Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 5 updates #14

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 5 updates #14

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 11, 2024

Bumps the pip group with 5 updates in the / directory:

Package From To
azure-identity 1.7.0 1.16.1
azure-storage-blob 12.11.0 12.13.0
msal 1.23.0 1.28.0
paramiko 2.12.0 3.4.0
requests 2.31.0 2.32.2

Updates azure-identity from 1.7.0 to 1.16.1

Release notes

Sourced from azure-identity's releases.

azure-identity_1.16.1

1.16.1 (2024-06-11)

Bugs Fixed

  • Managed identity bug fixes

azure-identity_1.16.0

1.16.0 (2024-04-09)

Other Changes

  • For IMDS requests in ManagedIdentityCredential, the retry backoff factor was reduced from 2 to 0.8 in order to avoid excessive retry delays and improve responsiveness. Users can customize this setting with the retry_backoff_factor parameter: ManagedIdentityCredential(retry_backoff_factor=2). (#35070)
Commits

Updates azure-storage-blob from 12.11.0 to 12.13.0

Commits
  • e90af43 DataLake funny dependency (#25129)
  • cbec338 [AutoRelease] t2-storagecache-2022-07-06-35884(Do not merge) (#25089)
  • dc7c5a1 [Storage] API View Feedback For STG84 GA (#25085)
  • 9f66f6b [Storage] Revert removing aiohttp dependency for storage.blob.aio (#25084)
  • e40d3e1 [storage.blob] Remove aiohttp as dependency for storage.blob.aio (#24965)
  • 7915719 [Storage] Prepare for STG83 GA release (#25040)
  • 155eb8b [Storage] Add progress_hook to file-share upload/download (#24997)
  • 66dd3be [Storage] Fix more flaky lease tests (#25011)
  • 0301417 [Storage] Add argument to perf tests to use client-side encryption (#24978)
  • 4899065 [perf] Add pipeline template and storage pipelines (#24894)
  • Additional commits viewable in compare view

Updates msal from 1.23.0 to 1.28.0

Release notes

Sourced from msal's releases.

MSAL Python 1.28.0

  • New feature: PublicClientApplication and ConfidentialClientApplication have a new oidc_authority parameter that can be used to specify authority of any generic OpenID Connect authority, typically the customized domain for CIAM. (#676, #678)
  • Dropping Python 2.7

MSAL Python 1.27.0

What's Changed

Release Notes:

  • New feature: remove_tokens_for_client() will remove tokens acquired by acquire_token_for_client() (#640, #650, #666)
  • Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
  • Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
  • Adjustment: Bump upstream broker dependency to 0.14.x
  • Improvement: Better chance to remove accounts from broker (#651)
  • Improvement: Cleaner console output when the http local server is visited in https protocol (#546)
  • Improvement: Reduce a bare except clause (#667)

Note:

  • The previous preview features in previous 1.27.0b2 requires more beta testing, so they did NOT make it to 1.27.0. If you want to beta test 1.27.0b2, follow its own instruction.
  • MSAL Python 1.27 is the last version that still runs on Python 2.7

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-python@1.26.0...1.27.0

MSAL Python 1.27.0b2

This beta release is a preview for the broker-on-Mac support. You can install it by pip install msal==1.27.0b2. Please refer to this staged API Reference Doc for how to opt into this new feature.

MSAL Python 1.26.0

  • Do not auto-detect region if app developer does not opt-in to region (#629, #630)
  • Support Proof-of-Possession (PoP) for Public Client based on broker (#511)

MSAL Python 1.25.0

  • Deprecation: allow_broker will be replaced by enable_broker_on_windows (#613)
  • Bugfix: Device Code Flow (and Username Password Flow) and its subsequent silent request will automatically bypass broker and succeed. (#569)
  • Enhancement: acquire_token_interactive() supports running inside Docker
  • Observability: Successful token response will contain a new token_source field to indicate where the token was obtained from: identity_provider, cache or broker. (#610)

MSAL Python 1.24.1

Includes minor adjustments on handling acquire_token_interactive(). The scope of the issue being addressed was limited to a short-lived sign-in attempt. The potential misuse vector complexity was high, therefore it is unlikely to be reproduced in standard usage scenarios; however, out of abundance of caution, this fix is shipped to align ourselves with Microsoft's policy of secure-by-default.

MSAL Python 1.24.0

  • Enhancement: There may be a new msal_telemetry key available in MSAL's acquire token response, currently observed when broker is enabled. Its content and format are opaque to caller. This telemetry blob allows participating apps to collect them via telemetry, and it may help future troubleshooting. (#575)
  • Enhancement: A new enable_pii_log parameter is added into ClientApplication constructor. When enabled, the broker component may include PII (Personal Identifiable Information) in logs. This may help troubleshooting. (#568, #590)

... (truncated)

Commits
  • 2d03ad9 MSAL Python 1.28.0
  • e06ca87 A semi-auto script to test Azure CLI with broker
  • 70e09fb Implements a new optional oidc_authority parameter
  • c442c78 Rebrand from AAD to Microsoft Entra (#655)
  • 8ff855e Merge pull request #673 from AzureAD/iulico/update-broker-default-redirect-uri
  • c73b7ca update the default broker redirect uri
  • 7e04519 Releasing 1.27
  • 9a866ca Don't use bare except when importing (#667)
  • 59c3000 Pick up latest PyMsalRuntime 0.14.x
  • 4f0e03d CCA can be tested by: python -m msal
  • Additional commits viewable in compare view

Updates paramiko from 2.12.0 to 3.4.0

Commits
  • f0881ba Cut 3.4.0
  • 3e4bdf9 Changelog/comment updates
  • 30b447b Linting
  • 33508c9 Expand MessageOrderError use to handle more packet types
  • 96db1e2 Raise exception when sequence numbers rollover during initial kex
  • 58785d2 Changelog tweak re: other new Transport kwarg
  • 8dcb237 Test-suite-only bugfix: defer did not actually imply skip_verify
  • fa46de7 Reset sequence numbers on rekey
  • 75e311d Enforce zero seqno on kexinit
  • 73f079f Fill in CVE number for Terrapin attack
  • Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 5 updates
12e7468 
Bumps the pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.7.0` | `1.16.1` |
| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.11.0` | `12.13.0` |
| [msal](https://github.com/AzureAD/microsoft-authentication-library-for-python) | `1.23.0` | `1.28.0` |
| [paramiko](https://github.com/paramiko/paramiko) | `2.12.0` | `3.4.0` |
| [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` |



Updates `azure-identity` from 1.7.0 to 1.16.1
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.7.0...azure-identity_1.16.1)

Updates `azure-storage-blob` from 12.11.0 to 12.13.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.11.0...azure-storage-blob_12.13.0)

Updates `msal` from 1.23.0 to 1.28.0
- [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases)
- [Commits](AzureAD/microsoft-authentication-library-for-python@1.23.0...1.28.0)

Updates `paramiko` from 2.12.0 to 3.4.0
- [Commits](paramiko/paramiko@2.12.0...3.4.0)

Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

---
updated-dependencies:
- dependency-name: azure-identity
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: azure-storage-blob
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: msal
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: paramiko
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 11, 2024
@dependabot dependabot bot mentioned this pull request Jun 11, 2024
Closed
@cicharka
Copy link
Contributor

cicharka commented Aug 9, 2024

old PR

@cicharka cicharka closed this Aug 9, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Aug 9, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/pip-3f50492f08 branch August 9, 2024 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@cicharka