[pip] Bump the vreapis-pip group in /vreapis with 7 updates

[dependabot]

Bumps the vreapis-pip group in /vreapis with 7 updates:

Package	From	To
django	5.0.3	5.1
djangorestframework	3.14.0	3.15.2
django-filter	24.2	24.3
whitenoise	6.6.0	6.7.0
pyyaml	6.0.1	6.0.2
requests	2.31.0	2.32.3
django-cors-headers	4.3.1	4.4.0

Updates django from 5.0.3 to 5.1

Commits

• 373cb30 [5.1.x] Bumped version for 5.1 release.
• 8baab82 [5.1.x] Finalized release notes for Django 5.1.
• d5ad743 [5.1.x] Fixed i18n.tests.TranslationTests.test_plural to use correct French t...
• 380c6e6 [5.1.x] Updated translations from Transifex.
• d787e44 [5.1.x] Added CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42...
• e2583fb [5.1.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection att...
• bd807c0 [5.1.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.htm...
• 0c1a890 [5.1.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizet...
• 0504af6 [5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in flo...
• 2ba4f4b [5.1.x] Fixed #35657 -- Made FileField handle db_default values.
• Additional commits viewable in compare view

Updates djangorestframework from 3.14.0 to 3.15.2

Release notes

Sourced from djangorestframework's releases.

Version 3.15.1

What's Changed

• Update the message to be consistent with the Django `HttpResponseBa… by @​maycuatroi in encode/django-rest-framework#9287
• Make inflection package truly optional by @​browniebroke in encode/django-rest-framework#9303
• Fix broken links in release notes for 3.15 by @​browniebroke in encode/django-rest-framework#9305
• TokenAdmin.autocomplete_fields Breaks Some Use Cases, Revert by @​alexdlaird in encode/django-rest-framework#9301
• Add drf-sendables to third-party-packages.md by @​amikrop in encode/django-rest-framework#9261
• Revert "feat: Add some changes to ValidationError to support django style vad…" by @​auvipy in encode/django-rest-framework#9326
• Revert "Re-prefetch related objects after updating" by @​auvipy in encode/django-rest-framework#9327
• Revert #8863 by @​tomchristie in encode/django-rest-framework#9330
• Revert #8009 by @​tomchristie in encode/django-rest-framework#9332
• Revert #9030 by @​tomchristie in encode/django-rest-framework#9333
• Revert "Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces" by @​auvipy in encode/django-rest-framework#9335
• SearchFilter.get_search_terms returns list. by @​tomchristie in encode/django-rest-framework#9338
• Version 3.15.1 by @​tomchristie in encode/django-rest-framework#9339

New Contributors

• @​maycuatroi made their first contribution in encode/django-rest-framework#9287
• @​alexdlaird made their first contribution in encode/django-rest-framework#9301

Full Changelog: encode/django-rest-framework@3.15.0...3.15.1

Commits

• c7a7eae Version 3.15.2 (#9439)
• 3b41f01 Fix potential XSS vulnerability in break_long_headers template filter (#9435)
• fe92f0d Add __hash__ method for permissions.OperandHolder class (#9417)
• fbdab09 docs: Correct some evaluation results and a httpie option in Tutorial1 (#9421)
• 36d5c0e tests: Check urlpatterns after cleanups (#9400)
• 9d4ed05 Don't use Windows line endings
• b34bde4 Fix typo in setup.cfg setting
• ab681f2 Update requirements in docs
• 2237724 bump pygments (security hygiene)
• d58b8da Update deprecation hints
• Additional commits viewable in compare view

Updates django-filter from 24.2 to 24.3

Changelog

Sourced from django-filter's changelog.

Version 24.3 (2024-08-02)

• Adds official support for Django 5.1.

• Allow using dictionaries for grouped choices on Django 5.0+.

  Thanks to Sævar Öfjörð Magnússon.

• Adds unknown_field_behavior FilterSet option to allowing warning and ignore behaviours for unknown field types during FilterSet generation.

  Thanks to Loes.

Commits

• 2ec1bae Bumped version and changes for 24.3 release. (#1679)
• 23be051 Allowed using dictionaries for grouped choices (#1668)
• 376d443 Add unknown_field_behavior feature (#1675)
• c8889c4 Translated using Weblate (Arabic) (#1671)
• 671deff Added testing against Django 5.1. (#1670)
• See full diff in compare view

Updates whitenoise from 6.6.0 to 6.7.0

Changelog

Sourced from whitenoise's changelog.

6.7.0 (2024-06-19)

• Support Django 5.1.

Commits

• 1db0e43 Version 6.7.0
• ea72844 Tidy pyproject.toml readme and license fields
• 727fce0 Support Django 5.1 (#588)
• 1c2d056 [pre-commit.ci] pre-commit autoupdate (#587)
• dc58053 Upgrade requirements (#586)
• cff77f3 [pre-commit.ci] pre-commit autoupdate (#585)
• da24115 Merge pull request #584 from evansd/security-contact
• 5c12dd6 Add security contact information
• 220a988 [pre-commit.ci] pre-commit autoupdate (#583)
• b0c36de Upgrade requirements (#582)
• Additional commits viewable in compare view

Updates pyyaml from 6.0.1 to 6.0.2

Release notes

Sourced from pyyaml's releases.

6.0.2

What's Changed

• Support for Cython 3.x and Python 3.13.

Full Changelog: yaml/pyyaml@6.0.1...6.0.2

6.0.2rc1

• Support for extension build with Cython 3.x
• Support for Python 3.13
• Added PyPI wheels for musllinux on aarch64

Changelog

Sourced from pyyaml's changelog.

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

Commits

• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• See full diff in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates django-cors-headers from 4.3.1 to 4.4.0

Changelog

Sourced from django-cors-headers's changelog.

4.4.0 (2024-06-19)

• Support Django 5.1.

Commits

• 644105c Version 4.4.0
• d73e42a Tidy pyproject.toml readme and license fields
• 42b898a Support Django 5.1 (#953)
• 77ab304 [pre-commit.ci] pre-commit autoupdate (#952)
• 4a7df58 Upgrade requirements (#951)
• b3ce0fc [pre-commit.ci] pre-commit autoupdate (#950)
• ef2b81c [pre-commit.ci] pre-commit autoupdate (#949)
• ce74293 Upgrade requirements (#948)
• 4fcb9fd [pre-commit.ci] pre-commit autoupdate (#946)
• 715d471 [pre-commit.ci] pre-commit autoupdate (#945)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions