search

TheSpaceDevs / spaceflightnewsapi

Spaceflight News API (SNAPI) enables developers to add the latest spaceflight news to their apps.
https://spaceflightnewsapi.net
67 stars 7 forks source link

chore(deps): bump the package-updates group with 6 updates #3596

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the package-updates group with 6 updates:

Package From To
django 4.2.14 4.2.15
pyyaml 6.0.1 6.0.2
gunicorn 22.0.0 23.0.0
boto3 1.34.153 1.34.158
logfire 0.48.1 0.50.1
ruff 0.5.6 0.5.7

Updates django from 4.2.14 to 4.2.15

Commits
  • 4d32ebc [4.2.x] Bumped version for 4.2.15 release.
  • f4af67b [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection att...
  • efea1ef [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.htm...
  • d0a82e2 [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizet...
  • fc76660 [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in flo...
  • 7b1a76f [4.2.x] Added stub release notes and release date for 4.2.15.
  • 96a3497 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueEr...
  • c5d196a [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.
  • 8e59e33 [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39...
  • 72f6c7d [4.2.x] Post-release version bump.
  • See full diff in compare view


Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

  • Support for Cython 3.x and Python 3.13.

Full Changelog: https://github.com/yaml/pyyaml/compare/6.0.1...6.0.2

6.0.2rc1

  • Support for extension build with Cython 3.x
  • Support for Python 3.13
  • Added PyPI wheels for musllinux on aarch64
Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

Commits


Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT_NAME=/subfolder
  • Additional commits viewable in compare view


Updates boto3 from 1.34.153 to 1.34.158

Commits
  • b7e50f1 Merge branch 'release-1.34.158'
  • 70829fb Bumping version to 1.34.158
  • 6f0abd4 Add changelog entries from botocore
  • 7f4edea Merge branch 'release-1.34.157'
  • 4350319 Merge branch 'release-1.34.157' into develop
  • 541c1d3 Bumping version to 1.34.157
  • c2dd12d Add changelog entries from botocore
  • 6e52ab6 Merge branch 'release-1.34.156'
  • e0923a1 Merge branch 'release-1.34.156' into develop
  • d355703 Bumping version to 1.34.156
  • Additional commits viewable in compare view


Updates logfire from 0.48.1 to 0.50.1

Release notes

Sourced from logfire's releases.

v0.50.1

What's Changed

Full Changelog: https://github.com/pydantic/logfire/compare/v0.50.0...v0.50.1

v0.50.0

What's Changed

  • BREAKING CHANGES: Separate sending to Logfire from using standard OTEL environment variables by @​alexmojaki in pydantic/logfire#351. See https://docs.pydantic.dev/logfire/guides/advanced/alternative_backends/ for details. Highlights:
    • OTEL_EXPORTER_OTLP_ENDPOINT is no longer just an alternative to LOGFIRE_BASE_URL. Setting OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_TRACES_ENDPOINT, and/or OTEL_EXPORTER_OTLP_METRICS_ENDPOINT will set up appropriate exporters in addition to sending to Logfire, which must be turned off separately if desired. These are basic exporters relying on OTEL defaults. In particular they don't use our custom retrying logic.
    • LOGFIRE_BASE_URL / logfire.configure(base_url=...) is now only intended for actual alternative Logfire backends, which are currently only available to Logfire developers, and unlike OTEL_EXPORTER_OTLP_ENDPOINT requires authenticating with Logfire.
    • Pending spans are only sent to logfire-specific exporters.
  • Add capture_statement to Redis instrumentation by @​Kludex in pydantic/logfire#355

Full Changelog: https://github.com/pydantic/logfire/compare/v0.49.1...v0.50.0

v0.49.1

What's Changed

Full Changelog: https://github.com/pydantic/logfire/compare/v0.49.0...v0.49.1

v0.49.0

What's Changed

New Contributors

Full Changelog: https://github.com/pydantic/logfire/compare/v0.48.1...v0.49.0

Changelog

Sourced from logfire's changelog.

[v0.50.1] (2024-08-06)

(Previously released as v0.50.0, then yanked due to pydantic/logfire#367)

  • BREAKING CHANGES: Separate sending to Logfire from using standard OTEL environment variables by @​alexmojaki in pydantic/logfire#351. See https://docs.pydantic.dev/logfire/guides/advanced/alternative_backends/ for details. Highlights:
    • OTEL_EXPORTER_OTLP_ENDPOINT is no longer just an alternative to LOGFIRE_BASE_URL. Setting OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_TRACES_ENDPOINT, and/or OTEL_EXPORTER_OTLP_METRICS_ENDPOINT will set up appropriate exporters in addition to sending to Logfire, which must be turned off separately if desired. These are basic exporters relying on OTEL defaults. In particular they don't use our custom retrying logic.
    • LOGFIRE_BASE_URL / logfire.configure(base_url=...) is now only intended for actual alternative Logfire backends, which are currently only available to Logfire developers, and unlike OTEL_EXPORTER_OTLP_ENDPOINT requires authenticating with Logfire.
    • Pending spans are only sent to logfire-specific exporters.
  • Add capture_statement to Redis instrumentation by @​Kludex in pydantic/logfire#355

[v0.49.1] (2024-08-05)

[v0.49.0] (2024-08-05)

Commits


Updates ruff from 0.5.6 to 0.5.7

Release notes

Sourced from ruff's releases.

0.5.7

Release Notes

Preview features

  • [flake8-comprehensions] Account for list and set comprehensions in unnecessary-literal-within-tuple-call (C409) (#12657)
  • [flake8-pyi] Add autofix for future-annotations-in-stub (PYI044) (#12676)
  • [flake8-return] Avoid syntax error when auto-fixing RET505 with mixed indentation (space and tabs) (#12740)
  • [pydoclint] Add docstring-missing-yields (DOC402) and docstring-extraneous-yields (DOC403) (#12538)
  • [pydoclint] Avoid DOC201 if docstring begins with "Return", "Returns", "Yield", or "Yields" (#12675)
  • [pydoclint] Deduplicate collected exceptions after traversing function bodies (DOC501) (#12642)
  • [pydoclint] Ignore DOC errors for stub functions (#12651)
  • [pydoclint] Teach rules to understand reraised exceptions as being explicitly raised (DOC501, DOC502) (#12639)
  • [ruff] Implement incorrectly-parenthesized-tuple-in-subscript (RUF031) (#12480)
  • [ruff] Mark RUF023 fix as unsafe if __slots__ is not a set and the binding is used elsewhere (#12692)

Rule changes

  • [refurb] Add autofix for implicit-cwd (FURB177) (#12708)
  • [ruff] Add autofix for zip-instead-of-pairwise (RUF007) (#12663)
  • [tryceratops] Add BaseException to raise-vanilla-class rule (TRY002) (#12620)

Server

  • Ignore non-file workspace URL; Ruff will display a warning notification in this case (#12725)

CLI

  • Fix cache invalidation for nested pyproject.toml files (#12727)

Bug fixes

  • [flake8-async] Fix false positives with multiple async with items (ASYNC100) (#12643)
  • [flake8-bandit] Avoid false-positives for list concatenations in SQL construction (S608) (#12720)
  • [flake8-bugbear] Treat return as equivalent to break (B909) (#12646)
  • [flake8-comprehensions] Set comprehensions not a violation for sum in unnecessary-comprehension-in-call (C419) (#12691)
  • [flake8-simplify] Parenthesize conditions based on precedence when merging if arms (SIM114) (#12737)
  • [pydoclint] Try both 'Raises' section styles when convention is unspecified (DOC501) (#12649)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.7

Preview features

  • [flake8-comprehensions] Account for list and set comprehensions in unnecessary-literal-within-tuple-call (C409) (#12657)
  • [flake8-pyi] Add autofix for future-annotations-in-stub (PYI044) (#12676)
  • [flake8-return] Avoid syntax error when auto-fixing RET505 with mixed indentation (space and tabs) (#12740)
  • [pydoclint] Add docstring-missing-yields (DOC402) and docstring-extraneous-yields (DOC403) (#12538)
  • [pydoclint] Avoid DOC201 if docstring begins with "Return", "Returns", "Yield", or "Yields" (#12675)
  • [pydoclint] Deduplicate collected exceptions after traversing function bodies (DOC501) (#12642)
  • [pydoclint] Ignore DOC errors for stub functions (#12651)
  • [pydoclint] Teach rules to understand reraised exceptions as being explicitly raised (DOC501, DOC502) (#12639)
  • [ruff] Implement incorrectly-parenthesized-tuple-in-subscript (RUF031) (#12480)
  • [ruff] Mark RUF023 fix as unsafe if __slots__ is not a set and the binding is used elsewhere (#12692)

Rule changes

  • [refurb] Add autofix for implicit-cwd (FURB177) (#12708)
  • [ruff] Add autofix for zip-instead-of-pairwise (RUF007) (#12663)
  • [tryceratops] Add BaseException to raise-vanilla-class rule (TRY002) (#12620)

Server

  • Ignore non-file workspace URL; Ruff will display a warning notification in this case (#12725)

CLI

  • Fix cache invalidation for nested pyproject.toml files (#12727)

Bug fixes

  • [flake8-async] Fix false positives with multiple async with items (ASYNC100) (#12643)
  • [flake8-bandit] Avoid false-positives for list concatenations in SQL construction (S608) (#12720)
  • [flake8-bugbear] Treat return as equivalent to break (B909) (#12646)
  • [flake8-comprehensions] Set comprehensions not a violation for sum in unnecessary-comprehension-in-call (C419) (#12691)
  • [flake8-simplify] Parenthesize conditions based on precedence when merging if arms (SIM114) (#12737)
  • [pydoclint] Try both 'Raises' section styles when convention is unspecified (DOC501) (#12649)
Commits
  • 221ea66 Bump version to 0.5.7 (#12756)
  • d28c5af [red-knot] Remove mentions of Ruff from the CLI help (#12752)
  • f1de08c [red-knot] Merge the semantic and module-resolver crates (#12751)
  • 33e9a6a SIM110: any() is ~3x slower than the code it replaces (#12746)
  • f577e03 [ruff] Ignore empty tuples for `incorrectly-parenthesized-tuple-in-subscript ...
  • f537335 Remove all useEffect usages (#12659)
  • 2daa914 Gracefully handle errors in CLI (#12747)
  • 6d9205e [ruff_linter] - Use LibCST in adjust_indentation for mixed whitespace (#1...
  • df7345e Exit with an error if there are check failures (#12735)
  • dc6aafe Setup tracing and document tracing usage (#12730)
  • Additional commits viewable in compare view


Most Recent Ignore Conditions Applied to This Pull Request | Dependency Name | Ignore Conditions | | --- | --- | | django | [>= 5.a, < 6] |

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
codspeed-hq[bot] commented 2 months ago

CodSpeed Performance Report

Merging #3596 will not alter performance

Comparing dependabot/pip/package-updates-7a79eeecb8 (d250677) with main (5b6b1be)

Summary

✅ 46 untouched benchmarks