Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 9 updates #1

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 9 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 24, 2024

Bumps the pip group with 9 updates in the / directory:

Package From To
lxml 3.6.0 4.9.1
flask 0.10.1 2.2.5
flask-admin 1.4.0 1.5.3
scrapy 1.1.0 2.11.1
numpy 1.11.0 1.22.0
scikit-learn 0.17.1 0.23.1
scipy 0.17.0 1.11.1
scrapy-splash 0.7 0.8.0
requests 2.10.0 2.31.0

Updates lxml from 3.6.0 to 4.9.1

Changelog

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

  • A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

  • GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

  • Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

  • Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

  • GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

4.8.0 (2022-02-17)

Features added

  • GH#337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

  • The ElementMaker now supports QName values as tags, which always override the default namespace of the factory.

Bugs fixed

  • GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.

... (truncated)

Commits
  • d01872c Prevent parse failure in new test from leaking into later test runs.
  • d65e632 Prepare release of lxml 4.9.1.
  • 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
  • 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
  • 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
  • b9f7074 Remove debug print from test.
  • b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
  • 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
  • 853c9e9 Prepare release of 4.9.0.
  • d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
  • Additional commits viewable in compare view

Updates flask from 0.10.1 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

2.1.3

2.1.2

This is a fix release for the 2.1.0 feature release.

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

Updates flask-admin from 1.4.0 to 1.5.3

Release notes

Sourced from flask-admin's releases.

v1.5.3

  • Fixed XSS vulnerability
  • Support nested categories in the navbar menu
  • SQLAlchemy
    • sort on multiple columns with column_default_sort
    • sort on related models in column_sortable_list
    • fix: inline model forms can now also be used for models with multiple primary keys
    • support for using mapped column_property
  • Upgrade Leaflet and Leaflet.draw plugins, used for geoalchemy integration
  • Specify minimum_input_length for ajax widget
  • Peewee: support composite keys
  • MongoEngine: when searching/filtering the input is now regarded as case-insensitive by default
  • FileAdmin
    • handle special characters in filename
    • fix a bug with listing directories on Windows
    • avoid raising an exception when unknown sort parameter is encountered
  • WTForms 3 support

1.5.2

  • Fixed XSS vulnerability
  • Fixed Peewee support
  • Added detail view column formatters
  • Updated Flask-Login example to work with the newer version of the library
  • Various SQLAlchemy-related fixes
  • Various Windows related fixes for the file admin

v1.5.0

  • Fixed CSRF generation logic for multi-process deployments
  • Added WTForms >= 3.0 support
  • Flask-Admin would not recursively save inline models, allowing arbitrary nesting
  • Added configuration properties that allow injection of additional CSS and JS dependencies into templates without overriding them
  • SQLAlchemy backend
    • Updated hybrid property detection using new SQLAlchemy APIs
    • Added support for association proxies
    • Added support for remote hybrid properties filters
    • Added support for ARRAY column type
  • Localization-related fixes
  • MongoEngine backend is now properly formats model labels
  • Improved Google App Engine support:
    • Added TextProperty, KeyProperty and SelectField support
    • Added support for form_args, excluded_columns, page_size and after_model_update
  • Fixed URL generation with localized named filters
  • FileAdmin has Bootstrap 2 support now
  • Geoalchemy support fixes
    • Use Google Places (by default) for place search
  • Updated translations
  • Bug fixes

... (truncated)

Changelog

Sourced from flask-admin's changelog.

1.5.3

  • Fixed XSS vulnerability
  • Support nested categories in the navbar menu
  • SQLAlchemy
    • sort on multiple columns with column_default_sort
    • sort on related models in column_sortable_list
    • show searchable fields in search input's placeholder text
    • fix: inline model forms can now also be used for models with multiple primary keys
    • support for using mapped column_property
  • Upgrade Leaflet and Leaflet.draw plugins, used for geoalchemy integration
  • Specify minimum_input_length for ajax widget
  • Peewee: support composite keys
  • MongoEngine: when searching/filtering the input is now regarded as case-insensitive by default
  • FileAdmin
    • handle special characters in filename
    • fix a bug with listing directories on Windows
    • avoid raising an exception when unknown sort parameter is encountered
  • WTForms 3 support

1.5.2

  • Fixed XSS vulnerability
  • Fixed Peewee support
  • Added detail view column formatters
  • Updated Flask-Login example to work with the newer version of the library
  • Various SQLAlchemy-related fixes
  • Various Windows related fixes for the file admin

1.5.1

  • Dropped Python 2.6 support
  • Fixed SQLAlchemy >= 1.2 compatibility
  • Fixed Pewee 3.0 compatibility
  • Fixed max year for a combo date inline editor
  • Lots of small bug fixes

1.5.0

  • Fixed CSRF generation logic for multi-process deployments
  • Added WTForms >= 3.0 support
  • Flask-Admin would not recursively save inline models, allowing arbitrary nesting
  • Added configuration properties that allow injection of additional CSS and JS dependencies into templates without overriding them
  • SQLAlchemy backend
    • Updated hybrid property detection using new SQLAlchemy APIs
    • Added support for association proxies

... (truncated)

Commits
  • 0528221 Bumped version, updated changelog
  • 8af10e0 Merge pull request #1699 from lbhsot/master
  • 1939762 Merge pull request #1779 from alanhamlett/master
  • c4715f0 fix flake8
  • 402e9a7 use Markupsafe to support WTForms 3
  • 829c24d Merge pull request #1751 from nurockplayer/master
  • 801a50b Merge pull request #1756 from GrayAn/checkboxlist
  • ff861de escape_html function was removed as non-existent in the too old and
  • dddfca9 SQLA fields API is now shown in the documentation
  • 2d6f7dd Alternative field for many-to-many relationship, appears as list of
  • Additional commits viewable in compare view

Updates scrapy from 1.1.0 to 2.11.1

Release notes

Sourced from scrapy's releases.

2.11.1

  • Security bug fixes.
  • Support for Twisted >= 23.8.0.
  • Documentation improvements.

See the full changelog.

2.11.0

  • Spiders can now modify settings in their from_crawler methods, e.g. based on spider arguments.
  • Periodic logging of stats.
  • Bug fixes.

See the full changelog.

2.10.1

Marked Twisted >= 23.8.0 as unsupported.

2.10.0

  • Added Python 3.12 support, dropped Python 3.7 support.
  • The new add-ons framework simplifies configuring 3rd-party components that support it.
  • Exceptions to retry can now be configured.
  • Many fixes and improvements for feed exports.

See the full changelog.

2.9.0

  • Per-domain download settings.
  • Compatibility with new cryptography and new parsel.
  • JMESPath selectors from the new parsel.
  • Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

  • Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older
  • Bug fixes

See the full changelog

2.7.0

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.11.1 (2024-02-14)

Highlights:

  • Security bug fixes.

  • Support for Twisted >= 23.8.0.

  • Documentation improvements.

Security bug fixes


-   Addressed `ReDoS vulnerabilities`_:

-   ``scrapy.utils.iterators.xmliter`` is now deprecated in favor of
    :func:`~scrapy.utils.iterators.xmliter_lxml`, which
    :class:`~scrapy.spiders.XMLFeedSpider` now uses.

To minimize the impact of this change on existing code,
:func:`~scrapy.utils.iterators.xmliter_lxml` now supports indicating
the node namespace with a prefix in the node name, and big files with
highly nested trees when using libxml2 2.7+.



    

  • Fixed regular expressions in the implementation of the
    
:func:~scrapy.utils.response.open_in_browser function.
    • 



Please, see the cc65-xxvf-f7r9 security advisory_ for more information.


.. _ReDoS vulnerabilities: https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

.. _cc65-xxvf-f7r9 security advisory: GHSA-cc65-xxvf-f7r9




    

  • 

    :setting:DOWNLOAD_MAXSIZE and :setting:DOWNLOAD_WARNSIZE now also apply
to the decompressed response body. Please, see the 7j7m-v7m3-jqm7 security advisory_ for more information.
    

    .. _7j7m-v7m3-jqm7 security advisory: GHSA-7j7m-v7m3-jqm7
    

    • 

  • 

    Also in relation with the 7j7m-v7m3-jqm7 security advisory_, the
deprecated scrapy.downloadermiddlewares.decompression module has been
removed.
    

    • 

  • 

    The Authorization header is now dropped on redirects to a different
domain. Please, see the cw9j-q3vf-hrrv security advisory_ for more
information.
    

    .. _cw9j-q3vf-hrrv security advisory: GHSA-cw9j-q3vf-hrrv
    

    • 



Modified requirements
</tr></table>

... (truncated)

Commits
  • 2f1d345 Solve test issues
  • 502addc Bump version: 2.11.0 → 2.11.1
  • 6b88b33 Set the release date of versions 2.11.1 and 1.8.4
  • 479619b Merge branch '2.11-redos' into 2.11
  • 809bfac Merge branch '2.11-compression-bomb' into 2.11
  • 5bcb8fd Merge branch '2.11-authorization' into 2.11
  • a55e933 Release notes for 2.11.1 (#6150)
  • 5e5a920 Remove slow leftovers
  • 810aaa6 Undo an unintended change
  • c5dad41 Speed up tests, remove comments without regexps
  • Additional commits viewable in compare view

Updates numpy from 1.11.0 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

  • Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
  • A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
  • NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
  • New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
  • A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

Updates scikit-learn from 0.17.1 to 0.23.1

Release notes

Sourced from scikit-learn's releases.

scikit-learn 0.23.1

We're happy to announce the 0.23.1 release which fixes a few issues affecting many users, namely: K-Means should be faster for small sample sizes, and the representation of third-party estimators was fixed.

You can check this version out using:

    pip install -U scikit-learn

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v0.23.html#version-0-23-1 The conda-forge builds will be available shortly, which you can then install using:

    conda install -c conda-forge scikit-learn

scikit-learn 0.23.0

We're happy to announce the 0.23 release. You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_0_23_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v0.23.html#version-0-23-0

This version supports Python versions 3.6 to 3.8.

Scikit-learn 0.22.2.post1

We're happy to announce the 0.22.2.post1 bugfix release.

The 0.22.2.post1 release includes a packaging fix for the source distribution but the content of the packages is otherwise identical to the content of the wheels with the 0.22.2 version (without the .post1 suffix).

Change log under https://scikit-learn.org/stable/whats_new/v0.22.html#changes-0-22-2.

This version supports Python versions 3.5 to 3.8.

Scikit-learn 0.22.1

We're happy to announce the 0.22.1 bugfix release. Change log under https://scikit-learn.org/stable/whats_new/v0.22.html#changes-0-22-1.

This version supports Python versions 3.5 to 3.8.

Scikit-learn 0.22.0

We're happy to announce the 0.22 release. You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_0_22_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v0.22.html#changes-0-22.

This version supports Python versions 3.5 to 3.8.

Scikit-learn 0.21.3

A bug fix and documentation release, fixing regressions and other issues released in version 0.21. See change log at https://scikit-learn.org/0.21/whats_new/v0.21.html

Scikit-learn 0.21.2

This version fixes a few bugs released in 0.21.1.

Scikit-learn version 0.21.1

... (truncated)

Commits

Updates scipy from 0.17.0 to 1.11.1

Release notes

Sourced from scipy's releases.

SciPy 1.11.1 Release Notes

SciPy 1.11.1 is a bug-fix release with no new features compared to 1.11.0. In particular, a licensing issue discovered after the release of 1.11.0 has been addressed.

Authors

  • Name (commits)
  • h-vetinari (1)
  • Robert Kern (1)
  • Ilhan Polat (4)
  • Tyler Reddy (8)

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

SciPy 1.11.0 Release Notes

SciPy 1.11.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.11.x branch, and on adding new features on the main branch.

This release requires Python 3.9+ and NumPy 1.21.6 or greater.

For running on PyPy, PyPy3 6.0+ is required.

Highlights of this release

  • Several scipy.sparse array API improvements, including sparse.sparray, a new public base class distinct from the older sparse.spmatrix class, proper 64-bit index support, and numerous deprecations paving the way to a modern sparse array experience.
  • scipy.stats added tools for survival analysis, multiple hypothesis testing, sensitivity analysis, and working with censored data.

... (truncated)

Commits
  • cfe8011 REL: 1.11.1 rel commit [wheel build]
  • 450d8aa Merge pull request #18779 from tylerjereddy/treddy_1_11_1_prep
  • 6f942e8 DOC: update 1.11.1 relnotes
  • 145cec5 MAINT: fix unuran licensing
  • 0760bab MAINT:linalg.det:Return scalars for singleton inputs (#18763)
  • a1c6f99 MAINT:linalg:Use only NumPy types in lu
  • 5cdc2fe MAINT:linalg:Remove memcpy from lu
  • d9ac3f3 FIX:linalg:Guard against possible permute_l out of bound behavior
  • 7ec5010 BUG: fix handling for factorial(..., exact=False) for 0-dim array inputs (#...
  • 90415c6 BUG: Fix work array construction for various weight shapes. (#18741)
  • Additional commits viewable in compare view

Updates scrapy-splash from 0.7 to 0.8.0

Release notes

Sourced from scrapy-splash's releases.

0.8.0

  • Security bug fix:

    If you use HttpAuthMiddleware (i.e. the http_user and http_pass spider attributes) for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to True.

    Use the new SPLASH_USER and SPLASH_PASS settings instead to set your Splash authentication credentials safely.

  • Responses now expose the HTTP status code and headers from Splash as response.splash_response_status and response.splash_response_headers (#158)

  • The meta argument passed to the scrapy_splash.request.SplashRequest constructor is no longer modified (#164)

  • Website responses with 400 or 498 as HTTP status code are no longer handled as the equivalent Splash responses (#158)

  • Cookies are no longer sent to Splash itself (#156)

  • scrapy_splash.utils.dict_hash now also works with obj=None (225793b)

  • Our test suite now includes integration tests (#156) and tests can be run in parallel (6fb8c41)

  • There’s a new ‘Getting help’ section in the README.rst file (#161, #162), the documentation about SPLASH_SLOT_POLICY has been improved (#157) and a typo as been fixed (#121)

  • Made some internal improvements (ee5000d, 25de545, 2aaa79d)

Changelog

Sourced from scrapy-splash's changelog.

0.8.0 (2021-10-05)

  • Security bug fix:

    If you use HttpAuthMiddleware_ (i.e. the http_user and http_pass spider attributes) for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to True.

    Use the new SPLASH_USER and SPLASH_PASS settings instead to set your Splash authentication credentials safely.

    .. _HttpAuthMiddleware: http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth

  • Responses now expose the HTTP status code and headers from Splash as response.splash_response_status and response.splash_response_headers (#158)

  • The meta argument passed to the scrapy_splash.request.SplashRequest constructor is no longer modified (#164)

  • Website responses with 400 or 498 as HTTP status code are no longer handled as the equivalent Splash responses (#158)

  • Cookies are no longer sent to Splash itself (#156)

  • scrapy_splash.utils.dict_hash now also works with obj=None (225793b)

  • Our test suite now includes integration tests (#156) and tests can be run in parallel (6fb8c41)

  • There’s a new ‘Getting help’ section in the README.rst file (#161, #162), the documentation about SPLASH_SLOT_POLICY has been improved (#157) and a typo as been fixed (#121)

  • Made some internal improvements (ee5000d, 25de545, 2aaa79d)

0.7.2 (2017-03-30)

  • fixed issue with response type detection.

0.7.1 (2016-12-20)

  • Scrapy 1.0.x support is back;

... (truncated)

Commits

Updates requests from 2.10.0 to 2.31.0

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 9 updates
ca6b7e9 
Bumps the pip group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [lxml](https://github.com/lxml/lxml) | `3.6.0` | `4.9.1` |
| [flask](https://github.com/pallets/flask) | `0.10.1` | `2.2.5` |
| [flask-admin](https://github.com/flask-admin/flask-admin) | `1.4.0` | `1.5.3` |
| [scrapy](https://github.com/scrapy/scrapy) | `1.1.0` | `2.11.1` |
| [numpy](https://github.com/numpy/numpy) | `1.11.0` | `1.22.0` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `0.17.1` | `0.23.1` |
| [scipy](https://github.com/scipy/scipy) | `0.17.0` | `1.11.1` |
| [scrapy-splash](https://github.com/scrapy-plugins/scrapy-splash) | `0.7` | `0.8.0` |
| [requests](https://github.com/psf/requests) | `2.10.0` | `2.31.0` |



Updates `lxml` from 3.6.0 to 4.9.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-3.6.0...lxml-4.9.1)

Updates `flask` from 0.10.1 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@0.10.1...2.2.5)

Updates `flask-admin` from 1.4.0 to 1.5.3
- [Release notes](https://github.com/flask-admin/flask-admin/releases)
- [Changelog](https://github.com/flask-admin/flask-admin/blob/master/doc/changelog.rst)
- [Commits](pallets-eco/flask-admin@v1.4.0...v1.5.3)

Updates `scrapy` from 1.1.0 to 2.11.1
- [Release notes](https://github.com/scrapy/scrapy/releases)
- [Changelog](https://github.com/scrapy/scrapy/blob/master/docs/news.rst)
- [Commits](scrapy/scrapy@1.1.0...2.11.1)

Updates `numpy` from 1.11.0 to 1.22.0
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.11.0...v1.22.0)

Updates `scikit-learn` from 0.17.1 to 0.23.1
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@0.17.1...0.23.1)

Updates `scipy` from 0.17.0 to 1.11.1
- [Release notes](https://github.com/scipy/scipy/releases)
- [Commits](scipy/scipy@v0.17.0...v1.11.1)

Updates `scrapy-splash` from 0.7 to 0.8.0
- [Release notes](https://github.com/scrapy-plugins/scrapy-splash/releases)
- [Changelog](https://github.com/scrapy-plugins/scrapy-splash/blob/master/CHANGES.rst)
- [Commits](scrapy-plugins/scrapy-splash@0.7...0.8.0)

Updates `requests` from 2.10.0 to 2.31.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.10.0...v2.31.0)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-admin
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scrapy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: numpy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scipy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scrapy-splash
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 24, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github May 14, 2024

Superseded by #2.

@dependabot dependabot bot closed this May 14, 2024
@dependabot dependabot bot deleted the dependabot/pip/pip-6d7c45ab49 branch May 14, 2024 22:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants