Bump the pip group across 1 directory with 18 updates #3

dependabot · 2024-07-15T18:14:54Z

Bumps the pip group with 17 updates in the / directory:

Package	From	To
fastapi	`0.92.0`	`0.109.1`
pydantic	`1.10.7`	`1.10.13`
python-multipart	`0.0.6`	`0.0.7`
qdrant-client	`1.1.1`	`1.9.0`
redis	`4.5.1`	`4.5.4`
aiohttp	`3.8.4`	`3.9.4`
authlib	`1.2.0`	`1.3.1`
certifi	`2022.12.7`	`2024.7.4`
cryptography	`40.0.1`	`42.0.4`
dnspython	`2.3.0`	`2.6.1`
idna	`3.4`	`3.7`
langchain	`0.0.133`	`0.2.3`
pillow	`9.5.0`	`10.3.0`
pycryptodomex	`3.17`	`3.19.1`
setuptools	`67.6.1`	`70.0.0`
tqdm	`4.65.0`	`4.66.3`
urllib3	`1.26.15`	`1.26.19`

Updates fastapi from 0.92.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Updates pydantic from 1.10.7 to 1.10.13

Release notes

Sourced from pydantic's releases.

V1.10.13 2023-09-27

What's Changed

Update pip commands to install 1.10 by @chbndrhnns in pydantic/pydantic#6930

Make the v1 mypy plugin work with both v1 and v2 by @dmontagu in pydantic/pydantic#6920

[Backport] Add max length check to validate_email by @hramezani in pydantic/pydantic#7673

Full Changelog: pydantic/pydantic@v1.10.12...v1.10.13

V1.10.12

What's Changed

Deque's maxlen property dropped on V1 validation by @maciekglowka in pydantic/pydantic#6586

Prepare release 1.10.12 by @hramezani in pydantic/pydantic#6825

New Contributors

@maciekglowka made their first contribution in pydantic/pydantic#6586

Full Changelog: pydantic/pydantic@v1.10.11...v1.10.12

V1.10.11

What's Changed

Fix import of create_model in tools.py by @SharathHuddar in pydantic/pydantic#6364

Prepare for 1.10.11 by @hramezani in pydantic/pydantic#6420

New Contributors

@SharathHuddar made their first contribution in pydantic/pydantic#6364

Full Changelog: pydantic/pydantic@v1.10.10...v1.10.11

V1.10.10

What's Changed

Fix racy doctests by @K900 in pydantic/pydantic#6103

✅ Update FastAPI test script by @Kludex in pydantic/pydantic#6117

add roadmap to annoucement by @samuelcolvin in pydantic/pydantic#6120

Fixed literal validator errors for unhashable values by @markus1978 in pydantic/pydantic#6194

Bug fix for forward refs in generics by @mark-todd in pydantic/pydantic#6157

Add Pydantic Json field support to settings management by @hramezani in pydantic/pydantic#6250

New Contributors

@K900 made their first contribution in pydantic/pydantic#6103

@markus1978 made their first contribution in pydantic/pydantic#6194

Full Changelog: pydantic/pydantic@v1.10.9...v1.10.10

V1.10.9

What's Changed

Add Pydantic classifier by @hramezani in pydantic/pydantic#5847

📌 Use Cython < v3 by @lig in pydantic/pydantic#5845

[cherry-pick] Fix mypy plugin for 1.4.0 (#5927) by @cdce8p in pydantic/pydantic#5928

Add future and past date hypothesis strategies by @bschoenmaeckers in pydantic/pydantic#5850

... (truncated)

Changelog

Sourced from pydantic's changelog.

v1.10.13 (2023-09-27)

Fix: Add max length check to pydantic.validate_email, #7673 by @hramezani

Docs: Fix pip commands to install v1, #6930 by @chbndrhnns

v1.10.12 (2023-07-24)

Fixes the maxlen property being dropped on deque validation. Happened only if the deque item has been typed. Changes the _validate_sequence_like func, #6581 by @maciekglowka

v1.10.11 (2023-07-04)

Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, #6361 by @SharathHuddar

v1.10.10 (2023-06-30)

Add Pydantic Json field support to settings management, #6250 by @hramezani

Fixed literal validator errors for unhashable values, #6188 by @markus1978

Fixed bug with generics receiving forward refs, #6130 by @mark-todd

Update install method of FastAPI for internal tests in CI, #6117 by @Kludex

v1.10.9 (2023-06-07)

Fix trailing zeros not ignored in Decimal validation, #5968 by @hramezani

Fix mypy plugin for v1.4.0, #5928 by @cdce8p

Add future and past date hypothesis strategies, #5850 by @bschoenmaeckers

Discourage usage of Cython 3 with Pydantic 1.x, #5845 by @lig

v1.10.8 (2023-05-23)

Fix a bug in Literal usage with typing-extension==4.6.0, #5826 by @hramezani

This solves the (closed) issue #3849 where aliased fields that use discriminated union fail to validate when the data contains the non-aliased field name, #5736 by @benwah

Update email-validator dependency to >=2.0.0post2, #5627 by @adriangb

update AnyClassMethod for changes in python/typeshed#9771, #5505 by @ITProKyle

Commits

8822578 Prepare release 1.10.13 (#7674)
59d8f38 [Backport] Add max length check to validate_email (#7673)
69b92b5 Make the v1 mypy plugin work with both v1 and v2 (#6920)
87bf417 Update pip commands to install 1.10 (#6930)
d9c2af3 Prepare release 1.10.12 (#6825)
2aaddf6 Deque's maxlen property dropped on V1 validation (#6586)
15c82d9 Prepare for 1.10.11 (#6420)
8750c37 no longer tag docs release as latest
2c0e2a6 Fix import of create_model in tools.py (#6364)
0e8a387 Prepare for 1.10.10 (#6308)
Additional commits viewable in compare view

Updates python-multipart from 0.0.6 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

Refactor header option parser to use the standard library instead of a custom RegEx #75.

Commits

c83e6da Version 0.0.7 (#77)
fb7d3c9 Bump pygments from 2.7.4 to 2.15.0 (#66)
20f0ef6 ♻️ Refactor header option parser to use the standard library instead of a cus...
d3d16da Use latest invoke version (2.2.0) (#73)
8e59feb Use single quotes to avoid special zsh chars '[' and ']' (#71)
86d422c Update changelog URL (#68)
3929f8e Move tests folder to root folder (#61)
See full diff in compare view

Updates qdrant-client from 1.1.1 to 1.9.0

Release notes

Sourced from qdrant-client's releases.

v1.9.0

Changelog

Features 🪄

#571 add discovery and recommendations api support for sparse vectors in local mode

#594 restrict access to the methods on a closed instance in local mode

#591 add a possibility to use auth token providers

#608 introduce support for uint8 vectors

#603 allow having nan values in payload in local mode

Fixes 🪛

#559 - fix update_vectors in local mode with sparse vectors

#562 - fix handling of wrong types in search in local mode

#560 - check vectors for nan values

#569 - fix grpc sparse vector conversion

#575 #576 #580 - fix datetime and date comparison

#581 #583 fix sparse vectors async api

#584 fix data-parallelism with sparse models

#587 fix read consistency with grpc in batch search

#588 fix migrate vector count

#605 fix grpc field schema type conversion for datetime index

Deprecations ⏳

#608 deprecate recreate collection method

#608 remove vectors count

Thanks everyone who contributed to the release @coszio @yasyf @Apmats @skvark @generall @joein @agourlay

v1.8.2

Changelog

Fixes 🪛

remove redundant pytest import which prevented qdrant-client import without pytest being installed by @joein

v1.8.1

Changelog

Features 🪄

update fastembed integration, incorporate hybrid search into add method #553 by @generall @joein

Fixes 🪛

fix excess upsert requests in upload_collection and upload_points #531 by @almostimplemented

allow set payload with a nested key #536 by @joein

add missing datetime formats to local mode #537 by @joein

fix congruence for naive and aware datetime in local mode #538 by @joein

propagate timeouts from methods to httpx #534 by @joein

Thanks everyone who contributed to the release @almostimplemented @generall @joein

v1.8.0

... (truncated)

Commits

16fb1f6 bump version to v1.9.0
6b001b8 V1.9.x (#608)
e0820e0 fix: align formatters versions (#602)
93a2c2d new: convert nan and inf in local mode to none (#603)
1983900 docs: typo fix of extra word in quickstart
eee34e8 deprecate recreate_collection (#601)
0ce5ca0 do not use vectors_count in test and in local mode (#600)
a7a798c fix: fix field schema type conversion (#605)
bbe0131 Remove warning for scalar divide with inf
ef8e772 Feat: bearer token authentication support (#591)
Additional commits viewable in compare view

Updates redis from 4.5.1 to 4.5.4

Release notes

Sourced from redis's releases.

4.5.4

Changes

Upgrade urgency: SECURITY, contains fixes to security issues.

(CVE-2023-28859) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

(CVE-2023-28858) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

🐛 Bug Fixes

Fixing cancelled async futures (#2666)

Fix: do not use asyncio's timeout lib before 3.11.2 (#2659)

Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630)

🧰 Maintenance

Minor fixes for #2666 and enhanced async test (#2673)

Fix issue 2660: PytestUnraisableExceptionWarning from asycio client (#2669)

Removing accidentally checked in files (#2642)

Contributors

We'd like to thank all the contributors who worked on this release!

@bellini666, @chayim, @dvora-h, @shacharPash and @woutdenolf

4.5.3

Changes

Update urgency: HIGH: There is a critical bug that may affect a subset of users. Upgrade!

🐛 Bug Fixes

CWE-404 AsyncIO Race Condition Fix (#2624, #2579)

4.5.2

Changes

🚀 New Features

Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588)

Added queue_class to REDIS_ALLOWED_KEYS (#2577)

Made search document subscriptable (#2615)

Sped up the protocol parsing (#2596)

🐛 Bug Fixes

Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582)

Replace async_timeout by asyncio.timeout (#2602)

Update json().arrindex() default values (#2611)

... (truncated)

Commits

e1017fd Version 4.5.4 (#2674)
ef3f086 Fix async (#2673)
5acbde3 Fixing cancelled async futures (#2666)
6d886d7 Fix issue 2660: PytestUnraisableExceptionWarning from asycio client (#2669)
326bb1c removing useless files (#2642)
4856813 UnixDomainSocketConnection missing constructor argument (#2630)
4802530 fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
66a4d6b AsyncIO Race Condition Fix (#2641)
318b114 Version 4.5.2 (#2627)
1b2f408 Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (...
Additional commits viewable in compare view

Updates aiohttp from 3.8.4 to 3.9.4

Release notes

Sourced from aiohttp's releases.

3.9.4

Bug fixes

The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

Related issues and pull requests on GitHub: #8089.

Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

Related issues and pull requests on GitHub: #8104.

Improved the DNS resolution performance on cache hit -- by :user:bdraco.

This is achieved by avoiding an :mod:asyncio task creation in this case.

Related issues and pull requests on GitHub: #8163.

Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

Related issues and pull requests on GitHub: #7741.

Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.4 (2024-04-11)

Bug fixes

The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

Related issues and pull requests on GitHub: :issue:8089.

Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8104.

Improved the DNS resolution performance on cache hit -- by :user:bdraco.

This is achieved by avoiding an :mod:asyncio task creation in this case.

Related issues and pull requests on GitHub: :issue:8163.

Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

Related issues and pull requests on GitHub: :issue:7741.

Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Commits

b3397c7 Release v3.9.4 (#8201)
a7e240a [PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...
2833552 Escape filenames and paths in HTML when generating index pages (#8317) (#8319)
ed43040 [PR #8309/c29945a1 backport][3.9] Improve reliability of run_app test (#8315)
ec2be05 [PR #8299/28d026eb backport][3.9] Create marker for internal tests (#8307)
292d961 [PR #8304/88c80c14 backport][3.9] Check for backports in CI (#8305)
cebe526 Fix handling of multipart/form-data (#8280) (#8302)
270ae9c [PR #8297/d15f07cf backport][3.9] Upgrade to llhttp 9.2.1 (#8292) (#8298)
bb23105 [PR #8283/54e13b0a backport][3.9] Fix blocking I/O in the event loop while pr...
3f79241 [PR #8286/28f1fd88 backport][3.9] docs: remove repetitive word in comment (#8...
Additional commits viewable in compare view

Updates authlib from 1.2.0 to 1.3.1

Release notes

Sourced from authlib's releases.

Version 1.3.1

Prevent OctKey to import ssh and PEM strings.

Version 1.3.0

Bug fixes

Restore AuthorizationServer.create_authorization_response behavior, via #558 by @TurnrDev

Include leeway in validate_iat() for JWT, via #565 by @dhallam

Fix encode_client_secret_basic, via #594 by @Prilkop

Use single key in JWK if JWS does not specify kid, via #596 by @dklimpel

Fix error when RFC9068 JWS has no scope field, via #598 by @tanguilp

Get werkzeug version using importlib, via #591 by @Sparrow0hawk

Breaking changes

RFC9068 implementation, via #586 by @azmeuk.

Version 1.2.1

Apply headers in ClientSecretJWT.sign method, via #552

Allow falsy but non-None grant uri params, via #544

Fixed authorize_redirect for Starlette v0.26.0, via #533

Removed has_client_secret method and documentation, via #513

Removed request_invalid and token_revoked remaining occurences and documentation. #514

Fixed RFC7591 grant_types and response_types default values, via #509

Add support for python 3.12, via #590

Changelog

Sourced from authlib's changelog.

Version 1.3.1

Released on June 4, 2024

Prevent OctKey to import ssh and PEM strings.

Version 1.3.0

Released on Dec 17, 2023

Restore AuthorizationServer.create_authorization_response behavior, via :PR:558

Include leeway in validate_iat() for JWT, via :PR:565

Fix encode_client_secret_basic, via :PR:594

Use single key in JWK if JWS does not specify kid, via :PR:596

Fix error when RFC9068 JWS has no scope field, via :PR:598

Get werkzeug version using importlib, via :PR:591

New features:

RFC9068 implementation, via :PR:586, by @azmeuk.

Breaking changes:

End support for python 3.7

Version 1.2.1

Released on Jun 25, 2023

Apply headers in ClientSecretJWT.sign method, via :PR:552

Allow falsy but non-None grant uri params, via :PR:544

Fixed authorize_redirect for Starlette v0.26.0, via :PR:533

Removed has_client_secret method and documentation, via :PR:513

Removed request_invalid and token_revoked remaining occurences and documentation. :PR:514

Fixed RFC7591 grant_types and response_types default values, via :PR:509.

Add support for python 3.12, via :PR:590.

Commits

df226ab chore: release 1.3.1
3bea812 fix: prevent OctKey to import ssh/rsa/pem keys
a7d68b4 chore: release 1.3.0
a26f1d0 Merge GitHub action for release
2d66702 Merge pull request #591 from Sparrow0hawk/patch-2
0f8e087 docs: add changelog for 1.3.0
3ffc950 chore: fix pypi release action
a2543b9 chore: add pypi github action
c7e1b2d chore: move configuration from setup.cfg to pyproject.toml
04e83f6 Merge pull request #598 from tanguilp/fix-rfc9068-no-scope-in-jws
Additional commits viewable in compare view

Updates certifi from 2022.12.7 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view

Updates cryptography from 40.0.1 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the definitions in :rfc:`2633` :rfc:`3370`. .. _v42-0-3:

42.0.3 - 2024-02-15

Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. .. _v42-0-1:

42.0.1 - 2024-01-24

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
Additional commits viewable in compare view

Updates dnspython from 2.3.0 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release a...
Description has been truncated

Bumps the pip group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/tiangolo/fastapi) | `0.92.0` | `0.109.1` | | [pydantic](https://github.com/pydantic/pydantic) | `1.10.7` | `1.10.13` | | [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.6` | `0.0.7` | | [qdrant-client](https://github.com/qdrant/qdrant-client) | `1.1.1` | `1.9.0` | | [redis](https://github.com/redis/redis-py) | `4.5.1` | `4.5.4` | | [aiohttp](https://github.com/aio-libs/aiohttp) | `3.8.4` | `3.9.4` | | [authlib](https://github.com/lepture/authlib) | `1.2.0` | `1.3.1` | | [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` | | [cryptography](https://github.com/pyca/cryptography) | `40.0.1` | `42.0.4` | | [dnspython](https://github.com/rthalley/dnspython) | `2.3.0` | `2.6.1` | | [idna](https://github.com/kjd/idna) | `3.4` | `3.7` | | [langchain](https://github.com/langchain-ai/langchain) | `0.0.133` | `0.2.3` | | [pillow](https://github.com/python-pillow/Pillow) | `9.5.0` | `10.3.0` | | [pycryptodomex](https://github.com/Legrandin/pycryptodome) | `3.17` | `3.19.1` | | [setuptools](https://github.com/pypa/setuptools) | `67.6.1` | `70.0.0` | | [tqdm](https://github.com/tqdm/tqdm) | `4.65.0` | `4.66.3` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.15` | `1.26.19` | Updates `fastapi` from 0.92.0 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.92.0...0.109.1) Updates `pydantic` from 1.10.7 to 1.10.13 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v1.10.7...v1.10.13) Updates `python-multipart` from 0.0.6 to 0.0.7 - [Release notes](https://github.com/andrew-d/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.6...0.0.7) Updates `qdrant-client` from 1.1.1 to 1.9.0 - [Release notes](https://github.com/qdrant/qdrant-client/releases) - [Commits](qdrant/qdrant-client@v1.1.1...v1.9.0) Updates `redis` from 4.5.1 to 4.5.4 - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.5.1...v4.5.4) Updates `aiohttp` from 3.8.4 to 3.9.4 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.4...v3.9.4) Updates `authlib` from 1.2.0 to 1.3.1 - [Release notes](https://github.com/lepture/authlib/releases) - [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst) - [Commits](authlib/authlib@v1.2.0...v1.3.1) Updates `certifi` from 2022.12.7 to 2024.7.4 - [Commits](certifi/python-certifi@2022.12.07...2024.07.04) Updates `cryptography` from 40.0.1 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@40.0.1...42.0.4) Updates `dnspython` from 2.3.0 to 2.6.1 - [Release notes](https://github.com/rthalley/dnspython/releases) - [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst) - [Commits](rthalley/dnspython@v2.3.0...v2.6.1) Updates `idna` from 3.4 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.4...v3.7) Updates `langchain` from 0.0.133 to 0.2.3 - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@v0.0.133...langchain==0.2.3) Updates `pillow` from 9.5.0 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.5.0...10.3.0) Updates `pycryptodomex` from 3.17 to 3.19.1 - [Release notes](https://github.com/Legrandin/pycryptodome/releases) - [Changelog](https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst) - [Commits](Legrandin/pycryptodome@v3.17.0...v3.19.1) Updates `setuptools` from 67.6.1 to 70.0.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v67.6.1...v70.0.0) Updates `starlette` from 0.25.0 to 0.35.1 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](Kludex/starlette@0.25.0...0.35.1) Updates `tqdm` from 4.65.0 to 4.66.3 - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](tqdm/tqdm@v4.65.0...v4.66.3) Updates `urllib3` from 1.26.15 to 1.26.19 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.15...1.26.19) --- updated-dependencies: - dependency-name: fastapi dependency-type: direct:production dependency-group: pip - dependency-name: pydantic dependency-type: direct:production dependency-group: pip - dependency-name: python-multipart dependency-type: direct:production dependency-group: pip - dependency-name: qdrant-client dependency-type: direct:production dependency-group: pip - dependency-name: redis dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-type: indirect dependency-group: pip - dependency-name: authlib dependency-type: indirect dependency-group: pip - dependency-name: certifi dependency-type: indirect dependency-group: pip - dependency-name: cryptography dependency-type: indirect dependency-group: pip - dependency-name: dnspython dependency-type: indirect dependency-group: pip - dependency-name: idna dependency-type: indirect dependency-group: pip - dependency-name: langchain dependency-type: indirect dependency-group: pip - dependency-name: pillow dependency-type: indirect dependency-group: pip - dependency-name: pycryptodomex dependency-type: indirect dependency-group: pip - dependency-name: setuptools dependency-type: indirect dependency-group: pip - dependency-name: starlette dependency-type: indirect dependency-group: pip - dependency-name: tqdm dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Jul 15, 2024

dependabot bot mentioned this pull request Jul 15, 2024

Bump the pip group across 1 directory with 17 updates #2

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the pip group across 1 directory with 18 updates #3

Bump the pip group across 1 directory with 18 updates #3

Uh oh!

dependabot bot commented on behalf of github Jul 15, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the pip group across 1 directory with 18 updates #3

Are you sure you want to change the base?

Bump the pip group across 1 directory with 18 updates #3

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 15, 2024

0.109.1

Security fixes

Features

Refactors

Docs

Translations

V1.10.13 2023-09-27

What's Changed

V1.10.12

What's Changed

New Contributors

V1.10.11

What's Changed

New Contributors

V1.10.10

What's Changed

New Contributors

V1.10.9

What's Changed

v1.10.13 (2023-09-27)

v1.10.12 (2023-07-24)

v1.10.11 (2023-07-04)

v1.10.10 (2023-06-30)

v1.10.9 (2023-06-07)

v1.10.8 (2023-05-23)

0.0.7 (2024-02-03)

v1.9.0

Changelog

Features 🪄

Fixes 🪛

Deprecations ⏳

v1.8.2

Changelog

Fixes 🪛

v1.8.1

Changelog

Features 🪄

Fixes 🪛

v1.8.0

4.5.4

Changes

🐛 Bug Fixes

🧰 Maintenance

Contributors

4.5.3

Changes

🐛 Bug Fixes

4.5.2

Changes

🚀 New Features

🐛 Bug Fixes

3.9.4

Bug fixes

3.9.4 (2024-04-11)

Bug fixes

Version 1.3.1

Version 1.3.0

Version 1.2.1

Version 1.3.1

Version 1.3.0

Version 1.2.1

dnspython 2.6.1

dnspython 2.6.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant