Closed dependabot[bot] closed 4 months ago
Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information
Unable to locate .performanceTestingBot config file
Thanks @dependabot[bot] for opening this PR!
For COLLABORATOR only :
To add labels, comment on the issue
/label add label1,label2,label3
To remove labels, comment on the issue
/label remove label1,label2,label3
Processing PR updates...
Check out the playback for this Pull Request here.
Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.
[!IMPORTANT]
Review skipped
Bot user detected.
To trigger a single review, invoke the
@coderabbitai review
command.You can disable this status message by setting the
reviews.review_status
tofalse
in the CodeRabbit configuration file.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
PR Details of @dependabot[bot] in OpenInterpreter-01 : | OPEN | CLOSED | TOTAL |
---|---|---|---|
2 | 20 | 22 |
Superseded by #24.
Bumps the pip group with 4 updates in the /software directory: litellm, requests, tornado and urllib3.
Updates
litellm
from 1.34.42 to 1.40.0Release notes
Sourced from litellm's releases.
... (truncated)
Commits
93c9ea1
fix(openai.py): fix client caching logic63fb3a9
Merge pull request #3961 from BerriAI/litellm_docker_compose_startce4ba80
build(docker-compose.yml): load local .env in docker compose quick start2245ee1
test(test_scheduler.py): fix testing9b4a19b
build(docker-compose.yml): startup docker compose with postgres7715267
fix(router.py): simplify scheduler27087f6
Merge pull request #3959 from BerriAI/litellm_support_verify_ssl_falsed7160eb
fix(test_scheduler.py): fix testa16a1c4
fix(http_handler.py): allow setting ca bundle pathf75c15d
fix(proxy_server.py): security fix - fix sql injection attack on global spend...Updates
requests
from 2.31.0 to 2.32.2Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
88dce9d
v2.32.2c98e4d1
Merge pull request #6710 from nateprewitt/api_rename92075b3
Add deprecation warningaa1461b
Move _get_connection to get_connection_with_tls_context970e8ce
v2.32.1d6ebc4a
v2.32.09a40d12
Avoid reloading root certificates to improve concurrent performance (#6667)0c030f7
Merge pull request #6702 from nateprewitt/no_char_detection555b870
Allow character detection dependencies to be optional in post-packaging stepsd6dded3
Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-testUpdates
tornado
from 6.4 to 6.4.1Changelog
Sourced from tornado's changelog.
... (truncated)
Commits
2a0e1d1
Merge pull request #3388 from bdarnell/release-641b7af4e8
Release notes and version bump for version 6.4.1d65f6e7
Merge pull request #3387 from bdarnell/chunked-parsing8d721a8
httputil: Only strip tabs and spaces from header values7786f09
Merge pull request #3386 from bdarnell/curl-crlffb119c7
http1connection: Stricter handling of transfer-encodingb0ffc58
curl_httpclient,http1connection: Prohibit CR and LF in headers0efa9a4
Merge pull request #3385 from bdarnell/update-black2757c6e
Merge pull request #3384 from tornadoweb/dependabot/pip/requests-2.32.2291d1b6
*: Update blackUpdates
urllib3
from 2.2.1 to 2.2.2Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
27e2a5c
Release 2.2.2 (#3406)accff72
Merge pull request from GHSA-34jh-p97f-mpxf34be4a5
Pin CFFI to a new release candidate instead of a Git commit (#3398)da41058
Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)b07a669
Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)b8589ec
Measure coverage with v4 of artifact actions (#3394)f3bdc55
Allow triggering CI manually (#3391)5239265
Fix HTTP version in debug log (#3316)b34619f
Bump actions/checkout to 4.1.4 (#3387)9961d14
Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show