Skip to content

Bump the pip group across 1 directory with 15 updates #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 15 updates #4

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 12, 2024

Bumps the pip group with 14 updates in the / directory:

Package From To
requests 2.26.0 2.31.0
httpx 0.18.2 0.23.0
fastapi 0.68.2 0.109.1
pyramid 2.0 2.0.2
python-multipart 0.0.5 0.0.7
black 21.5b0 24.3.0
ipython 7.28.0 8.10.0
certifi 2021.10.8 2023.7.22
cryptography 35.0.0 42.0.4
ecdsa 0.17.0 0.19.0
gitpython 3.1.24 3.1.41
idna 3.2 3.7
py 1.10.0 1.11.0
urllib3 1.26.7 1.26.18

Updates requests from 2.26.0 to 2.31.0

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits

Updates httpx from 0.18.2 to 0.23.0

Release notes

Sourced from httpx's releases.

Version 0.23.0

0.23.0 (23rd May, 2022)

Changed

  • Drop support for Python 3.6. (#2097)
  • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

  • Fix URL.copy_with for some oddly formed URL cases. (#2185)
  • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
  • Fix console markup escaping in command line client. (#1866)
  • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
  • Ensure that iter_bytes never yields zero-length chunks. (#2068)
  • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
  • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
  • Fix display of --proxies argument in the command line client help. (#2125)
  • Close responses when task cancellations occur during stream reading. (#2156)
  • Fix type error on accessing .request on HTTPError exceptions. (#2158)

Version 0.22.0

0.22.0 (26th January, 2022)

Added

Fixed

  • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
  • Fix Headers.update(...) to correctly handle repeated headers (#2038)

Version 0.21.3

0.21.3 (6th January, 2022)

Fixed

  • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

Version 0.21.2

0.21.2 (5th January, 2022)

Fixed

  • HTTP/2 support for tunnelled proxy cases. (#2009)
  • Improved the speed of large file uploads. (#1948)

Version 0.21.1

... (truncated)

Changelog

Sourced from httpx's changelog.

0.23.0 (23rd May, 2022)

Changed

  • Drop support for Python 3.6. (#2097)
  • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

  • Fix URL.copy_with for some oddly formed URL cases. (#2185)
  • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
  • Fix console markup escaping in command line client. (#1866)
  • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
  • Ensure that iter_bytes never yields zero-length chunks. (#2068)
  • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
  • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
  • Fix display of --proxies argument in the command line client help. (#2125)
  • Close responses when task cancellations occur during stream reading. (#2156)
  • Fix type error on accessing .request on HTTPError exceptions. (#2158)

0.22.0 (26th January, 2022)

Added

Fixed

  • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
  • Fix Headers.update(...) to correctly handle repeated headers (#2038)

0.21.3 (6th January, 2022)

Fixed

  • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

0.21.2 (5th January, 2022)

Fixed

  • HTTP/2 support for tunnelled proxy cases. (#2009)
  • Improved the speed of large file uploads. (#1948)

0.21.1 (16th November, 2021)

Fixed

  • The response.url property is now correctly annotated as URL, instead of Optional[URL]. (#1940)

... (truncated)

Commits

Updates fastapi from 0.68.2 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

  • ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

Refactors

  • ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
  • ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
  • 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
  • ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

Translations

  • 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
  • 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

Updates pyramid from 2.0 to 2.0.2

Changelog

Sourced from pyramid's changelog.

2.0.2 (2023-08-25)

Bug Fixes

  • Removed support for null-bytes in the path when making a request for a file against a static_view. Whille null-bytes are allowed by the HTTP specification, due to the handling of null-bytes potentially leading to security vulnerabilities it is no longer supported.

    This fixes a security vulnerability that is present due to a bug in Python 3.11.0 through 3.11.4, thereby allowing the unintended disclosure of an index.html one directory up from the static views path.

    Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.

Backward Incompatibilities

  • Requests to a static_view are no longer allowed to contain a null-byte in any part of the path segment.

.. _changes_2.0.1:

2.0.1 (2023-01-29)

  • Add support for Python 3.10 and 3.11.

  • Copy __name__ from decorated attribute when using pyramid.decorator.reify. See Pylons/pyramid#3660

  • Fix method signatures in docs for pyramid.config.Configurator.add_static_view and pyramid.config.Configurator.override_asset. See Pylons/pyramid#3699

  • Remove obsolete stackframe hack used in Python 3.5.0 when showing configurator conflict errors. See Pylons/pyramid#3700

  • Fix an error when injecting certain objects into the pshell env due to the use of !=. See Pylons/pyramid#3704

  • Pyramid drops support for l*gettext() methods in the i18n module. These have been deprecated in Python's gettext module since 3.8, and removed in Python 3.11. They also shouldn't be used at all on Python 3.

... (truncated)

Commits

Updates python-multipart from 0.0.5 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

  • Refactor header option parser to use the standard library instead of a custom RegEx #75.

0.0.6 (2023-02-27)

  • Migrate package installation to pyproject.toml (PEP 621) #54.
  • Use yaml.safe_load instead of yaml.load #46.
  • Add support for Python 3.11, drop EOL 3.6 #51.
  • Add support for Python 3.8-3.10, drop EOL 2.7-3.5 #42.
  • QuerystringParser: don't raise an AttributeError in __repr__ #30.
Commits

Updates black from 21.5b0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

Updates ipython from 7.28.0 to 8.10.0

Commits

Updates certifi from 2021.10.8 to 2023.7.22

Commits

Updates cryptography from 35.0.0 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20


* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.

.. _v42-0-3:


42.0.3 - 2024-02-15

  • Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.

.. _v42-0-1:


42.0.1 - 2024-01-24

  • Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
  • Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

Updates ecdsa from 0.17.0 to 0.19.0

Release notes

Sourced from ecdsa's releases.

ecdsa 0.19.0

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
  • Fixes around hypothesis parameters
  • Officially support Python 3.11 and 3.12
  • Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
  • Dropped the internal _rwlock module as it's unused
  • Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
  • Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

  • int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

ecdsa 0.18.0

New features:

  • Support for EdDSA (Ed25519, Ed448) signature creation and verification.
  • Support for Ed25519 and Ed448 in PKCS#8 and public key files.
  • Support for point precomputation for EdDSA.

New API:

  • CurveEdTw class to represent the Twisted Edwards curve parameters.
  • PointEdwards class to represent points on Twisted Edwards curve and provide point arithmetic on it.
  • curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

... (truncated)

Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
  • Fixes aroung hypothesis parameters
  • Officially support Python 3.11 and 3.12
  • Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
  • Dropped the internal _rwlock module as it's unused
  • Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
  • Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

  • int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

  • Release 0.18.0 (09 Jul 2022)

New API:

  • curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

  • Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.
  • Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

  • Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.
  • Make object names more consistent, make them into hyperlinks on the readthedocs documentation.
  • Make security note more explicit (Ian Rodney)

... (truncated)

Commits
  • be70016 Merge pull request #337 from tlsfuzzer/release-0.19
  • 217735b allow early exit from worker processes when running mutation testing
  • 6e7adff don't check rate if no tests executed
  • c56030e make coveralls submission work with py2.6 again
  • 66d0d74 add release notes for 0.19.0 release
  • 0d5a38c Merge pull request #156 from tomato42/cosmic-ray
  • 02c8350 be more permissive for the PR mutation test coverage
  • 4845e8f better is_prime()
  • 09f0d10 add hard timeout for test mutation test suite
  • e16173b two digit precision for the mutation score badge
  • Additional commits viewable in compare view

Updates gitpython from 3.1.24 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

@dependabot
Bump the pip group across 1 directory with 15 updates
777cef0 
Bumps the pip group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [requests](https://github.com/psf/requests) | `2.26.0` | `2.31.0` |
| [httpx](https://github.com/encode/httpx) | `0.18.2` | `0.23.0` |
| [fastapi](https://github.com/tiangolo/fastapi) | `0.68.2` | `0.109.1` |
| [pyramid](https://github.com/Pylons/pyramid) | `2.0` | `2.0.2` |
| [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.5` | `0.0.7` |
| [black](https://github.com/psf/black) | `21.5b0` | `24.3.0` |
| [ipython](https://github.com/ipython/ipython) | `7.28.0` | `8.10.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2021.10.8` | `2023.7.22` |
| [cryptography](https://github.com/pyca/cryptography) | `35.0.0` | `42.0.4` |
| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.17.0` | `0.19.0` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.24` | `3.1.41` |
| [idna](https://github.com/kjd/idna) | `3.2` | `3.7` |
| [py](https://github.com/pytest-dev/py) | `1.10.0` | `1.11.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.7` | `1.26.18` |



Updates `requests` from 2.26.0 to 2.31.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.26.0...v2.31.0)

Updates `httpx` from 0.18.2 to 0.23.0
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.18.2...0.23.0)

Updates `fastapi` from 0.68.2 to 0.109.1
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.68.2...0.109.1)

Updates `pyramid` from 2.0 to 2.0.2
- [Changelog](https://github.com/Pylons/pyramid/blob/2.0.2/CHANGES.rst)
- [Commits](Pylons/pyramid@2.0...2.0.2)

Updates `python-multipart` from 0.0.5 to 0.0.7
- [Release notes](https://github.com/andrew-d/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.5...0.0.7)

Updates `black` from 21.5b0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/commits/24.3.0)

Updates `ipython` from 7.28.0 to 8.10.0
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](ipython/ipython@7.28.0...8.10.0)

Updates `certifi` from 2021.10.8 to 2023.7.22
- [Commits](certifi/python-certifi@2021.10.08...2023.07.22)

Updates `cryptography` from 35.0.0 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@35.0.0...42.0.4)

Updates `ecdsa` from 0.17.0 to 0.19.0
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.17.0...python-ecdsa-0.19.0)

Updates `gitpython` from 3.1.24 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.24...3.1.41)

Updates `idna` from 3.2 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.2...v3.7)

Updates `py` from 1.10.0 to 1.11.0
- [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/py@1.10.0...1.11.0)

Updates `starlette` from 0.14.2 to 0.35.1
- [Release notes](https://github.com/encode/starlette/releases)
- [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md)
- [Commits](Kludex/starlette@0.14.2...0.35.1)

Updates `urllib3` from 1.26.7 to 1.26.18
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.7...1.26.18)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: httpx
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: fastapi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyramid
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-multipart
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: black
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: ipython
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: certifi
  dependency-type: indirect
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: indirect
  dependency-group: pip
- dependency-name: ecdsa
  dependency-type: indirect
  dependency-group: pip
- dependency-name: gitpython
  dependency-type: indirect
  dependency-group: pip
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
- dependency-name: py
  dependency-type: indirect
  dependency-group: pip
- dependency-name: starlette
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 12, 2024
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 17, 2024

Superseded by #5.

@dependabot dependabot bot closed this Apr 17, 2024
@dependabot dependabot bot deleted the dependabot/pip/pip-7465955c80 branch April 17, 2024 01:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants