Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the production-dependencies group across 1 directory with 9 updates #1019

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the production-dependencies group across 1 directory with 9 updates #1019

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2024
edited
Loading

Bumps the production-dependencies group with 9 updates in the /backend directory:

Package From To
cryptography 43.0.1 44.0.0
drf-spectacular 0.27.2 0.28.0
psycopg2-binary 2.9.9 2.9.10
uwsgi 2.0.27 2.0.28
grpcio 1.66.2 1.68.0
grpcio-tools 1.66.2 1.68.0
minio 7.2.9 7.2.10
pydantic 2.9.2 2.10.2
redis 5.1.0 5.2.0

Updates cryptography from 43.0.1 to 44.0.0

Changelog

Sourced from cryptography's changelog.

44.0.0 - 2024-11-27


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
  Python core team. Support for Python 3.7 will be removed in a future
  ``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
  versions of macOS should upgrade, or they will need to build
  ``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions must
  not be empty.
* Added support for timestamp extraction to the
  :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
  during X.509 verification to allow fields permitted by :rfc:`5280` but
  forbidden by the CA/Browser BRs.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
  when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.

.. _v43-0-3:


43.0.3 - 2024-10-18

  • Fixed release metadata for cryptography-vectors

.. _v43-0-2:

43.0.2 - 2024-10-18


* Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

Commits

Updates drf-spectacular from 0.27.2 to 0.28.0

Release notes

Sourced from drf-spectacular's releases.

0.28.0

Important notes

  • Y-stream release due to the amount of small but important changes.
  • Pydantic users might see a slightly different schema due to the change in serialization method.

PRs

New Contributors

Full Changelog: tfranzel/drf-spectacular@0.27.2...0.28.0

Changelog

Sourced from drf-spectacular's changelog.

0.28.0 (2024-11-30)

  • Fix lazy_reverse bug in views ([#1339](https://github.com/tfranzel/drf-spectacular/issues/1339) <https://github.com/tfranzel/drf-spectacular/issues/1339>_)
  • Extend query params explosion of non-DRF serializer [#1315](https://github.com/tfranzel/drf-spectacular/issues/1315) <https://github.com/tfranzel/drf-spectacular/issues/1315>_
  • consider pk_field on PrimaryKeyRelatedField when set [#1335](https://github.com/tfranzel/drf-spectacular/issues/1335) <https://github.com/tfranzel/drf-spectacular/issues/1335>_
  • fix unused OAuth2 scopes override [#1319](https://github.com/tfranzel/drf-spectacular/issues/1319) <https://github.com/tfranzel/drf-spectacular/issues/1319>_
  • bugfix @​extend_schema_field raw schema already in OAS3.1
  • some minors (resolves [#1147](https://github.com/tfranzel/drf-spectacular/issues/1147) <https://github.com/tfranzel/drf-spectacular/issues/1147>_)
  • fix OAS3.1 validator omission [#1302](https://github.com/tfranzel/drf-spectacular/issues/1302) <https://github.com/tfranzel/drf-spectacular/issues/1302>_
  • guard against broken dir impl [#1296](https://github.com/tfranzel/drf-spectacular/issues/1296) <https://github.com/tfranzel/drf-spectacular/issues/1296>_
  • Add Django 5.1 as classifier [jelmert]
  • No extra items in the oneOf list [Vladimir]
  • parametrize component registry identity [#1288](https://github.com/tfranzel/drf-spectacular/issues/1288) <https://github.com/tfranzel/drf-spectacular/issues/1288>_
  • make operation_id action position configurable [#1264](https://github.com/tfranzel/drf-spectacular/issues/1264) <https://github.com/tfranzel/drf-spectacular/issues/1264>_
  • Fix for incorrect issubclass() check. [Mike Moore]
  • Correct the documentation of how to import extension snippets [Alan Crosswell]
  • Update OpenAPI docs links [Nils Van Zuijlen]
  • mitigate false positive in Django Debug Toolbar [#1159](https://github.com/tfranzel/drf-spectacular/issues/1159) <https://github.com/tfranzel/drf-spectacular/issues/1159>_
  • Additional testcase [Marti Raudsepp]
  • Fix ChoiceField schema type with empty choices=[] [Marti Raudsepp]
  • handle examples with nested properties pagination [François Rejeté]
  • add choice field display method handling [#1228](https://github.com/tfranzel/drf-spectacular/issues/1228) <https://github.com/tfranzel/drf-spectacular/issues/1228>_
  • Add support for stateless user authentication in SimpleJWT ([#1221](https://github.com/tfranzel/drf-spectacular/issues/1221) <https://github.com/tfranzel/drf-spectacular/issues/1221>_) [Willem Meints]
  • fix: set pydantic json mode to serialization [Eric Butler]
  • fix: extend_schema_field with dict param and oas 3.1 [Eric Butler]

Breaking changes / important additions:

  • Y-stream release due to the amount of small but important changes.
  • Pydantic users might see a slightly different schema due to the change in serialization method.
Commits

Updates psycopg2-binary from 2.9.9 to 2.9.10

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.13.
  • Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
  • Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.12.
  • Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
  • Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
  • Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Package manylinux 2014 for aarch64 and ppc64le platforms, in order to include libpq 15 in the binary package (:ticket:[#1396](https://github.com/psycopg/psycopg2/issues/1396)).
  • Wheel package bundled with OpenSSL 1.1.1t.

What's new in psycopg 2.9.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.11.
  • Add support for rowcount in MERGE statements in binary packages (:ticket:[#1497](https://github.com/psycopg/psycopg2/issues/1497)).

... (truncated)

Commits
  • a805acf chore: bump to version 2.9.10
  • 78561ac Merge pull request #1728 from romank0/fetch-notifications-on-commit
  • 5283a83 chore: add TransactionTimeout error, added in PostgreSQL 17
  • f64dd39 docs: add news entry about notifications on commit
  • cba6d39 removes duplication in tests
  • 282360d adds notifications processing after every PQexec
  • 362cb00 Adds notifies processing in pq_commit
  • eaeeb76 Merge pull request #1729 from edgarrmondragon/1692-py313-wheels
  • 4987362 ci(windows): drop Python 3.8 packages
  • 8c9a35d ci: test with PostgreSQL 17
  • Additional commits viewable in compare view

Updates uwsgi from 2.0.27 to 2.0.28

Updates grpcio from 1.66.2 to 1.68.0

Release notes

Sourced from grpcio's releases.

Release v1.68.0

This is release 1.68.0 (groovy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [XdsClient][Backport] Add missing authority to XdsClient metrics scope (#38009). (#38023)
  • [Release] Bump core version in preparation for 1.68 Branch Cut. (#37941)
  • [ConfigFetcher] Set HTTP2 error to NO_ERROR to do graceful GOAWAYs. (#37939)
  • [ruby] reduce INFO log for server CQ pluck registration to DEBUG. (#37633)
  • [EventEngine] Enable the PosixEventEngine client experiment. (#35985)
  • [chttp2_server] Fix race between connection starting and it being orphaned. (#37683)
  • [Chttp2Server] Fix race between connection manager updates and handshake. (#37772)
  • [xds] Fix XdsClient race between ResourceDoesNotExist timer and receiving resources. (#37678)

C++

  • [Build] Minimum version of MSVC is now 2022. (#37687)
  • [Build] Bumped the minimum version of cmake. (#37702)

Python

  • Add templating and support for Python 3.13. (#37643)

Release v1.68.0-pre1

This is a prerelease of gRPC Core 1.68.0 (groovy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.67.1

This is release gRPC Core 1.67.1 (gesundheit). This is a Python-only patch release.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Release v1.67.0

This is release 1.67.0 (gesundheit) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

... (truncated)

Commits
  • 6b49ae6 [Release] Bump v.1.68.x to 1.68.0 (#38124)
  • 2bcf835 [Backport][chttp2] Fix channelz address (#38022) (#38027)
  • 5801d12 [XdsClient][Backport] Add missing authority to XdsClient metrics scope (#3800...
  • 62e547b Bump v1.68.x version to v1.68.0-pre1 (#38001)
  • 1178b2d [retry e2e test] add log message about known flakiness (#37974)
  • c5999db [call-v3] Fix leak with cq-based server (#37972)
  • eacb2f7 Changed Bazel/Workspace to use @​com_google_protobuf//python/dist:syst… (#37971)
  • 14f22c7 [EventEngine] Disable the backup poller if all EventEngine experiments are ru...
  • 4662017 [EE] Prevent crash when address can't be resolved (#37952)
  • c3e83b8 [Release] Bump core version in preparation for 1.68 Branch Cut (#37941)
  • Additional commits viewable in compare view

Updates grpcio-tools from 1.66.2 to 1.68.0

Release notes

Sourced from grpcio-tools's releases.

Release v1.68.0

This is release 1.68.0 (groovy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [XdsClient][Backport] Add missing authority to XdsClient metrics scope (#38009). (#38023)
  • [Release] Bump core version in preparation for 1.68 Branch Cut. (#37941)
  • [ConfigFetcher] Set HTTP2 error to NO_ERROR to do graceful GOAWAYs. (#37939)
  • [ruby] reduce INFO log for server CQ pluck registration to DEBUG. (#37633)
  • [EventEngine] Enable the PosixEventEngine client experiment. (#35985)
  • [chttp2_server] Fix race between connection starting and it being orphaned. (#37683)
  • [Chttp2Server] Fix race between connection manager updates and handshake. (#37772)
  • [xds] Fix XdsClient race between ResourceDoesNotExist timer and receiving resources. (#37678)

C++

  • [Build] Minimum version of MSVC is now 2022. (#37687)
  • [Build] Bumped the minimum version of cmake. (#37702)

Python

  • Add templating and support for Python 3.13. (#37643)

Release v1.68.0-pre1

This is a prerelease of gRPC Core 1.68.0 (groovy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.67.1

This is release gRPC Core 1.67.1 (gesundheit). This is a Python-only patch release.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Release v1.67.0

This is release 1.67.0 (gesundheit) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

... (truncated)

Commits
  • 6b49ae6 [Release] Bump v.1.68.x to 1.68.0 (#38124)
  • 2bcf835 [Backport][chttp2] Fix channelz address (#38022) (#38027)
  • 5801d12 [XdsClient][Backport] Add missing authority to XdsClient metrics scope (#3800...
  • 62e547b Bump v1.68.x version to v1.68.0-pre1 (#38001)
  • 1178b2d [retry e2e test] add log message about known flakiness (#37974)
  • c5999db [call-v3] Fix leak with cq-based server (#37972)
  • eacb2f7 Changed Bazel/Workspace to use @​com_google_protobuf//python/dist:syst… (#37971)
  • 14f22c7 [EventEngine] Disable the backup poller if all EventEngine experiments are ru...
  • 4662017 [EE] Prevent crash when address can't be resolved (#37952)
  • c3e83b8 [Release] Bump core version in preparation for 1.68 Branch Cut (#37941)
  • Additional commits viewable in compare view

Updates minio from 7.2.9 to 7.2.10

Release notes

Sourced from minio's releases.

Bugfix Release

What's Changed

New Contributors

Full Changelog: minio/minio-py@7.2.9...7.2.10

Commits

Updates pydantic from 2.9.2 to 2.10.2

Release notes

Sourced from pydantic's releases.

v2.10.2 2024-11-26

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.10.1...v2.10.2

v2.10.1 2024-11-21

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.10.0...v2.10.1

v2.10.0 2024-11-20

The code released in v2.10.0 is practically identical to that of v2.10.0b2. See the v2.10 release blog post for the highlights!

What's Changed

Packaging

New Features

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.10.2 (2024-11-25)

GitHub release

What's Changed

Fixes

v2.10.1 (2024-11-21)

GitHub release

What's Changed

Packaging

Fixes

New Contributors

v2.10.0 (2024-11-20)

The code released in v2.10.0 is practically identical to that of v2.10.0b2.

GitHub release

See the v2.10 release blog post for the highlights!

What's Changed

Packaging

... (truncated)

Commits

Updates redis from 5.1.0 to 5.2.0

Release notes

Sourced from redis's releases.

5.2.0

Changes

🚀 New Features

  • Extend AggregateRequest with scorer argument (#3409)

🧰 Maintenance

  • Pin pytest-profiling version due to the bug (#3417)

Contributors

We'd like to thank all the contributors who worked on this release!

@​uglide @​rbs333 @​vladvildanov @​dwdougherty

5.1.1

Changes

5.1.1

🐛 Bug Fixes

  • Fixed return type for Redis Set commands to be Set instead of List (#3399)
  • Fixed bug with partial Hiredis availability (#3400)
  • Fixed bug with async pipeline and cluster fails with some commands (#3402)

5.1.0

🚀 New Features

How to start with Client-side caching?

  1. Install redis-py 5.1.0
  2. Use the following code snippet:
r = Redis(protocol=3, cache_config=CacheConfig())
cache = r.get_cache()
r.set("foo", "bar")
get key from redis and save in local cache
print(r.get("foo"))
get key from local cache
print(cache.get(CacheKey(command="GET", redis_keys=("foo",))).cache_value)
change key in redis (cause invalidation)
r.set("foo", "barbar")
Retrieves a new value from server and cache it
print(r.get("foo"))
Make sure that new value was cached
</tr></table>

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-dependencies group across 1 director…
2cc6632 
…y with 9 updates

Bumps the production-dependencies group with 9 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [cryptography](https://github.com/pyca/cryptography) | `43.0.1` | `44.0.0` |
| [drf-spectacular](https://github.com/tfranzel/drf-spectacular) | `0.27.2` | `0.28.0` |
| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.9` | `2.9.10` |
| [uwsgi](https://uwsgi-docs.readthedocs.io/en/latest/) | `2.0.27` | `2.0.28` |
| [grpcio](https://github.com/grpc/grpc) | `1.66.2` | `1.68.0` |
| [grpcio-tools](https://github.com/grpc/grpc) | `1.66.2` | `1.68.0` |
| [minio](https://github.com/minio/minio-py) | `7.2.9` | `7.2.10` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.9.2` | `2.10.2` |
| [redis](https://github.com/redis/redis-py) | `5.1.0` | `5.2.0` |



Updates `cryptography` from 43.0.1 to 44.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.0)

Updates `drf-spectacular` from 0.27.2 to 0.28.0
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](tfranzel/drf-spectacular@0.27.2...0.28.0)

Updates `psycopg2-binary` from 2.9.9 to 2.9.10
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](psycopg/psycopg2@2.9.9...2.9.10)

Updates `uwsgi` from 2.0.27 to 2.0.28

Updates `grpcio` from 1.66.2 to 1.68.0
- [Release notes](https://github.com/grpc/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](grpc/grpc@v1.66.2...v1.68.0)

Updates `grpcio-tools` from 1.66.2 to 1.68.0
- [Release notes](https://github.com/grpc/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](grpc/grpc@v1.66.2...v1.68.0)

Updates `minio` from 7.2.9 to 7.2.10
- [Release notes](https://github.com/minio/minio-py/releases)
- [Commits](minio/minio-py@7.2.9...7.2.10)

Updates `pydantic` from 2.9.2 to 2.10.2
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.9.2...v2.10.2)

Updates `redis` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: psycopg2-binary
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: uwsgi
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: grpcio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: grpcio-tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: minio
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner December 1, 2024 08:20
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 1, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 1, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 1, 2025
@dependabot dependabot bot deleted the dependabot/pip/backend/production-dependencies-c881a58a4c branch January 1, 2025 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants