Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 18 updates #15

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the pip group across 1 directory with 18 updates #15

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 6, 2024

Bumps the pip group with 17 updates in the / directory:

Package From To
fastapi 0.92.0 0.109.1
pydantic 1.10.7 1.10.13
python-multipart 0.0.6 0.0.7
redis 4.5.1 4.5.4
aiohttp 3.8.4 3.9.4
certifi 2023.5.7 2023.7.22
cryptography 40.0.2 42.0.4
dnspython 2.3.0 2.6.1
hnswlib 0.7.0 0.8.0
idna 3.4 3.7
jinja2 3.1.2 3.1.4
langchain 0.0.162 0.1.0
pillow 9.5.0 10.3.0
pycryptodomex 3.17 3.19.1
tqdm 4.65.0 4.66.3
transformers 4.28.1 4.38.0
urllib3 1.26.15 1.26.18

Updates fastapi from 0.92.0 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

  • ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

Refactors

  • ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
  • ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
  • 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
  • ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

Translations

  • 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
  • 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

Updates pydantic from 1.10.7 to 1.10.13

Release notes

Sourced from pydantic's releases.

V1.10.13 2023-09-27

What's Changed

Full Changelog: pydantic/pydantic@v1.10.12...v1.10.13

V1.10.12

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.11...v1.10.12

V1.10.11

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.10...v1.10.11

V1.10.10

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.9...v1.10.10

V1.10.9

What's Changed

... (truncated)

Changelog

Sourced from pydantic's changelog.

v1.10.13 (2023-09-27)

v1.10.12 (2023-07-24)

  • Fixes the maxlen property being dropped on deque validation. Happened only if the deque item has been typed. Changes the _validate_sequence_like func, #6581 by @​maciekglowka

v1.10.11 (2023-07-04)

  • Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, #6361 by @​SharathHuddar

v1.10.10 (2023-06-30)

v1.10.9 (2023-06-07)

v1.10.8 (2023-05-23)

Commits

Updates python-multipart from 0.0.6 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

  • Refactor header option parser to use the standard library instead of a custom RegEx #75.
Commits
  • c83e6da Version 0.0.7 (#77)
  • fb7d3c9 Bump pygments from 2.7.4 to 2.15.0 (#66)
  • 20f0ef6 ♻️ Refactor header option parser to use the standard library instead of a cus...
  • d3d16da Use latest invoke version (2.2.0) (#73)
  • 8e59feb Use single quotes to avoid special zsh chars '[' and ']' (#71)
  • 86d422c Update changelog URL (#68)
  • 3929f8e Move tests folder to root folder (#61)
  • See full diff in compare view

Updates redis from 4.5.1 to 4.5.4

Release notes

Sourced from redis's releases.

4.5.4

Changes

Upgrade urgency: SECURITY, contains fixes to security issues.

  • (CVE-2023-28859) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.
  • (CVE-2023-28858) - Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases.

🐛 Bug Fixes

  • Fixing cancelled async futures (#2666)
  • Fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
  • Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630)

🧰 Maintenance

  • Minor fixes for #2666 and enhanced async test (#2673)
  • Fix issue 2660: PytestUnraisableExceptionWarning from asycio client (#2669)
  • Removing accidentally checked in files (#2642)

Contributors

We'd like to thank all the contributors who worked on this release!

@​bellini666, @​chayim, @​dvora-h, @​shacharPash and @​woutdenolf

4.5.3

Changes

Update urgency: HIGH: There is a critical bug that may affect a subset of users. Upgrade!

🐛 Bug Fixes

4.5.2

Changes

🚀 New Features

  • Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588)
  • Added queue_class to REDIS_ALLOWED_KEYS (#2577)
  • Made search document subscriptable (#2615)
  • Sped up the protocol parsing (#2596)

🐛 Bug Fixes

  • Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582)
  • Replace async_timeout by asyncio.timeout (#2602)
  • Update json().arrindex() default values (#2611)

... (truncated)

Commits

Updates aiohttp from 3.8.4 to 3.9.4

Release notes

Sourced from aiohttp's releases.

3.9.4

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

    Related issues and pull requests on GitHub: #8104.

  • Improved the DNS resolution performance on cache hit -- by :user:bdraco.

    This is achieved by avoiding an :mod:asyncio task creation in this case.

    Related issues and pull requests on GitHub: #8163.

  • Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

    Related issues and pull requests on GitHub: #7741.

  • Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

    The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.4 (2024-04-11)

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

    Related issues and pull requests on GitHub: :issue:8104.

  • Improved the DNS resolution performance on cache hit -- by :user:bdraco.

    This is achieved by avoiding an :mod:asyncio task creation in this case.

    Related issues and pull requests on GitHub: :issue:8163.

  • Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

    Related issues and pull requests on GitHub: :issue:7741.

  • Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

    The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Commits

Updates certifi from 2023.5.7 to 2023.7.22

Commits

Updates cryptography from 40.0.2 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20


* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.

.. _v42-0-3:


42.0.3 - 2024-02-15

  • Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.

.. _v42-0-1:


42.0.1 - 2024-01-24

  • Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
  • Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

Updates dnspython from 2.3.0 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.5.0

See the What's New page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.4.2

This is a bug fix release, see the What's New page in the documentation for a summary.

Thanks to the people who reported the bugs and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

  • The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

  • As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

    This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

  • Added support for the NSID EDNS option.

  • Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

  • The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

2.5.0

  • Dnspython now uses hatchling for builds.

  • Asynchronous destinationless sockets now work on Windows.

  • Cython is no longer supported due to various typing issues.

  • Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary.

  • The number of messages in a section can be retrieved with section_count().

  • Truncation preferences for messages can be specified.

  • The length of a message can be automatically prepended when rendering.

... (truncated)

Commits
  • 0a742b9 update CI
  • 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
  • f12d398 2.6.1 version prep
  • cecb853 Further improve CVE fix coverage to 100% for sync and async.
  • 7952e31 test IgnoreErrors
  • e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
  • 3af9f78 2.6.0 versioning
  • ca63d95 Require cryptography >=41 instead of 42.
  • 902cbf3 Create CODE_OF_CONDUCT.md
  • ed9795f github contributing and pull request template
  • Additional commits viewable in compare view

Updates hnswlib from 0.7.0 to 0.8.0

Release notes

Sourced from hnswlib's releases.

v0.8.0

Highlights:

  • Multi-vector document search and epsilon search (for now, only in C++)
  • By default, there is no statistic aggregation, which speeds up the multi-threaded search (it does not seem like people are using it anyway: [Issue #495](nmslib/hnswlib#495)).
  • Various bugfixes and improvements
  • get_items now have return_type parameter, which can be either 'numpy' or 'list'

Huge thanks to the contributors:

  1. Dmitry Yashunin (dyashuni) - Led the addition of a custom stop condition, multivector and epsilon search functionalities, and various code refinements and bug fixes.
  2. Alexander Vieth (alxvth) - Contributed to resolving global linkage issues and improving Mac setup in the CI environment.
  3. Taras Tsugrii (ttsugriy) - Focused on fixing build warnings, enhancing bruteforce removePoint functionality, and improving memory management.
  4. aurora327 - Implemented more efficient AVX512 instruction sets in functions.
  5. Étienne Mollier (emollier) - added a cap on the 'M' parameter and a typo.
  6. Johan Rade (jrade) - Addressed a linking error when compiling with Visual Studio.
  7. James Melville (jlmelville) - Addressed reordering warning, sign mismatch in loops, and standardized error handling using macros (#508 has the details)
  8. stephematician - Resolved initialization order warning in GNU compilers.
  9. moritz-h - Added CMake install targets and set CMake version range.
  10. drons - Implemented functions for precise memory footprint control and fixed memory leak issues.
  11. Atsushi Tatsuma (yoshoku) - Added a missing virtual destructor to BaseFilterFunctor.
Commits

Updates idna from 3.4 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

  • Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
  • Description has been truncated

@dependabot
Bump the pip group across 1 directory with 18 updates
d1d738b 
Bumps the pip group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/tiangolo/fastapi) | `0.92.0` | `0.109.1` |
| [pydantic](https://github.com/pydantic/pydantic) | `1.10.7` | `1.10.13` |
| [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.6` | `0.0.7` |
| [redis](https://github.com/redis/redis-py) | `4.5.1` | `4.5.4` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.8.4` | `3.9.4` |
| [certifi](https://github.com/certifi/python-certifi) | `2023.5.7` | `2023.7.22` |
| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `42.0.4` |
| [dnspython](https://github.com/rthalley/dnspython) | `2.3.0` | `2.6.1` |
| [hnswlib](https://github.com/yurymalkov/hnsw) | `0.7.0` | `0.8.0` |
| [idna](https://github.com/kjd/idna) | `3.4` | `3.7` |
| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.4` |
| [langchain](https://github.com/langchain-ai/langchain) | `0.0.162` | `0.1.0` |
| [pillow](https://github.com/python-pillow/Pillow) | `9.5.0` | `10.3.0` |
| [pycryptodomex](https://github.com/Legrandin/pycryptodome) | `3.17` | `3.19.1` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.65.0` | `4.66.3` |
| [transformers](https://github.com/huggingface/transformers) | `4.28.1` | `4.38.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.15` | `1.26.18` |



Updates `fastapi` from 0.92.0 to 0.109.1
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.92.0...0.109.1)

Updates `pydantic` from 1.10.7 to 1.10.13
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v1.10.7...v1.10.13)

Updates `python-multipart` from 0.0.6 to 0.0.7
- [Release notes](https://github.com/andrew-d/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.6...0.0.7)

Updates `redis` from 4.5.1 to 4.5.4
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.5.1...v4.5.4)

Updates `aiohttp` from 3.8.4 to 3.9.4
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.8.4...v3.9.4)

Updates `certifi` from 2023.5.7 to 2023.7.22
- [Commits](certifi/python-certifi@2023.05.07...2023.07.22)

Updates `cryptography` from 40.0.2 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@40.0.2...42.0.4)

Updates `dnspython` from 2.3.0 to 2.6.1
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](rthalley/dnspython@v2.3.0...v2.6.1)

Updates `hnswlib` from 0.7.0 to 0.8.0
- [Release notes](https://github.com/yurymalkov/hnsw/releases)
- [Commits](nmslib/hnswlib@v0.7.0...v0.8.0)

Updates `idna` from 3.4 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.4...v3.7)

Updates `jinja2` from 3.1.2 to 3.1.4
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.2...3.1.4)

Updates `langchain` from 0.0.162 to 0.1.0
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@v0.0.162...v0.1.0)

Updates `pillow` from 9.5.0 to 10.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.5.0...10.3.0)

Updates `pycryptodomex` from 3.17 to 3.19.1
- [Release notes](https://github.com/Legrandin/pycryptodome/releases)
- [Changelog](https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst)
- [Commits](Legrandin/pycryptodome@v3.17.0...v3.19.1)

Updates `starlette` from 0.25.0 to 0.35.1
- [Release notes](https://github.com/encode/starlette/releases)
- [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md)
- [Commits](encode/starlette@0.25.0...0.35.1)

Updates `tqdm` from 4.65.0 to 4.66.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.65.0...v4.66.3)

Updates `transformers` from 4.28.1 to 4.38.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.28.1...v4.38.0)

Updates `urllib3` from 1.26.15 to 1.26.18
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.15...1.26.18)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pydantic
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-multipart
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: redis
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: aiohttp
  dependency-type: indirect
  dependency-group: pip
- dependency-name: certifi
  dependency-type: indirect
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: indirect
  dependency-group: pip
- dependency-name: dnspython
  dependency-type: indirect
  dependency-group: pip
- dependency-name: hnswlib
  dependency-type: indirect
  dependency-group: pip
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: langchain
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pillow
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pycryptodomex
  dependency-type: indirect
  dependency-group: pip
- dependency-name: starlette
  dependency-type: indirect
  dependency-group: pip
- dependency-name: tqdm
  dependency-type: indirect
  dependency-group: pip
- dependency-name: transformers
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 6, 2024
@dependabot dependabot bot mentioned this pull request May 6, 2024
Closed
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
pypi/[email protected] filesystem 0 108 kB skoegl
pypi/[email protected] filesystem 0 36.1 kB skoegl
pypi/[email protected] environment, eval, filesystem, network, shell, unsafe 0 7.09 MB hwchase17
pypi/[email protected] environment, eval, filesystem, network 0 1.27 MB hwchase17
pypi/[email protected] environment, eval, filesystem, network, shell 0 491 kB wfhinthorn

🚮 Removed packages: pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected], pypi/[email protected]

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants