Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Bump the pip group across 1 directory with 6 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
Loading
from
Open

Bump the pip group across 1 directory with 6 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 21, 2024

Bumps the pip group with 6 updates in the / directory:

Package From To
autobahn 17.9.3 20.12.3
certifi 2017.11.5 2024.7.4
cryptography 2.1.4 43.0.1
requests 2.18.4 2.32.2
twisted 17.9.0 24.7.0
setuptools 36.6.0 70.0.0

Updates autobahn from 17.9.3 to 20.12.3

Changelog

Sourced from autobahn's changelog.

20.12.3

  • fix: URL must be re-encoded when doing redirect (#1439)
  • fix: update and migrate CI/CD pipeline to GitHub Actions
  • new: minimum supported Python (language) version is now 3.6 (on CPython and PyPy)

20.12.2

  • fix: derive_bip32childkey traceback (#1436)
  • fix: update and adjust docker files to upstream changes

20.12.1

  • new: CLI commands for WAMP IDL (xbrnetwork describe-schema / codegen-schema)
  • new: add eth address helpers (#1413)
  • new: cryptosign authextra allow arbitrary keys (#1411)
  • fix: adapt to planet api prefix change (#1408)
  • fix: Type check improve (#1405)

20.7.1

  • new: add market login eip. expose helpers (#1402)

20.6.2

  • fix: xbr fixes (#1396)
  • fix: use cpy 3.8 for running flake in CI
  • new: Ticket1392 internal attrs (#1394)
  • new: internal-only router attributes and hook for router to add custom information

20.6.1

  • new: massive expansion of XBR CLI and EIP712 helpers
  • new: more (exhaustive) serializer cross-tripping tests
  • fix: some code quality and bug-risk issues (#1379)
  • fix: removed externalPort assignment when not set (#1378)
  • fix: docs link in README (#1381)
  • fix: docs typo frameword -> framework (#1380)
  • fix: improve logging; track results on observable mixin
  • new: add environmental variable that strips xbr. (#1374)
  • fix: trollius is gone (#1373)
  • new: added ability to disable TLS channel binding (#1368)

20.4.3

... (truncated)

Commits

Updates certifi from 2017.11.5 to 2024.7.4

Commits

Updates cryptography from 2.1.4 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.

.. _v43-0-0:


43.0.0 - 2024-07-20

  • BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.
  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
  • Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
  • :func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.
  • :func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.
  • Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.
  • Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
  • Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)
  • Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.
  • Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
  • Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.
  • Added support for parsing empty DN string in

... (truncated)

Commits

Updates requests from 2.18.4 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates twisted from 17.9.0 to 24.7.0

Release notes

Sourced from twisted's releases.

Twisted 24.7.0 (2024-08-08)

24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) No other changes since 24.7.0.rc2

Features

  • twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
  • twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
  • twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
  • twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
  • twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
  • Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
  • twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
  • twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)

Bugfixes

  • Fixed unreleased regression caused by PR #12109. (#12279)
  • twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
  • Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
  • twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
  • twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)

Improved Documentation

  • The IRC server example found in the documentation was updated for readability. (#12097)
  • Remove contextvars from list of optional dependencies. (#12128)
  • The documentation for installing Twisted was moved into a single page. (#12145)
  • The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
  • Updated imap4client.py example, it no longer references Python 2. (#12252)

Deprecations and Removals

  • twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)
  • The twisted-iocpsupport is no longer a hard dependency on Windows. The IOCP support is now installed together with the other Windows soft dependencies via twisted[windows-platform]. (#11893)
  • twisted.python.deprecate helper function will now always strip whitespaces from the docstrings. This is done to have the same behaviour as with Python 3.13. (#12063)
  • twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse async argument, deprecated since 18.9.0, has been removed. (#12130)
  • twisted.web.soap was removed.

... (truncated)

Changelog

Sourced from twisted's changelog.

Twisted 24.7.0 (2024-08-08)

24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) No other changes since 24.7.0.rc2

Security Advisories

Features

  • twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
  • twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
  • twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
  • twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
  • twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
  • Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
  • twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
  • twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)

Bugfixes

  • twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
  • Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
  • twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
  • twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)

Improved Documentation

  • The IRC server example found in the documentation was updated for readability. (#12097)
  • Remove contextvars from list of optional dependencies. (#12128)
  • The documentation for installing Twisted was moved into a single page. (#12145)
  • The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
  • Updated imap4client.py example, it no longer references Python 2. (#12252)

Deprecations and Removals

  • twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)

... (truncated)

Commits

Updates setuptools from 36.6.0 to 70.0.0

Release notes

Sourced from setuptools's releases.

v70.0.0

No release notes provided.

v69.5.1

No release notes provided.

v69.5.0

No release notes provided.

v69.4.2

No release notes provided.

v69.4.1

No release notes provided.

v69.4.0

No release notes provided.

v69.3.1

No release notes provided.

v69.3.0

No release notes provided.

v69.2.0

No release notes provided.

v69.1.1

No release notes provided.

v69.1.0

No release notes provided.

v69.0.3

No release notes provided.

v69.0.2

No release notes provided.

v69.0.1

No release notes provided.

v69.0.0

No release notes provided.

v68.2.2

No release notes provided.

v68.2.1

No release notes provided.

... (truncated)

Changelog

Sourced from setuptools's changelog.

v70.0.0

Features

  • Emit a warning when [tools.setuptools] is present in pyproject.toml and will be ignored. -- by :user:SnoopJ (#4150)
  • Improved AttributeError error message if pkg_resources.EntryPoint.require is called without extras or distribution Gracefully "do nothing" when trying to activate a pkg_resources.Distribution with a None location, rather than raising a TypeError -- by :user:Avasam (#4262)
  • Typed the dynamically defined variables from pkg_resources -- by :user:Avasam (#4267)
  • Modernized and refactored VCS handling in package_index. (#4332)

Bugfixes

  • In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
  • Fix finder template for lenient editable installs of implicit nested namespaces constructed by using package_dir to reorganise directory structure. (#4278)
  • Fix an error with UnicodeDecodeError handling in pkg_resources when trying to read files in UTF-8 with a fallback -- by :user:Avasam (#4348)

Improved Documentation

  • Uses RST substitution to put badges in 1 line. (#4312)

Deprecations and Removals

  • Further adoption of UTF-8 in setuptools. This change regards mostly files produced and consumed during the build process (e.g. metadata files, script wrappers, automatically updated config files, etc..) Although precautions were taken to minimize disruptions, some edge cases might be subject to backwards incompatibility.

    Support for "locale" encoding is now deprecated. (#4309)

  • Remove setuptools.convert_path after long deprecation period. This function was never defined by setuptools itself, but rather a side-effect of an import for internal usage. (#4322)

  • Remove fallback for customisations of distutils' build.sub_command after long deprecated period. Users are advised to import build directly from setuptools.command.build. (#4322)

  • Removed typing_extensions from vendored dependencies -- by :user:Avasam (#4324)

  • Remove deprecated setuptools.dep_util. The provided alternative is setuptools.modified. (#4360)

... (truncated)

Commits
  • 5cbf12a Workaround for release error in v70
  • 9c1bcc3 Bump version: 69.5.1 → 70.0.0
  • 4dc0c31 Remove deprecated setuptools.dep_util (#4360)
  • 6c1ef57 Remove xfail now that test passes. Ref #4371.
  • d14fa01 Add all site-packages dirs when creating simulated environment for test_edita...
  • 6b7f7a1 Prevent bin folders to be taken as extern packages when vendoring (#4370)
  • 69141f6 Add doctest for vendorised bin folder
  • 2a53cc1 Prevent 'bin' folders to be taken as extern packages
  • 7208628 Replace call to deprecated validate_pyproject command (#4363)
  • 96d681a Remove call to deprecated validate_pyproject command
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 6 updates
f625b11 
Bumps the pip group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [autobahn](https://github.com/crossbario/autobahn-python) | `17.9.3` | `20.12.3` |
| [certifi](https://github.com/certifi/python-certifi) | `2017.11.5` | `2024.7.4` |
| [cryptography](https://github.com/pyca/cryptography) | `2.1.4` | `43.0.1` |
| [requests](https://github.com/psf/requests) | `2.18.4` | `2.32.2` |
| [twisted](https://github.com/twisted/twisted) | `17.9.0` | `24.7.0` |
| [setuptools](https://github.com/pypa/setuptools) | `36.6.0` | `70.0.0` |



Updates `autobahn` from 17.9.3 to 20.12.3
- [Changelog](https://github.com/crossbario/autobahn-python/blob/master/docs/changelog.rst)
- [Commits](crossbario/autobahn-python@v17.9.3...v20.12.3)

Updates `certifi` from 2017.11.5 to 2024.7.4
- [Commits](certifi/python-certifi@2017.11.05...2024.07.04)

Updates `cryptography` from 2.1.4 to 43.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@2.1.4...43.0.1)

Updates `requests` from 2.18.4 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.18.4...v2.32.2)

Updates `twisted` from 17.9.0 to 24.7.0
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](twisted/twisted@twisted-17.9.0...twisted-24.7.0)

Updates `setuptools` from 36.6.0 to 70.0.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v36.6.0...v70.0.0)

---
updated-dependencies:
- dependency-name: autobahn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: twisted
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: setuptools
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

Morty Proxy This is a proxified and sanitized view of the page, visit original site.