chore(deps): bump the pip group across 3 directories with 3 updates by dependabot[bot] · Pull Request #46 · cnumr/EcoIndex_python

dependabot · 2024-02-06T03:20:46Z

Bumps the pip group with 3 updates in the /. directory: jinja2, fastapi and cryptography.
Bumps the pip group with 1 update in the /projects/ecoindex_api directory: fastapi.

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates fastapi from 0.104.1 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Updates cryptography from 41.0.7 to 42.0.0

Changelog

Sourced from cryptography's changelog.

42.0.0 - 2024-01-22


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field using
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  or
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  will now raise a ``ValueError`` rather than return an empty list.
* Parsing SSH certificates no longer permits malformed critical options with
  values, as documented in the 41.0.2 release notes.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
* We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should
  resolve some errors relating to initializing a module multiple times per
  process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
  X.509 certificate signing requests and certificate revocation lists with the
  keyword-only argument ``rsa_padding`` on the ``sign`` methods for
  :class:`~cryptography.x509.CertificateSigningRequestBuilder` and
  :class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request signature
  algorithm parameters (including PSS) via
  :meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`.
* Added support for obtaining X.509 certificate revocation list signature
  algorithm parameters (including PSS) via
  :meth:`~cryptography.x509.CertificateRevocationList.signature_algorithm_parameters`.
* Added ``mgf`` property to
  :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`.
* Added ``algorithm`` and ``mgf`` properties to
  :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware ``datetime`` objects:
  :meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
  :meth:`~cryptography.x509.Certificate.not_valid_after_utc`,
  :meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`,
  :meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`,
  :meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`.
  These are timezone-aware variants of existing properties that return naïve
  ``datetime`` objects.
* Deprecated the following properties that return naïve ``datetime`` objects:
  :meth:`~cryptography.x509.Certificate.not_valid_before`,
  :meth:`~cryptography.x509.Certificate.not_valid_after`,
  :meth:`~cryptography.x509.RevokedCertificate.revocation_date`,
  :meth:`~cryptography.x509.CertificateRevocationList.next_update`,
  :meth:`~cryptography.x509.CertificateRevocationList.last_update`
  in favor of the new timezone-aware variants mentioned above.
* Added support for
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with
</tr></table>

... (truncated)

Commits

4e64baf 42.0.0 version bump (#10232)
7cb13a3 we'll ship 3.2.0 for 42 (#9951)
605c74e Bump x509-limbo and/or wycheproof in CI (#10231)
97578b9 Bump BoringSSL and/or OpenSSL in CI (#10230)
972a7b5 verification: add test_verify_tz_aware (#10229)
41daf2d Migrate PKCS7 backend to Rust (#10228)
d54093e Remove some skips in tests that aren't needed anymore (#10223)
71929bd Remove binding that's not used anymore (#10224)
7ea4b89 fixed formatting in changelog (#10225)
410f4a1 Allow brainpool on libressl (#10222)
Additional commits viewable in compare view

Updates fastapi from 0.104.1 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 3 updates in the /. directory: [jinja2](https://github.com/pallets/jinja), [fastapi](https://github.com/tiangolo/fastapi) and [cryptography](https://github.com/pyca/cryptography). Bumps the pip group with 1 update in the /projects/ecoindex_api directory: [fastapi](https://github.com/tiangolo/fastapi). Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `fastapi` from 0.104.1 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.104.1...0.109.1) Updates `cryptography` from 41.0.7 to 42.0.0 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.7...42.0.0) Updates `fastapi` from 0.104.1 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.104.1...0.109.1) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:development dependency-group: pip-security-group - dependency-name: fastapi dependency-type: direct:development dependency-group: pip-security-group - dependency-name: cryptography dependency-type: indirect dependency-group: pip-security-group - dependency-name: fastapi dependency-type: direct:production dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2024-02-06T03:21:52Z

Coverage Report

File	Stmts	Miss	Cover	Missing
bases/ecoindex/cli
__init__.py	0	0	100%
app.py	99	52	47%	125–128, 130, 145–146, 181–182, 184, 192, 201, 203–204, 206–208, 224, 226–228, 230–231, 234, 236–239, 241, 243–244, 249, 253–254, 256, 258, 261, 263–265, 267–268, 271–273, 281, 285, 317, 319, 327, 331, 335
arguments_handler.py	61	10	83%	38–41, 43–44, 50–52, 54
console_output.py	10	7	30%	6, 8–12, 14
crawl.py	15	6	60%	20–24, 27
helper.py	10	6	40%	15, 22–25, 27
report.py	63	46	26%	29, 31–32, 34–35, 37–41, 44, 49, 54, 59–60, 63–66, 74–77, 80, 86, 92–94, 97, 99, 103, 105–107, 109, 120–121, 124–125, 130, 136, 180, 183–184, 186–187
components/ecoindex/compute
__init__.py	2	0	100%
ecoindex.py	28	1	96%	48
components/ecoindex/data
__init__.py	12	0	100%
colors.py	7	0	100%
grades.py	7	0	100%
medians.py	3	0	100%
quantiles.py	3	0	100%
targets.py	3	0	100%
components/ecoindex/exceptions
__init__.py	0	0	100%
scraper.py	8	3	62%	7–9
components/ecoindex/models
__init__.py	6	0	100%
compute.py	65	5	92%	111, 113, 116, 118, 134
enums.py	27	1	96%	9
response_examples.py	5	0	100%
scraper.py	10	0	100%
sort.py	5	0	100%
components/ecoindex/scraper
__init__.py	2	0	100%
scrap.py	68	35	48%	45, 48–49, 51, 60–62, 67–70, 76–79, 82–83, 85–86, 88, 90, 97–100, 107–108, 110–111, 120–121, 123, 126–127, 129
components/ecoindex/utils
__init__.py	2	0	100%
files.py	45	19	57%	23–25, 29, 34, 36–37, 39–41, 46–47, 60–61, 63–64, 80–82
screenshots.py	12	7	41%	8–10, 12, 16, 22–23
test/bases/ecoindex/cli
__init__.py	0	0	100%
test_app.py	52	0	100%
test_arguments_handler.py	34	0	100%
test/components/ecoindex/compute
__init__.py	0	0	100%
test_ecoindex.py	38	0	100%
test_models.py	75	9	88%	122–130
test/components/ecoindex/scraper
__init__.py	0	0	100%
test_scraper.py	32	0	100%
TOTAL	809	207	74%

dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 6, 2024

dependabot Bot mentioned this pull request Feb 6, 2024

chore(deps): bump the pip group across 3 directories with 2 updates #45

Closed

github-actions Bot added the size/M label Feb 6, 2024

vvatelot merged commit 388f6bd into main Feb 7, 2024

vvatelot deleted the dependabot/pip/pip-security-group-54272ef03d branch February 7, 2024 07:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the pip group across 3 directories with 3 updates#46

chore(deps): bump the pip group across 3 directories with 3 updates#46
vvatelot merged 1 commit intomainfrom
dependabot/pip/pip-security-group-54272ef03d

dependabot Bot commented on behalf of github Feb 6, 2024

Uh oh!

github-actions Bot commented Feb 6, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Feb 6, 2024

3.1.3

Version 3.1.3

0.109.1

Security fixes

Features

Refactors

Docs

Translations

0.109.1

Security fixes

Features

Refactors

Docs

Translations

Uh oh!

github-actions Bot commented Feb 6, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant