Closed dependabot[bot] closed 1 month ago
@dependabot squash and merge
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
pypi/aiohttp@3.10.2 | environment, eval, filesystem, network, shell, unsafe | 0 |
14.3 MB | Andrew.Svetlov, fafhrd, webknjaz |
pypi/certifi@2024.7.4 | filesystem | 0 |
306 kB | Lukasa |
pypi/cryptography@42.0.4 | environment, eval, filesystem, network, shell, unsafe | 0 |
18.1 MB | reaperhulk |
pypi/gitpython@3.1.41 | environment, eval, filesystem, network, shell | 0 |
768 kB | ByronBates, mtrier |
pypi/idna@3.7 | filesystem, network | 0 |
1.1 MB | kjd |
pypi/regex@2023.6.3 | eval, unsafe | 0 |
2.98 MB | mrabarnett |
🚮 Removed packages: pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/aiohttp@3.8.4, pypi/certifi@2023.5.7, pypi/certifi@2023.5.7, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/cryptography@41.0.3, pypi/gitpython@3.1.31, pypi/gitpython@3.1.31, pypi/idna@3.4, pypi/idna@3.4
One of your CI runs failed on this pull request, so Dependabot won't merge it.
Dependabot will still automatically merge this pull request if you amend it and your tests pass.
Report is too large to display inline. View full report↗︎
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of ecosystem/package-name@version
specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore pypi/regex@2023.6.3
@SocketSecurity ignore pypi/gitpython@3.1.41
@SocketSecurity ignore pypi/cryptography@42.0.4
@SocketSecurity ignore pypi/idna@3.7
@SocketSecurity ignore pypi/certifi@2024.7.4
@SocketSecurity ignore pypi/aiohttp@3.10.2
Bumps the pip group with 8 updates in the / directory:
3.8.4
3.10.2
2023.5.7
2024.7.4
41.0.3
42.0.4
3.1.31
3.1.41
3.4
3.7
4.65.0
4.66.3
1.26.16
1.26.19
3.15.0
3.19.1
Updates
aiohttp
from 3.8.4 to 3.10.2Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
491106e
Release 3.10.2 (#8655)ce2e975
[PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...6a77806
[PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...1f92213
[PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...2ef14a6
[PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...68e8496
[PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...72f41aa
[PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...bf83dbe
[PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...4815765
[PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...266608d
[PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)Updates
certifi
from 2023.5.7 to 2024.7.4Commits
bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Updates
cryptography
from 41.0.3 to 42.0.4Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
fe18470
Bump for 42.0.4 release (#10445)aaa2dd0
Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)7a4d012
Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...df314bb
backport actions m1 switch to 42.0.x (#10415)c49a7a5
changelog and version bump for 42.0.3 (#10396)396bcf6
fix provider loading take two (#10390) (#10395)0e0e46f
backport: initialize openssl's legacy provider in rust (#10323) (#10333)2202123
changelog and version bump 42.0.2 (#10268)f7032bd
bump openssl in CI (#10298) (#10299)002e886
Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)Updates
gitpython
from 3.1.31 to 3.1.41Release notes
Sourced from gitpython's releases.
... (truncated)
Commits
f288738
bump patch levelef3192c
Merge pull request #1792 from EliahKagan/popen1f3caa3
Further clarify comment in test_hook_uses_shell_not_from_cwd3eb7c2a
Move safer_popen from git.util to git.cmdc551e91
Extract shared logic for using Popen safely on Windows15ebb25
Clarify comment in test_hook_uses_shell_not_from_cwdf44524a
Avoid spurious "location may have moved" on Windowsa42ea0a
Cover absent/no-distro bash.exe in hooks "not from cwd" test7751436
Extract venv management from test_installation66ff4c1
Omit CWD in search for bash.exe to run hooks on WindowsUpdates
idna
from 3.4 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1
Release v3.7c1b3154
Merge pull request #172 from kjd/optimize-contextj0394ec7
Merge branch 'master' into optimize-contextjcd58a23
Merge pull request #152 from elliotwutingfeng/dev5beb28b
More efficient resolution of joiner contexts1b12148
Update ossf/scorecard-action to v2.3.1d516b87
Update Github actions/checkout to v4c095c75
Merge branch 'master' into dev60a0a4c
Fix typo in GitHub Actions workflow key5918a0e
Merge branch 'master' into devUpdates
tqdm
from 4.65.0 to 4.66.3Release notes
Sourced from tqdm's releases.
Commits
4e613f8
Merge pull request from GHSA-g7vv-2v7x-gj9pb53348c
cli: eval safetycc372d0
bump version, merge pull request #1549 from tqdm/devele9f0c05
use PyPI trusted publishing7323d5b
slight makefile clean5306125
tests: bump pre-commit4a6fd4f
fix datetime.utcfromtimestamp py3.12 warning (#1519)6f13759
tests: fix macos notebook indentation3abcd2a
tests: fix asva4d15c8
tests: fix pandas warningsUpdates
urllib3
from 1.26.16 to 1.26.19Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
d9d85c8
Release 1.26.198528b63
[1.26] Fix downstream tests (#3409)40b6d16
Merge pull request from GHSA-34jh-p97f-mpxf29cfd02
Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)b600643
[1.26] Bump RECENT_DATE (#3404)7e2d389
[1.26] Fix running CPython 2.7 tests in CI (#3137)9c2c230
Release 1.26.18 (#3159)b594c5c
Merge pull request from GHSA-g4mx-q9vg-27p4944f0eb
[1.26] Use vendored six in urllib3.contrib.securetransportc9016bf
Release 1.26.17Updates
zipp
from 3.15.0 to 3.19.1Changelog
Sourced from zipp's changelog.
... (truncated)
Commits
6d1cb72
Finalizefd604bd
Merge pull request #120 from jaraco/bugfix/119-malformed-pathsc18417e
Add news fragment.58115d2
Employ SanitizedNames in CompleteDirs. Fixes broken test.564fcc1
Add SanitizedNames mixin.79a309f
Add some assertions about malformed paths.2d015c2
Merge https://github.com/jaraco/skeletona595a0f
Rename extras to align with core metadata spec.608f90a
Finalize3a22d72
Merge pull request #118 from jaraco/feature/is-symlinkDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot will merge this PR once CI passes on it, as requested by @guibranco.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show