Bumps the pip group with 5 updates in the /scripts directory:
| Package | From | To |
| --- | --- | --- |
| [certifi](
https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.7.4` |
| [idna](
https://github.com/kjd/idna) | `2.10` | `3.7` |
| [jinja2](
https://github.com/pallets/jinja) | `2.11.3` | `3.1.4` |
| [requests](
https://github.com/psf/requests) | `2.31.0` | `2.32.2` |
| [urllib3](
https://github.com/urllib3/urllib3) | `1.26.18` | `1.26.19` |
Bumps the pip group with 4 updates in the /scripts/upgrade-codeql-dependencies directory: [certifi](
https://github.com/certifi/python-certifi), [idna](
https://github.com/kjd/idna), [requests](
https://github.com/psf/requests) and [urllib3](
https://github.com/urllib3/urllib3).
Updates `certifi` from 2023.7.22 to 2024.7.4
- [Commits](
certifi/python-certifi@2023.07.22...2024.07.04)
Updates `idna` from 2.10 to 3.7
- [Release notes](
https://github.com/kjd/idna/releases)
- [Changelog](
https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](
kjd/idna@v2.10...v3.7)
Updates `jinja2` from 2.11.3 to 3.1.4
- [Release notes](
https://github.com/pallets/jinja/releases)
- [Changelog](
https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](
pallets/jinja@2.11.3...3.1.4)
Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](
https://github.com/psf/requests/releases)
- [Changelog](
https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](
psf/requests@v2.31.0...v2.32.2)
Updates `urllib3` from 1.26.18 to 1.26.19
- [Release notes](
https://github.com/urllib3/urllib3/releases)
- [Changelog](
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](
urllib3/urllib3@1.26.18...1.26.19)
Updates `certifi` from 2023.7.22 to 2024.7.4
- [Commits](
certifi/python-certifi@2023.07.22...2024.07.04)
Updates `idna` from 3.4 to 3.7
- [Release notes](
https://github.com/kjd/idna/releases)
- [Changelog](
https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](
kjd/idna@v2.10...v3.7)
Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](
https://github.com/psf/requests/releases)
- [Changelog](
https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](
psf/requests@v2.31.0...v2.32.2)
Updates `urllib3` from 1.26.18 to 1.26.19
- [Release notes](
https://github.com/urllib3/urllib3/releases)
- [Changelog](
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](
urllib3/urllib3@1.26.18...1.26.19)
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
dependency-group: pip
- dependency-name: idna
dependency-type: direct:production
dependency-group: pip
- dependency-name: jinja2
dependency-type: direct:production
dependency-group: pip
- dependency-name: requests
dependency-type: direct:production
dependency-group: pip
- dependency-name: urllib3
dependency-type: direct:production
dependency-group: pip
- dependency-name: certifi
dependency-type: direct:production
dependency-group: pip
- dependency-name: idna
dependency-type: direct:production
dependency-group: pip
- dependency-name: requests
dependency-type: direct:production
dependency-group: pip
- dependency-name: urllib3
dependency-type: direct:production
dependency-group: pip
...
Signed-off-by: dependabot[bot] <support@github.com>
Bumps the pip group with 5 updates in the /scripts directory:
Bumps the pip group with 4 updates in the /scripts/upgrade-codeql-dependencies directory: certifi, idna, requests and urllib3.
Updates certifi from 2023.7.22 to 2024.7.4
CommitsUpdates idna from 2.10 to 3.7
Release notesSourced from idna's releases.
v3.7
What's Changed
Thanks to Guido Vranken for reporting the issue.
Full Changelog: kjd/idna@v3.6...v3.7
ChangelogSourced from idna's changelog.
3.7 (2024-04-11) ++++++++++++++++
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25) ++++++++++++++++
3.5 (2023-11-24) ++++++++++++++++
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.
3.4 (2022-09-14) ++++++++++++++++
Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13) ++++++++++++++++
... (truncated)
CommitsUpdates jinja2 from 2.11.3 to 3.1.4
Release notesSourced from jinja2's releases.
3.1.4
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
3.1.3
This is a fix release for the 3.1.x feature branch.
3.1.2
This is a fix release for the 3.1.0 feature release.
3.1.1
3.1.0
This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.
3.0.3
3.0.2
3.0.1
3.0.0
New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! 🎉
This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.
... (truncated)
ChangelogSourced from jinja2's changelog.
Version 3.1.4
Released 2024-05-05
Version 3.1.3
Released 2024-01-10
Version 3.1.2
Released 2022-04-28
Version 3.1.1
Released 2022-03-25
Version 3.1.0
Released 2022-03-24
... (truncated)
CommitsUpdates requests from 2.31.0 to 2.32.2
Release notesSourced from requests's releases.
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
v2.32.0
2.32.0 (2024-05-20)
🐍 PYCON US 2024 EDITION 🐍
Security
Improvements
Bugfixes
... (truncated)
ChangelogSourced from requests's changelog.
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
2.32.0 (2024-05-20)
Security
Improvements
Bugfixes
Deprecations
... (truncated)
CommitsUpdates urllib3 from 1.26.18 to 1.26.19
Release notesSourced from urllib3's releases.
1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Full Changelog: urllib3/urllib3@1.26.18...1.26.19
Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.
ChangelogSourced from urllib3's changelog.
1.26.19 (2024-06-17)
- Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
- Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)
CommitsUpdates certifi from 2023.7.22 to 2024.7.4
CommitsUpdates idna from 3.4 to 3.7
Release notesSourced from idna's releases.
v3.7
What's Changed
Thanks to Guido Vranken for reporting the issue.
Full Changelog: kjd/idna@v3.6...v3.7
ChangelogSourced from idna's changelog.
3.7 (2024-04-11) ++++++++++++++++
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25) ++++++++++++++++
3.5 (2023-11-24) ++++++++++++++++
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.
3.4 (2022-09-14) ++++++++++++++++
Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13) ++++++++++++++++
... (truncated)
CommitsUpdates requests from 2.31.0 to 2.32.2
Release notesSourced from requests's releases.
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
v2.32.0
2.32.0 (2024-05-20)
🐍 PYCON US 2024 EDITION 🐍
Security
Improvements
Bugfixes
... (truncated)
ChangelogSourced from requests's changelog.
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
2.32.0 (2024-05-20)
Security
Improvements
Bugfixes
Deprecations
... (truncated)
CommitsUpdates urllib3 from 1.26.18 to 1.26.19
Release notesSourced from urllib3's releases.
1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Full Changelog: urllib3/urllib3@1.26.18...1.26.19
Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.
ChangelogSourced from urllib3's changelog.
1.26.19 (2024-06-17)
- Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
- Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)
CommitsYou can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and optionsYou can trigger Dependabot actions by commenting on this PR:
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.