Bumps the pip group with 5 updates in the /scripts directory:
| Package | From | To |
| --- | --- | --- |
| [certifi](
https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.7.4` |
| [idna](
https://github.com/kjd/idna) | `2.10` | `3.7` |
| [jinja2](
https://github.com/pallets/jinja) | `2.11.3` | `3.1.5` |
| [requests](
https://github.com/psf/requests) | `2.31.0` | `2.32.2` |
| [urllib3](
https://github.com/urllib3/urllib3) | `1.26.18` | `1.26.19` |
Bumps the pip group with 4 updates in the /scripts/upgrade-codeql-dependencies directory: [certifi](
https://github.com/certifi/python-certifi), [idna](
https://github.com/kjd/idna), [requests](
https://github.com/psf/requests) and [urllib3](
https://github.com/urllib3/urllib3).
Updates `certifi` from 2023.7.22 to 2024.7.4
- [Commits](
certifi/python-certifi@2023.07.22...2024.07.04)
Updates `idna` from 2.10 to 3.7
- [Release notes](
https://github.com/kjd/idna/releases)
- [Changelog](
https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](
kjd/idna@v2.10...v3.7)
Updates `jinja2` from 2.11.3 to 3.1.5
- [Release notes](
https://github.com/pallets/jinja/releases)
- [Changelog](
https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](
pallets/jinja@2.11.3...3.1.5)
Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](
https://github.com/psf/requests/releases)
- [Changelog](
https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](
psf/requests@v2.31.0...v2.32.2)
Updates `urllib3` from 1.26.18 to 1.26.19
- [Release notes](
https://github.com/urllib3/urllib3/releases)
- [Changelog](
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](
urllib3/urllib3@1.26.18...1.26.19)
Updates `certifi` from 2023.7.22 to 2024.7.4
- [Commits](
certifi/python-certifi@2023.07.22...2024.07.04)
Updates `idna` from 3.4 to 3.7
- [Release notes](
https://github.com/kjd/idna/releases)
- [Changelog](
https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](
kjd/idna@v2.10...v3.7)
Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](
https://github.com/psf/requests/releases)
- [Changelog](
https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](
psf/requests@v2.31.0...v2.32.2)
Updates `urllib3` from 1.26.18 to 1.26.19
- [Release notes](
https://github.com/urllib3/urllib3/releases)
- [Changelog](
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](
urllib3/urllib3@1.26.18...1.26.19)
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
dependency-group: pip
- dependency-name: idna
dependency-type: direct:production
dependency-group: pip
- dependency-name: jinja2
dependency-type: direct:production
dependency-group: pip
- dependency-name: requests
dependency-type: direct:production
dependency-group: pip
- dependency-name: urllib3
dependency-type: direct:production
dependency-group: pip
- dependency-name: certifi
dependency-type: direct:production
dependency-group: pip
- dependency-name: idna
dependency-type: direct:production
dependency-group: pip
- dependency-name: requests
dependency-type: direct:production
dependency-group: pip
- dependency-name: urllib3
dependency-type: direct:production
dependency-group: pip
...
Signed-off-by: dependabot[bot] <support@github.com>
Bumps the pip group with 5 updates in the /scripts directory:
Bumps the pip group with 4 updates in the /scripts/upgrade-codeql-dependencies directory: certifi, idna, requests and urllib3.
Updates certifi from 2023.7.22 to 2024.7.4
CommitsUpdates idna from 2.10 to 3.7
Release notesSourced from idna's releases.
v3.7
What's Changed
Thanks to Guido Vranken for reporting the issue.
Full Changelog: kjd/idna@v3.6...v3.7
ChangelogSourced from idna's changelog.
3.7 (2024-04-11) ++++++++++++++++
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25) ++++++++++++++++
3.5 (2023-11-24) ++++++++++++++++
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.
3.4 (2022-09-14) ++++++++++++++++
Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13) ++++++++++++++++
... (truncated)
CommitsUpdates jinja2 from 2.11.3 to 3.1.5
Release notesSourced from jinja2's releases.
3.1.5
This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1
3.1.4
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
3.1.3
This is a fix release for the 3.1.x feature branch.
3.1.2
This is a fix release for the 3.1.0 feature release.
... (truncated)
ChangelogSourced from jinja2's changelog.
Version 3.1.5
Released 2024-12-21
... (truncated)
CommitsUpdates requests from 2.31.0 to 2.32.2
Release notesSourced from requests's releases.
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
v2.32.0
2.32.0 (2024-05-20)
🐍 PYCON US 2024 EDITION 🐍
Security
Improvements
Bugfixes
... (truncated)
ChangelogSourced from requests's changelog.
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
2.32.0 (2024-05-20)
Security
Improvements
Bugfixes
Deprecations
... (truncated)
CommitsUpdates urllib3 from 1.26.18 to 1.26.19
Release notesSourced from urllib3's releases.
1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Full Changelog: urllib3/urllib3@1.26.18...1.26.19
Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.
ChangelogSourced from urllib3's changelog.
1.26.19 (2024-06-17)
- Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
- Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)
CommitsUpdates certifi from 2023.7.22 to 2024.7.4
CommitsUpdates idna from 3.4 to 3.7
Release notesSourced from idna's releases.
v3.7
What's Changed
Thanks to Guido Vranken for reporting the issue.
Full Changelog: kjd/idna@v3.6...v3.7
ChangelogSourced from idna's changelog.
3.7 (2024-04-11) ++++++++++++++++
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25) ++++++++++++++++
3.5 (2023-11-24) ++++++++++++++++
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.
3.4 (2022-09-14) ++++++++++++++++
Thanks to Seth Michael Larson for contributions to this release.
3.3 (2021-10-13) ++++++++++++++++
... (truncated)
CommitsUpdates requests from 2.31.0 to 2.32.2
Release notesSourced from requests's releases.
v2.32.2
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
v2.32.1
2.32.1 (2024-05-20)
Bugfixes
v2.32.0
2.32.0 (2024-05-20)
🐍 PYCON US 2024 EDITION 🐍
Security
Improvements
Bugfixes
... (truncated)
ChangelogSourced from requests's changelog.
2.32.2 (2024-05-21)
Deprecations
To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.
A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)
2.32.1 (2024-05-20)
Bugfixes
2.32.0 (2024-05-20)
Security
Improvements
Bugfixes
Deprecations
... (truncated)
CommitsUpdates urllib3 from 1.26.18 to 1.26.19
Release notesSourced from urllib3's releases.
1.26.19
🚀 urllib3 is fundraising for HTTP/2 support
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Full Changelog: urllib3/urllib3@1.26.18...1.26.19
Note that due to an issue with our release automation, no multiple.intoto.jsonl file is available for this release.
ChangelogSourced from urllib3's changelog.
1.26.19 (2024-06-17)
- Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
- Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. ([#3405](https://github.com/urllib3/urllib3/issues/3405) <https://github.com/urllib3/urllib3/issues/3405>__)
CommitsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and optionsYou can trigger Dependabot actions by commenting on this PR:
You can disable automated security fix PRs for this repo from the Security Alerts page.