build(deps): bump the pip group across 1 directory with 8 updates #37
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
updated-dependencies: - dependency-name: black dependency-type: direct:production dependency-group: pip - dependency-name: grpcio dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-type: indirect dependency-group: pip - dependency-name: certifi dependency-type: indirect dependency-group: pip - dependency-name: idna dependency-type: indirect dependency-group: pip - dependency-name: pycryptodome dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
Superseded by #45. |
dependabot
bot
deleted the
dependabot/pip/tests/integration_tests/pip-147478578d
branch
Bumps the pip group with 8 updates in the /tests/integration_tests directory:
22.10.024.3.01.50.01.53.23.8.33.9.42022.12.72023.7.223.43.73.15.03.19.12.28.12.32.01.26.121.26.18Updates
blackfrom 22.10.0 to 24.3.0Release notes
Sourced from black's releases.
... (truncated)
Changelog
Sourced from black's changelog.
... (truncated)
Commits
552baf8Prepare release 24.3.0 (#4279)f000936Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)7b5a657Fix --line-ranges behavior when ranges are at EOF (#4273)1abcffcUse regex where we ignore case on windows (#4252)719e674Fix 4227: Improve documentation for --quiet --check (#4236)e5510afupdate plugin url for Thonny (#4259)6af7d11Fix AST safety check false negative (#4270)f03ee11Ensureblib2to3.pygramis initialized before use (#4224)e4bfedbfix: Don't move comments while splitting delimiters (#4248)d0287e1Make trailing comma logic more concise (#4202)Updates
grpciofrom 1.50.0 to 1.53.2Release notes
Sourced from grpcio's releases.
... (truncated)
Commits
afb307f[v1.53.x][Interop] Backport Python image update (#33864)7a9373b[Backport] [dependency] Restrict cython to less than 3.X (#33770)fdb64a6[v1.53][Build] Update Phusion baseimage (#33767) (#33836)cdf4186[PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...ce5b93a[PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...b24b6ea[release] Bump release version to 1.53.2 (#33709)1e86ca5[backport][iomgr][EventEngine] Improve server handling of file descriptor exh...aff3066[PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...539d75c[PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....3e79c88[Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)Updates
aiohttpfrom 3.8.3 to 3.9.4Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
b3397c7Release v3.9.4 (#8201)a7e240a[PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...2833552Escape filenames and paths in HTML when generating index pages (#8317) (#8319)ed43040[PR #8309/c29945a1 backport][3.9] Improve reliability of run_app test (#8315)ec2be05[PR #8299/28d026eb backport][3.9] Create marker for internal tests (#8307)292d961[PR #8304/88c80c14 backport][3.9] Check for backports in CI (#8305)cebe526Fix handling of multipart/form-data (#8280) (#8302)270ae9c[PR #8297/d15f07cf backport][3.9] Upgrade to llhttp 9.2.1 (#8292) (#8298)bb23105[PR #8283/54e13b0a backport][3.9] Fix blocking I/O in the event loop while pr...3f79241[PR #8286/28f1fd88 backport][3.9] docs: remove repetitive word in comment (#8...Updates
certififrom 2022.12.7 to 2023.7.22Commits
8fb96ed2023.07.22afe7722Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)2038739Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)44df761Hash pin Actions and enable dependabot (#228)8b3d7ba2023.05.0753da240ci: Add Python 3.12-dev to the testing (#224)c2fc3b1Create a Security Policy (#222)c211ef4Set up permissions to github workflows (#218)2087de5Don't let deprecation warning fail CI (#219)e0b9fc5remove paragraphs about 1024-bit roots from READMEUpdates
idnafrom 3.4 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1Release v3.7c1b3154Merge pull request #172 from kjd/optimize-contextj0394ec7Merge branch 'master' into optimize-contextjcd58a23Merge pull request #152 from elliotwutingfeng/dev5beb28bMore efficient resolution of joiner contexts1b12148Update ossf/scorecard-action to v2.3.1d516b87Update Github actions/checkout to v4c095c75Merge branch 'master' into dev60a0a4cFix typo in GitHub Actions workflow key5918a0eMerge branch 'master' into devUpdates
pycryptodomefrom 3.15.0 to 3.19.1Release notes
Sourced from pycryptodome's releases.
... (truncated)
Changelog
Sourced from pycryptodome's changelog.
... (truncated)
Commits
ef270abUpdate wheels action3278eddUpdate changelog and version10e8216Update PSS verify signature code example.4ec4b85Bump version0deea1bUse constant-time (faster) padding decoding also for OAEP519e7aeAvoid changing signature of RSA._decrypt() method if possible1aa9dcaUpdate changelog and bump versionafb5e27Fix side-channel leakage in RSA decryptionee91c67Update CMAC.py43a466dFix small "passes" typo.Updates
requestsfrom 2.28.1 to 2.32.0Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
d6ebc4av2.32.09a40d12Avoid reloading root certificates to improve concurrent performance (#6667)0c030f7Merge pull request #6702 from nateprewitt/no_char_detection555b870Allow character detection dependencies to be optional in post-packaging stepsd6dded3Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-testbf24b7dUse an invalid URI that will not cause httpbin to throw 5002d5f547Pin 3.8 and 3.9 runners back to macos-13 (#6688)f1bb07dMerge pull request #6687 from psf/dependabot/github_actions/github/codeql-act...60047adBump github/codeql-action from 3.24.0 to 3.25.031ebb81Merge pull request #6682 from frenzymadness/pytest8Updates
urllib3from 1.26.12 to 1.26.18Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
9c2c230Release 1.26.18 (#3159)b594c5cMerge pull request from GHSA-g4mx-q9vg-27p4944f0eb[1.26] Use vendored six in urllib3.contrib.securetransportc9016bfRelease 1.26.170122035Backport GHSA-v845-jxx5-vc9f (#3139)e63989fFix installingbrotliextra on Python 2.72e7a24d[1.26] Configure OS for RTD to fix building docs57181d6[1.26] Improve error message when calling urllib3.request() (#3058)3c01480[1.26] Run coverage even with failed jobsd94029bRelease 1.26.16Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.