a9396c
📝 Update release notes0b1e2ec
✏️ Rewording indocs/en/docs/fastapi-cli.md
(#11716)fb15c48
📝 Update release notes9d74b23
♻️ Simplify internal docs script (#11777)3a8f6cd
📝 Update release notes60f7fe4
📝 Update Hypercorn links in all the docs (#11744)Updates
jinja2
to 3.1.4Release notes
Sourced from jinja2's releases.
Changelog
Sourced from jinja2's changelog.
... (truncated)
Commits
dd4a8b5
release version 3.1.40668239
Merge pull request from GHSA-h75v-3vvj-5mfjd655030
disallow invalid characters in keys to xmlattr filtera7863ba
add ghsa linksb5c98e7
start version 3.1.4da3a9f0
update project files (#1968)0ee5eb4
satisfy formatter, linter, and strict mypy20477c6
update project files (#5457)e491223
update pyyaml dev dependency36f9885
fix pr linkUpdates
pydantic
to 2.8.2Release notes
Sourced from pydantic's releases.
Changelog
Sourced from pydantic's changelog.
... (truncated)
Commits
4978ee2
update history0345929
v bumpd390a04
Fix issue with assertion caused by pluggable schema validator (#9838)040865f
update history5a33e3b
bump version2f9abb2
Bumppydantic-core
tov2.20.1
,pydantic-extra-types
tov2.9.0
(#9832)ce9c5f7
Remove spooky meetings file (#9824)6bdd6d1
Pedantic typo correction within explanation of Pydantic's root in 'pedantic' ...701ccde
Fix list constraint json schema application (#9818)2a066a2
Bumpruff
tov0.5.0
andpyright
tov1.1.369
(#9801)Updates
requests
to 2.32.3Release notes
Sourced from requests's releases.
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
0e322af
v2.32.3e188799
Don't create default SSLContext if ssl module isn't present (#6724)145b539
Merge pull request #6716 from sigmavirus24/bug/6715b1d73dd
Don't use default SSLContext with custom poolmanager kwargs6badbac
Update HISTORY.mda62a2d3
Allow for overriding of specific pool key params88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_contextUpdates
starlette
to 0.37.2Release notes
Sourced from starlette's releases.
Changelog
Sourced from starlette's changelog.
... (truncated)
Commits
554f368
Version 0.37.2 (#2533)85d3573
Bump the python-packages group with 7 updates (#2532)39dccd9
Revert "Turnscope["client"]
toNone
onTestClient
(#2377)" (#2525)bd77d7d
Enforce__future__.annotations
(#2483)a4cd0b5
Remove deprecatedapp
argument passed tohttpx.Client
on theTestClient
...7533b61
Addbytes
to_RequestData
type (#2510)74ccb96
Version 0.37.1 (#2498)f724827
Remove mypy skip flags (#2497)ac7e643
Add type hints totest_responses.py
(#2488)3f38038
Add type hints totest_testclient.py
(#2493)Updates
urllib3
to 2.2.2Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
... (truncated)
Commits
27e2a5c
Release 2.2.2 (#3406)accff72
Merge pull request from GHSA-34jh-p97f-mpxf34be4a5
Pin CFFI to a new release candidate instead of a Git commit (#3398)da41058
Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)b07a669
Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)b8589ec
Measure coverage with v4 of artifact actions (#3394)f3bdc55
Allow triggering CI manually (#3391)5239265
Fix HTTP version in debug log (#3316)b34619f
Bump actions/checkout to 4.1.4 (#3387)9961d14
Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)Updates
setuptools
to 70.3.0Changelog
Sourced from setuptools's changelog.
... (truncated)
Commits
356e9a0
Bump version: 70.2.0 → 70.3.0822280b
Merge pull request #4463 from pypa/bugfix/distutils-34f9518efc4e64c1
Add news fragment.b01183c
Merge https://github.com/pypa/distutils into bugfix/distutils-34f9518efe221581
Merge pull request pypa/distutils#267 from msys2-contrib/customize_compiler_m...34f9518
Merge pull request #4410 from pypa/debt/4137-deprecate-distutils-stdlibbacd9c6
sysconfig: skip customize_compiler() with MSVC Python again4a3406b
CI: also set CC/CXX when pip installing with mingw+clange9f0be9
Merge pull request #4453 from pypa/drop-gitignore70cda3d
Use '.yml' for consistency.Updates
streamlit
to 1.36.0Release notes
Sourced from streamlit's releases.
Commits
ae8d53e
Up version to 1.36.0196f962
Add 'apt update' command to Nightly Build to fix workflow (#8948)7a8c26c
Add support for numpy 2.x (#8940)c5cdabf
Docstrings for 1.36.0 (#8831)3871a41
Fix: Remove title appending · Streamlit (#8900)b1340be
Allow the parent frame of a streamlit app to terminate/restart its websocket ...cb6e975
Horizontalst.bar_chart
(#8877)d7caf46
Use the default widget height for non-stacked checkbox & toggle widgets (#8835)90c4d78
Revert accidental rich deprecation (#8896)152993c
Addicon
parameter to st.expander (#8716)Updates
aiohttp
to 3.9.5Release notes
Sourced from aiohttp's releases.
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
b844d42
Release v3.9.5 (#8340)0415a4c
Patchback/backpo...Description has been truncated