Skip to content

Commit 3667ab6

Browse files
dependabot[bot]dependabot[bot]
authored
pip: bump the pip-updates group across 1 directory with 5 updates (#400)
Bumps the pip-updates group with 5 updates in the /api directory: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2025.4.26` | `2025.6.15` | | [cryptography](https://github.com/pyca/cryptography) | `45.0.2` | `45.0.4` | | [jsonschema](https://github.com/python-jsonschema/jsonschema) | `4.23.0` | `4.24.0` | | [rpds-py](https://github.com/crate-py/rpds) | `0.25.0` | `0.25.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.5.0` | Updates `certifi` from 2025.4.26 to 2025.6.15 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/e767d5938eddddf804216cec93a55c85129c5f2d"><code>e767d59</code></a> 2025.06.15 (<a href="https://redirect.github.com/certifi/python-certifi/issues/357">#357</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/3e7076557d66b598fcca462e422dc988f09a6802"><code>3e70765</code></a> Bump actions/setup-python from 5.5.0 to 5.6.0</li> <li><a href="https://github.com/certifi/python-certifi/commit/9afd2ff407b8a0638988c952a6636b8dd623af7c"><code>9afd2ff</code></a> Bump actions/download-artifact from 4.2.1 to 4.3.0</li> <li><a href="https://github.com/certifi/python-certifi/commit/d7c816cbc9cf621b3ddc8cd7fa7eda3f36982620"><code>d7c816c</code></a> remove code that's no longer required that 3.7 is our minimum (<a href="https://redirect.github.com/certifi/python-certifi/issues/351">#351</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/189961379209973abd0dd6304297f03e2359e1b9"><code>1899613</code></a> Declare setuptools as the build backend in pyproject.toml (<a href="https://redirect.github.com/certifi/python-certifi/issues/350">#350</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c8741423d67e1025c0bdad5225ded05cf962f207"><code>c874142</code></a> update CI for ubuntu 20.04 deprecation (<a href="https://redirect.github.com/certifi/python-certifi/issues/348">#348</a>)</li> <li>See full diff in <a href="https://github.com/certifi/python-certifi/compare/2025.04.26...2025.06.15">compare view</a></li> </ul> </details> <br /> Updates `cryptography` from 45.0.2 to 45.0.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>45.0.4 - 2025-06-09</p> <pre><code> * Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This is not considered secure, and is supported only for backwards compatibility.) <p>.. _v45-0-3:</p> <p>45.0.3 - 2025-05-25<br /> </code></pre></p> <ul> <li>Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys encrypted by Bouncy Castle).</li> <li>Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly insecure, this remains prevalent.</li> </ul> <p>.. _v45-0-2:</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/678c0c59f743e3b301fbd34f1d26112db0cc2216"><code>678c0c5</code></a> prepare for 45.0.4 release (<a href="https://redirect.github.com/pyca/cryptography/issues/13058">#13058</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/50384959872c84933b6059c3b697139c8fcdcdea"><code>5038495</code></a> backports for 45.0.3 release (<a href="https://redirect.github.com/pyca/cryptography/issues/12979">#12979</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/45.0.2...45.0.4">compare view</a></li> </ul> </details> <br /> Updates `jsonschema` from 4.23.0 to 4.24.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/releases">jsonschema's releases</a>.</em></p> <blockquote> <h2>v4.24.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Fix calculation of evaluated properties by <a href="https://github.com/V02460"><code>@​V02460</code></a> in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1351">python-jsonschema/jsonschema#1351</a></li> <li>Support for Python 3.8 has been dropped, as it is end-of-life.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bkueng"><code>@​bkueng</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1326">python-jsonschema/jsonschema#1326</a></li> <li><a href="https://github.com/V02460"><code>@​V02460</code></a> made their first contribution in <a href="https://redirect.github.com/python-jsonschema/jsonschema/pull/1351">python-jsonschema/jsonschema#1351</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.23.0...v4.24.0">https://github.com/python-jsonschema/jsonschema/compare/v4.23.0...v4.24.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst">jsonschema's changelog</a>.</em></p> <blockquote> <h1>v4.24.0</h1> <ul> <li>Fix improper handling of <code>unevaluatedProperties</code> in the presence of <code>additionalProperties</code> (<a href="https://redirect.github.com/python-jsonschema/jsonschema/issues/1351">#1351</a>).</li> <li>Support for Python 3.8 has been dropped, as it is end-of-life.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/3e23ee5e695f84565f4175fb972073d787e1ab24"><code>3e23ee5</code></a> Add the bugfix to the changelog.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/8917e85c6549b2b2a0dfcae48fd512aaaebae836"><code>8917e85</code></a> Stop running CIFuzz.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/737e5ed536db806d97879ef3681f695ddc75a32d"><code>737e5ed</code></a> Rely on ruff in pre-commit.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/57e5e034cb0c8662995494ed4a833febf9b581a4"><code>57e5e03</code></a> Test via PyPy 3.11.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/d6c2ad7bbbdea0b2c3e627c304ad4dd325aaa254"><code>d6c2ad7</code></a> Add the zizmor setup here as well.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/af9a8578767ca70380ca2a2f7f6c2311b702d663"><code>af9a857</code></a> Drop a dead pyproject section.</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/c64ef846095b9d790749152367c8b12bea69a116"><code>c64ef84</code></a> This is less true than it once was...</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/9ff926f4588f0e4a8f5726cb69529c05c7921cc6"><code>9ff926f</code></a> Merge branch 'additional-evaluated'</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/8290667beb239282529430b59e2d4ea51777b33e"><code>8290667</code></a> We still need to ditch pip-licenses...</li> <li><a href="https://github.com/python-jsonschema/jsonschema/commit/6d973b543030be9b53a67739d08c6f8b19f45119"><code>6d973b5</code></a> Update pre-commit hooks.</li> <li>Additional commits viewable in <a href="https://github.com/python-jsonschema/jsonschema/compare/v4.23.0...v4.24.0">compare view</a></li> </ul> </details> <br /> Updates `rpds-py` from 0.25.0 to 0.25.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-py/rpds/releases">rpds-py's releases</a>.</em></p> <blockquote> <h2>v0.25.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Add windows arm64 wheel build by <a href="https://github.com/finnagin"><code>@​finnagin</code></a> in <a href="https://redirect.github.com/crate-py/rpds/pull/133">crate-py/rpds#133</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/finnagin"><code>@​finnagin</code></a> made their first contribution in <a href="https://redirect.github.com/crate-py/rpds/pull/133">crate-py/rpds#133</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/crate-py/rpds/compare/v0.25.0...v0.25.1">https://github.com/crate-py/rpds/compare/v0.25.0...v0.25.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-py/rpds/commit/125b4b194b824ed55bf81add8ae302490bc49192"><code>125b4b1</code></a> Release v0.25.1 for Windows ARM.</li> <li><a href="https://github.com/crate-py/rpds/commit/996e50aec57a169d820671e1625c129a6e470709"><code>996e50a</code></a> Properly pin hashes in workflows.</li> <li><a href="https://github.com/crate-py/rpds/commit/d8e3e84e62a99f376f5a68655e2fac052f57aac5"><code>d8e3e84</code></a> Merge pull request <a href="https://redirect.github.com/crate-py/rpds/issues/133">#133</a> from finnagin/arm64-wheel-build</li> <li><a href="https://github.com/crate-py/rpds/commit/e4f09f10e40211984fc3c748956b5530f225f3cc"><code>e4f09f1</code></a> remove trailing whitespace</li> <li><a href="https://github.com/crate-py/rpds/commit/403a90de2c44162753634897259c0a33faf08f67"><code>403a90d</code></a> fix indentation</li> <li><a href="https://github.com/crate-py/rpds/commit/1571595d8db67196e41451c9e12c4b65a7a8b2a1"><code>1571595</code></a> pin maturin-action steps to hash</li> <li><a href="https://github.com/crate-py/rpds/commit/184a8e63d8bd08ac08fdd5c24bb1c0c7ae3bb667"><code>184a8e6</code></a> Merge branch 'crate-py:main' into arm64-wheel-build</li> <li><a href="https://github.com/crate-py/rpds/commit/2531d3be39109507d76c88b89f999ca5f4706fcf"><code>2531d3b</code></a> remove trailing whitespace</li> <li><a href="https://github.com/crate-py/rpds/commit/bb9ba9e93cd66279a9b57b406963681246f53321"><code>bb9ba9e</code></a> add windows-arm to release needs</li> <li><a href="https://github.com/crate-py/rpds/commit/f8501627383afbfd10b16770f4cdf22b2aeb7de3"><code>f850162</code></a> Add windows arm64 builds</li> <li>See full diff in <a href="https://github.com/crate-py/rpds/compare/v0.25.0...v0.25.1">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 2.4.0 to 2.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h1>Security issues</h1> <p>urllib3 2.5.0 fixes two moderate security issues:</p> <ul> <li>Pool managers now properly control redirects when <code>retries</code> is passed — CVE-2025-50181 reported by <a href="https://github.com/sandumjacob"><code>@​sandumjacob</code></a> (5.3 Medium, GHSA-pq67-6m6q-mj2v)</li> <li>Redirects are now controlled by urllib3 in the Node.js runtime — CVE-2025-50182 (5.3 Medium, GHSA-48p4-8xcf-vxj5)</li> </ul> <h1>Features</h1> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <a href="https://peps.python.org/pep-0784/">PEP 784</a> for more information. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3610">#3610</a>)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3612">#3612</a>)</li> </ul> <h1>Bugfixes</h1> <ul> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3581">#3581</a>)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3615">#3615</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.5.0 (2025-06-18)</h1> <h2>Features</h2> <ul> <li>Added support for the <code>compression.zstd</code> module that is new in Python 3.14. See <code>PEP 784 &lt;https://peps.python.org/pep-0784/&gt;</code>_ for more information. (<code>[#3610](urllib3/urllib3#3610) &lt;https://github.com/urllib3/urllib3/issues/3610&gt;</code>__)</li> <li>Added support for version 0.5 of <code>hatch-vcs</code> (<code>[#3612](urllib3/urllib3#3612) &lt;https://github.com/urllib3/urllib3/issues/3612&gt;</code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a security issue where restricting the maximum number of followed redirects at the <code>urllib3.PoolManager</code> level via the <code>retries</code> parameter did not work.</li> <li>Made the Node.js runtime respect redirect parameters such as <code>retries</code> and <code>redirects</code>.</li> <li>Raised exception for <code>HTTPResponse.shutdown</code> on a connection already released to the pool. (<code>[#3581](urllib3/urllib3#3581) &lt;https://github.com/urllib3/urllib3/issues/3581&gt;</code>__)</li> <li>Fixed incorrect <code>CONNECT</code> statement when using an IPv6 proxy with <code>connection_from_host</code>. Previously would not be wrapped in <code>[]</code>. (<code>[#3615](urllib3/urllib3#3615) &lt;https://github.com/urllib3/urllib3/issues/3615&gt;</code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/aaab4eccc10c965897540b21e15f11859d0b62e7"><code>aaab4ec</code></a> Release 2.5.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"><code>7eb4a2a</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"><code>f05b132</code></a> Merge commit from fork</li> <li><a href="https://github.com/urllib3/urllib3/commit/d03fe327a71d09728512217149f269763671f296"><code>d03fe32</code></a> Fix HTTP tunneling with IPv6 in older Python versions</li> <li><a href="https://github.com/urllib3/urllib3/commit/11661e9bb4278e43d081f47a516e287a928c2206"><code>11661e9</code></a> Bump github/codeql-action from 3.28.0 to 3.29.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3624">#3624</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/6a0ecc6b16fe30f721021b44a81d19615098c71e"><code>6a0ecc6</code></a> Update v2 migration guide to 2.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3621">#3621</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e32e60d9024c05bc6f7adda08bdf6c539d0b0d4"><code>8e32e60</code></a> Raise exception for shutdown on a connection already released to the pool (<a href="https://redirect.github.com/urllib3/urllib3/issues/3">#3</a>...</li> <li><a href="https://github.com/urllib3/urllib3/commit/9996e0fbf90b77083ad3c73737a6c6395703faa9"><code>9996e0f</code></a> Fix emscripten CI for Chrome 137+ (<a href="https://redirect.github.com/urllib3/urllib3/issues/3599">#3599</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fd1a99a59725faf0efc946ce3b6bc9a194420af"><code>4fd1a99</code></a> Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3617">#3617</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c4b5917e911a90c8bf279448df8952a682294135"><code>c4b5917</code></a> Add support for the new <code>compression.zstd</code> module in Python 3.14 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3611">#3611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.4.0...2.5.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 2d69de9 commit 3667ab6

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

api/requirements.txt

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
anyio==4.9.0
22
asgiref==3.8.1
33
attrs==25.3.0
4-
certifi==2025.4.26
4+
certifi==2025.6.15
55
cffi==1.17.1
66
charset-normalizer==3.4.2
7-
cryptography==45.0.2
7+
cryptography==45.0.4
88
Django==5.1.7
99
django-flexi-settings @ git+https://github.com/cedadev/django-flexi-settings.git@68eb74b00e28448279e7d800889d6e39466bf0ce
1010
django-settings-object @ git+https://github.com/cedadev/django-settings-object.git@2b66c0fc5eae92972df5210b4bc43f7d95ad9ceb
@@ -19,7 +19,7 @@ httpx==0.28.1
1919
idna==3.10
2020
jasmin-ldap @ git+https://github.com/cedadev/jasmin-ldap.git@3e1d2659731e9e1a65e8723b4e72c776ae7f7b25
2121
Jinja2==3.1.6
22-
jsonschema==4.23.0
22+
jsonschema==4.24.0
2323
jsonschema-specifications==2025.4.1
2424
ldap3==2.9.1
2525
MarkupSafe==3.0.2
@@ -33,7 +33,7 @@ rackit @ git+https://github.com/stackhpc/rackit.git@cb2da480f9fc99f36cc777d58dfb
3333
referencing==0.36.2
3434
requests==2.32.4
3535
rfc3986==2.0.0
36-
rpds-py==0.25.0
36+
rpds-py==0.25.1
3737
six==1.17.0
3838
sniffio==1.3.1
3939
sqlparse==0.5.3

0 commit comments

Comments
 (0)