Skip to content
This repository was archived by the owner on May 15, 2025. It is now read-only.

Bump the all group across 1 directory with 8 updates #154

Closed
dependabot wants to merge 1 commit into from
Closed

Bump the all group across 1 directory with 8 updates #154

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 23, 2024
edited
Loading

Bumps the all group with 8 updates in the /localcert directory:

Package From To
coverage 7.6.4 7.6.9
certifi 2024.8.30 2024.12.14
cryptography 43.0.3 44.0.0
django 5.1.2 5.1.4
django-allauth 65.1.0 65.3.0
pyjwt 2.9.0 2.10.1
sqlparse 0.5.1 0.5.3
urllib3 2.2.3 2.3.0

Updates coverage from 7.6.4 to 7.6.9

Changelog

Sourced from coverage's changelog.

Version 7.6.9 — 2024-12-06

  • Fix: Tomas Uribe fixed <pull 1901_>_ a performance problem in the XML report. Large code bases should produce XML reports much faster now.

.. _pull 1901: nedbat/coveragepy#1901

.. _changes_7-6-8:

Version 7.6.8 — 2024-11-23

  • Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn't true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896_.

  • Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, "line 4 didn't jump to line 5 because line 4 was never true, and it didn't jump to line 7 because line 4 was always true." This was also shown in issue 1896_.

.. _issue 1896: nedbat/coveragepy#1896

.. _changes_7-6-7:

Version 7.6.7 — 2024-11-15

  • Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn.

.. _changes_7-6-6:

Version 7.6.6 — 2024-11-15

  • One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891_. The assert has been removed.

.. _issue 1891: nedbat/coveragepy#1891

.. _changes_7-6-5:

... (truncated)

Commits
  • daac76d docs: sample HTML for 7.6.9
  • f7d7e42 docs: prep for 7.6.9
  • 8fe3b2b docs: thanks, Tomas Uribe for #1901
  • 346cfc0 fix: use set instead of list for arcs_executed, fixes poor performance (#1901)
  • 484678e fix: COVERAGE_ONE_CORE should mean ctrace if possible
  • 37451ed chore: make upgrade doc_upgrade
  • bd23445 chore: bump the action-dependencies group with 2 updates (#1899)
  • 01cf50c test: add a test to satisfy a condition in results.py
  • 74d3c50 chore: make upgrade
  • f3b269c build: only comment once on an issue mentioned twice
  • Additional commits viewable in compare view

Updates certifi from 2024.8.30 to 2024.12.14

Commits
  • 4ba3900 2024.12.14 (#329)
  • 9164660 Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (#331)
  • 3dc3651 Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#328)
  • c5bf18d Bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 (#327)
  • b908391 Bump actions/setup-python from 5.2.0 to 5.3.0 (#326)
  • bc26b41 Bump actions/checkout from 4.2.1 to 4.2.2 (#325)
  • 57afc22 Bump actions/upload-artifact from 4.4.1 to 4.4.3 (#323)
  • a495091 test against 3.13 final
  • 62f8144 Added 3.13 classifier (#322)
  • 94d23a0 Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3 (#321)
  • Additional commits viewable in compare view

Updates cryptography from 43.0.3 to 44.0.0

Changelog

Sourced from cryptography's changelog.

44.0.0 - 2024-11-27


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
  Python core team. Support for Python 3.7 will be removed in a future
  ``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
  versions of macOS should upgrade, or they will need to build
  ``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions must
  not be empty.
* Added support for timestamp extraction to the
  :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
  during X.509 verification to allow fields permitted by :rfc:`5280` but
  forbidden by the CA/Browser BRs.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
  when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.

.. _v43-0-3:

Commits

Updates django from 5.1.2 to 5.1.4

Commits
  • 2d4add1 [5.1.x] Bumped version for 5.1.4 release.
  • 6943d61 [5.1.x] Fixed CVE-2024-53908 -- Prevented SQL injections in direct HasKeyLook...
  • bbc74a7 [5.1.x] Fixed CVE-2024-53907 -- Mitigated potential DoS in strip_tags().
  • 5b4d949 [5.1.x] Removed question marks from headings in docs/topics/db/fixtures.txt.
  • 6e3e735 [5.1.x] Fixed #35950 -- Restored refreshing of relations when fields deferred.
  • ee2698d [5.1.x] Removed reference to "removing older versions of Django" in tutorial.
  • bed70e2 [5.1.x] Upgraded to Python 3.12, Ubuntu 24.04, and enabled fail_on_warning fo...
  • 5f82a5e [5.1.x] Added stub release notes and release date for 5.1.4, 5.0.10, and 4.2.17.
  • 4b26240 [5.1.x] Fixed #35942 -- Fixed createsuperuser crash on Python 3.13+ when user...
  • 08ac8c1 [5.1.x] Updated maintainers of Django Debug Toolbar to Django Commons.
  • Additional commits viewable in compare view

Updates django-allauth from 65.1.0 to 65.3.0

Commits

Updates pyjwt from 2.9.0 to 2.10.1

Release notes

Sourced from pyjwt's releases.

2.10.1

Fixed

Full Changelog: jpadilla/pyjwt@2.10.0...2.10.1

2.10.0

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.9.0...2.10.0

Changelog

Sourced from pyjwt's changelog.

v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>__

Fixed


- Prevent partial matching of `iss` claim by @fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

v2.10.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0&gt;__


Changed

  • Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @​luhn in [#975](https://github.com/jpadilla/pyjwt/issues/975) <https://github.com/jpadilla/pyjwt/pull/975>__

  • Use Sequence for parameter types rather than List where applicable by @​imnotjames in [#970](https://github.com/jpadilla/pyjwt/issues/970) <https://github.com/jpadilla/pyjwt/pull/970>__

  • Add JWK support to JWT encode by @​luhn in [#979](https://github.com/jpadilla/pyjwt/issues/979) <https://github.com/jpadilla/pyjwt/pull/979>__

  • Encoding and decoding payloads using the none algorithm by @​jpadilla in #c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>

    Before:

    .. code-block:: pycon

    import jwt jwt.encode({"payload": "abc"}, key=None, algorithm=None)

    After:

    .. code-block:: pycon

    import jwt jwt.encode({"payload": "abc"}, key=None, algorithm="none")

  • Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @​Divan009 in [#1005](https://github.com/jpadilla/pyjwt/issues/1005) <https://github.com/jpadilla/pyjwt/pull/1005>__

  • Refactor project configuration files from setup.cfg to pyproject.toml by @​cleder in [#995](https://github.com/jpadilla/pyjwt/issues/995) <https://github.com/jpadilla/pyjwt/pull/995>__

  • Ruff linter and formatter changes by @​gagandeepp in [#1001](https://github.com/jpadilla/pyjwt/issues/1001) <https://github.com/jpadilla/pyjwt/pull/1001>__

  • Drop support for Python 3.8 (EOL) by @​kkirsche in [#1007](https://github.com/jpadilla/pyjwt/issues/1007) <https://github.com/jpadilla/pyjwt/pull/1007>__

Fixed


- Encode EC keys with a fixed bit length by @etianen in `[#990](https://github.com/jpadilla/pyjwt/issues/990) <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977) <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @pachewise in `[#974](https://github.com/jpadilla/pyjwt/issues/974) <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in `[#982](https://github.com/jpadilla/pyjwt/issues/982) <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in `[#986](https://github.com/jpadilla/pyjwt/issues/986) <https://github.com/jpadilla/pyjwt/pull/986>`__
</tr></table>

... (truncated)

Commits

Updates sqlparse from 0.5.1 to 0.5.3

Changelog

Sourced from sqlparse's changelog.

Release 0.5.3 (Dez 10, 2024)

Bug Fixes

  • This version introduces a more generalized handling of potential denial of service attack (DOS) due to recursion errors for deeply nested statements. Brought up and fixed by @​living180. Thanks a lot!

Release 0.5.2 (Nov 14, 2024)

Bug Fixes

  • EXTENSION is now recognized as a keyword (issue785).
  • SQL hints are not removed when removing comments (issue262, by skryzh).
Commits
  • ec0af5b Update version number.
  • c81cdf9 Disable checks for pypy-3.8.
  • a31245e Update changelog.
  • bbd8f51 Generalize RecursionError handling.
  • e57923b Switch back to development.
  • 7084df8 Add support for Python 3.13.
  • 5f37dd6 Bump version to 0.5.2.
  • 7c70674 Update authors and changelog.
  • 48bd14e [feature] returning .gitignore to previous version
  • 2f9c7ec [feature] deleting envs from .gitignore, creating test for SQL-Hints
  • Additional commits viewable in compare view

Updates urllib3 from 2.2.3 to 2.3.0

Release notes

Sourced from urllib3's releases.

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
  • Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

Full Changelog: urllib3/urllib3@2.2.3...2.3.0

Changelog

Sourced from urllib3's changelog.

2.3.0 (2024-12-22)

Features

  • Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
  • Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
  • Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
  • Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

  • Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

  • Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group across 1 directory with 8 updates
7c4d425 
Bumps the all group with 8 updates in the /localcert directory:

| Package | From | To |
| --- | --- | --- |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.4` | `7.6.9` |
| [certifi](https://github.com/certifi/python-certifi) | `2024.8.30` | `2024.12.14` |
| [cryptography](https://github.com/pyca/cryptography) | `43.0.3` | `44.0.0` |
| [django](https://github.com/django/django) | `5.1.2` | `5.1.4` |
| [django-allauth](https://github.com/sponsors/pennersr) | `65.1.0` | `65.3.0` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.9.0` | `2.10.1` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.5.1` | `0.5.3` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.3.0` |



Updates `coverage` from 7.6.4 to 7.6.9
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.4...7.6.9)

Updates `certifi` from 2024.8.30 to 2024.12.14
- [Commits](certifi/python-certifi@2024.08.30...2024.12.14)

Updates `cryptography` from 43.0.3 to 44.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.3...44.0.0)

Updates `django` from 5.1.2 to 5.1.4
- [Commits](django/django@5.1.2...5.1.4)

Updates `django-allauth` from 65.1.0 to 65.3.0
- [Commits](https://github.com/sponsors/pennersr/commits)

Updates `pyjwt` from 2.9.0 to 2.10.1
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.9.0...2.10.1)

Updates `sqlparse` from 0.5.1 to 0.5.3
- [Release notes](https://github.com/andialbrecht/sqlparse/releases)
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.5.1...0.5.3)

Updates `urllib3` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.3...2.3.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: sqlparse
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 23, 2024
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Dec 30, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 30, 2024
@dependabot dependabot bot deleted the dependabot/pip/localcert/all-66865da5ee branch December 30, 2024 03:48
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant