Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 6 updates #1

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 6 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 12, 2024
edited
Loading

Bumps the pip group with 6 updates in the / directory:

Package From To
aiohttp 3.9.1 3.9.4
azure-identity 1.15.0 1.16.1
fastapi 0.99.0 0.109.1
gitpython 3.1.32 3.1.41
jinja2 3.1.2 3.1.4
litellm 1.31.10 1.40.0

Updates aiohttp from 3.9.1 to 3.9.4

Release notes

Sourced from aiohttp's releases.

3.9.4

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

    Related issues and pull requests on GitHub: #8104.

  • Improved the DNS resolution performance on cache hit -- by :user:bdraco.

    This is achieved by avoiding an :mod:asyncio task creation in this case.

    Related issues and pull requests on GitHub: #8163.

  • Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

    Related issues and pull requests on GitHub: #7741.

  • Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

    The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.4 (2024-04-11)

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

    Related issues and pull requests on GitHub: :issue:8104.

  • Improved the DNS resolution performance on cache hit -- by :user:bdraco.

    This is achieved by avoiding an :mod:asyncio task creation in this case.

    Related issues and pull requests on GitHub: :issue:8163.

  • Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

    Related issues and pull requests on GitHub: :issue:7741.

  • Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

    The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Commits

Updates azure-identity from 1.15.0 to 1.16.1

Release notes

Sourced from azure-identity's releases.

azure-identity_1.16.1

1.16.1 (2024-06-11)

Bugs Fixed

  • Managed identity bug fixes

azure-identity_1.16.0

1.16.0 (2024-04-09)

Other Changes

  • For IMDS requests in ManagedIdentityCredential, the retry backoff factor was reduced from 2 to 0.8 in order to avoid excessive retry delays and improve responsiveness. Users can customize this setting with the retry_backoff_factor parameter: ManagedIdentityCredential(retry_backoff_factor=2). (#35070)
Commits

Updates fastapi from 0.99.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

  • ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

Refactors

  • ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
  • ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
  • 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
  • ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

Translations

  • 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
  • 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

Updates gitpython from 3.1.32 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

  • Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
  • xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
  • Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918
Commits

Updates litellm from 1.31.10 to 1.40.0

Release notes

Sourced from litellm's releases.

v1.40.0

What's Changed

Full Changelog: BerriAI/litellm@v1.39.6...v1.40.0

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.40.0

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name Status Median Response Time (ms) Average Response Time (ms) Requests/s Failures/s Request Count Failure Count Min Response Time (ms) Max Response Time (ms)
/chat/completions Passed ✅ 120.0 133.63252197830545 6.467733658247951 0.0 1936 0 94.77090299998281 801.180971000008
Aggregated Passed ✅ 120.0 133.63252197830545 6.467733658247951 0.0 1936 0 94.77090299998281 801.180971000008

v1.39.6

We're launching team member invites (No SSO Required) on v1.39.6 🔥 Invite team member to view LLM Usage, Spend per service https://docs.litellm.ai/docs/proxy/ui

👍 [Fix] Cache Vertex AI clients - Major Perf improvement for VertexAI models

✨ Feat - Send new users invite emails on creation (using 'send_invite_email' on /user/new)

💻 UI - allow users to sign in with with email/password

🔓 [UI] Admin UI Invite Links for non SSO

✨ PR - [FEAT] Perf improvements - litellm.completion / litellm.acompletion - Cache OpenAI client inviting_members_ui

... (truncated)

Commits
  • 93c9ea1 fix(openai.py): fix client caching logic
  • 63fb3a9 Merge pull request #3961 from BerriAI/litellm_docker_compose_start
  • ce4ba80 build(docker-compose.yml): load local .env in docker compose quick start
  • 2245ee1 test(test_scheduler.py): fix testing
  • 9b4a19b build(docker-compose.yml): startup docker compose with postgres
  • 7715267 fix(router.py): simplify scheduler
  • 27087f6 Merge pull request #3959 from BerriAI/litellm_support_verify_ssl_false
  • d7160eb fix(test_scheduler.py): fix test
  • a16a1c4 fix(http_handler.py): allow setting ca bundle path
  • f75c15d fix(proxy_server.py): security fix - fix sql injection attack on global spend...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 6 updates
f5d421d 
Bumps the pip group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.1` | `3.9.4` |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.15.0` | `1.16.1` |
| [fastapi](https://github.com/tiangolo/fastapi) | `0.99.0` | `0.109.1` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.32` | `3.1.41` |
| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.4` |
| [litellm](https://github.com/BerriAI/litellm) | `1.31.10` | `1.40.0` |



Updates `aiohttp` from 3.9.1 to 3.9.4
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.9.1...v3.9.4)

Updates `azure-identity` from 1.15.0 to 1.16.1
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.15.0...azure-identity_1.16.1)

Updates `fastapi` from 0.99.0 to 0.109.1
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.99.0...0.109.1)

Updates `gitpython` from 3.1.32 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.32...3.1.41)

Updates `jinja2` from 3.1.2 to 3.1.4
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.2...3.1.4)

Updates `litellm` from 1.31.10 to 1.40.0
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](BerriAI/litellm@v1.31.10...v1.40.0)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: azure-identity
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: fastapi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gitpython
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: litellm
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 12, 2024
@FortiShield FortiShield deleted the branch dev September 28, 2024 14:02
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 28, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/pip-d2cef28ce5 branch September 28, 2024 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@FortiShield