search

canonical / discourse-gatekeeper

Experimental GitHub Action to upload charm documentation to charmhub
Apache License 2.0
7 stars 7 forks source link

Update dependency requests to >=2.31,<2.32 #198

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) >=2.28,<2.29 -> >=2.31,<2.32 age adoption passing confidence

Release Notes

psf/requests (requests) ### [`v2.31.0`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2310-2023-05-22) [Compare Source](https://togithub.com/psf/requests/compare/v2.30.0...v2.31.0) **Security** - Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of `Proxy-Authorization` headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a `Proxy-Authorization` header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the `Proxy-Authorization` header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are *strongly* encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our [Github Security Advisory](https://togithub.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q) and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681). ### [`v2.30.0`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2300-2023-05-03) [Compare Source](https://togithub.com/psf/requests/compare/v2.29.0...v2.30.0) **Dependencies** - ⚠️ Added support for urllib3 2.0. ⚠️ This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading. Users who wish to stay on urllib3 1.x can pin to `urllib3<2`. ### [`v2.29.0`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2290-2023-04-26) [Compare Source](https://togithub.com/psf/requests/compare/v2.28.2...v2.29.0) **Improvements** - Requests now defers chunked requests to the urllib3 implementation to improve standardization. ([#​6226](https://togithub.com/psf/requests/issues/6226)) - Requests relaxes header component requirements to support bytes/str subclasses. ([#​6356](https://togithub.com/psf/requests/issues/6356))

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

github-actions[bot] commented 1 year ago

Test coverage for ebec97a75f7d65a09c6bd00cefd6067be03e546d

Name                      Stmts   Miss Branch BrPart  Cover   Missing
---------------------------------------------------------------------
src/__init__.py              61      0     22      0   100%
src/action.py               154      0     46      0   100%
src/check.py                 53      0     21      0   100%
src/clients.py               12      0      0      0   100%
src/commit.py                42      0     12      0   100%
src/constants.py              9      0      0      0   100%
src/content.py               50      0     10      0   100%
src/discourse.py            156      0     34      0   100%
src/docs_directory.py        33      0      8      0   100%
src/download.py              23      0      2      0   100%
src/exceptions.py            14      0      0      0   100%
src/index.py                128      0     48      0   100%
src/metadata.py              28      0     12      0   100%
src/migration.py             87      0     27      0   100%
src/navigation_table.py      65      0     20      0   100%
src/reconcile.py             87      0     38      0   100%
src/repository.py           268      0     82      0   100%
src/sort.py                  39      0     22      0   100%
src/types_.py               135      0     22      0   100%
---------------------------------------------------------------------
TOTAL                      1444      0    426      0   100%

Static code analysis report

Working... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:02
Run started:2023-08-21 17:13:29.741546

Test results:
    No issues identified.

Code scanned:
    Total lines of code: 15131
    Total lines skipped (#nosec): 14
    Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
    Total issues (by severity):
        Undefined: 0
        Low: 0
        Medium: 0
        High: 0
    Total issues (by confidence):
        Undefined: 0
        Low: 0
        Medium: 0
        High: 0
Files skipped (0):