Closed dependabot[bot] closed 3 years ago
lizgzil
commented
3 years ago In trying to find out more about why the tests fail on AttributeError: 'str' object has no attribute 'decode' - I don't think we even mention the string 'decode' anywhere in this repo.
When I google the error the thing that comes up a lot are problems with pyJWT e.g. https://github.com/jazzband/django-rest-framework-simplejwt/issues/346
aCampello
commented
3 years ago I don't think it will be simple to fix that, due to the many libraries that depend on pyyaml/py. On the other hand, the vulnerability only affects untrusted yamls, which is not our case.
I will update this when the upstream package updates it too.
As @jdu mentioned:
"as it’s not applicable in our use of the py (pip) package and that the change will land in deep_reference_parser when appropariate changes are made in the upstream packages which depend on that library."
dependabot[bot]
commented
3 years ago OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Bumps py from 1.8.1 to 1.10.0.
Changelog
Sourced from py's changelog.
Commits
e5ff378Update CHANGELOG for 1.10.094cf44fUpdate vendored libs5e8ded5testing: comment out an assert which fails on Python 3.9 for nowafdffccRename HOWTORELEASE.rst to RELEASING.rst2de53a6Merge pull request #266 from nicoddemus/gh-actionsfa1b32eMerge pull request #264 from hugovk/patch-2887d6b8Skip test_samefile_symlink on pypy3 on Windowse94e670Fix test_comments() in test_sourcefef9a32Adapt test4a694b0Add GitHub Actions badge to READMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/wellcometrust/deep_reference_parser/network/alerts).