akvo-rsr icon indicating copy to clipboard operation
akvo-rsr copied to clipboard

Published 20 hours ago verified publisher icon akvo

Bump cairosvg from 2.6.0 to 2.7.0 in /scripts/deployment/pip/requirements

Open dependabot[bot] opened this issue 2 years ago • 1 comments

Bumps cairosvg from 2.6.0 to 2.7.0.

Release notes

Sourced from cairosvg's releases.

2.7.0

WARNING: this is a security update.

When processing SVG files, CairoSVG could access other files online, possibly leading to very long renderings or other security problems.

This feature is now disabled by default. External resources can still be accessed using the "unsafe" or the "url_fetcher" parameter.

Changelog

Sourced from cairosvg's changelog.

Version 2.7.0 released on 2023-03-20

WARNING: this is a security update.

When processing SVG files, CairoSVG could access other files online, possibly leading to very long renderings or other security problems.

This feature is now disabled by default. External resources can still be accessed using the "unsafe" or the "url_fetcher" parameter.

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Mar 20 '23 21:03 dependabot[bot]

Coverage Status

Coverage: 68.242%. Remained the same when pulling 79065bc6f225443de26c17a890da42c197d60151 on dependabot/pip/scripts/deployment/pip/requirements/cairosvg-2.7.0 into 869b5c9774d03dba3d01fb9519419aabe169ea21 on master.

coveralls avatar Mar 20 '23 21:03 coveralls