substra-backend icon indicating copy to clipboard operation
substra-backend copied to clipboard

Published 20 hours ago verified publisher icon Substra

chore(deps): bump the production-dependencies group across 1 directory with 19 updates

Open dependabot[bot] opened this issue 6 months ago • 4 comments

Updates the requirements on django, structlog, celery, cryptography, djangorestframework-simplejwt, drf-spectacular, drf-nested-routers, pyjwt, kubernetes, uwsgi, grpcio, grpcio-tools, minio, django-filter, pydantic, redis, tqdm, watchdog and pyopenssl to permit the latest version. Updates django from 4.2.14 to 4.2.15

Commits
  • 4d32ebc [4.2.x] Bumped version for 4.2.15 release.
  • f4af67b [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection att...
  • efea1ef [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.htm...
  • d0a82e2 [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizet...
  • fc76660 [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in flo...
  • 7b1a76f [4.2.x] Added stub release notes and release date for 4.2.15.
  • 96a3497 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueEr...
  • c5d196a [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.
  • 8e59e33 [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39...
  • 72f6c7d [4.2.x] Post-release version bump.
  • See full diff in compare view

Updates structlog from 24.1.0 to 24.4.0

Release notes

Sourced from structlog's releases.

24.4.0

Highlights

This is just a docs / PyPI README update. No code changes whatsoever.

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), FilePreviews (@filepreviews), Klaviyo (@klaviyo), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Adam Hill (@adamghill), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), Stefan Hagen (@sthagen), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Mike Fiedler (@miketheman), Thomas Klinger (@thmsklngr), Duncan Hill (@cricalix), and Colin Marquardt (@cmarqu).

Not to forget 7 more amazing humans who chose to be generous but anonymous!

Full Changelog

Changed

No code changes since 24.3.0

Artifact Attestations

You can verify this release's artififact attestions using GitHub's CLI tool by downloading the sdist and wheel from PyPI and running:

$ gh attestation verify --owner hynek structlog-24.4.0.tar.gz

and

$ gh attestation verify --owner hynek structlog-24.4.0-py3-none-any.whl

24.3.0


Highlights


This is just a quick release so I can focus on my other projects. But do enjoy the improved traceback dict rendering and log level handling in testing!


</tr></table>

... (truncated)

Changelog

Sourced from structlog's changelog.

24.4.0 - 2024-07-17

Changed

No code changes since 24.3.0

24.3.0 - 2024-07-17

Added

  • Restore feature parity between structlog.traceback.ExceptionDictTransformer and Rich's traceback extractor:

    • When displaying locals, use Rich for formatting if it is available.
    • When displaying locals, call repr() on strings, too (improves handling of SecretStr implementations).
    • Add locals_max_length config option
    • Add locals_hide_sunder config option
    • Add locals_hide_dunder config option
    • Add suppress config option

    #627

Changed

  • structlog.testing.capture_logs() now maps the exception log level to error (as it's elsewhere). #628

24.2.0 - 2024-05-27

Added

  • It is now possible to disable log level-padding in structlog.dev.LogLevelColumnFormatter and structlog.dev.ConsoleRenderer. #599

  • The structlog.processors.CallsiteParameterAdder can now be pickled. #603

  • structlog.processors.CallsiteParameterAdder now also works with structlog.stdlib.BoundLogger's non-standard async methods (ainfo(), and so forth) #618

Changed

  • structlog.processors.LogfmtRenderer now escapes newlines. #592

  • structlog.processors.LogfmtRenderer now escapes backslashes and double quotes. #594

... (truncated)

Commits

Updates celery from 5.3.6 to 5.4.0

Release notes

Sourced from celery's releases.

v5.4.0

Celery v5.4.0 and v5.3.x have consistently focused on enhancing the overall QA, both internally and externally. This effort led to the new pytest-celery v1.0.0 release, developed concurrently with v5.3.0 & v5.4.0.

This release introduces two significant QA enhancements:

  • Smoke Tests: A new layer of automatic tests has been added to Celery's standard CI. These tests are designed to handle production scenarios and complex conditions efficiently. While new contributions will not be halted due to the lack of smoke tests, we will request smoke tests for advanced changes where appropriate.
  • Standalone Bug Report Script: The new pytest-celery plugin now allows for encapsulating a complete Celery dockerized setup within a single pytest script. Incorporating these into new bug reports will enable us to reproduce reported bugs deterministically, potentially speeding up the resolution process.

Contrary to the positive developments above, there have been numerous reports about issues with the Redis broker malfunctioning upon restarts and disconnections. Our initial attempts to resolve this were not successful (#8796). With our enhanced QA capabilities, we are now prepared to address the core issue with Redis (as a broker) again.

The rest of the changes for this release are grouped below, with the changes from the latest release candidate listed at the end.

What's Changed

  • Add a Task class specialised for Django (#8491)
  • Add Google Cloud Storage (GCS) backend (#8868)
  • Added documentation to the smoke tests infra (#8970)
  • Added a checklist item for using pytest-celery in a bug report (#8971)
  • Bugfix: Missing id on chain (#8798)
  • Bugfix: Worker not consuming tasks after Redis broker restart (#8796)
  • Catch UnicodeDecodeError when opening corrupt beat-schedule.db (#8806)
  • chore(ci): Enhance CI with workflow_dispatch for targeted debugging and testing (#8826)
  • Doc: Enhance "Testing with Celery" section (#8955)
  • Docfix: pip install celery[sqs] -> pip install "celery[sqs]" (#8829)
  • Enable efficient chord when using dynamicdb as backend store (#8783)
  • feat(daemon): allows daemonization options to be fetched from app settings (#8553)
  • Fix DeprecationWarning: datetime.datetime.utcnow() (#8726)
  • Fix recursive result parents on group in middle of chain (#8903)
  • Fix typos and grammar (#8915)
  • Fixed version documentation tag from #8553 in configuration.rst (#8802)
  • Hotfix: Smoke tests didn't allow customizing the worker's command arguments, now it does (#8937)
  • Make custom remote control commands available in CLI (#8489)
  • Print safe_say() to stdout for non-error flows (#8919)
  • Support moto 5.0 (#8838)
  • Update contributing guide to use ssh upstream url (#8881)
  • Update optimizing.rst (#8945)
  • Updated concurrency docs page. (#8753)

Dependencies Updates

  • Bump actions/setup-python from 4 to 5 (#8701)
  • Bump codecov/codecov-action from 3 to 4 (#8831)
  • Bump isort from 5.12.0 to 5.13.2 (#8772)
  • Bump msgpack from 1.0.7 to 1.0.8 (#8885)
  • Bump mypy from 1.8.0 to 1.9.0 (#8898)
  • Bump pre-commit to 3.6.1 (#8839)
  • Bump pre-commit/action from 3.0.0 to 3.0.1 (#8835)
  • Bump pytest from 8.0.2 to 8.1.1 (#8901)
  • Bump pytest-celery to v1.0.0 (#8962)
  • Bump pytest-cov to 5.0.0 (#8924)

... (truncated)

Changelog

Sourced from celery's changelog.

5.4.0

:release-date: 2024-04-17 :release-by: Tomer Nosrati

Celery v5.4.0 and v5.3.x have consistently focused on enhancing the overall QA, both internally and externally. This effort led to the new pytest-celery v1.0.0 release, developed concurrently with v5.3.0 & v5.4.0.

This release introduces two significant QA enhancements:

  • Smoke Tests: A new layer of automatic tests has been added to Celery's standard CI. These tests are designed to handle production scenarios and complex conditions efficiently. While new contributions will not be halted due to the lack of smoke tests, we will request smoke tests for advanced changes where appropriate.
  • Standalone Bug Report Script <https://docs.celeryq.dev/projects/pytest-celery/en/latest/userguide/celery-bug-report.html>_: The new pytest-celery plugin now allows for encapsulating a complete Celery dockerized setup within a single pytest script. Incorporating these into new bug reports will enable us to reproduce reported bugs deterministically, potentially speeding up the resolution process.

Contrary to the positive developments above, there have been numerous reports about issues with the Redis broker malfunctioning upon restarts and disconnections. Our initial attempts to resolve this were not successful (#8796). With our enhanced QA capabilities, we are now prepared to address the core issue with Redis (as a broker) again.

The rest of the changes for this release are grouped below, with the changes from the latest release candidate listed at the end.

Changes

- Add a Task class specialised for Django ([#8491](https://github.com/celery/celery/issues/8491))
- Add Google Cloud Storage (GCS) backend ([#8868](https://github.com/celery/celery/issues/8868))
- Added documentation to the smoke tests infra ([#8970](https://github.com/celery/celery/issues/8970))
- Added a checklist item for using pytest-celery in a bug report ([#8971](https://github.com/celery/celery/issues/8971))
- Bugfix: Missing id on chain ([#8798](https://github.com/celery/celery/issues/8798))
- Bugfix: Worker not consuming tasks after Redis broker restart ([#8796](https://github.com/celery/celery/issues/8796))
- Catch UnicodeDecodeError when opening corrupt beat-schedule.db ([#8806](https://github.com/celery/celery/issues/8806))
- chore(ci): Enhance CI with `workflow_dispatch` for targeted debugging and testing ([#8826](https://github.com/celery/celery/issues/8826))
- Doc: Enhance "Testing with Celery" section ([#8955](https://github.com/celery/celery/issues/8955))
- Docfix: pip install celery[sqs] -> pip install "celery[sqs]" ([#8829](https://github.com/celery/celery/issues/8829))
- Enable efficient `chord` when using dynamicdb as backend store ([#8783](https://github.com/celery/celery/issues/8783))
- feat(daemon): allows daemonization options to be fetched from app settings ([#8553](https://github.com/celery/celery/issues/8553))
- Fix DeprecationWarning: datetime.datetime.utcnow() ([#8726](https://github.com/celery/celery/issues/8726))
- Fix recursive result parents on group in middle of chain ([#8903](https://github.com/celery/celery/issues/8903))
- Fix typos and grammar ([#8915](https://github.com/celery/celery/issues/8915))
- Fixed version documentation tag from [#8553](https://github.com/celery/celery/issues/8553) in configuration.rst ([#8802](https://github.com/celery/celery/issues/8802))
- Hotfix: Smoke tests didn't allow customizing the worker's command arguments, now it does ([#8937](https://github.com/celery/celery/issues/8937))
- Make custom remote control commands available in CLI ([#8489](https://github.com/celery/celery/issues/8489))
- Print safe_say() to stdout for non-error flows ([#8919](https://github.com/celery/celery/issues/8919))
- Support moto 5.0 ([#8838](https://github.com/celery/celery/issues/8838))
- Update contributing guide to use ssh upstream url ([#8881](https://github.com/celery/celery/issues/8881))
- Update optimizing.rst ([#8945](https://github.com/celery/celery/issues/8945))
- Updated concurrency docs page. ([#8753](https://github.com/celery/celery/issues/8753))

Dependencies Updates
  • Bump actions/setup-python from 4 to 5 (#8701)
  • Bump codecov/codecov-action from 3 to 4 (#8831)

... (truncated)

Commits

Updates cryptography from 42.0.5 to 43.0.0

Changelog

Sourced from cryptography's changelog.

43.0.0 - 2024-07-20


* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
  removed.  Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
  now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
  considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
  now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
  insecure cryptographic primitives.
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
  deprecated in 37.0.0, have been added to this module. They will be removed
  from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
  and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
  :doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
  They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
  :mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
  form of :class:`~cryptography.x509.verification.ClientVerifier`,
  :class:`~cryptography.x509.verification.VerifiedClient`, and
  ``PolicyBuilder``
  :meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
  :attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
  and Certificate Signing Request
  :attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
  to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
  Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
  timezone-aware alternative to the naïve ``datetime`` attribute
  :attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
  :meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
  :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
  :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table>

... (truncated)

Commits

Updates djangorestframework-simplejwt from 5.2.2 to 5.3.1

Release notes

Sourced from djangorestframework-simplejwt's releases.

v5.3.1

What's Changed

Full Changelog: https://github.com/jazzband/djangorestframework-simplejwt/compare/v5.3.0...v5.3.1

v5.3.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from djangorestframework-simplejwt's changelog.

5.3.1

What's Changed

  • Remove EOL Python, Django and DRF version support by @​KOliver94 in #754
  • Declare support for type checking (closes #664) by @​PedroPerpetua in #760
  • Remove usages of deprecated datetime.utcnow() and datetime.utcfromtimestamp() in #765

Translation Updates:

5.3.0

Notable Changes:

Documentation:

  • Added write_only=True to TokenBlacklistSerializer's refresh field for better doc generation by @​Yaser-Amiri #699
  • Updated docs on serializer customization by @​2ykwang #668

Translation Updates:

Commits

Updates drf-spectacular from 0.25.1 to 0.27.2

Release notes

Sourced from drf-spectacular's releases.

0.27.2

Important notes

  • Some bugfixes and some functionality gaps closed.

PRs

New Contributors

Full Changelog: https://github.com/tfranzel/drf-spectacular/compare/0.27.1...0.27.2

0.27.1

Important notes

  • Fixed some OAS 3.1 corner cases and added support for Webhooks (3.1) in addition to existing Callbacks

PRs

New Contributors

Full Changelog: https://github.com/tfranzel/drf-spectacular/compare/0.27.0...0.27.1

... (truncated)

Changelog

Sourced from drf-spectacular's changelog.

0.27.2 (2024-04-01)

  • fix non-translated enum override hash [#1198](https://github.com/tfranzel/drf-spectacular/issues/1198) <https://github.com/tfranzel/drf-spectacular/issues/1198>_
  • higher order hints for @​extend_schema_field (case 2) [#1174](https://github.com/tfranzel/drf-spectacular/issues/1174) <https://github.com/tfranzel/drf-spectacular/issues/1174>_ [#1212](https://github.com/tfranzel/drf-spectacular/issues/1212) <https://github.com/tfranzel/drf-spectacular/issues/1212>_
  • Add support for TypeAliasType ([#1214](https://github.com/tfranzel/drf-spectacular/issues/1214) <https://github.com/tfranzel/drf-spectacular/issues/1214>_) [igorgaming]
  • DRF 3.15 counteract new assertion for tests
  • Add a specific Action Wrapper for OAuth Authorization requests [#1190](https://github.com/tfranzel/drf-spectacular/issues/1190) <https://github.com/tfranzel/drf-spectacular/issues/1190>_ [Bram Esposito]
  • Update SWAGGER_UI_DIST settings.rst [Alfie Day]
  • fix custom http_method_names for actions [#1184](https://github.com/tfranzel/drf-spectacular/issues/1184) <https://github.com/tfranzel/drf-spectacular/issues/1184>_
  • Add support for direct usage of higher order hints [#1174](https://github.com/tfranzel/drf-spectacular/issues/1174) <https://github.com/tfranzel/drf-spectacular/issues/1174>_
  • Document extend_schema_view support for @action ([#1178](https://github.com/tfranzel/drf-spectacular/issues/1178) <https://github.com/tfranzel/drf-spectacular/issues/1178>_) [johnthagen]
  • remove official 3.6 support due to upstream breakage.
  • Add auth extension for django-rest-knox [Callum Gare]
  • fix yaml encoder for OrderedDict objects [#1158](https://github.com/tfranzel/drf-spectacular/issues/1158) <https://github.com/tfranzel/drf-spectacular/issues/1158>_
  • fix linter warning [#1158](https://github.com/tfranzel/drf-spectacular/issues/1158) <https://github.com/tfranzel/drf-spectacular/issues/1158>_
  • Update link to redoc settings [Andrey Otto]
  • Add tags support to OpenApiWebhook [Federico Bond]
  • set Cross-Origin-Opener-Policy on Swagger-UI view [ftsell]

Breaking changes / important additions:

  • Some bugfixes and some functionality gaps closed.

0.27.1 (2024-01-18)

  • differentiate test cases for 3.1 null cases [#1139](https://github.com/tfranzel/drf-spectacular/issues/1139) <https://github.com/tfranzel/drf-spectacular/issues/1139>_
  • add enum suffix setting [Jonny Beaumont]
  • Fix handling of metadata when using OAS 3.1 [Viicos]
  • Provide all fixed field names for the components object [Sergei Maertens]
  • coerse Decimal to float format explicitly [#1134](https://github.com/tfranzel/drf-spectacular/issues/1134) <https://github.com/tfranzel/drf-spectacular/issues/1134>_
  • bugfix test [#1133](https://github.com/tfranzel/drf-spectacular/issues/1133) <https://github.com/tfranzel/drf-spectacular/issues/1133>_
  • add OAS 3.1 null translation case [#1133](https://github.com/tfranzel/drf-spectacular/issues/1133) <https://github.com/tfranzel/drf-spectacular/issues/1133>_
  • Add OpenAPI 3.1 webhook support [Federico Bond]
  • add OAS 3.1 null case

Breaking changes / important additions:

  • Fixed some OAS 3.1 corner cases and added support for Webhooks (3.1) in addition to existing Callbacks

0.27.0 (2023-12-12)

  • improve mypy typing [#600](https://github.com/tfranzel/drf-spectacular/issues/600) <https://github.com/tfranzel/drf-spectacular/issues/600>_
  • add django 5 to test suite and adapt to changes [#1126](https://github.com/tfranzel/drf-spectacular/issues/1126) <https://github.com/tfranzel/drf-spectacular/issues/1126>_
  • Use correctly allowed http methods for schema generation [Jekel]
  • OAS 3.1
  • Fix Enum collision with same choices & varying labels [#790](https://github.com/tfranzel/drf-spectacular/issues/790) <https://github.com/tfranzel/drf-spectacular/issues/790>_ [#1104](https://github.com/tfranzel/drf-spectacular/issues/1104) <https://github.com/tfranzel/drf-spectacular/issues/1104>_
  • Undo adding middleware [Jelmer Draaijer]

... (truncated)

Commits

dependabot[bot] avatar Aug 29 '24 07:08 dependabot[bot]