renovate[bot]
commented
7 months ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: poetry.lock
Updating dependencies
Resolving dependencies...
Creating virtualenv flask-session2-hlBlwS4--py3.12 in /home/ubuntu/.cache/pypoetry/virtualenvs
The current project's Python requirement (>=3.7.2,<4.0.0) is not compatible with some of the required packages Python requirement:
- cachelib requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8
Because no versions of cachelib match >0.13.0,<0.14.0
and cachelib (0.13.0) requires Python >=3.8, cachelib is forbidden.
So, because flask-session2 depends on cachelib (^0.13.0), version solving failed.
• Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
For cachelib, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"
https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
https://python-poetry.org/docs/dependency-specification/#using-environment-markers
This PR contains the following updates:
11.0.2->11.0.32.2.5->2.3.33.0.5->3.1.1v3.15.0->v3.17.01.7.5->1.7.91.33.13->1.35.18^0.10.0->^0.13.07.2.7->7.6.18.12.0->8.15.12.19.0->2.20.12.14.0->2.18.05.11.5->5.13.2v2.12.0->v2.14.0v2.2.1->v2.3.11.4.1->1.11.23.17.0->3.17.6v4.5.0->v4.6.05.0.1->5.0.823.0.0->23.1.1v1.10.0->1.11.04.8.0->4.18.1Note: The
pre-commitmanager in Renovate is not supported by thepre-commitmaintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.Release Notes
semantic-release/npm (@semantic-release/npm)
### [`v11.0.3`](https://redirect.github.com/semantic-release/npm/releases/tag/v11.0.3) [Compare Source](https://redirect.github.com/semantic-release/npm/compare/v11.0.2...v11.0.3) ##### Bug Fixes - **deps:** raised the minimum accepted range of npm to v10.5.0 ([#759](https://redirect.github.com/semantic-release/npm/issues/759)) ([a0313f8](https://redirect.github.com/semantic-release/npm/commit/a0313f82060ec344d77443a9b1b28e87178dcf78)), closes [semantic-release/semantic-release#3202](https://redirect.github.com/semantic-release/semantic-release/issues/3202) even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefullypallets/flask (Flask)
### [`v2.3.3`](https://redirect.github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-233) [Compare Source](https://redirect.github.com/pallets/flask/compare/2.3.2...2.3.3) Released 2023-08-21 - Python 3.12 compatibility. - Require Werkzeug >= 2.3.7. - Use `flit_core` instead of `setuptools` as build backend. - Refactor how an app's root and instance paths are determined. :issue:`5160` ### [`v2.3.2`](https://redirect.github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-232) [Compare Source](https://redirect.github.com/pallets/flask/compare/2.3.1...2.3.2) Released 2023-05-01 - Set `Vary: Cookie` header when the session is accessed, modified, or refreshed. - Update Werkzeug requirement to >=2.3.3 to apply recent bug fixes. ### [`v2.3.1`](https://redirect.github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-231) [Compare Source](https://redirect.github.com/pallets/flask/compare/2.3.0...2.3.1) Released 2023-04-25 - Restore deprecated `from flask import Markup`. :issue:`5084` ### [`v2.3.0`](https://redirect.github.com/pallets/flask/blob/HEAD/CHANGES.rst#Version-230) [Compare Source](https://redirect.github.com/pallets/flask/compare/2.2.5...2.3.0) Released 2023-04-25 - Drop support for Python 3.7. :pr:`5072` - Update minimum requirements to the latest versions: Werkzeug>=2.3.0, Jinja2>3.1.2, itsdangerous>=2.1.2, click>=8.1.3. - Remove previously deprecated code. :pr:`4995` - The `push` and `pop` methods of the deprecated `_app_ctx_stack` and `_request_ctx_stack` objects are removed. `top` still exists to give extensions more time to update, but it will be removed. - The `FLASK_ENV` environment variable, `ENV` config key, and `app.env` property are removed. - The `session_cookie_name`, `send_file_max_age_default`, `use_x_sendfile`, `propagate_exceptions`, and `templates_auto_reload` properties on `app` are removed. - The `JSON_AS_ASCII`, `JSON_SORT_KEYS`, `JSONIFY_MIMETYPE`, and `JSONIFY_PRETTYPRINT_REGULAR` config keys are removed. - The `app.before_first_request` and `bp.before_app_first_request` decorators are removed. - `json_encoder` and `json_decoder` attributes on app and blueprint, and the corresponding `json.JSONEncoder` and `JSONDecoder` classes, are removed. - The `json.htmlsafe_dumps` and `htmlsafe_dump` functions are removed. - Calling setup methods on blueprints after registration is an error instead of a warning. :pr:`4997` - Importing `escape` and `Markup` from `flask` is deprecated. Import them directly from `markupsafe` instead. :pr:`4996` - The `app.got_first_request` property is deprecated. :pr:`4997` - The `locked_cached_property` decorator is deprecated. Use a lock inside the decorated function if locking is needed. :issue:`4993` - Signals are always available. `blinker>=1.6.2` is a required dependency. The `signals_available` attribute is deprecated. :issue:`5056` - Signals support `async` subscriber functions. :pr:`5049` - Remove uses of locks that could cause requests to block each other very briefly. :issue:`4993` - Use modern packaging metadata with `pyproject.toml` instead of `setup.cfg`. :pr:`4947` - Ensure subdomains are applied with nested blueprints. :issue:`4834` - `config.from_file` can use `text=False` to indicate that the parser wants a binary file instead. :issue:`4989` - If a blueprint is created with an empty name it raises a `ValueError`. :issue:`5010` - `SESSION_COOKIE_DOMAIN` does not fall back to `SERVER_NAME`. The default is not to set the domain, which modern browsers interpret as an exact match rather than a subdomain match. Warnings about `localhost` and IP addresses are also removed. :issue:`5051` - The `routes` command shows each rule's `subdomain` or `host` when domain matching is in use. :issue:`5004` - Use postponed evaluation of annotations. :pr:`5071`asottile/pyupgrade (asottile/pyupgrade)
### [`v3.17.0`](https://redirect.github.com/asottile/pyupgrade/compare/v3.16.0...v3.17.0) [Compare Source](https://redirect.github.com/asottile/pyupgrade/compare/v3.16.0...v3.17.0) ### [`v3.16.0`](https://redirect.github.com/asottile/pyupgrade/compare/v3.15.2...v3.16.0) [Compare Source](https://redirect.github.com/asottile/pyupgrade/compare/v3.15.2...v3.16.0) ### [`v3.15.2`](https://redirect.github.com/asottile/pyupgrade/compare/v3.15.1...v3.15.2) [Compare Source](https://redirect.github.com/asottile/pyupgrade/compare/v3.15.1...v3.15.2) ### [`v3.15.1`](https://redirect.github.com/asottile/pyupgrade/compare/v3.15.0...v3.15.1) [Compare Source](https://redirect.github.com/asottile/pyupgrade/compare/v3.15.0...v3.15.1)PyCQA/bandit (bandit)
### [`v1.7.9`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.9) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.8...1.7.9) #### What's Changed - Bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1117](https://redirect.github.com/PyCQA/bandit/pull/1117) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - New logo for Bandit based on raccoon by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1121](https://redirect.github.com/PyCQA/bandit/pull/1121) - Start testing on Python 3.13 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1122](https://redirect.github.com/PyCQA/bandit/pull/1122) - Bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1123](https://redirect.github.com/PyCQA/bandit/pull/1123) - Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1124](https://redirect.github.com/PyCQA/bandit/pull/1124) - Bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1125](https://redirect.github.com/PyCQA/bandit/pull/1125) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1126](https://redirect.github.com/PyCQA/bandit/pull/1126) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1127](https://redirect.github.com/PyCQA/bandit/pull/1127) - Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1130](https://redirect.github.com/PyCQA/bandit/pull/1130) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1131](https://redirect.github.com/PyCQA/bandit/pull/1131) - Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1132](https://redirect.github.com/PyCQA/bandit/pull/1132) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1133](https://redirect.github.com/PyCQA/bandit/pull/1133) - Updates banner logo so it renders well in dark mode by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1134](https://redirect.github.com/PyCQA/bandit/pull/1134) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1135](https://redirect.github.com/PyCQA/bandit/pull/1135) - Add a sponsor section to README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1137](https://redirect.github.com/PyCQA/bandit/pull/1137) - Ensure sarif extra is included as part of doc build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1139](https://redirect.github.com/PyCQA/bandit/pull/1139) - Bump docker/login-action from 3.1.0 to 3.2.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1142](https://redirect.github.com/PyCQA/bandit/pull/1142) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1143](https://redirect.github.com/PyCQA/bandit/pull/1143) - \[pre-commit.ci] pre-commit autoupdate by [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) in [https://github.com/PyCQA/bandit/pull/1145](https://redirect.github.com/PyCQA/bandit/pull/1145) - Guard against empty call argument list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1146](https://redirect.github.com/PyCQA/bandit/pull/1146) - Bump docker/build-push-action from 5.3.0 to 5.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1144](https://redirect.github.com/PyCQA/bandit/pull/1144) - Support `configfile` in `.bandit` file by [@bersbersbers](https://redirect.github.com/bersbersbers) in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) #### New Contributors - [@pre-commit-ci](https://redirect.github.com/pre-commit-ci) made their first contribution in [https://github.com/PyCQA/bandit/pull/1119](https://redirect.github.com/PyCQA/bandit/pull/1119) - [@bersbersbers](https://redirect.github.com/bersbersbers) made their first contribution in [https://github.com/PyCQA/bandit/pull/1052](https://redirect.github.com/PyCQA/bandit/pull/1052) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.8...1.7.9 ### [`v1.7.8`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.8) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.7...1.7.8) #### What's Changed - Incorrect tag naming in readme by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1105](https://redirect.github.com/PyCQA/bandit/pull/1105) - Utilize PyPI's trusted publishing by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1107](https://redirect.github.com/PyCQA/bandit/pull/1107) - Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1109](https://redirect.github.com/PyCQA/bandit/pull/1109) - Add 1.7.7 to versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1110](https://redirect.github.com/PyCQA/bandit/pull/1110) - Use datetime to avoid updating copyright year by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1112](https://redirect.github.com/PyCQA/bandit/pull/1112) - filter data is safe for tarfile extractall by [@etienneschalk](https://redirect.github.com/etienneschalk) in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1115](https://redirect.github.com/PyCQA/bandit/pull/1115) - \[B605] Add functions that are vulnerable to shell injection. by [@shihai1991](https://redirect.github.com/shihai1991) in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) - Add a SARIF output formatter by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1113](https://redirect.github.com/PyCQA/bandit/pull/1113) #### New Contributors - [@etienneschalk](https://redirect.github.com/etienneschalk) made their first contribution in [https://github.com/PyCQA/bandit/pull/1111](https://redirect.github.com/PyCQA/bandit/pull/1111) - [@shihai1991](https://redirect.github.com/shihai1991) made their first contribution in [https://github.com/PyCQA/bandit/pull/1116](https://redirect.github.com/PyCQA/bandit/pull/1116) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.7...1.7.8 ### [`v1.7.7`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.7) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.6...1.7.7) #### What's Changed - Add the new release to bandit versions of bug template by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1075](https://redirect.github.com/PyCQA/bandit/pull/1075) - Bump actions/setup-python from 4 to 5 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1076](https://redirect.github.com/PyCQA/bandit/pull/1076) - Handle variant in how policy is passed in paramiko by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1078](https://redirect.github.com/PyCQA/bandit/pull/1078) - Flag str.replace as possible sql injection by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1044](https://redirect.github.com/PyCQA/bandit/pull/1044) - defusedxml: Show correct module name by [@kajinamit](https://redirect.github.com/kajinamit) in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) - Add tidelift to the sponsor funding list by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1089](https://redirect.github.com/PyCQA/bandit/pull/1089) - Create a security policy by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1091](https://redirect.github.com/PyCQA/bandit/pull/1091) - Fix up issues found running Bandit on itself by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1093](https://redirect.github.com/PyCQA/bandit/pull/1093) - Add random.randbytes to blacklist calls by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1096](https://redirect.github.com/PyCQA/bandit/pull/1096) - Prepend ./ for files specified as CLI args by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1094](https://redirect.github.com/PyCQA/bandit/pull/1094) - Rework GitPython dependency to be an extra for bandit-baseline by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1099](https://redirect.github.com/PyCQA/bandit/pull/1099) - Bump actions/dependency-review-action from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1101](https://redirect.github.com/PyCQA/bandit/pull/1101) - Introduce Official Bandit Images by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1088](https://redirect.github.com/PyCQA/bandit/pull/1088) - Remove markdown formatting in reStructuredText formatted README by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1103](https://redirect.github.com/PyCQA/bandit/pull/1103) - Downsize the org:repo name by [@lukehinds](https://redirect.github.com/lukehinds) in [https://github.com/PyCQA/bandit/pull/1104](https://redirect.github.com/PyCQA/bandit/pull/1104) #### New Contributors - [@kajinamit](https://redirect.github.com/kajinamit) made their first contribution in [https://github.com/PyCQA/bandit/pull/1081](https://redirect.github.com/PyCQA/bandit/pull/1081) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.6...1.7.7 ### [`v1.7.6`](https://redirect.github.com/PyCQA/bandit/releases/tag/1.7.6) [Compare Source](https://redirect.github.com/PyCQA/bandit/compare/1.7.5...1.7.6) #### What's Changed - Update bug report to include version 1.7.5 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/993](https://redirect.github.com/PyCQA/bandit/pull/993) - Render Python 3.10 in drop down correctly by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/997](https://redirect.github.com/PyCQA/bandit/pull/997) - Remove checks for Python2 urllib by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/999](https://redirect.github.com/PyCQA/bandit/pull/999) - Improper detection of non-requests module by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1011](https://redirect.github.com/PyCQA/bandit/pull/1011) - xmlrpclib replaced with xmlrpc in Python3 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1012](https://redirect.github.com/PyCQA/bandit/pull/1012) - language and linting updates by [@marksmayo](https://redirect.github.com/marksmayo) in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015) - Adds check for crypt module usage as weak hash by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1018](https://redirect.github.com/PyCQA/bandit/pull/1018) - Switch to tox 4 by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1020](https://redirect.github.com/PyCQA/bandit/pull/1020) - Skip unnecessary `pip install` commands in the pythonpackage.yml workflow by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1021](https://redirect.github.com/PyCQA/bandit/pull/1021) - Update versions of used GitHub Actions by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1024](https://redirect.github.com/PyCQA/bandit/pull/1024) - Update pre-commit hooks by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1026](https://redirect.github.com/PyCQA/bandit/pull/1026) - Add `random.Random` to B311 checks by [@shiftinv](https://redirect.github.com/shiftinv) in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940) - Add a copy button to all code snippets in docs by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1030](https://redirect.github.com/PyCQA/bandit/pull/1030) - Replace pbr in favor of importlib by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1016](https://redirect.github.com/PyCQA/bandit/pull/1016) - Switch from open collective to PSF by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1031](https://redirect.github.com/PyCQA/bandit/pull/1031) - Make pre-commit run Bandit hook using a single process by [@Klavionik](https://redirect.github.com/Klavionik) in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029) - Remove support for Python 3.7 due to end-of-life by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1034](https://redirect.github.com/PyCQA/bandit/pull/1034) - Update asserts.py documentation by [@deronnax](https://redirect.github.com/deronnax) in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036) - Simplify `wrap_file_object` by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1037](https://redirect.github.com/PyCQA/bandit/pull/1037) - django_rawsql_used: support keyword arguments used in `RawSQL` by [@kevinmarsh](https://redirect.github.com/kevinmarsh) in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765) - Avoid gitpyhon CVE-2022-24439 by [@carlosduelo](https://redirect.github.com/carlosduelo) in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048) - Update blacklist call documentation by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045) - Support ignoring blacklists by name by [@costaparas](https://redirect.github.com/costaparas) in [https://github.com/PyCQA/bandit/pull/1046](https://redirect.github.com/PyCQA/bandit/pull/1046) - Fix dependabot to update github actions by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1057](https://redirect.github.com/PyCQA/bandit/pull/1057) - Bump actions/checkout from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058) - Fix for ReadtheDocs build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1061](https://redirect.github.com/PyCQA/bandit/pull/1061) - fix(plugins/B507): also detect class instances by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1064](https://redirect.github.com/PyCQA/bandit/pull/1064) - Use mirror repository for black pre-commit hook by [@mportesdev](https://redirect.github.com/mportesdev) in [https://github.com/PyCQA/bandit/pull/1070](https://redirect.github.com/PyCQA/bandit/pull/1070) - Add official support of Python 3.12 by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1068](https://redirect.github.com/PyCQA/bandit/pull/1068) - Fix crash on pyproject.toml without bandit config by [@javajawa](https://redirect.github.com/javajawa) in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073) - refactor: remove `importlib-metadata` fallback by [@mkniewallner](https://redirect.github.com/mkniewallner) in [https://github.com/PyCQA/bandit/pull/1066](https://redirect.github.com/PyCQA/bandit/pull/1066) - Fixes for sphinx build by [@ericwb](https://redirect.github.com/ericwb) in [https://github.com/PyCQA/bandit/pull/1063](https://redirect.github.com/PyCQA/bandit/pull/1063) #### New Contributors - [@marksmayo](https://redirect.github.com/marksmayo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1015](https://redirect.github.com/PyCQA/bandit/pull/1015) - [@shiftinv](https://redirect.github.com/shiftinv) made their first contribution in [https://github.com/PyCQA/bandit/pull/940](https://redirect.github.com/PyCQA/bandit/pull/940) - [@Klavionik](https://redirect.github.com/Klavionik) made their first contribution in [https://github.com/PyCQA/bandit/pull/1029](https://redirect.github.com/PyCQA/bandit/pull/1029) - [@deronnax](https://redirect.github.com/deronnax) made their first contribution in [https://github.com/PyCQA/bandit/pull/1036](https://redirect.github.com/PyCQA/bandit/pull/1036) - [@kevinmarsh](https://redirect.github.com/kevinmarsh) made their first contribution in [https://github.com/PyCQA/bandit/pull/765](https://redirect.github.com/PyCQA/bandit/pull/765) - [@carlosduelo](https://redirect.github.com/carlosduelo) made their first contribution in [https://github.com/PyCQA/bandit/pull/1048](https://redirect.github.com/PyCQA/bandit/pull/1048) - [@costaparas](https://redirect.github.com/costaparas) made their first contribution in [https://github.com/PyCQA/bandit/pull/1045](https://redirect.github.com/PyCQA/bandit/pull/1045) - [@dependabot](https://redirect.github.com/dependabot) made their first contribution in [https://github.com/PyCQA/bandit/pull/1058](https://redirect.github.com/PyCQA/bandit/pull/1058) - [@javajawa](https://redirect.github.com/javajawa) made their first contribution in [https://github.com/PyCQA/bandit/pull/1073](https://redirect.github.com/PyCQA/bandit/pull/1073) **Full Changelog**: https://github.com/PyCQA/bandit/compare/1.7.5...1.7.6boto/boto3 (boto3)
### [`v1.35.18`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13518) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.17...1.35.18) \======= - api-change:`cognito-idp`: \[`botocore`] Added email MFA option to user pools with advanced security features. - api-change:`elbv2`: \[`botocore`] Correct incorrectly mapped error in ELBv2 waiters - api-change:`emr`: \[`botocore`] Update APIs to allow modification of ODCR options, allocation strategy, and InstanceTypeConfigs on running InstanceFleet clusters. - api-change:`glue`: \[`botocore`] AWS Glue is introducing two new optimizers for Apache Iceberg tables: snapshot retention and orphan file deletion. Customers can enable these optimizers and customize their configurations to perform daily maintenance tasks on their Iceberg tables based on their specific requirements. - api-change:`mediaconvert`: \[`botocore`] This release includes support for dynamic video overlay workflows, including picture-in-picture and squeezeback - api-change:`rds`: \[`botocore`] This release adds support for the os-upgrade pending maintenance action for Amazon Aurora DB clusters. - api-change:`storagegateway`: \[`botocore`] The S3 File Gateway now supports DSSE-KMS encryption. A new parameter EncryptionType is added to these APIs: CreateSmbFileShare, CreateNfsFileShare, UpdateSmbFileShare, UpdateNfsFileShare, DescribeSmbFileShares, DescribeNfsFileShares. Also, in favor of EncryptionType, KmsEncrypted is deprecated. - api-change:`synthetics`: \[`botocore`] This release introduces two features. The first is tag replication, which allows for the propagation of canary tags onto Synthetics related resources, such as Lambda functions. The second is a limit increase in canary name length, which has now been increased from 21 to 255 characters. ### [`v1.35.17`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13517) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.16...1.35.17) \======= - api-change:`bedrock-agent`: \[`botocore`] Amazon Bedrock Knowledge Bases now supports using inference profiles to increase throughput and improve resilience. - api-change:`bedrock-agent-runtime`: \[`botocore`] Amazon Bedrock Knowledge Bases now supports using inference profiles to increase throughput and improve resilience. - api-change:`ecr`: \[`botocore`] Added KMS_DSSE to EncryptionType - api-change:`guardduty`: \[`botocore`] Add support for new statistic types in GetFindingsStatistics. - api-change:`lexv2-models`: \[`botocore`] Support new Polly voice engines in VoiceSettings: long-form and generative - api-change:`medialive`: \[`botocore`] Adds AV1 Codec support, SRT ouputs, and MediaLive Anywhere support. ### [`v1.35.16`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13516) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.15...1.35.16) \======= - api-change:`chime-sdk-voice`: \[`botocore`] Documentation-only update that clarifies the ValidateE911Address action of the Amazon Chime SDK Voice APIs. - api-change:`cognito-identity`: \[`botocore`] This release adds sensitive trait to some required shapes. - api-change:`pipes`: \[`botocore`] This release adds support for customer managed KMS keys in Amazon EventBridge Pipe - api-change:`securityhub`: \[`botocore`] Documentation update for Security Hub - enhancement:AWSCRT: \[`botocore`] Update awscrt version to 0.21.5 - enhancement:`s3`: \[`botocore`] Adds logic to gracefully handle invalid timestamps returned in the Expires header. ### [`v1.35.15`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13515) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.14...1.35.15) \======= - api-change:`dynamodb`: \[`botocore`] Doc-only update for DynamoDB. Added information about async behavior for TagResource and UntagResource APIs and updated the description of ResourceInUseException. - api-change:`elbv2`: \[`botocore`] Add paginators for the ELBv2 DescribeListenerCertificates and DescribeRules APIs. Fix broken waiter for the ELBv2 DescribeLoadBalancers API. - api-change:`ivs-realtime`: \[`botocore`] IVS Real-Time now offers customers the ability to broadcast to Stages using RTMP(S). - api-change:`kafka`: \[`botocore`] Amazon MSK Replicator can now replicate data to identically named topics between MSK clusters within the same AWS Region or across different AWS Regions. - api-change:`sagemaker`: \[`botocore`] Amazon Sagemaker supports orchestrating SageMaker HyperPod clusters with Amazon EKS - api-change:`sagemaker-runtime`: \[`botocore`] AWS SageMaker Runtime feature: Add sticky routing to support stateful inference models. ### [`v1.35.14`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13514) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.13...1.35.14) \======= - api-change:`qapps`: \[`botocore`] Adds UpdateLibraryItemMetadata api to change status of app for admin verification feature and returns isVerified field in any api returning the app or library item. ### [`v1.35.13`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13513) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.12...1.35.13) \======= - api-change:`application-signals`: \[`botocore`] Amazon CloudWatch Application Signals now supports creating Service Level Objectives using a new calculation type. Users can now create SLOs which are configured with request-based SLIs to help meet their specific business requirements. - api-change:`codepipeline`: \[`botocore`] Updates to add recent notes to APIs and to replace example S3 bucket names globally. - api-change:`connect`: \[`botocore`] Amazon Connect Custom Vocabulary now supports Catalan (Spain), Danish (Denmark), Dutch (Netherlands), Finnish (Finland), Indonesian (Indonesia), Malay (Malaysia), Norwegian Bokmal (Norway), Polish (Poland), Swedish (Sweden), and Tagalog/Filipino (Philippines). - api-change:`gamelift`: \[`botocore`] Amazon GameLift provides additional events for tracking the fleet creation process. - api-change:`kinesisanalyticsv2`: \[`botocore`] Support for Flink 1.20 in Managed Service for Apache Flink - api-change:`sagemaker`: \[`botocore`] Amazon SageMaker now supports idle shutdown of JupyterLab and CodeEditor applications on