beaufour
commented
1 year ago @dependabot merge
On Tue, Jul 25, 2023 at 7:15 PM dependabot[bot] @.***> wrote:
This automated pull request fixes a security vulnerability https://github.com/alexis-mignon/python-flickr-api/security/dependabot/9 (low severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps certifi https://github.com/certifi/python-certifi from 2023.5.7 to 2023.7.22. Commits
- 8fb96ed https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909 2023.07.22
- afe7722 https://github.com/certifi/python-certifi/commit/afe77220e0eaa722593fc5d294213ff5275d1b40 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230 https://redirect.github.com/certifi/python-certifi/issues/230)
- 2038739 https://github.com/certifi/python-certifi/commit/2038739ad56abec7aaddfa90ad2ce6b3ed7f5c7b Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229 https://redirect.github.com/certifi/python-certifi/issues/229)
- 44df761 https://github.com/certifi/python-certifi/commit/44df761f4c09d19f32b3cc09208a739043a5e25b Hash pin Actions and enable dependabot (#228 https://redirect.github.com/certifi/python-certifi/issues/228)
- See full diff in compare view https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/alexis-mignon/python-flickr-api/network/alerts.
You can view, comment on, or merge this pull request online at:
https://github.com/alexis-mignon/python-flickr-api/pull/135 Commit Summary
- 929a4a7 https://github.com/alexis-mignon/python-flickr-api/pull/135/commits/929a4a7cca6e86f5a9d5ca53aa519d92638674af Bump certifi from 2023.5.7 to 2023.7.22
File Changes
(1 file https://github.com/alexis-mignon/python-flickr-api/pull/135/files)
- M Pipfile.lock https://github.com/alexis-mignon/python-flickr-api/pull/135/files#diff-a86c67a0a29ed0e95909b9b7c420140f302d17399ee6dcce4e1a51a14d27fd51 (289)
Patch Links:
- https://github.com/alexis-mignon/python-flickr-api/pull/135.patch
- https://github.com/alexis-mignon/python-flickr-api/pull/135.diff
— Reply to this email directly, view it on GitHub https://github.com/alexis-mignon/python-flickr-api/pull/135, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB2POP4OEPEH4R2NZ2YUXLXSBHQ3ANCNFSM6AAAAAA2XYE4AQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Bumps certifi from 2023.5.7 to 2023.7.22.
Commits
8fb96ed2023.07.22afe7722Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)2038739Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)44df761Hash pin Actions and enable dependabot (#228)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alexis-mignon/python-flickr-api/network/alerts).