Bump the primary-deps group with 5 updates #126

dependabot · 2024-03-01T10:03:31Z

Bumps the primary-deps group with 5 updates:

Package	From	To
marshmallow	`3.20.1`	`3.21.0`
cryptography	`41.0.7`	`42.0.5`
botocore	`1.34.11`	`1.34.53`
boto3	`1.34.11`	`1.34.53`
slack-sdk	`3.26.1`	`3.27.1`

Updates marshmallow from 3.20.1 to 3.21.0

Changelog

Sourced from marshmallow's changelog.

3.21.0 (2024-02-26)

Bug fixes:

Fix validation of URL fields to allow missing user field, per NWG RFC 3986 (:issue:2232). Thanks :user:ddennerline3 for reporting and :user:deckar01 for the PR.

Other changes:

Backwards-incompatible: __version__, __parsed_version__, and __version_info__ attributes are deprecated (:issue:2227). Use feature detection or importlib.metadata.version("marshmallow") instead.

3.20.2 (2024-01-09)

Bug fixes:

Fix Nested field type hint for lambda Schema types (:pr:2164). Thanks :user:somethingnew2-0 for the PR.

Other changes:

Officially support Python 3.12 (:pr:2188). Thanks :user:hugovk for the PR.

Commits

cd976d5 Bump version and update changelog
853b144 URL User Info Validation (#2244)
bf33daf [pre-commit.ci] pre-commit autoupdate (#2242)
13a12ad Fix typo
e140f7d Deprecate version and related attributes (#2229)
300f965 [pre-commit.ci] pre-commit autoupdate
c282bd5 [pre-commit.ci] pre-commit autoupdate (#2239)
af79a44 Bump actions/setup-python from 4 to 5 (#2236)
6d4ebf3 Bump actions/upload-artifact from 3 to 4 (#2237)
fe701be Bump actions/download-artifact from 3 to 4 (#2238)
Additional commits viewable in compare view

Updates cryptography from 41.0.7 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23
* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:
42.0.4 - 2024-02-20
Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130

Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370.

.. _v42-0-3:

42.0.3 - 2024-02-15
* Fixed an initialization issue that caused key loading failures for some
  users.
.. _v42-0-2:
42.0.2 - 2024-01-30
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.

Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys.

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange, X25519PrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange, X448PrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange, and DHPrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange.

.. _v42-0-1:

42.0.1 - 2024-01-24
</tr></table> 

... (truncated)

Commits

33833f0 Release 42.0.5 (#10470)
4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
Additional commits viewable in compare view

Updates botocore from 1.34.11 to 1.34.53

Changelog

Sourced from botocore's changelog.

1.34.53

api-change:docdb-elastic: Launched Elastic Clusters Readable Secondaries, Start/Stop, Configurable Shard Instance count, Automatic Backups and Snapshot Copying

api-change:eks: Added support for new AL2023 AMIs to the supported AMITypes.

api-change:lexv2-models: This release makes AMAZON.QnAIntent generally available in Amazon Lex. This generative AI feature leverages large language models available through Amazon Bedrock to automate frequently asked questions (FAQ) experience for end-users.

api-change:migrationhuborchestrator: Adds new CreateTemplate, UpdateTemplate and DeleteTemplate APIs.

api-change:quicksight: TooltipTarget for Combo chart visuals; ColumnConfiguration limit increase to 2000; Documentation Update

api-change:sagemaker: Adds support for ModelDataSource in Model Packages to support unzipped models. Adds support to specify SourceUri for models which allows registration of models without mandating a container for hosting. Using SourceUri, customers can decouple the model from hosting information during registration.

api-change:securitylake: Add capability to update the Data Lake's MetaStoreManager Role in order to perform required data lake updates to use Iceberg table format in their data lake or update the role for any other reason.

1.34.52

api-change:batch: This release adds Batch support for configuration of multicontainer jobs in ECS, Fargate, and EKS. This support is available for all types of jobs, including both array jobs and multi-node parallel jobs.

api-change:bedrock-agent-runtime: This release adds support to override search strategy performed by the Retrieve and RetrieveAndGenerate APIs for Amazon Bedrock Agents

api-change:ce: This release introduces the new API 'GetApproximateUsageRecords', which retrieves estimated usage records for hourly granularity or resource-level data at daily granularity.

api-change:ec2: This release increases the range of MaxResults for GetNetworkInsightsAccessScopeAnalysisFindings to 1,000.

api-change:iot: This release reduces the maximum results returned per query invocation from 500 to 100 for the SearchIndex API. This change has no implications as long as the API is invoked until the nextToken is NULL.

api-change:wafv2: AWS WAF now supports configurable time windows for request aggregation with rate-based rules. Customers can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes.

1.34.51

api-change:amplifyuibuilder: We have added the ability to tag resources after they are created

1.34.50

api-change:apigateway: Documentation updates for Amazon API Gateway.

api-change:drs: Added volume status to DescribeSourceServer replicated volumes.

api-change:kafkaconnect: Adds support for tagging, with new TagResource, UntagResource and ListTagsForResource APIs to manage tags and updates to existing APIs to allow tag on create. This release also adds support for the new DeleteWorkerConfiguration API.

api-change:rds: This release adds support for gp3 data volumes for Multi-AZ DB Clusters.

1.34.49

api-change:appsync: Documentation only updates for AppSync

api-change:qldb: Clarify possible values for KmsKeyArn and EncryptionDescription.

api-change:rds: Add pattern and length based validations for DBShardGroupIdentifier

api-change:rum: Doc-only update for new RUM metrics that were added

1.34.48

... (truncated)

Commits

eeb3362 Merge branch 'release-1.34.53'
799f216 Bumping version to 1.34.53
73acc04 Update endpoints model
7afd549 Update to latest models
5719553 Merge branch 'release-1.34.52' into develop
ec6d662 Merge branch 'release-1.34.52'
9aa9f07 Bumping version to 1.34.52
c3e4bf6 Update to latest models
1b66485 Merge branch 'release-1.34.51' into develop
5863421 Merge branch 'release-1.34.51'
Additional commits viewable in compare view

Updates boto3 from 1.34.11 to 1.34.53

Changelog

Sourced from boto3's changelog.

1.34.53

api-change:docdb-elastic: [botocore] Launched Elastic Clusters Readable Secondaries, Start/Stop, Configurable Shard Instance count, Automatic Backups and Snapshot Copying

api-change:eks: [botocore] Added support for new AL2023 AMIs to the supported AMITypes.

api-change:lexv2-models: [botocore] This release makes AMAZON.QnAIntent generally available in Amazon Lex. This generative AI feature leverages large language models available through Amazon Bedrock to automate frequently asked questions (FAQ) experience for end-users.

api-change:migrationhuborchestrator: [botocore] Adds new CreateTemplate, UpdateTemplate and DeleteTemplate APIs.

api-change:quicksight: [botocore] TooltipTarget for Combo chart visuals; ColumnConfiguration limit increase to 2000; Documentation Update

api-change:sagemaker: [botocore] Adds support for ModelDataSource in Model Packages to support unzipped models. Adds support to specify SourceUri for models which allows registration of models without mandating a container for hosting. Using SourceUri, customers can decouple the model from hosting information during registration.

api-change:securitylake: [botocore] Add capability to update the Data Lake's MetaStoreManager Role in order to perform required data lake updates to use Iceberg table format in their data lake or update the role for any other reason.

1.34.52

api-change:batch: [botocore] This release adds Batch support for configuration of multicontainer jobs in ECS, Fargate, and EKS. This support is available for all types of jobs, including both array jobs and multi-node parallel jobs.

api-change:bedrock-agent-runtime: [botocore] This release adds support to override search strategy performed by the Retrieve and RetrieveAndGenerate APIs for Amazon Bedrock Agents

api-change:ce: [botocore] This release introduces the new API 'GetApproximateUsageRecords', which retrieves estimated usage records for hourly granularity or resource-level data at daily granularity.

api-change:ec2: [botocore] This release increases the range of MaxResults for GetNetworkInsightsAccessScopeAnalysisFindings to 1,000.

api-change:iot: [botocore] This release reduces the maximum results returned per query invocation from 500 to 100 for the SearchIndex API. This change has no implications as long as the API is invoked until the nextToken is NULL.

api-change:wafv2: [botocore] AWS WAF now supports configurable time windows for request aggregation with rate-based rules. Customers can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes.

1.34.51

api-change:amplifyuibuilder: [botocore] We have added the ability to tag resources after they are created

1.34.50

api-change:apigateway: [botocore] Documentation updates for Amazon API Gateway.

api-change:drs: [botocore] Added volume status to DescribeSourceServer replicated volumes.

api-change:kafkaconnect: [botocore] Adds support for tagging, with new TagResource, UntagResource and ListTagsForResource APIs to manage tags and updates to existing APIs to allow tag on create. This release also adds support for the new DeleteWorkerConfiguration API.

api-change:rds: [botocore] This release adds support for gp3 data volumes for Multi-AZ DB Clusters.

1.34.49

api-change:appsync: [botocore] Documentation only updates for AppSync

api-change:qldb: [botocore] Clarify possible values for KmsKeyArn and EncryptionDescription.

api-change:rds: [botocore] Add pattern and length based validations for DBShardGroupIdentifier

api-change:rum: [botocore] Doc-only update for new RUM metrics that were added

1.34.48

... (truncated)

Commits

914c71b Merge branch 'release-1.34.53'
0fdef8b Bumping version to 1.34.53
f39ede7 Add changelog entries from botocore
7d55662 Merge branch 'release-1.34.52' into develop
78d211e Merge branch 'release-1.34.52'
f93792b Bumping version to 1.34.52
aae855b Add changelog entries from botocore
f707245 Merge branch 'release-1.34.51' into develop
97c442a Merge branch 'release-1.34.51'
cc367ab Bumping version to 1.34.51
Additional commits viewable in compare view

Updates slack-sdk from 3.26.1 to 3.27.1

Release notes

Sourced from slack-sdk's releases.

version 3.27.1

Changes

#1466 Fix #1462 websocket_client-based SocketModeClient does not reconnect after a DNS outage - Thanks @ktindall-godaddy @seratch

#1463 Unpin moto, and support moto 5.0 changes - Thanks @s-t-e-v-e-n-k

All issues/pull requests: https://github.com/slackapi/python-slack-sdk/milestone/93?closed=1

All changes: slackapi/python-slack-sdk@v3.27.0...v3.27.1

version 3.27.0

Changes

#1459 Fix #1458 internal error within aiohttp-based socket mode client - Thanks @seratch @jhofeditz

#1450 #1452 Add "slack_file" properties to "image" blocks/elements under slack_sdk.models - Thanks @seratch

#1455 #1456 Can't install async (optional) dependencies in 3.26.2 - Thanks @drasmuss @WilliamBergamin

#1449 feat: add download badge in readme - Thanks @WilliamBergamin

All issues/pull requests: https://github.com/slackapi/python-slack-sdk/milestone/91?closed=1

All changes: slackapi/python-slack-sdk@v3.26.2...v3.27.0

version 3.26.2

Changes

#1447 #1446 aiohttp based socket_mode failed to reconnect and enter a broken state - Thanks @woolen-sheep

#1436 Configuring with pyproject.toml - Thanks @WilliamBergamin

#1443 Update run_*.sh scripts to align with the contributor guide - Thanks @Jamim

#1445 Replace Flask-Sockets with aiohttp for testing - Thanks @Jamim

#1448 Fix broken links to modal documentation - Thanks @christos-P

All issues/pull requests: https://github.com/slackapi/python-slack-sdk/milestone/90?closed=1

All changes: slackapi/python-slack-sdk@v3.26.1...v3.26.2

Commits

e78bf56 version 3.27.1
cd78ab4 Fix #1462 websocket_client-based SocketModeClient does not reconnect after a ...
fe45e0b Unpin moto, and support moto 5.0 changes
60b02d6 version 3.27.0
74febaf Fix #1458 internal error within aiohttp-based socket mode client (#1459)
7e71b73 Fix #1450 slack_file in image block/element (#1452)
00bb7cd Add optional dependency (#1456)
dc96f5f Update Audit Logs API response types
f671c45 feat: add download badge in readme (#1449)
03bd99e version 3.26.2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the primary-deps group with 5 updates: | Package | From | To | | --- | --- | --- | | [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.20.1` | `3.21.0` | | [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `42.0.5` | | [botocore](https://github.com/boto/botocore) | `1.34.11` | `1.34.53` | | [boto3](https://github.com/boto/boto3) | `1.34.11` | `1.34.53` | | [slack-sdk](https://github.com/slackapi/python-slack-sdk) | `3.26.1` | `3.27.1` | Updates `marshmallow` from 3.20.1 to 3.21.0 - [Changelog](https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst) - [Commits](marshmallow-code/marshmallow@3.20.1...3.21.0) Updates `cryptography` from 41.0.7 to 42.0.5 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.7...42.0.5) Updates `botocore` from 1.34.11 to 1.34.53 - [Changelog](https://github.com/boto/botocore/blob/develop/CHANGELOG.rst) - [Commits](boto/botocore@1.34.11...1.34.53) Updates `boto3` from 1.34.11 to 1.34.53 - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.11...1.34.53) Updates `slack-sdk` from 3.26.1 to 3.27.1 - [Release notes](https://github.com/slackapi/python-slack-sdk/releases) - [Changelog](https://github.com/slackapi/python-slack-sdk/blob/main/docs-v2/changelog.html) - [Commits](slackapi/python-slack-sdk@v3.26.1...v3.27.1) --- updated-dependencies: - dependency-name: marshmallow dependency-type: direct:production update-type: version-update:semver-minor dependency-group: primary-deps - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major dependency-group: primary-deps - dependency-name: botocore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: primary-deps - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: primary-deps - dependency-name: slack-sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: primary-deps ... Signed-off-by: dependabot[bot] <support@github.com>

mikegrima · 2024-03-27T18:55:54Z

@dependabot rebase

dependabot · 2024-03-27T18:58:04Z

Looks like these dependencies are no longer updatable, so this is no longer needed.

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 1, 2024

dependabot bot mentioned this pull request Mar 1, 2024

Bump the primary-deps group with 5 updates #119

Closed

dependabot bot closed this Mar 27, 2024

dependabot bot deleted the dependabot/pip/primary-deps-5657463c72 branch March 27, 2024 18:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the primary-deps group with 5 updates #126

Bump the primary-deps group with 5 updates #126

dependabot bot commented on behalf of github Mar 1, 2024 •

edited

Loading

mikegrima commented Mar 27, 2024

dependabot bot commented on behalf of github Mar 27, 2024

Bump the primary-deps group with 5 updates #126

Bump the primary-deps group with 5 updates #126

Conversation

dependabot bot commented on behalf of github Mar 1, 2024 • edited Loading

1.34.53

1.34.52

1.34.51

1.34.50

1.34.49

1.34.48

1.34.53

1.34.52

1.34.51

1.34.50

1.34.49

1.34.48

version 3.27.1

Changes

version 3.27.0

Changes

version 3.26.2

Changes

mikegrima commented Mar 27, 2024

dependabot bot commented on behalf of github Mar 27, 2024

dependabot bot commented on behalf of github Mar 1, 2024 •

edited

Loading