SageMaker Studio. ### [`v1.35.12`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13512) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.11...1.35.12) \======= - api-change:`appsync`: \[`botocore`] Adds new logging levels (INFO and DEBUG) for additional log output control - api-change:`bedrock-agent`: \[`botocore`] Add support for user metadata inside PromptVariant. - api-change:`finspace`: \[`botocore`] Updates Finspace documentation for smaller instances. - api-change:`fis`: \[`botocore`] This release adds safety levers, a new mechanism to stop all running experiments and prevent new experiments from starting. - api-change:`logs`: \[`botocore`] Update to support new APIs for delivery of logs from AWS services. - api-change:`s3control`: \[`botocore`] Amazon Simple Storage Service /S3 Access Grants / Features : This release launches new Access Grants API - ListCallerAccessGrants. ### [`v1.35.11`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13511) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.10...1.35.11) \======= - api-change:`connect`: \[`botocore`] Release ReplicaConfiguration as part of DescribeInstance - api-change:`datazone`: \[`botocore`] Add support to let data publisher specify a subset of the data asset that a subscriber will have access to based on the asset filters provided, when accepting a subscription request. - api-change:`elbv2`: \[`botocore`] This release adds support for configuring TCP idle timeout on NLB and GWLB listeners. - api-change:`mediaconnect`: \[`botocore`] AWS Elemental MediaConnect introduces thumbnails for Flow source monitoring. Thumbnails provide still image previews of the live content feeding your MediaConnect Flow allowing you to easily verify that your source is operating as expected. - api-change:`medialive`: \[`botocore`] Added MinQP as a Rate Control option for H264 and H265 encodes. - api-change:`sagemaker`: \[`botocore`] Amazon SageMaker now supports automatic mounting of a user's home folder in the Amazon Elastic File System (EFS) associated with the SageMaker Studio domain to their Studio Spaces to enable users to share data between their own private spaces. - api-change:`timestream-influxdb`: \[`botocore`] Timestream for InfluxDB now supports compute scaling and deployment type conversion. This release adds the DbInstanceType and DeploymentType parameters to the UpdateDbInstance API. ### [`v1.35.10`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13510) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.9...1.35.10) \======= - api-change:`backup`: \[`botocore`] The latest update introduces two new attributes, VaultType and VaultState, to the DescribeBackupVault and ListBackupVaults APIs. The VaultState attribute reflects the current status of the vault, while the VaultType attribute indicates the specific category of the vault. - api-change:`datazone`: \[`botocore`] Amazon DataZone now adds new governance capabilities of Domain Units for organization within your Data Domains, and Authorization Policies for tighter controls. - api-change:`logs`: \[`botocore`] This release introduces a new optional parameter: Entity, in PutLogEvents request - api-change:`redshift-data`: \[`botocore`] The release include the new Redshift DataAPI feature for session use, customer execute query with --session-keep-alive-seconds parameter and can submit follow-up queries to same sessions with returned`session-id` ### [`v1.35.9`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1359) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.8...1.35.9) \====== - api-change:`bedrock-agent-runtime`: \[`botocore`] Lifting the maximum length on Bedrock KnowledgeBase RetrievalFilter array - api-change:`bedrock-runtime`: \[`botocore`] Add support for imported-model in invokeModel and InvokeModelWithResponseStream. - api-change:`personalize`: \[`botocore`] This releases ability to update automatic training scheduler for customer solutions - api-change:`quicksight`: \[`botocore`] Increased Character Limit for Dataset Calculation Field expressions - api-change:`stepfunctions`: \[`botocore`] This release adds support for static analysis to ValidateStateMachineDefinition API, which can now return optional WARNING diagnostics for semantic errors on the definition of an Amazon States Language (ASL) state machine. - api-change:`wafv2`: \[`botocore`] The minimum request rate for a rate-based rule is now 10. Before this, it was 100. ### [`v1.35.8`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1358) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.7...1.35.8) \====== - api-change:`appconfig`: \[`botocore`] This release adds support for deletion protection, which is a safety guardrail to prevent the unintentional deletion of a recently used AWS AppConfig Configuration Profile or Environment. This also includes a change to increase the maximum length of the Name parameter in UpdateConfigurationProfile. - api-change:`datazone`: \[`botocore`] Update regex to include dot character to be consistent with IAM role creation in the authorized principal field for create and update subscription target. - api-change:`devicefarm`: \[`botocore`] This release removed support for Calabash, UI Automation, Built-in Explorer, remote access record, remote access replay, and web performance profile framework in ScheduleRun API. - api-change:`ec2`: \[`botocore`] Amazon VPC IP Address Manager (IPAM) now allows customers to provision IPv4 CIDR blocks and allocate Elastic IP Addresses directly from IPAM pools with public IPv4 space - api-change:`internetmonitor`: \[`botocore`] Adds new querying types to show overall traffic suggestion information for monitors - api-change:`pcs`: \[`botocore`] Introducing AWS Parallel Computing Service (AWS PCS), a new service makes it easy to setup and manage high performance computing (HPC) clusters, and build scientific and engineering models at virtually any scale on AWS. - api-change:`workspaces`: \[`botocore`] Documentation-only update that clarifies the StartWorkspaces and StopWorkspaces actions, and a few other minor edits. ### [`v1.35.7`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1357) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.6...1.35.7) \====== - api-change:`bedrock`: \[`botocore`] Amazon Bedrock SDK updates for Inference Profile. - api-change:`bedrock-runtime`: \[`botocore`] Amazon Bedrock SDK updates for Inference Profile. - api-change:`chatbot`: \[`botocore`] Update documentation to be consistent with the API docs - api-change:`omics`: \[`botocore`] Adds data provenance to import jobs from read sets and references - api-change:`polly`: \[`botocore`] Amazon Polly adds 2 new voices: Jitka (cs-CZ) and Sabrina (de-CH). ### [`v1.35.6`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1356) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.5...1.35.6) \====== - api-change:`iotsitewise`: \[`botocore`] AWS IoT SiteWise now supports versioning for asset models. It enables users to retrieve active version of their asset model and perform asset model writes with optimistic lock. - api-change:`workspaces`: \[`botocore`] This release adds support for creating and managing directories that use AWS IAM Identity Center as user identity source. Such directories can be used to create non-Active Directory domain joined WorkSpaces Personal.Updated RegisterWorkspaceDirectory and DescribeWorkspaceDirectories APIs. ### [`v1.35.5`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1355) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.4...1.35.5) \====== - api-change:`bedrock-agent`: \[`botocore`] Releasing the support for Action User Confirmation. - api-change:`bedrock-agent-runtime`: \[`botocore`] Releasing the support for Action User Confirmation. - api-change:`codebuild`: \[`botocore`] Added support for the MAC_ARM environment type for CodeBuild fleets. - api-change:`organizations`: \[`botocore`] Releasing minor partitional endpoint updates. - api-change:`qbusiness`: \[`botocore`] Amazon QBusiness: Enable support for SAML and OIDC federation through AWS IAM Identity Provider integration. - api-change:`supplychain`: \[`botocore`] Update API documentation to clarify the event SLA as well as the data model expectations ### [`v1.35.4`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1354) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.3...1.35.4) \====== - api-change:`autoscaling`: \[`botocore`] Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement - api-change:`bedrock`: \[`botocore`] Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. - api-change:`emr-containers`: \[`botocore`] Correct endpoint for FIPS is configured for US Gov Regions. - api-change:`inspector2`: \[`botocore`] Add enums for Agentless scan statuses and EC2 enablement error states - api-change:`quicksight`: \[`botocore`] Explicit query for authors and dashboard viewing sharing for embedded users - api-change:`route53`: \[`botocore`] Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. ### [`v1.35.3`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1353) [Compare Source](https://redirect.github.com/boto/boto3/compare/1.35.2...1.35.3) \====== - api-change:`codeConfiguration
📅 Schedule: Branch creation - "before 10pm on Sunday" in timezone America/Chicago, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.