Bump the pip group with 7 updates #65

dependabot · 2025-05-19T18:03:12Z

Bumps the pip group with 7 updates:

Package	From	To
sanic	`20.12.2`	`20.12.7`
certifi	`2020.12.5`	`2024.7.4`
gitpython	`3.1.14`	`3.1.41`
idna	`2.10`	`3.7`
ujson	`4.0.2`	`5.4.0`
urllib3	`1.26.3`	`1.26.19`
websockets	`8.1`	`9.1`

Updates sanic from 20.12.2 to 20.12.7

Release notes

Sourced from sanic's releases.

Version 20.12.7

Resolves #2477 and #2478 See also #2495 and GHSA-8cw9-5hmv-77w6

Full Changelog: sanic-org/sanic@v20.12.6...v20.12.7

Version 20.12.6

What's Changed

Potential server crash if running Python 3.10 w/ Sanic 20.12 by @ahopkins in sanic-org/sanic#2400

Full Changelog: sanic-org/sanic@v20.12.5...v20.12.6

Version 20.12.5

#2366 Upgrade websockets version - SECURITY UPDATE

Version 20.12.4

#2129 Unpin uvloop

Version 20.12.3

Bugfixes

#2021 Remove prefix from websocket handler name

Commits

05002d7 Path protection with pathlib
b4360d4 Path protection with pathlib
3b85b3b Potential server crash if running Python 3.10 w/ Sanic 20.12 (#2400)
6e55e73 fix: websocket dependency for websockets 9.1 security fix (#2366)
89d9424 Merge branch 'pr2129' into 20.12LTS
4d6205e Bump version
1684b0b remove reference to yanked packages
4f5faa4 unpin uvloop
cbb77b5 fix issue where request.args.pop removed parameters inconsistently (#2112)
35c7625 Bump version 20.12.3 (#2062)
Additional commits viewable in compare view

Updates certifi from 2020.12.5 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view

Updates gitpython from 3.1.14 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

Add __all__ in git.exc by @EliahKagan in gitpython-developers/GitPython#1719

Set submodule update cadence to weekly by @EliahKagan in gitpython-developers/GitPython#1721

Never modify sys.path by @EliahKagan in gitpython-developers/GitPython#1720

Bump git/ext/gitdb from 8ec2390 to ec58b7e by @dependabot in gitpython-developers/GitPython#1722

Revise comments, docstrings, some messages, and a bit of code by @EliahKagan in gitpython-developers/GitPython#1725

Use zero-argument super() by @EliahKagan in gitpython-developers/GitPython#1726

Remove obsolete note in _iter_packed_refs by @EliahKagan in gitpython-developers/GitPython#1727

Reorganize test_util and make xfail marks precise by @EliahKagan in gitpython-developers/GitPython#1729

Clarify license and make module top comments more consistent by @EliahKagan in gitpython-developers/GitPython#1730

Deprecate compat.is_, rewriting all uses by @EliahKagan in gitpython-developers/GitPython#1732

Revise and restore some module docstrings by @EliahKagan in gitpython-developers/GitPython#1735

Make the rmtree callback Windows-only by @EliahKagan in gitpython-developers/GitPython#1739

List all non-passing tests in test summaries by @EliahKagan in gitpython-developers/GitPython#1740

Document some minor subtleties in test_util.py by @EliahKagan in gitpython-developers/GitPython#1749

Always read metadata files as UTF-8 in setup.py by @EliahKagan in gitpython-developers/GitPython#1748

Test native Windows on CI by @EliahKagan in gitpython-developers/GitPython#1745

Test macOS on CI by @EliahKagan in gitpython-developers/GitPython#1752

Let close_fds be True on all platforms by @EliahKagan in gitpython-developers/GitPython#1753

Fix IndexFile.from_tree on Windows by @EliahKagan in gitpython-developers/GitPython#1751

Remove unused TASKKILL fallback in AutoInterrupt by @EliahKagan in gitpython-developers/GitPython#1754

Don't return with operand when conceptually void by @EliahKagan in gitpython-developers/GitPython#1755

Group .gitignore entries by purpose by @EliahKagan in gitpython-developers/GitPython#1758

Adding dubious ownership handling by @marioaag in gitpython-developers/GitPython#1746

Avoid brittle assumptions about preexisting temporary files in tests by @EliahKagan in gitpython-developers/GitPython#1759

Overhaul noqa directives by @EliahKagan in gitpython-developers/GitPython#1760

Clarify some Git.execute kill_after_timeout limitations by @EliahKagan in gitpython-developers/GitPython#1761

Bump actions/setup-python from 4 to 5 by @dependabot in gitpython-developers/GitPython#1763

Don't install black on Cygwin by @EliahKagan in gitpython-developers/GitPython#1766

Extract all "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1765

Extract remaining local "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1768

Replace xfail with gc.collect in TestSubmodule.test_rename by @EliahKagan in gitpython-developers/GitPython#1767

Enable CodeQL by @EliahKagan in gitpython-developers/GitPython#1769

Replace some uses of the deprecated mktemp function by @EliahKagan in gitpython-developers/GitPython#1770

Bump github/codeql-action from 2 to 3 by @dependabot in gitpython-developers/GitPython#1773

Run some Windows environment variable tests only on Windows by @EliahKagan in gitpython-developers/GitPython#1774

Fix TemporaryFileSwap regression where file_path could not be Path by @EliahKagan in gitpython-developers/GitPython#1776

Improve hooks tests by @EliahKagan in gitpython-developers/GitPython#1777

Fix if items of Index is of type PathLike by @stegm in gitpython-developers/GitPython#1778

Better document IterableObj.iter_items and improve some subclasses by @EliahKagan in gitpython-developers/GitPython#1780

Revert "Don't install black on Cygwin" by @EliahKagan in gitpython-developers/GitPython#1783

Add missing pip in $PATH on Cygwin CI by @EliahKagan in gitpython-developers/GitPython#1784

Shorten Iterable docstrings and put IterableObj first by @EliahKagan in gitpython-developers/GitPython#1785

Fix incompletely revised Iterable/IterableObj docstrings by @EliahKagan in gitpython-developers/GitPython#1786

Pre-deprecate setting Git.USE_SHELL by @EliahKagan in gitpython-developers/GitPython#1782

... (truncated)

Commits

f288738 bump patch level
ef3192c Merge pull request #1792 from EliahKagan/popen
1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
3eb7c2a Move safer_popen from git.util to git.cmd
c551e91 Extract shared logic for using Popen safely on Windows
15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
f44524a Avoid spurious "location may have moved" on Windows
a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
7751436 Extract venv management from test_installation
66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
Additional commits viewable in compare view

Updates idna from 2.10 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

Update to Unicode 15.1.0

String codec name is now "idna2008" as overriding the system codec "idna" was not working.

Fix typing error for codec encoding

"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.

Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.

Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

3.4 (2022-09-14) ++++++++++++++++

Update to Unicode 15.0.0

Migrate to pyproject.toml for build information (PEP 621)

Correct another instance where generic exception was raised instead of IDNAError for malformed input

Source distribution uses zeroized file ownership for improved reproducibility

Thanks to Seth Michael Larson for contributions to this release.

3.3 (2021-10-13) ++++++++++++++++

Update to Unicode 14.0.0

Update to in-line type annotations

Throw IDNAError exception correctly for some malformed input

Advertise support for Python 3.10

Improve testing regime on Github

... (truncated)

Commits

1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view

Updates ujson from 4.0.2 to 5.4.0

Release notes

Sourced from ujson's releases.

5.4.0

Added

Add support for arbitrary size integers (#548) @JustAnotherArchivist

Fixed

CVE-2022-31116:

Replace wchar_t string decoding implementation with a uint32_t-based one (#555) @JustAnotherArchivist

Fix handling of surrogates on decoding (#550) @JustAnotherArchivist

CVE-2022-31117: Potential double free of buffer during string decoding @JustAnotherArchivist

Fix memory leak on encoding errors when the buffer was resized (#549) @JustAnotherArchivist

Integer parsing: always detect overflows (#544) @NaN-git

Fix handling of surrogates on encoding (#530) @JustAnotherArchivist

5.3.0

Added

Test Python 3.11 beta (#539) @hugovk

Changed

Benchmark refactor - argparse CLI (#533) @Erotemic

Fixed

Fix segmentation faults when errors occur while handling unserialisable objects (#531) @JustAnotherArchivist

Fix segmentation fault when an exception is raised while converting a dict key to a string (#526) @JustAnotherArchivist

Fix memory leak dumping on non-string dict keys (#521) @JustAnotherArchivist

Fix ref counting on repeated default function calls (#524) @JustAnotherArchivist

Remove redundant wheel dependency from pyproject.toml (#535) @hugovk

5.2.0

Added

Support parsing NaN, Infinity and -Infinity (#514) @Erotemic

Support dynamically linking against system double-conversion library (#508) @musicinmybrain

Add env var to control stripping debug info (#507) @musicinmybrain

Add JSONDecodeError (#498) @JustAnotherArchivist

Fixed

Fix buffer overflows (CVE-2021-45958) (#519) @JustAnotherArchivist

Upgrade Black to fix Click (#515) @hugovk

simplify exception handling on integer overflow (#510) @RouquinBlanc

Remove dead code that used to handle the separate int type in Python 2 (#509) @JustAnotherArchivist

Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @JustAnotherArchivist

5.1.0

Changed

... (truncated)

Commits

9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
b21da40 Fix double free on string decoding if realloc fails
67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
3efb5cc Delete old TravisCI workflow and references.
404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
f7e66dc Switch to musl docker base images.
Additional commits viewable in compare view

Updates urllib3 from 1.26.3 to 1.26.19

Release notes

Sourced from urllib3's releases.

1.26.19

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

Full Changelog: urllib3/urllib3@1.26.18...1.26.19

Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.

1.26.18

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

1.26.16

Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954)

1.26.15

Fix socket timeout value when HTTPConnection is reused (urllib3/urllib3#2645)

Remove "!" character from the unreserved characters in IPv6 Zone ID parsing (urllib3/urllib3#2899)

Fix IDNA handling of 'x80' byte (urllib3/urllib3#2901)

1.26.14

Fixed parsing of port 0 (zero) returning None, instead of 0 (#2850)

Removed deprecated HTTPResponse.getheaders() calls in urllib3.contrib module.

1.26.13

Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.

Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.

Fixed a deprecation warning when using cryptography v39.0.0.

Removed the <4 in the Requires-Python packaging metadata field.

1.26.12

Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.

1.26.11

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors.

⚠️ urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.

... (truncated)

Changelog

Sourced from urllib3's changelog.

1.26.19 (2024-06-17)

Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)

1.26.18 (2023-10-17)

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

1.26.16 (2023-05-23)

Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress ([#2954](https://github.com/urllib3/urllib3/issues/2954) <https://github.com/urllib3/urllib3/pull/2954>_)

1.26.15 (2023-03-10)

Fix socket timeout value when HTTPConnection is reused ([#2645](https://github.com/urllib3/urllib3/issues/2645) <https://github.com/urllib3/urllib3/issues/2645>__)

Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ([#2899](https://github.com/urllib3/urllib3/issues/2899) <https://github.com/urllib3/urllib3/issues/2899>__)

Fix IDNA handling of '\x80' byte ([#2901](https://github.com/urllib3/urllib3/issues/2901) <https://github.com/urllib3/urllib3/issues/2901>__)

1.26.14 (2023-01-11)

Fixed parsing of port 0 (zero) returning None, instead of 0. ([#2850](https://github.com/urllib3/urllib3/issues/2850) <https://github.com/urllib3/urllib3/issues/2850>__)

Removed deprecated getheaders() calls in contrib module. Fixed the type hint of PoolKey.key_retries by adding bool to the union. ([#2865](https://github.com/urllib3/urllib3/issues/2865) <https://github.com/urllib3/urllib3/issues/2865>__)

1.26.13 (2022-11-23)

Deprecated the HTTPResponse.getheaders() and HTTPResponse.getheader() methods.

Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.

Fixed a deprecation warning when using cryptography v39.0.0.

Removed the <4 in the Requires-Python packaging metadata field.

1.26.12 (2022-08-22)

Deprecated the urllib3[secure] extra and the urllib3.contrib.pyopenssl module. Both will be removed in v2.x. See this GitHub issue <https://github.com/urllib3/urllib3/issues/2680>_

... (truncated)

Commits

d9d85c8 Release 1.26.19
8528b63 [1.26] Fix downstream tests (#3409)
40b6d16 Merge pull request from GHSA-34jh-p97f-mpxf
29cfd02 Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)
b600643 [1.26] Bump RECENT_DATE (#3404)
7e2d389 [1.26] Fix running CPython 2.7 tests in CI (#3137)
9c2c230 Release 1.26.18 (#3159)
b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4
944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport
c9016bf Release 1.26.17
Additional commits viewable in compare view

Updates websockets from 8.1 to 9.1

Release notes

Sourced from websockets's releases.

9.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

9.0.2

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

9.0.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

9.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Changelog

Sourced from websockets's changelog.

9.1 ...

May 27, 2021

.. note::

**Version 9.1 fixes a security issue introduced in version 8.0.**

Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.

9.0.2 .....

May 15, 2021

Restored compatibility of python -m websockets with Python < 3.9.
Restored compatibility with mypy.

9.0.1 .....

May 2, 2021

Fixed issues with the packaging of the 9.0 release.

9.0 ...

May 1, 2021

.. note::

**Version 9.0 moves or deprecates several APIs.**
Aliases provide backwards compatibility for all previously public APIs.


:class:~datastructures.Headers and

:exc:~datastructures.MultipleValuesError were moved from

websockets.http to :mod:websockets.datastructures. If you're using

them, you should adjust the import path.


The client, server, protocol, and auth modules were

moved from the websockets package to websockets.legacy

sub-package, as part of an upcoming refactoring. Despite the name,

they're still fully supported. The refactoring should be a transparent

upgrade for most uses when it's available. The legacy implementation

will be preserved according to the backwards-compatibility policy_.

... (truncated)

Commits

d0f3288 Bump version number.
547a26b Use constant-time comparison for passwords.
a14226a Bump version number.
8900c13 Add mypy to dictionary.
0713dbf Add test coverage.
b99c4fe Restore real imports for compatibility with mypy.
e44e085 Use relative imports everywhere, for consistency.
70fadbf Restore compatibility with Python < 3.9.
217ac2d Fix broken link.
fc176f4 Bump version number.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 7 updates: | Package | From | To | | --- | --- | --- | | [sanic](https://github.com/sanic-org/sanic) | `20.12.2` | `20.12.7` | | [certifi](https://github.com/certifi/python-certifi) | `2020.12.5` | `2024.7.4` | | [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.14` | `3.1.41` | | [idna](https://github.com/kjd/idna) | `2.10` | `3.7` | | [ujson](https://github.com/ultrajson/ultrajson) | `4.0.2` | `5.4.0` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.3` | `1.26.19` | | [websockets](https://github.com/python-websockets/websockets) | `8.1` | `9.1` | Updates `sanic` from 20.12.2 to 20.12.7 - [Release notes](https://github.com/sanic-org/sanic/releases) - [Commits](sanic-org/sanic@v20.12.2...v20.12.7) Updates `certifi` from 2020.12.5 to 2024.7.4 - [Commits](certifi/python-certifi@2020.12.05...2024.07.04) Updates `gitpython` from 3.1.14 to 3.1.41 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.14...3.1.41) Updates `idna` from 2.10 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v2.10...v3.7) Updates `ujson` from 4.0.2 to 5.4.0 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](ultrajson/ultrajson@4.0.2...5.4.0) Updates `urllib3` from 1.26.3 to 1.26.19 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.3...1.26.19) Updates `websockets` from 8.1 to 9.1 - [Release notes](https://github.com/python-websockets/websockets/releases) - [Changelog](https://github.com/python-websockets/websockets/blob/9.1/docs/changelog.rst) - [Commits](python-websockets/websockets@8.1...9.1) --- updated-dependencies: - dependency-name: sanic dependency-version: 20.12.7 dependency-type: direct:production dependency-group: pip - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: indirect dependency-group: pip - dependency-name: gitpython dependency-version: 3.1.41 dependency-type: indirect dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: indirect dependency-group: pip - dependency-name: ujson dependency-version: 5.4.0 dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-version: 1.26.19 dependency-type: indirect dependency-group: pip - dependency-name: websockets dependency-version: '9.1' dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 19, 2025

This was referenced May 19, 2025

Bump urllib3 from 1.26.3 to 1.26.5 #57

Closed

Bump ujson from 4.0.2 to 5.4.0 #59

Closed

Bump sanic from 20.12.2 to 20.12.7 #60

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the pip group with 7 updates #65

Bump the pip group with 7 updates #65

Uh oh!

dependabot bot commented on behalf of github May 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the pip group with 7 updates #65

Are you sure you want to change the base?

Bump the pip group with 7 updates #65

Uh oh!

Conversation

dependabot bot commented on behalf of github May 19, 2025

Version 20.12.7

Version 20.12.6

What's Changed

Version 20.12.5

Version 20.12.4

Version 20.12.3

Bugfixes

3.1.41 - fix Windows security issue

What's Changed

v3.7

What's Changed

5.4.0

Added

Fixed

5.3.0

Added

Changed

Fixed

5.2.0

Added

Fixed

5.1.0

Changed

1.26.19

🚀 urllib3 is fundraising for HTTP/2 support

Changes

1.26.18

1.26.17

1.26.16

1.26.15

1.26.14

1.26.13

1.26.12

1.26.11

1.26.19 (2024-06-17)

1.26.18 (2023-10-17)

1.26.17 (2023-10-02)

1.26.16 (2023-05-23)

1.26.15 (2023-03-10)

1.26.14 (2023-01-11)

1.26.13 (2022-11-23)

1.26.12 (2022-08-22)

9.1

9.0.2

9.0.1

9.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant