aduana
aduana copied to clipboard
Bump the pip group across 1 directory with 3 updates
Bumps the pip group with 3 updates in the / directory: gevent, requests and pyopenssl.
Updates gevent
from 1.0.2 to 23.9.0
Release notes
Sourced from gevent's releases.
1.2.2
No release notes provided.
1.1.2
- Python 2:
sendall
on a non-blocking socket could spuriously fail with a timeout.- If
sys.stderr
has been monkey-patched (not recommended), exceptions that the hub reports aren't lost and can still be caught. Reported in :issue:825
by Jelle Smet.- :class:
selectors.SelectSelector
is properly monkey-patched regardless of the order of imports. Reported in :issue:835
by Przemysław Węgrzyn.- Python 2:
reload(site)
no longer fails with aTypeError
if gevent has been imported. Reported in :issue:805
by Jake Hilton.1.1.1 (Apr 4, 2016)
- Nested callbacks that set and clear an Event no longer cause
wait
to return prematurely. Reported in :issue:771
by Sergey Vasilyev.- Fix build on Solaris 10. Reported in :issue:
777
by wiggin15.- The
ref
parameter to :func:gevent.os.fork_and_watch
was being ignored.- Python 3: :class:
gevent.queue.Channel
is now correctly iterable, instead of raising a :exc:TypeError
.- Python 3: Add support for :meth:
socket.socket.sendmsg
, :meth:socket.socket.recvmsg
and :meth:socket.socket.recvmsg_into
on platforms where they are defined. Initial :pr:773
by Jakub Klama.1.1.0
- Python 3: A monkey-patched :class:
threading.RLock
now properly blocks (or deadlocks) inacquire
if the default value for timeout of -1 is used (which differs from gevent's default of None). Theacquire
method also raises the same :exc:ValueError
exceptions that the standard library does for invalid parameters. Reported in #750 by Joy Zheng.- Fix a race condition in :class:
~gevent.event.Event
that made it returnFalse
when the event was set and cleared by the same greenlet before allowing a switch to already waiting greenlets. (Found by the 3.4 and 3.5 standard library test suites; the same as Pythonbug 13502
_. Note that the Python 2 standard library still has this race condition.)- :class:
~gevent.event.Event
and :class:~.AsyncResult
now wake waiting greenlets in the same (unspecified) order. Previously,AsyncResult
tended to use a FIFO order, but this was never guaranteed. Both classes also use less per-instance memory.- Using a :class:
~logging.Logger
as a :mod:pywsgi
error or request log stream no longer produces extra newlines. Reported in #756 by ael-code.- Windows: Installing from an sdist (.tar.gz) on PyPI no longer requires having Cython installed first. (Note that the binary installation
... (truncated)
Changelog
Sourced from gevent's changelog.
================= Changes for 1.0
.. currentmodule:: gevent
Commits
693181e
Preparing release 23.9.06fc7898
Set the cython version; go back to default wheel tags.666e374
Had the constraint wrong.74ef876
Tweaking the build, and it seems like the greenlet stack issue should be fixed.b652e2a
Error handling adjustments from running under a debug build.70e7318
Tweaking tests and comments; temporary workarounds for 3.12 to enable builds.495e37a
Workaround the 3.12 traceback issue again.2f53c85
gevent.pywsgi: Much improved handling of chunk trailers.bb06d2d
Test builds with greenlet assertions enabled.6b22af0
pyproject.toml: Bump to latest cython.- Additional commits viewable in compare view
Updates requests
from 2.5.3 to 2.31.0
Release notes
Sourced from requests's releases.
v2.31.0
2.31.0 (2023-05-22)
Security
Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of
Proxy-Authorization
headers to destination servers when following HTTPS redirects.When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a
Proxy-Authorization
header that is attached to the request to authenticate with the proxy.In cases where Requests receives a redirect response, it previously reattached the
Proxy-Authorization
header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.
Full details can be read in our Github Security Advisory and CVE-2023-32681.
v2.30.0
2.30.0 (2023-05-03)
Dependencies
⚠️ Added support for urllib3 2.0. ⚠️
This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to
urllib3<2
.v2.29.0
2.29.0 (2023-04-26)
Improvements
... (truncated)
Changelog
Sourced from requests's changelog.
2.31.0 (2023-05-22)
Security
Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of
Proxy-Authorization
headers to destination servers when following HTTPS redirects.When proxies are defined with user info (
https://user:pass@proxy:8080
), Requests will construct aProxy-Authorization
header that is attached to the request to authenticate with the proxy.In cases where Requests receives a redirect response, it previously reattached the
Proxy-Authorization
header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.
Full details can be read in our Github Security Advisory and CVE-2023-32681.
2.30.0 (2023-05-03)
Dependencies
⚠️ Added support for urllib3 2.0. ⚠️
This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to
urllib3<2
.2.29.0 (2023-04-26)
Improvements
- Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
- Requests relaxes header component requirements to support bytes/str subclasses. (#6356)
2.28.2 (2023-01-12)
... (truncated)
Commits
147c851
v2.31.074ea7cf
Merge pull request from GHSA-j8r2-6x86-q33q3022253
test on pypy 3.8 and pypy 3.9 on windows and macos (#6424)b639e66
test on py3.12 (#6448)d3d5044
Fixed a small typo (#6452)2ad18e0
v2.30.0f2629e9
Remove strict parameter (#6434)87d63de
v2.29.051716c4
enable the warnings plugin (#6416)a7da1ab
try on ubuntu 22.04 (#6418)- Additional commits viewable in compare view
Updates pyopenssl
from 0.14 to 17.5.0
Changelog
Sourced from pyopenssl's changelog.
17.5.0 (2017-11-30)
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum
cryptography
version is now 2.1.4.Deprecations: ^^^^^^^^^^^^^
none
Changes: ^^^^^^^^
- Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with
cacerts
.[#723](https://github.com/pyca/pyopenssl/issues/723) <https://github.com/pyca/pyopenssl/pull/723>
_- Added
Connection.export_keying_material
for RFC 5705 compatible export of keying material.[#725](https://github.com/pyca/pyopenssl/issues/725) <https://github.com/pyca/pyopenssl/pull/725>
_
17.4.0 (2017-11-21)
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
none
Deprecations: ^^^^^^^^^^^^^
none
Changes: ^^^^^^^^
- Re-added a subset of the
OpenSSL.rand
module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
... (truncated)
Commits
d21fcd8
17.5.0 version bump (#726)bdb7639
Export keying material support (#725)e738186
fix a memory leak and a potential UAF and also #722 (#723)f724786
Pin pytest until we drop 2.6 (#721)736c621
define all to make wildcard import work (#719)57051a5
reopen master (#718)e61e202
Require urllib3 tests to pass; fixes #712 (#716)5a3fb40
bump to 17.4.0 (#714)acbd662
restore a subset of the rand module (#708)4aa52c3
Don't use things after they're freed...duh (#709)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) -
@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) -
@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) -
@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency -
@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.