Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 10 updates #1024

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the production-dependencies group across 1 directory with 10 updates #1024

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2025

Bumps the production-dependencies group with 10 updates in the /backend directory:

Package From To
django 4.2.16 4.2.17
cryptography 43.0.1 44.0.0
drf-spectacular 0.27.2 0.28.0
psycopg2-binary 2.9.9 2.9.10
uwsgi 2.0.27 2.0.28
grpcio 1.66.2 1.68.1
grpcio-tools 1.66.2 1.68.1
minio 7.2.9 7.2.10
pydantic 2.9.2 2.10.4
redis 5.1.0 5.2.1

Updates django from 4.2.16 to 4.2.17

Commits

Updates cryptography from 43.0.1 to 44.0.0

Changelog

Sourced from cryptography's changelog.

44.0.0 - 2024-11-27


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
  Python core team. Support for Python 3.7 will be removed in a future
  ``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
  versions of macOS should upgrade, or they will need to build
  ``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions must
  not be empty.
* Added support for timestamp extraction to the
  :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
  during X.509 verification to allow fields permitted by :rfc:`5280` but
  forbidden by the CA/Browser BRs.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
  when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.

.. _v43-0-3:


43.0.3 - 2024-10-18

  • Fixed release metadata for cryptography-vectors

.. _v43-0-2:

43.0.2 - 2024-10-18


* Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

Commits

Updates drf-spectacular from 0.27.2 to 0.28.0

Release notes

Sourced from drf-spectacular's releases.

0.28.0

Important notes

  • Y-stream release due to the amount of small but important changes.
  • Pydantic users might see a slightly different schema due to the change in serialization method.

PRs

New Contributors

Full Changelog: tfranzel/drf-spectacular@0.27.2...0.28.0

Changelog

Sourced from drf-spectacular's changelog.

0.28.0 (2024-11-30)

  • Fix lazy_reverse bug in views ([#1339](https://github.com/tfranzel/drf-spectacular/issues/1339) <https://github.com/tfranzel/drf-spectacular/issues/1339>_)
  • Extend query params explosion of non-DRF serializer [#1315](https://github.com/tfranzel/drf-spectacular/issues/1315) <https://github.com/tfranzel/drf-spectacular/issues/1315>_
  • consider pk_field on PrimaryKeyRelatedField when set [#1335](https://github.com/tfranzel/drf-spectacular/issues/1335) <https://github.com/tfranzel/drf-spectacular/issues/1335>_
  • fix unused OAuth2 scopes override [#1319](https://github.com/tfranzel/drf-spectacular/issues/1319) <https://github.com/tfranzel/drf-spectacular/issues/1319>_
  • bugfix @​extend_schema_field raw schema already in OAS3.1
  • some minors (resolves [#1147](https://github.com/tfranzel/drf-spectacular/issues/1147) <https://github.com/tfranzel/drf-spectacular/issues/1147>_)
  • fix OAS3.1 validator omission [#1302](https://github.com/tfranzel/drf-spectacular/issues/1302) <https://github.com/tfranzel/drf-spectacular/issues/1302>_
  • guard against broken dir impl [#1296](https://github.com/tfranzel/drf-spectacular/issues/1296) <https://github.com/tfranzel/drf-spectacular/issues/1296>_
  • Add Django 5.1 as classifier [jelmert]
  • No extra items in the oneOf list [Vladimir]
  • parametrize component registry identity [#1288](https://github.com/tfranzel/drf-spectacular/issues/1288) <https://github.com/tfranzel/drf-spectacular/issues/1288>_
  • make operation_id action position configurable [#1264](https://github.com/tfranzel/drf-spectacular/issues/1264) <https://github.com/tfranzel/drf-spectacular/issues/1264>_
  • Fix for incorrect issubclass() check. [Mike Moore]
  • Correct the documentation of how to import extension snippets [Alan Crosswell]
  • Update OpenAPI docs links [Nils Van Zuijlen]
  • mitigate false positive in Django Debug Toolbar [#1159](https://github.com/tfranzel/drf-spectacular/issues/1159) <https://github.com/tfranzel/drf-spectacular/issues/1159>_
  • Additional testcase [Marti Raudsepp]
  • Fix ChoiceField schema type with empty choices=[] [Marti Raudsepp]
  • handle examples with nested properties pagination [François Rejeté]
  • add choice field display method handling [#1228](https://github.com/tfranzel/drf-spectacular/issues/1228) <https://github.com/tfranzel/drf-spectacular/issues/1228>_
  • Add support for stateless user authentication in SimpleJWT ([#1221](https://github.com/tfranzel/drf-spectacular/issues/1221) <https://github.com/tfranzel/drf-spectacular/issues/1221>_) [Willem Meints]
  • fix: set pydantic json mode to serialization [Eric Butler]
  • fix: extend_schema_field with dict param and oas 3.1 [Eric Butler]

Breaking changes / important additions:

  • Y-stream release due to the amount of small but important changes.
  • Pydantic users might see a slightly different schema due to the change in serialization method.
Commits

Updates psycopg2-binary from 2.9.9 to 2.9.10

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.13.
  • Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
  • Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.12.
  • Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
  • Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
  • Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Package manylinux 2014 for aarch64 and ppc64le platforms, in order to include libpq 15 in the binary package (:ticket:[#1396](https://github.com/psycopg/psycopg2/issues/1396)).
  • Wheel package bundled with OpenSSL 1.1.1t.

What's new in psycopg 2.9.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.11.
  • Add support for rowcount in MERGE statements in binary packages (:ticket:[#1497](https://github.com/psycopg/psycopg2/issues/1497)).

... (truncated)

Commits
  • a805acf chore: bump to version 2.9.10
  • 78561ac Merge pull request #1728 from romank0/fetch-notifications-on-commit
  • 5283a83 chore: add TransactionTimeout error, added in PostgreSQL 17
  • f64dd39 docs: add news entry about notifications on commit
  • cba6d39 removes duplication in tests
  • 282360d adds notifications processing after every PQexec
  • 362cb00 Adds notifies processing in pq_commit
  • eaeeb76 Merge pull request #1729 from edgarrmondragon/1692-py313-wheels
  • 4987362 ci(windows): drop Python 3.8 packages
  • 8c9a35d ci: test with PostgreSQL 17
  • Additional commits viewable in compare view

Updates uwsgi from 2.0.27 to 2.0.28

Updates grpcio from 1.66.2 to 1.68.1

Release notes

Sourced from grpcio's releases.

Release v1.68.1

This is release 1.68.1 (groovy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [xDS RBAC] Support string_match in HeaderMatcher (#38185). (#38198)

Release v1.68.0

This is release 1.68.0 (groovy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [XdsClient][Backport] Add missing authority to XdsClient metrics scope (#38009). (#38023)
  • [Release] Bump core version in preparation for 1.68 Branch Cut. (#37941)
  • [ConfigFetcher] Set HTTP2 error to NO_ERROR to do graceful GOAWAYs. (#37939)
  • [ruby] reduce INFO log for server CQ pluck registration to DEBUG. (#37633)
  • [EventEngine] Enable the PosixEventEngine client experiment. (#35985)
  • [chttp2_server] Fix race between connection starting and it being orphaned. (#37683)
  • [Chttp2Server] Fix race between connection manager updates and handshake. (#37772)
  • [xds] Fix XdsClient race between ResourceDoesNotExist timer and receiving resources. (#37678)

C++

  • [Build] Minimum version of MSVC is now 2022. (#37687)
  • [Build] Bumped the minimum version of cmake. (#37702)

Python

  • Add templating and support for Python 3.13. (#37643)

Release v1.68.0-pre1

This is a prerelease of gRPC Core 1.68.0 (groovy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

... (truncated)

Commits

Updates grpcio-tools from 1.66.2 to 1.68.1

Release notes

Sourced from grpcio-tools's releases.

Release v1.68.1

This is release 1.68.1 (groovy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [xDS RBAC] Support string_match in HeaderMatcher (#38185). (#38198)

Release v1.68.0

This is release 1.68.0 (groovy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • [XdsClient][Backport] Add missing authority to XdsClient metrics scope (#38009). (#38023)
  • [Release] Bump core version in preparation for 1.68 Branch Cut. (#37941)
  • [ConfigFetcher] Set HTTP2 error to NO_ERROR to do graceful GOAWAYs. (#37939)
  • [ruby] reduce INFO log for server CQ pluck registration to DEBUG. (#37633)
  • [EventEngine] Enable the PosixEventEngine client experiment. (#35985)
  • [chttp2_server] Fix race between connection starting and it being orphaned. (#37683)
  • [Chttp2Server] Fix race between connection manager updates and handshake. (#37772)
  • [xds] Fix XdsClient race between ResourceDoesNotExist timer and receiving resources. (#37678)

C++

  • [Build] Minimum version of MSVC is now 2022. (#37687)
  • [Build] Bumped the minimum version of cmake. (#37702)

Python

  • Add templating and support for Python 3.13. (#37643)

Release v1.68.0-pre1

This is a prerelease of gRPC Core 1.68.0 (groovy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

... (truncated)

Commits

Updates minio from 7.2.9 to 7.2.10

Release notes

Sourced from minio's releases.

Bugfix Release

What's Changed

New Contributors

Full Changelog: minio/minio-py@7.2.9...7.2.10

Commits

Updates pydantic from 2.9.2 to 2.10.4

Release notes

Sourced from pydantic's releases.

v2.10.4 2024-12-18

What's Changed

Packaging

Fixes

New Contributors

Full Changelog: pydantic/pydantic@v2.10.3...v2.10.4

v2.10.3 2024-12-03

What's Changed

Fixes

  • Set fields when defer_build is set on Pydantic dataclasses by @​Viicos in #10984
  • Do not resolve the JSON Schema reference for dict core schema keys by @​Viicos in #10989
  • Use the globals of the function when evaluating the return type for PlainSerializer and WrapSerializer functions by @​Viicos in #11008
  • Fix host required enforcement for urls to be compatible with v2.9 behavior by @​sydney-runkle in #11027
  • Add a default_factory_takes_validated_data property to FieldInfo by @​Viicos in #11034
  • Fix url json schema in serialization mode by @​sydney-runkle in #11035

Full Changelog: pydantic/pydantic@v2.10.2...v2.10.3

v2.10.2 2024-11-26

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.10.1...v2.10.2

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.10.4 (2024-12-18)

GitHub release

What's Changed

Packaging

Fixes

New Contributors

v2.10.3 (2024-12-03)

GitHub release

What's Changed

Fixes

  • Set fields when defer_build is set on Pydantic dataclasses by @​Viicos in #10984
  • Do not resolve the JSON Schema reference for dict core schema keys by @​Viicos in #10989
  • Use the globals of the function when evaluating the return type for PlainSerializer and WrapSerializer functions by @​Viicos in #11008
  • Fix host required enforcement for urls to be compatible with v2.9 behavior by @​sydney-runkle in #11027
  • Add a default_factory_takes_validated_data property to FieldInfo by @​Viicos in #11034
  • Fix url json schema in serialization mode by @​sydney-runkle in #11035

v2.10.2 (2024-11-25)

GitHub release

What's Changed

Fixes

  • Only evaluate FieldInfo annotations if required during schema building by @​Viicos in #10769

... (truncated)

Commits

Updates redis from 5.1.0 to 5.2.1

Release notes

Sourced from redis's releases.

5.2.1

Changes

🐛 Bug Fixes

  • Fixed unsecured tempfile.mktemp() command usage (#3446)
  • Fixed bug with SLOWLOG GET response parsing on Redis Software (#3441)
  • Fixed issue with invoking _close() on closed event loop (#3438)

🧰 Maintenance

  • Migrate test infrastructure to new custom docker images (#3415)
  • Fixed flacky test with HEXPIREAT command (#3437)

Contributors

We'd like to thank all the contributors who worked on this release!

@​IlianIliev @​uglide @​vladvildanov @​teodorfn @​akx

5.2.0

Changes

🚀 New Features

  • Extend AggregateRequest with scorer argument (#3409)

🧰 Maintenance

  • Pin pytest-profiling version due to the bug (#3417)

Contributors

We'd like to thank all the contributors who worked on this release!

@​uglide @​rbs333 @​vladvildanov @​dwdougherty

5.1.1

Changes

5.1.1

🐛 Bug Fixes

  • Fixed return type for Redis Set commands to be Set instead of List (#3399)
  • Fixed bug with partial Hiredis availability (#3400)
  • Fixed bug with async pipeline and cluster fails with some commands (#3402)

5.1.0

🚀 New Features

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-dependencies group across 1 director…
b3e9177 
…y with 10 updates

Bumps the production-dependencies group with 10 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `4.2.16` | `4.2.17` |
| [cryptography](https://github.com/pyca/cryptography) | `43.0.1` | `44.0.0` |
| [drf-spectacular](https://github.com/tfranzel/drf-spectacular) | `0.27.2` | `0.28.0` |
| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.9` | `2.9.10` |
| [uwsgi](https://uwsgi-docs.readthedocs.io/en/latest/) | `2.0.27` | `2.0.28` |
| [grpcio](https://github.com/grpc/grpc) | `1.66.2` | `1.68.1` |
| [grpcio-tools](https://github.com/grpc/grpc) | `1.66.2` | `1.68.1` |
| [minio](https://github.com/minio/minio-py) | `7.2.9` | `7.2.10` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.9.2` | `2.10.4` |
| [redis](https://github.com/redis/redis-py) | `5.1.0` | `5.2.1` |



Updates `django` from 4.2.16 to 4.2.17
- [Commits](django/django@4.2.16...4.2.17)

Updates `cryptography` from 43.0.1 to 44.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.0)

Updates `drf-spectacular` from 0.27.2 to 0.28.0
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](tfranzel/drf-spectacular@0.27.2...0.28.0)

Updates `psycopg2-binary` from 2.9.9 to 2.9.10
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](psycopg/psycopg2@2.9.9...2.9.10)

Updates `uwsgi` from 2.0.27 to 2.0.28

Updates `grpcio` from 1.66.2 to 1.68.1
- [Release notes](https://github.com/grpc/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](grpc/grpc@v1.66.2...v1.68.1)

Updates `grpcio-tools` from 1.66.2 to 1.68.1
- [Release notes](https://github.com/grpc/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](grpc/grpc@v1.66.2...v1.68.1)

Updates `minio` from 7.2.9 to 7.2.10
- [Release notes](https://github.com/minio/minio-py/releases)
- [Commits](minio/minio-py@7.2.9...7.2.10)

Updates `pydantic` from 2.9.2 to 2.10.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.9.2...v2.10.4)

Updates `redis` from 5.1.0 to 5.2.1
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v5.1.0...v5.2.1)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: psycopg2-binary
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: uwsgi
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: grpcio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: grpcio-tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: minio
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: redis
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner January 1, 2025 08:39
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant