Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the all group in /localcert with 11 updates #88

Closed
wants to merge 1 commit into from
Closed

Bump the all group in /localcert with 11 updates #88

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 4, 2024
edited
Loading

Bumps the all group in /localcert with 11 updates:

Package From To
certifi 2023.7.22 2024.2.2
cryptography 42.0.0 42.0.5
django 4.2.7 5.0.2
django-allauth 0.58.1 0.61.1
django-csp 3.7 3.8
idna 3.4 3.6
urllib3 2.0.7 2.2.1
beautifulsoup4 4.12.2 4.12.3
coverage 7.3.2 7.4.3
dnspython 2.4.2 2.6.1
flake8 6.1.0 7.0.0

Updates certifi from 2023.7.22 to 2024.2.2

Commits
  • 45eb611 2024.02.02 (#266)
  • 83f4f04 fix leaking certificate issue (#265)
  • bbf2208 Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#264)
  • 9e837a5 Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#262)
  • 05d071b Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#261)
  • 2a3088a Bump actions/download-artifact from 4.1.0 to 4.1.1 (#260)
  • d4ca66e Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#258)
  • 5d15663 Bump actions/download-artifact from 3.0.2 to 4.1.0 (#257)
  • d66ef9d Bump actions/setup-python from 4.7.1 to 5.0.0 (#256)
  • 8f0d412 Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (#255)
  • Additional commits viewable in compare view

Updates cryptography from 42.0.0 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23


* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.

.. _v42-0-4:


42.0.4 - 2024-02-20

  • Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130
  • Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370.

.. _v42-0-3:

42.0.3 - 2024-02-15


* Fixed an initialization issue that caused key loading failures for some
  users.

.. _v42-0-2:


42.0.2 - 2024-01-30

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
  • Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys.
  • Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange, X25519PrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange, X448PrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange, and DHPrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange.

.. _v42-0-1:

42.0.1 - 2024-01-24


</tr></table>

... (truncated)

Commits

Updates django from 4.2.7 to 5.0.2

Commits
  • 428d06c [5.0.x] Bumped version for 5.0.2 release.
  • 16a8fe1 [5.0.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ...
  • 2cfa3fb [5.0.x] Changed severity levels to list in security policy docs.
  • 761946f [5.0.x] Fixed #35149 -- Fixed crashes of db_default with unresolvable output ...
  • 914eee1 [5.0.x] Refs #35149 -- Made equivalent db_default alterations noops.
  • 3e7a30f [5.0.x] Fixed #35162 -- Fixed crash when adding fields with db_default on MySQL.
  • 741f080 [5.0.x] Fixed #35147 -- Added backward incompatibility note about filtering a...
  • 58d5e57 [5.0.x] Fixed typo in docs/topics/db/managers.txt.
  • a8f9c29 [5.0.x] Removed mention of designers in DTL design philosophy.
  • 06b05c7 [5.0.x] Refs #34936 -- Added test for altering DecimalField with db_default t...
  • Additional commits viewable in compare view

Updates django-allauth from 0.58.1 to 0.61.1

Changelog

Sourced from django-allauth's changelog.

0.61.1 (2024-02-09)

Fixes

  • Fixed a RuntimeWarning that could occur when running inside an async environment ('SyncToAsync' was never awaited).

Security notice

  • As part of the Google OAuth handshake, an ID token is obtained by direct machine to machine communication between the server running django-allauth and Google. Because of this direct communication, we are allowed to skip checking the token signature according to the OpenID Connect Core 1.0 specification <https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation>_. However, as django-allauth is used and built upon by third parties, this is an implementation detail with security implications that is easily overlooked. To mitigate potential issues, verifying the signature is now only skipped if it was django-allauth that actually fetched the access token.

0.61.0 (2024-02-07)

Note worthy changes

  • Added support for account related security notifications. When ACCOUNT_EMAIL_NOTIFICATIONS = True, email notifications such as "Your password was changed", including information on user agent / IP address from where the change originated, will be emailed.

  • Google: Starting from 0.52.0, the id_token is being used for extracting user information. To accommodate for scenario's where django-allauth is used in contexts where the id_token is not posted, the provider now looks up the required information from the /userinfo endpoint based on the access token if the id_token is absent.

Security notice

  • MFA: It was possible to reuse a valid TOTP code within its time window. This has now been addressed. As a result, a user can now only login once per 30 seconds (MFA_TOTP_PERIOD).

... (truncated)

Commits
  • da3fe9b chore: Release 0.61.1
  • 2fa4294 tests(google): python 3.7 compatibility
  • 4037177 fix(account/middleware): SyncToAsync never awaited
  • a2a051d feat(google): Verify id_token signature
  • 701bcc6 refactor(socialaccount): Extract JWT verification
  • 9c08094 chore: Opening 0.61.1-dev
  • 6123cca chore: Release 0.61.0
  • c3b0af2 fix(account): Don't check redirect url if there's no redirect
  • 93d47fd fix(google): Gracefully handle cases where id_token is absent
  • 48a661a fix(mfa): Prevent reuse of TOTP codes
  • Additional commits viewable in compare view

Updates django-csp from 3.7 to 3.8

Release notes

Sourced from django-csp's releases.

3.8

Please note that 3.8 is Python-code-identical to 3.8rc1, and there were no regressions or problems noted or reported with 3.8rc0 nor 3.8rc1

django-csp lives!

It's been more than a year since the last release and the project needed some refreshing before we can move forward with it.

This release aims to be functionally equivalent to 3.7, but with formal support for more modern Django and Python versions, all the way up to Django 5 on Python 3.12

Please see https://github.com/mozilla/django-csp/blob/main/CHANGES for a short summary of changes.

Feedback and bug reports are very welcome. 🙇

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from django-csp's changelog.

3.8

Please note: this release folds in a number of fixups, upgrades and documentation tweaks, but is functionally the same as 3.7. New features will come with 3.9+

  • Update Python syntax for modern versions with pyupgrade
  • Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12
  • Switch to ruff instead of pep8 and flake8
  • Move from CircleCI to Github Actions for CI
  • Add support for using pre-commit with the project
  • Remove deprecation warning for child-src
  • Fix capturing brackets in script template tags
  • Update docs to clarify when nonce will not be added to headers
  • Move from setup.py and setup.cfg to pyproject.toml (#209)

Note: identical other than release packaging to 3.8rc1

3.8rc1

  • Move from setup.py and setup.cfg to pyproject.toml (#209)

3.8rc

Please note: this release folds in a number of fixups, upgrades and documentation tweaks, but is functionally the same as 3.7. New features will come with 3.9+

  • Update Python syntax for modern versions with pyupgrade
  • Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12
  • Switch to ruff instead of pep8 and flake8
  • Move from CircleCI to Github Actions for CI
  • Add support for using pre-commit with the project
  • Remove deprecation warning for child-src
  • Fix capturing brackets in script template tags
  • Update docs to clarify when nonce will not be added to headers
Commits
  • 4899179 Prepare for 3.8 final release
  • 684b12a Prepare for 3.8rc1 release - just one packaging change
  • b1dd37e Tomlify setup.py (#216)
  • 7200b16 Prepare for 3.8rc release (#215)
  • 4be512c Update GH actions helpers to use Node 20-based versions (#214)
  • 371da46 Bring codebase up to modern Python using pyupgrade (#213)
  • 9698258 MiddlewareMixin is always present in django>=3.2
  • 12116dc Update settings documentation to move deprecated-within-csp settings to their...
  • 61f3124 Update README.rst
  • 58113ef Fix sphinx theme installation (#208)
  • Additional commits viewable in compare view

Updates idna from 3.4 to 3.6

Changelog

Sourced from idna's changelog.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

Updates urllib3 from 2.0.7 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
  • Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
  • Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
  • Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

2.2.0

🖥️ urllib3 now works in the browser

🎉 This release adds experimental support for using urllib3 in the browser with Pyodide! 🎉

Thanks to Joe Marshall (@​joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
  • Added support for HTTPResponse.read1() method. (#3186)
  • Added rudimentary support for HTTP/2. (#3284)
  • Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
  • Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. (#3130)
  • Fixed an issue where headers passed in a request with json= would be mutated (#3203)
  • Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. (#3267)
  • Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS (#3268)
  • Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled (#3325)

Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the --integration pytest flag. (#3181)

2.1.0

Read the v2 migration guide for help upgrading to the latest version of urllib3.

Removals

  • Removed support for the deprecated urllib3[secure] extra. (#2680)
  • Removed support for the deprecated SecureTransport TLS implementation. (#2681)
  • Removed support for the end-of-life Python 3.7. (#3143)

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.2.1 (2024-02-16)

  • Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. ([#3331](https://github.com/urllib3/urllib3/issues/3331) <https://github.com/urllib3/urllib3/issues/3331>__)
  • Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. ([#3343](https://github.com/urllib3/urllib3/issues/3343) <https://github.com/urllib3/urllib3/issues/3343>__)
  • Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. ([#2860](https://github.com/urllib3/urllib3/issues/2860) <https://github.com/urllib3/urllib3/issues/2860>__)
  • Changed ProtocolError to be more verbose on incomplete reads with excess content. ([#3261](https://github.com/urllib3/urllib3/issues/3261) <https://github.com/urllib3/urllib3/issues/3261>__)

2.2.0 (2024-01-30)

  • Added support for Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>, including streaming support in cross-origin isolated browser environments where threading is enabled. ([#2951](https://github.com/urllib3/urllib3/issues/2951) <https://github.com/urllib3/urllib3/issues/2951>)
  • Added support for HTTPResponse.read1() method. ([#3186](https://github.com/urllib3/urllib3/issues/3186) <https://github.com/urllib3/urllib3/issues/3186>__)
  • Added rudimentary support for HTTP/2. ([#3284](https://github.com/urllib3/urllib3/issues/3284) <https://github.com/urllib3/urllib3/issues/3284>__)
  • Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. ([#2244](https://github.com/urllib3/urllib3/issues/2244) <https://github.com/urllib3/urllib3/issues/2244>__)
  • Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. ([#3130](https://github.com/urllib3/urllib3/issues/3130) <https://github.com/urllib3/urllib3/issues/3130>__)
  • Fixed an issue where headers passed in a request with json= would be mutated ([#3203](https://github.com/urllib3/urllib3/issues/3203) <https://github.com/urllib3/urllib3/issues/3203>__)
  • Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. ([#3267](https://github.com/urllib3/urllib3/issues/3267) <https://github.com/urllib3/urllib3/issues/3267>__)
  • Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS ([#3268](https://github.com/urllib3/urllib3/issues/3268) <https://github.com/urllib3/urllib3/issues/3268>__)
  • Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled ([#3325](https://github.com/urllib3/urllib3/issues/3325) <https://github.com/urllib3/urllib3/issues/3325>__)
  • Note for downstream distributors: To run integration tests, you now need to run the tests a second time with the --integration pytest flag. ([#3181](https://github.com/urllib3/urllib3/issues/3181) <https://github.com/urllib3/urllib3/issues/3181>__)

2.1.0 (2023-11-13)

  • Removed support for the deprecated urllib3[secure] extra. ([#2680](https://github.com/urllib3/urllib3/issues/2680) <https://github.com/urllib3/urllib3/issues/2680>__)
  • Removed support for the deprecated SecureTransport TLS implementation. ([#2681](https://github.com/urllib3/urllib3/issues/2681) <https://github.com/urllib3/urllib3/issues/2681>__)
  • Removed support for the end-of-life Python 3.7. ([#3143](https://github.com/urllib3/urllib3/issues/3143) <https://github.com/urllib3/urllib3/issues/3143>__)
  • Allowed loading CA certificates from memory for proxies. ([#3065](https://github.com/urllib3/urllib3/issues/3065) <https://github.com/urllib3/urllib3/issues/3065>__)
  • Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding. ([#3174](https://github.com/urllib3/urllib3/issues/3174) <https://github.com/urllib3/urllib3/issues/3174>__)
Commits
  • 54d6edf Release 2.2.1
  • 49b2dda Stop casting request headers to HTTPHeaderDict (#3344)
  • e22f651 Fix docstring of retries parameter
  • fa54179 Distinguish between truncated and excess content in response (#3273)
  • cfe52f9 Fix InsecureRequestWarning for HTTPS Emscripten requests (#3333)
  • 25155d7 Ensure no remote connections during testing (#3328)
  • 12f9233 Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (#3340)
  • 9929d3c Add nox session to start local Pyodide console
  • aa8d3dd Fix ssl_version tests for upcoming migration to pytest 8
  • 23f2287 Remove TODO about informational responses (#3319)
  • Additional commits viewable in compare view

Updates beautifulsoup4 from 4.12.2 to 4.12.3

Updates coverage from 7.3.2 to 7.4.3

Changelog

Sourced from coverage's changelog.

Version 7.4.3 — 2024-02-23

  • Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733_.

.. _issue 1733: nedbat/coveragepy#1733

.. _changes_7-4-2:

Version 7.4.2 — 2024-02-20

  • Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade <pull 1747_>_. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: nedbat/coveragepy#1747

.. _changes_7-4-1:

Version 7.4.1 — 2024-01-26

  • Python 3.13.0a3 is supported.

  • Fix: the JSON report now includes an explicit format version number, closing issue 1732_.

.. _issue 1732: nedbat/coveragepy#1732

.. _changes_7-4-0:

Version 7.4.0 — 2023-12-27

  • In Python 3.12 and above, you can try an experimental core based on the new :mod:sys.monitoring <python:sys.monitoring> module by defining a COVERAGE_CORE=sysmon environment variable. This should be faster for line coverage, but not for branch coverage, and plugins and dynamic contexts are not yet supported with it. I am very interested to hear how it works (or doesn't!) for you.

.. _changes_7-3-4:

Version 7.3.4 — 2023-12-20

... (truncated)

Commits
  • 1af3624 docs: sample HTML for 7.4.3
  • f06c5e4 docs: prep for 7.4.3
  • 08fc997 fix: get atomic copies of iterables when flushing data. #1733
  • 4e34571 build: put a time limit on the Python nightly tests
  • a1d8d29 build: make targets should use underscores not dashes
  • f7d40a0 build: tweak the release instructions
  • 0f19b82 build: bump version
  • 5d69334 test: if a test fails randomly, let it retry with @​flaky
  • 65d686c docs: sample HTML for 7.4.2
  • 026dca7 docs: prep for 7.4.2
  • Additional commits viewable in compare view

Updates dnspython from 2.4.2 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.5.0

See the What's New page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

  • The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

  • As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

    This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

  • Added support for the NSID EDNS option.

  • Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

  • The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

2.5.0

  • Dnspython now uses hatchling for builds.

  • Asynchronous destinationless sockets now work on Windows.

  • Cython is no longer supported due to various typing issues.

  • Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary.

  • The number of messages in a section can be retrieved with section_count().

  • Truncation preferences for messages can be specified.

  • The length of a message can be automatically prepended when rendering.

... (truncated)

Commits
  • 0a742b9 update CI
  • 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
  • f12d398 2.6.1 version prep
  • cecb853 Further improve CVE fix coverage to 100% for sync and async.
  • 7952e31 test IgnoreErrors
  • e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
  • 3af9f78 2.6.0 versioning
  • ca63d95 Require cryptography >=41 instead of 42.
  • 902cbf3 Create CODE_OF_CONDUCT.md
  • ed9795f github contributing and pull request template
  • Additional commits viewable in compare view

Updates flake8 from 6.1.0 to 7.0.0

Commits
  • 88a4f9b Release 7.0.0
  • 6f3a60d Merge pull request #1906 from PyCQA/upgrade-pyflakes
  • cde8570 upgrade pyflakes to 3.2.x
  • 2ab9d76 Merge pull request #1903 from PyCQA/pre-commit-ci-update-config
  • e27611f [pre-commit.ci] pre-commit autoupdate
  • 9d20be1 Merge pull request #1902 from PyCQA/pre-commit-ci-update-config
  • 06c1503 [pre-commit.ci] auto fixes from pre-commit.com hooks
  • b67ce03 Fix bugbear lints
  • c8801c1 [pre-commit.ci] pre-commit autoupdate
  • 045f297 Merge pull request #1893 from PyCQA/pre-commit-ci-update-config
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group in /localcert with 11 updates
383e4dd 
Bumps the all group in /localcert with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.2.2` |
| [cryptography](https://github.com/pyca/cryptography) | `42.0.0` | `42.0.5` |
| [django](https://github.com/django/django) | `4.2.7` | `5.0.2` |
| [django-allauth](https://github.com/pennersr/django-allauth) | `0.58.1` | `0.61.1` |
| [django-csp](https://github.com/mozilla/django-csp) | `3.7` | `3.8` |
| [idna](https://github.com/kjd/idna) | `3.4` | `3.6` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.0.7` | `2.2.1` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.12.2` | `4.12.3` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.3.2` | `7.4.3` |
| [dnspython](https://github.com/rthalley/dnspython) | `2.4.2` | `2.6.1` |
| [flake8](https://github.com/pycqa/flake8) | `6.1.0` | `7.0.0` |


Updates `certifi` from 2023.7.22 to 2024.2.2
- [Commits](certifi/python-certifi@2023.07.22...2024.02.02)

Updates `cryptography` from 42.0.0 to 42.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@42.0.0...42.0.5)

Updates `django` from 4.2.7 to 5.0.2
- [Commits](django/django@4.2.7...5.0.2)

Updates `django-allauth` from 0.58.1 to 0.61.1
- [Changelog](https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst)
- [Commits](pennersr/django-allauth@0.58.1...0.61.1)

Updates `django-csp` from 3.7 to 3.8
- [Release notes](https://github.com/mozilla/django-csp/releases)
- [Changelog](https://github.com/mozilla/django-csp/blob/main/CHANGES)
- [Commits](mozilla/django-csp@3.7...3.8)

Updates `idna` from 3.4 to 3.6
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.4...v3.6)

Updates `urllib3` from 2.0.7 to 2.2.1
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.7...2.2.1)

Updates `beautifulsoup4` from 4.12.2 to 4.12.3

Updates `coverage` from 7.3.2 to 7.4.3
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.3.2...7.4.3)

Updates `dnspython` from 2.4.2 to 2.6.1
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](rthalley/dnspython@v2.4.2...v2.6.1)

Updates `flake8` from 6.1.0 to 7.0.0
- [Commits](PyCQA/flake8@6.1.0...7.0.0)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: django-allauth
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: django-csp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: beautifulsoup4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: dnspython
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: flake8
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 4, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Mar 11, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 11, 2024
@dependabot dependabot bot deleted the dependabot/pip/localcert/all-ff867d1b41 branch March 11, 2024 04:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants