chore(deps): bump the pip group across 6 directories with 4 updates #110

dependabot · 2024-08-09T16:53:00Z

Bumps the pip group with 1 update in the /test/acceptance/workspaces/fail-on/pinnable directory: django.
Bumps the pip group with 1 update in the /test/acceptance/workspaces/mono-repo-project directory: aiohttp.
Bumps the pip group with 1 update in the /test/acceptance/workspaces/mono-repo-project/python-app-with-req-file directory: aiohttp.
Bumps the pip group with 1 update in the /test/acceptance/workspaces/pip-app directory: jinja2.
Bumps the pip group with 1 update in the /test/acceptance/workspaces/pip-app-license-issue directory: aiohttp.
Bumps the pip group with 1 update in the /test/acceptance/workspaces/pip-app-transitive-vuln directory: flask.

Updates django from 1.6.1 to 3.2.25

Commits

c98eca3 [3.2.x] Bumped version for 3.2.25 release.
072963e [3.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().
2ad2676 [3.2.x] Added release date for 3.2.25.
fc41af6 [3.2.x] Fixed #35172 -- Fixed intcomma for string floats.
b9170b4 [3.2.x] Added CVE-2024-24680 to security archive.
e5350a9 [3.2.x] Post release version bump.
f5c8808 [3.2.x] Bumped version for 3.2.24 release.
c1171ff [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ...
9dc3456 [3.2.x] Added stub release notes 3.2.24.
90eae45 [3.2.x] Fixed documented alias of smart_text().
Additional commits viewable in compare view

Updates aiohttp from 2.2.2 to 3.10.2

Release notes

Sourced from aiohttp's releases.

3.10.2

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: #8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: #8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: #8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.2 (2024-08-08)

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: :issue:8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

... (truncated)

Commits

491106e Release 3.10.2 (#8655)
ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
6a77806 [PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...
1f92213 [PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...
2ef14a6 [PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...
68e8496 [PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...
72f41aa [PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...
bf83dbe [PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...
4815765 [PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...
266608d [PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)
Additional commits viewable in compare view

Updates aiohttp from 2.2.2 to 3.10.2

Release notes

Sourced from aiohttp's releases.

3.10.2

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: #8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: #8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: #8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.2 (2024-08-08)

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: :issue:8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

... (truncated)

Commits

491106e Release 3.10.2 (#8655)
ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
6a77806 [PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...
1f92213 [PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...
2ef14a6 [PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...
68e8496 [PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...
72f41aa [PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...
bf83dbe [PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...
4815765 [PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...
266608d [PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)
Additional commits viewable in compare view

Updates jinja2 from 2.7.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

3.1.2

This is a fix release for the 3.1.0 feature release.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2

Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

3.1.1

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1

Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0

Milestone: https://github.com/pallets/jinja/milestone/8?closed=1

MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

3.0.3

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-3

3.0.2

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-2

3.0.1

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! 🎉

Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/

Read the full list of changes: https://jinja.palletsprojects.com/changes/#version-3-0-0

Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048

Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

Add parameters to Environment.overlay to match __init__. :issue:1645

Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

Drop support for Python 3.6. :pr:1534

Remove previously deprecated code. :pr:1544

... (truncated)

Commits

dd4a8b5 release version 3.1.4
0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
d655030 disallow invalid characters in keys to xmlattr filter
a7863ba add ghsa links
b5c98e7 start version 3.1.4
da3a9f0 update project files (#1968)
0ee5eb4 satisfy formatter, linter, and strict mypy
20477c6 update project files (#5457)
e491223 update pyyaml dev dependency
36f9885 fix pr link
Additional commits viewable in compare view

Updates aiohttp from 2.2.2 to 3.10.2

Release notes

Sourced from aiohttp's releases.

3.10.2

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: #8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: #8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: #8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: #8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.2 (2024-08-08)

Bug fixes

Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.

Related issues and pull requests on GitHub: :issue:8565.

Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8597.

Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.

Related issues and pull requests on GitHub: :issue:8611.

Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.

Related issues and pull requests on GitHub: :issue:8632.

Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.

There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.

Related issues and pull requests on GitHub: :issue:8641.

Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.

... (truncated)

Commits

491106e Release 3.10.2 (#8655)
ce2e975 [PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...
6a77806 [PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...
1f92213 [PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...
2ef14a6 [PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...
68e8496 [PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...
72f41aa [PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...
bf83dbe [PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...
4815765 [PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...
266608d [PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)
Additional commits viewable in compare view

Updates flask from 0.12.2 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5

Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4

This is a fix release for the 2.2.x release branch.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4

Milestone: https://github.com/pallets/flask/milestone/27?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3

Milestone: https://github.com/pallets/flask/milestone/26?closed=1

2.2.2

This is a fix release for the 2.2.0 feature release.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2

Milestone: https://github.com/pallets/flask/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1

Milestone: https://github.com/pallets/flask/milestone/23?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0

Milestone: https://github.com/pallets/flask/milestone/19?closed=1

2.1.3

Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-3

Milestone: https://github.com/pallets/flask/milestone/22?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-2

Milestone: https://github.com/pallets/flask/milestone/21?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

Update for compatibility with Werkzeug 2.3.3.

Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

Autoescape is enabled by default for .svg template files. :issue:4831

Fix the type of template_folder to accept pathlib.Path. :issue:4892

Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754

Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

47af817 release version 2.2.5
afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
8646edc set Vary: Cookie header consistently for session
a6367da Merge pull request #5108 from pallets/werkzeug-compat
3fbfbad werkzeug 2.3.3 compatibility
726d3f4 start version 2.2.5
ddc7acc Merge pull request #5081 from pallets/release-2.2.4
74e0329 release version 2.2.4
2d46068 update dev env
64bc458 update dev dependencies
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 1 update in the /test/acceptance/workspaces/fail-on/pinnable directory: [django](https://github.com/django/django). Bumps the pip group with 1 update in the /test/acceptance/workspaces/mono-repo-project directory: [aiohttp](https://github.com/aio-libs/aiohttp). Bumps the pip group with 1 update in the /test/acceptance/workspaces/mono-repo-project/python-app-with-req-file directory: [aiohttp](https://github.com/aio-libs/aiohttp). Bumps the pip group with 1 update in the /test/acceptance/workspaces/pip-app directory: [jinja2](https://github.com/pallets/jinja). Bumps the pip group with 1 update in the /test/acceptance/workspaces/pip-app-license-issue directory: [aiohttp](https://github.com/aio-libs/aiohttp). Bumps the pip group with 1 update in the /test/acceptance/workspaces/pip-app-transitive-vuln directory: [flask](https://github.com/pallets/flask). Updates `django` from 1.6.1 to 3.2.25 - [Commits](django/django@1.6.1...3.2.25) Updates `aiohttp` from 2.2.2 to 3.10.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v2.2.2...v3.10.2) Updates `aiohttp` from 2.2.2 to 3.10.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v2.2.2...v3.10.2) Updates `jinja2` from 2.7.2 to 3.1.4 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.7.2...3.1.4) Updates `aiohttp` from 2.2.2 to 3.10.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v2.2.2...v3.10.2) Updates `flask` from 0.12.2 to 2.2.5 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@0.12.2...2.2.5) --- updated-dependencies: - dependency-name: django dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip - dependency-name: flask dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Aug 9, 2024

dependabot bot mentioned this pull request Aug 9, 2024

chore(deps): bump django from 1.6.1 to 2.2.28 in /test/acceptance/workspaces/fail-on/pinnable #108

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the pip group across 6 directories with 4 updates #110

chore(deps): bump the pip group across 6 directories with 4 updates #110

dependabot bot commented on behalf of github Aug 9, 2024

chore(deps): bump the pip group across 6 directories with 4 updates #110

Are you sure you want to change the base?

chore(deps): bump the pip group across 6 directories with 4 updates #110

Conversation

dependabot bot commented on behalf of github Aug 9, 2024

3.10.2

Bug fixes

3.10.2 (2024-08-08)

Bug fixes

3.10.2

Bug fixes

3.10.2 (2024-08-08)

Bug fixes

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

3.0.3

3.0.2

3.0.1

3.0.0

Version 3.1.4

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

3.10.2

Bug fixes

3.10.2 (2024-08-08)

Bug fixes

2.2.5

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.3

2.1.2

2.1.1

Version 2.2.5

Version 2.2.4

Version 2.2.3

Version 2.2.2

Version 2.2.1

Version 2.2.0