Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 17 updates #9

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the pip group across 1 directory with 17 updates #9

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 5, 2024

Bumps the pip group with 16 updates in the / directory:

Package From To
requests 2.26.0 2.32.2
httpx 0.18.2 0.23.0
fastapi 0.68.2 0.109.1
gunicorn 20.1.0 22.0.0
pydantic 1.8.2 1.10.13
pyramid 2.0 2.0.2
python-multipart 0.0.5 0.0.7
black 21.5b0 24.3.0
ipython 7.28.0 8.10.0
certifi 2021.10.8 2024.7.4
cryptography 35.0.0 42.0.4
ecdsa 0.17.0 0.19.0
gitpython 3.1.24 3.1.41
idna 3.2 3.7
py 1.10.0 1.11.0
urllib3 1.26.7 1.26.19

Updates requests from 2.26.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates httpx from 0.18.2 to 0.23.0

Release notes

Sourced from httpx's releases.

Version 0.23.0

0.23.0 (23rd May, 2022)

Changed

  • Drop support for Python 3.6. (#2097)
  • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

  • Fix URL.copy_with for some oddly formed URL cases. (#2185)
  • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
  • Fix console markup escaping in command line client. (#1866)
  • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
  • Ensure that iter_bytes never yields zero-length chunks. (#2068)
  • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
  • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
  • Fix display of --proxies argument in the command line client help. (#2125)
  • Close responses when task cancellations occur during stream reading. (#2156)
  • Fix type error on accessing .request on HTTPError exceptions. (#2158)

Version 0.22.0

0.22.0 (26th January, 2022)

Added

Fixed

  • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
  • Fix Headers.update(...) to correctly handle repeated headers (#2038)

Version 0.21.3

0.21.3 (6th January, 2022)

Fixed

  • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

Version 0.21.2

0.21.2 (5th January, 2022)

Fixed

  • HTTP/2 support for tunnelled proxy cases. (#2009)
  • Improved the speed of large file uploads. (#1948)

Version 0.21.1

... (truncated)

Changelog

Sourced from httpx's changelog.

0.23.0 (23rd May, 2022)

Changed

  • Drop support for Python 3.6. (#2097)
  • Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

  • Fix URL.copy_with for some oddly formed URL cases. (#2185)
  • Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)
  • Fix console markup escaping in command line client. (#1866)
  • When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)
  • Ensure that iter_bytes never yields zero-length chunks. (#2068)
  • Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)
  • When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)
  • Fix display of --proxies argument in the command line client help. (#2125)
  • Close responses when task cancellations occur during stream reading. (#2156)
  • Fix type error on accessing .request on HTTPError exceptions. (#2158)

0.22.0 (26th January, 2022)

Added

Fixed

  • Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)
  • Fix Headers.update(...) to correctly handle repeated headers (#2038)

0.21.3 (6th January, 2022)

Fixed

  • Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

0.21.2 (5th January, 2022)

Fixed

  • HTTP/2 support for tunnelled proxy cases. (#2009)
  • Improved the speed of large file uploads. (#1948)

0.21.1 (16th November, 2021)

Fixed

  • The response.url property is now correctly annotated as URL, instead of Optional[URL]. (#1940)

... (truncated)

Commits

Updates fastapi from 0.68.2 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

  • ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

Refactors

  • ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
  • ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
  • 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
  • ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

Translations

  • 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
  • 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

Updates gunicorn from 20.1.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table>

... (truncated)

Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view

Updates pydantic from 1.8.2 to 1.10.13

Release notes

Sourced from pydantic's releases.

V1.10.13 2023-09-27

What's Changed

Full Changelog: pydantic/pydantic@v1.10.12...v1.10.13

V1.10.12

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.11...v1.10.12

V1.10.11

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.10...v1.10.11

V1.10.10

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.9...v1.10.10

V1.10.9

What's Changed

... (truncated)

Changelog

Sourced from pydantic's changelog.

v1.10.13 (2023-09-27)

v1.10.12 (2023-07-24)

  • Fixes the maxlen property being dropped on deque validation. Happened only if the deque item has been typed. Changes the _validate_sequence_like func, #6581 by @​maciekglowka

v1.10.11 (2023-07-04)

  • Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, #6361 by @​SharathHuddar

v1.10.10 (2023-06-30)

v1.10.9 (2023-06-07)

v1.10.8 (2023-05-23)

v1.10.7 (2023-03-22)

  • Fix creating schema from model using ConstrainedStr with regex as dict key, #5223 by @​matejetz
  • Address bug in mypy plugin caused by explicit_package_bases=True, #5191 by @​dmontagu
  • Add implicit defaults in the mypy plugin for Field with no default argument, #5190 by @​dmontagu
  • Fix schema generated for Enum values used as Literals in discriminated unions, #5188 by @​javibookline
  • Fix mypy failures caused by the pydantic mypy plugin when users define from_orm in their own classes, #5187 by @​dmontagu
  • Fix InitVar usage with pydantic dataclasses, mypy version 1.1.1 and the custom mypy plugin, #5162 by @​cdce8p

v1.10.6 (2023-03-08)

  • Implement logic to support creating validators from non standard callables by using defaults to identify them and unwrapping functools.partial and functools.partialmethod when checking the signature, #5126 by @​JensHeinrich
  • Fix mypy plugin for v1.1.1, and fix dataclass_transform decorator for pydantic dataclasses, #5111 by @​cdce8p
  • Raise ValidationError, not ConfigError, when a discriminator value is unhashable, #4773 by @​kurtmckee

v1.10.5 (2023-02-15)

... (truncated)

Commits

Updates pyramid from 2.0 to 2.0.2

Changelog

Sourced from pyramid's changelog.

2.0.2 (2023-08-25)

Bug Fixes

  • Removed support for null-bytes in the path when making a request for a file against a static_view. Whille null-bytes are allowed by the HTTP specification, due to the handling of null-bytes potentially leading to security vulnerabilities it is no longer supported.

    This fixes a security vulnerability that is present due to a bug in Python 3.11.0 through 3.11.4, thereby allowing the unintended disclosure of an index.html one directory up from the static views path.

    Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.

Backward Incompatibilities

  • Requests to a static_view are no longer allowed to contain a null-byte in any part of the path segment.

.. _changes_2.0.1:

2.0.1 (2023-01-29)

  • Add support for Python 3.10 and 3.11.

  • Copy __name__ from decorated attribute when using pyramid.decorator.reify. See Pylons/pyramid#3660

  • Fix method signatures in docs for pyramid.config.Configurator.add_static_view and pyramid.config.Configurator.override_asset. See Pylons/pyramid#3699

  • Remove obsolete stackframe hack used in Python 3.5.0 when showing configurator conflict errors. See Pylons/pyramid#3700

  • Fix an error when injecting certain objects into the pshell env due to the use of !=. See Pylons/pyramid#3704

  • Pyramid drops support for l*gettext() methods in the i18n module. These have been deprecated in Python's gettext module since 3.8, and removed in Python 3.11. They also shouldn't be used at all on Python 3.

... (truncated)

Commits

Updates python-multipart from 0.0.5 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

  • Refactor header option parser to use the standard library instead of a custom RegEx #75.

0.0.6 (2023-02-27)

  • Migrate package installation to pyproject.toml (PEP 621) #54.
  • Use yaml.safe_load instead of yaml.load #46.
  • Add support for Python 3.11, drop EOL 3.6 #51.
  • Add support for Python 3.8-3.10, drop EOL 2.7-3.5 #42.
  • QuerystringParser: don't raise an AttributeError in __repr__ #30.
Commits

Updates black from 21.5b0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parenth...

    Description has been truncated

@dependabot
Bump the pip group across 1 directory with 17 updates
ed99bbe 
Bumps the pip group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [requests](https://github.com/psf/requests) | `2.26.0` | `2.32.2` |
| [httpx](https://github.com/encode/httpx) | `0.18.2` | `0.23.0` |
| [fastapi](https://github.com/tiangolo/fastapi) | `0.68.2` | `0.109.1` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `1.8.2` | `1.10.13` |
| [pyramid](https://github.com/Pylons/pyramid) | `2.0` | `2.0.2` |
| [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.5` | `0.0.7` |
| [black](https://github.com/psf/black) | `21.5b0` | `24.3.0` |
| [ipython](https://github.com/ipython/ipython) | `7.28.0` | `8.10.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2021.10.8` | `2024.7.4` |
| [cryptography](https://github.com/pyca/cryptography) | `35.0.0` | `42.0.4` |
| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.17.0` | `0.19.0` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.24` | `3.1.41` |
| [idna](https://github.com/kjd/idna) | `3.2` | `3.7` |
| [py](https://github.com/pytest-dev/py) | `1.10.0` | `1.11.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.7` | `1.26.19` |



Updates `requests` from 2.26.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.26.0...v2.32.2)

Updates `httpx` from 0.18.2 to 0.23.0
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.18.2...0.23.0)

Updates `fastapi` from 0.68.2 to 0.109.1
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.68.2...0.109.1)

Updates `gunicorn` from 20.1.0 to 22.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@20.1.0...22.0.0)

Updates `pydantic` from 1.8.2 to 1.10.13
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v1.8.2...v1.10.13)

Updates `pyramid` from 2.0 to 2.0.2
- [Changelog](https://github.com/Pylons/pyramid/blob/2.0.2/CHANGES.rst)
- [Commits](Pylons/pyramid@2.0...2.0.2)

Updates `python-multipart` from 0.0.5 to 0.0.7
- [Release notes](https://github.com/andrew-d/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.5...0.0.7)

Updates `black` from 21.5b0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/commits/24.3.0)

Updates `ipython` from 7.28.0 to 8.10.0
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](ipython/ipython@7.28.0...8.10.0)

Updates `certifi` from 2021.10.8 to 2024.7.4
- [Commits](certifi/python-certifi@2021.10.08...2024.07.04)

Updates `cryptography` from 35.0.0 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@35.0.0...42.0.4)

Updates `ecdsa` from 0.17.0 to 0.19.0
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.17.0...python-ecdsa-0.19.0)

Updates `gitpython` from 3.1.24 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.24...3.1.41)

Updates `idna` from 3.2 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.2...v3.7)

Updates `py` from 1.10.0 to 1.11.0
- [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/py@1.10.0...1.11.0)

Updates `starlette` from 0.14.2 to 0.35.1
- [Release notes](https://github.com/encode/starlette/releases)
- [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md)
- [Commits](encode/starlette@0.14.2...0.35.1)

Updates `urllib3` from 1.26.7 to 1.26.19
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.7...1.26.19)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: httpx
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: fastapi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pydantic
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyramid
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-multipart
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: black
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: ipython
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: certifi
  dependency-type: indirect
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: indirect
  dependency-group: pip
- dependency-name: ecdsa
  dependency-type: indirect
  dependency-group: pip
- dependency-name: gitpython
  dependency-type: indirect
  dependency-group: pip
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
- dependency-name: py
  dependency-type: indirect
  dependency-group: pip
- dependency-name: starlette
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 5, 2024
@dependabot dependabot bot mentioned this pull request Jul 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants