New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scheduled weekly dependency update for week 07 #809
base: master
Are you sure you want to change the base?
Conversation
PR Summary
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #809 +/- ##
=======================================
Coverage 33.67% 33.67%
=======================================
Files 5 5
Lines 677 677
=======================================
Hits 228 228
Misses 449 449
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Type: Enhancement
PR Summary: This pull request focuses on updating several key dependencies to their latest versions, including certifi, jinja2, pygments, requests, and urllib3. These updates are crucial for maintaining the security, performance, and compatibility of the application. Notably, the update for requests addresses a significant security vulnerability related to the forwarding of Proxy-Authorization headers, making this update particularly important.
Decision: Comment
📝 Type: 'Enhancement' - not supported yet.
- Sourcery currently only approves 'Typo fix' PRs.
✅ Issue addressed: this change correctly addresses the issue or implements the desired feature.
No details provided.
📝 Complexity: the changes are too large or complex for Sourcery to approve.
- Unsupported files: the diff contains files that Sourcery does not currently support during reviews.
General suggestions:
- Given the security implications of the updates, especially for the requests package, ensure thorough testing in environments that closely mimic production to catch any potential issues arising from the new versions.
- Consider reviewing the changelogs and migration guides of these updated dependencies for any deprecated features or breaking changes that might affect the application. This can help in identifying adjustments needed in the application codebase to accommodate the new versions.
- Since the bot was unable to find changelogs for some of the updated packages, manually verify the changes for those packages to ensure there are no unexpected impacts on the application.
Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨
Update certifi from 2022.9.24 to 2024.2.2.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
Update jinja2 from 3.1.2 to 3.1.3.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
Update pygments from 2.13.0 to 2.17.2.
The bot wasn't able to find a changelog for this release. Got an idea?
Links
Update requests from 2.28.1 to 2.31.0.
Changelog
2.31.0
2.30.0
2.29.0
2.28.2
Links
Update urllib3 from 1.26.11 to 2.2.1.
Changelog
2.2.1
2.2.0
2.1.0
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0a4
2.0.0a3
2.0.0a2
2.0.0a1
1.26.18
1.26.17
1.26.16
1.26.15
1.26.14
1.26.13
1.26.12
Links