Bump actions/cache from 3 to 4 by dependabot[bot] · Pull Request #320 · pinterest/snappass

dependabot · 2024-01-22T02:10:41Z

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

Update action to node20 by @takost in actions/cache#1284

feat: save-always flag by @to-s in actions/cache#1242

New Contributors

@takost made their first contribution in actions/cache#1284

@to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

Cache v3.3.3 by @robherley in actions/cache#1302

New Contributors

@robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

Fixed readme with new segment timeout values by @kotewar in actions/cache#1133

Readme fixes by @kotewar in actions/cache#1134

Updated description of the lookup-only input for main action by @kotewar in actions/cache#1130

Change two new actions mention as quoted text by @bishal-pdMSFT in actions/cache#1131

Update Cross-OS Caching tips by @pdotl in actions/cache#1122

Bazel example (Take #2️⃣) by @vorburger in actions/cache#1132

Remove actions to add new PRs and issues to a project board by @jorendorff in actions/cache#1187

Consume latest toolkit and fix dangling promise bug by @chkimes in actions/cache#1217

Bump action version to 3.3.2 by @bethanyj28 in actions/cache#1236

New Contributors

@vorburger made their first contribution in actions/cache#1132

@jorendorff made their first contribution in actions/cache#1187

@chkimes made their first contribution in actions/cache#1217

@bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

Reduced download segment size to 128 MB and timeout to 10 minutes by @kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

Bug: Permission is missing in cache delete example by @kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

Updated minimum runner version support from node 12 -> node 16

3.0.1

Added support for caching from GHES 3.5.

Fixed download issue for files > 2GB during restore.

3.0.2

Added support for dynamic cache size cap on GHES.

3.0.3

Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

Fixed #809 - zstd -d: no such file or directory error

Fixed #833 - cache doesn't work with github workspace directory

3.0.7

Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

Fix zstd not working for windows on gnu tar in issues #888 and #891.

Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

Fix a bug with sorting inputs.

Update definition for restore-keys in README.md

... (truncated)

Commits

13aacd8 Merge pull request #1242 from to-s/main
53b35c5 Merge branch 'main' into main
65b8989 Merge pull request #1284 from takost/update-to-node-20
d0be34d Fix dist
66cf064 Merge branch 'main' into update-to-node-20
1326563 Merge branch 'main' into main
e718767 Fix format
0122982 Apply workaround for earlyExit
3185ecf Update "only-" actions to node20
25618a0 Bump version
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

* Remove py3.7 (pinterest#234) * Remove py3.7 * Restore cache action * Bump cryptography from 39.0.2 to 41.0.1 (pinterest#260) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.2 to 41.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@39.0.2...41.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tox from 3.25.0 to 4.6.0 (pinterest#262) Bumps [tox](https://github.com/tox-dev/tox) from 3.25.0 to 4.6.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@3.25.0...4.6.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 1.7.5 to 2.14.1 (pinterest#263) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 1.7.5 to 2.14.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v1.7.5...v2.14.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flask from 2.1.2 to 2.3.2 (pinterest#250) Bumps [flask](https://github.com/pallets/flask) from 2.1.2 to 2.3.2. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.1.2...2.3.2) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 7.1.2 to 7.3.1 (pinterest#243) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.2 to 7.3.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.1.2...7.3.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump redis from 4.5.3 to 4.5.5 (pinterest#253) Bump redis from 4.3.3 to 4.5.5 Bumps [redis](https://github.com/redis/redis-py) from 4.3.3 to 4.5.5. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.3.3...v4.5.5) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuru Shao <yshao@pinterest.com> * Bump coverage from 6.4.1 to 7.2.7 (pinterest#267) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 7.2.7. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@6.4.1...7.2.7) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest-cov from 3.0.0 to 4.1.0 (pinterest#266) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.1.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v3.0.0...v4.1.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3 to 4 (pinterest#282) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 (pinterest#284) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump tox from 4.6.0 to 4.11.3 (pinterest#287) Bumps [tox](https://github.com/tox-dev/tox) from 4.6.0 to 4.11.3. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.6.0...4.11.3) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 2.14.1 to 2.20.0 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.14.1 to 2.20.0. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.14.1...v2.20.0) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump redis from 4.5.5 to 5.0.1 Bumps [redis](https://github.com/redis/redis-py) from 4.5.5 to 5.0.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.5.5...v5.0.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Install deps from requirements.txt (pinterest#303) * Prepare 1.6.1 release (pinterest#304) * Prepare 1.6.1 release * Update configs * Fix dev requirements * Bump version: 1.6.0 → 1.6.1 (pinterest#305) * Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (pinterest#300) Use urllib.parse for quoting/unquoting plus werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions. * Bump actions/setup-python from 4 to 5 (pinterest#306) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github/codeql-action from 2 to 3 (pinterest#309) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump werkzeug from 2.3.3 to 3.0.1 (pinterest#295) Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.3 to 3.0.1. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.3.3...3.0.1) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flask from 2.3.2 to 3.0.0 (pinterest#294) Bumps [flask](https://github.com/pallets/flask) from 2.3.2 to 3.0.0. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.3.2...3.0.0) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 7.3.1 to 7.4.4 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.4. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.3.1...7.4.4) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump version: 1.6.1 → 1.6.2 (pinterest#311) * Bump freezegun from 1.2.1 to 1.4.0 Bumps [freezegun](https://github.com/spulec/freezegun) from 1.2.1 to 1.4.0. - [Release notes](https://github.com/spulec/freezegun/releases) - [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG) - [Commits](spulec/freezegun@1.2.1...1.4.0) --- updated-dependencies: - dependency-name: freezegun dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump flake8 from 6.0.0 to 7.0.0 Bumps [flake8](https://github.com/pycqa/flake8) from 6.0.0 to 7.0.0. - [Commits](PyCQA/flake8@6.0.0...7.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Add health check endpoint (pinterest#329) * Add health check endpoint * Add assertion on status * add i18n to Snappass * Bump fakeredis from 2.20.0 to 2.21.1 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.20.0 to 2.21.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.20.0...v2.21.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * remove import of flask, g * Add empty translations for de and es * Bump cryptography from 41.0.4 to 42.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 42.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.4...42.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Add German Translation * Bump pytest from 7.4.4 to 8.0.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.0.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.4.4...8.0.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump coverage from 7.2.7 to 7.4.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.7 to 7.4.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.2.7...7.4.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tox from 4.11.3 to 4.13.0 Bumps [tox](https://github.com/tox-dev/tox) from 4.11.3 to 4.13.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.11.3...4.13.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix missing bracket * restore extra spaces * Add Spanish and fixup NL&DE * TIL flake8 :) * Bump actions/cache from 3 to 4 (pinterest#320) Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jinja2 from 3.1.2 to 3.1.3 (pinterest#336) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add /api endpoint for automated flows (pinterest#316) * add /api endpoint * pass password in request body when using API * flake8 fixed; tests added * flake8 fixed test.py --------- Co-authored-by: Reinoud van Leeuwen <reinoud.van.leeuwen@itcreation.nl> * Bump pytest from 8.0.1 to 8.1.0 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.0.1 to 8.1.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.0.1...8.1.0) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Yuru Shao <yshao@pinterest.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Devin Lundberg <devin60070@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Yuping Li <ypli@ksu.edu> Co-authored-by: vin01 <30344579+vin01@users.noreply.github.com> Co-authored-by: systeembeheerder <19684880+systeembeheerder@users.noreply.github.com> Co-authored-by: Reinoud van Leeuwen <github@leeuwen.net> Co-authored-by: Reinoud van Leeuwen <reinoud.van.leeuwen@itcreation.nl>

Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump cryptography from 37.0.2 to 39.0.2 (pinterest#224) Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.2 to 39.0.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@37.0.2...39.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Security upgrade werkzeug from 2.1.2 to 2.2.3 (pinterest#221) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump flake8 from 4.0.1 to 6.0.0 (pinterest#205) Bumps [flake8](https://github.com/pycqa/flake8) from 4.0.1 to 6.0.0. - [Release notes](https://github.com/pycqa/flake8/releases) - [Commits](PyCQA/flake8@4.0.1...6.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove py3.7 (pinterest#234) * Remove py3.7 * Restore cache action * Bump cryptography from 39.0.2 to 41.0.1 (pinterest#260) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.2 to 41.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@39.0.2...41.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tox from 3.25.0 to 4.6.0 (pinterest#262) Bumps [tox](https://github.com/tox-dev/tox) from 3.25.0 to 4.6.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@3.25.0...4.6.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 1.7.5 to 2.14.1 (pinterest#263) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 1.7.5 to 2.14.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v1.7.5...v2.14.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flask from 2.1.2 to 2.3.2 (pinterest#250) Bumps [flask](https://github.com/pallets/flask) from 2.1.2 to 2.3.2. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.1.2...2.3.2) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 7.1.2 to 7.3.1 (pinterest#243) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.2 to 7.3.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.1.2...7.3.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump redis from 4.5.3 to 4.5.5 (pinterest#253) Bump redis from 4.3.3 to 4.5.5 Bumps [redis](https://github.com/redis/redis-py) from 4.3.3 to 4.5.5. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.3.3...v4.5.5) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuru Shao <yshao@pinterest.com> * Bump coverage from 6.4.1 to 7.2.7 (pinterest#267) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 7.2.7. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@6.4.1...7.2.7) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest-cov from 3.0.0 to 4.1.0 (pinterest#266) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.1.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v3.0.0...v4.1.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3 to 4 (pinterest#282) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 (pinterest#284) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump tox from 4.6.0 to 4.11.3 (pinterest#287) Bumps [tox](https://github.com/tox-dev/tox) from 4.6.0 to 4.11.3. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.6.0...4.11.3) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 2.14.1 to 2.20.0 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.14.1 to 2.20.0. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.14.1...v2.20.0) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump redis from 4.5.5 to 5.0.1 Bumps [redis](https://github.com/redis/redis-py) from 4.5.5 to 5.0.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.5.5...v5.0.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Install deps from requirements.txt (pinterest#303) * Prepare 1.6.1 release (pinterest#304) * Prepare 1.6.1 release * Update configs * Fix dev requirements * Bump version: 1.6.0 → 1.6.1 (pinterest#305) * Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (pinterest#300) Use urllib.parse for quoting/unquoting plus werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions. * Bump actions/setup-python from 4 to 5 (pinterest#306) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github/codeql-action from 2 to 3 (pinterest#309) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump werkzeug from 2.3.3 to 3.0.1 (pinterest#295) Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.3 to 3.0.1. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.3.3...3.0.1) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flask from 2.3.2 to 3.0.0 (pinterest#294) Bumps [flask](https://github.com/pallets/flask) from 2.3.2 to 3.0.0. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.3.2...3.0.0) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 7.3.1 to 7.4.4 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.4. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.3.1...7.4.4) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump version: 1.6.1 → 1.6.2 (pinterest#311) * Bump freezegun from 1.2.1 to 1.4.0 Bumps [freezegun](https://github.com/spulec/freezegun) from 1.2.1 to 1.4.0. - [Release notes](https://github.com/spulec/freezegun/releases) - [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG) - [Commits](spulec/freezegun@1.2.1...1.4.0) --- updated-dependencies: - dependency-name: freezegun dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump flake8 from 6.0.0 to 7.0.0 Bumps [flake8](https://github.com/pycqa/flake8) from 6.0.0 to 7.0.0. - [Commits](PyCQA/flake8@6.0.0...7.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Add health check endpoint (pinterest#329) * Add health check endpoint * Add assertion on status * add i18n to Snappass * Bump fakeredis from 2.20.0 to 2.21.1 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.20.0 to 2.21.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.20.0...v2.21.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * remove import of flask, g * Add empty translations for de and es * Bump cryptography from 41.0.4 to 42.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 42.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.4...42.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Add German Translation * Bump pytest from 7.4.4 to 8.0.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.0.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.4.4...8.0.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump coverage from 7.2.7 to 7.4.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.7 to 7.4.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.2.7...7.4.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tox from 4.11.3 to 4.13.0 Bumps [tox](https://github.com/tox-dev/tox) from 4.11.3 to 4.13.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.11.3...4.13.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix missing bracket * restore extra spaces * Add Spanish and fixup NL&DE * TIL flake8 :) * Bump actions/cache from 3 to 4 (pinterest#320) Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jinja2 from 3.1.2 to 3.1.3 (pinterest#336) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add /api endpoint for automated flows (pinterest#316) * add /api endpoint * pass password in request body when using API * flake8 fixed; tests added * flake8 fixed test.py --------- Co-authored-by: Reinoud van Leeuwen <reinoud.van.leeuwen@itcreation.nl> * Bump pytest from 8.0.1 to 8.1.0 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.0.1 to 8.1.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.0.1...8.1.0) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pytest-cov from 4.1.0 to 5.0.0 Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 5.0.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v4.1.0...v5.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * 🚧 Add a 'modern' REST API * 🚧 Add RFC7807 response type * 🚧 Import missing parts * 🎨 Cleanup * ♻️ Use token as name for password_key * 🧑‍💻 Use HATEHOAS style * ✅ Finish test suite implementation * 📝 Add documentation about new APIs * 🎨 flake8 * 🚸 Remove URL encoding from token * 🚸 Add a link to web view Allowing usage of the password into a subsystem which target human * Bump wheel from 0.42.0 to 0.43.0 Bumps [wheel](https://github.com/pypa/wheel) from 0.42.0 to 0.43.0. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.42.0...0.43.0) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933 * Bump tox from 4.13.0 to 4.16.0 (pinterest#376) Bumps [tox](https://github.com/tox-dev/tox) from 4.13.0 to 4.16.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.13.0...4.16.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump coverage from 7.4.2 to 7.6.0 (pinterest#379) Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.4.2 to 7.6.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.4.2...7.6.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 2.21.1 to 2.23.4 (pinterest#381) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.21.1 to 2.23.4. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.21.1...v2.23.4) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Security upgrade cryptography from 42.0.3 to 42.0.8 (pinterest#371) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6913422 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump freezegun from 1.4.0 to 1.5.1 (pinterest#362) Bumps [freezegun](https://github.com/spulec/freezegun) from 1.4.0 to 1.5.1. - [Release notes](https://github.com/spulec/freezegun/releases) - [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG) - [Commits](spulec/freezegun@1.4.0...1.5.1) --- updated-dependencies: - dependency-name: freezegun dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Security upgrade jinja2 from 3.1.3 to 3.1.4 (pinterest#359) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump itsdangerous from 2.1.2 to 2.2.0 (pinterest#347) Bumps [itsdangerous](https://github.com/pallets/itsdangerous) from 2.1.2 to 2.2.0. - [Release notes](https://github.com/pallets/itsdangerous/releases) - [Changelog](https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst) - [Commits](pallets/itsdangerous@2.1.2...2.2.0) --- updated-dependencies: - dependency-name: itsdangerous dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuru Shao <yshao@pinterest.com> * Environment variables for default port and bind address (pinterest#342) * Add env vars to override default bind address and port * Update main.py Prefix bind address and port with SNAPPASS_ * Update README.rst update readme to prefix SNAPPASS_ to bind address and port --------- Co-authored-by: Yuru Shao <yshao@pinterest.com> * Bump cryptography from 42.0.8 to 43.0.0 (pinterest#382) Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.8 to 43.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@42.0.8...43.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 8.1.0 to 8.3.2 (pinterest#385) Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.1.0 to 8.3.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.1.0...8.3.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flake8 from 7.0.0 to 7.1.1 (pinterest#383) Bumps [flake8](https://github.com/pycqa/flake8) from 7.0.0 to 7.1.1. - [Commits](PyCQA/flake8@7.0.0...7.1.1) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump wheel from 0.43.0 to 0.44.0 (pinterest#384) Bumps [wheel](https://github.com/pypa/wheel) from 0.43.0 to 0.44.0. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.43.0...0.44.0) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tox from 4.16.0 to 4.17.0 (pinterest#386) Bumps [tox](https://github.com/tox-dev/tox) from 4.16.0 to 4.17.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.16.0...4.17.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tox from 4.17.0 to 4.18.0 (pinterest#388) Bumps [tox](https://github.com/tox-dev/tox) from 4.17.0 to 4.18.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.17.0...4.18.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 2.23.4 to 2.24.1 (pinterest#390) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.23.4 to 2.24.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.23.4...v2.24.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix i18n (pinterest#375) * fix i18n * Ignore linter error regarding _ * [Snyk] Security upgrade cryptography from 43.0.0 to 43.0.1 (pinterest#391) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-7886970 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump tox from 4.18.0 to 4.23.0 (pinterest#405) Bumps [tox](https://github.com/tox-dev/tox) from 4.18.0 to 4.23.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.18.0...4.23.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 2.24.1 to 2.25.1 (pinterest#397) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.24.1 to 2.25.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.24.1...v2.25.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump redis from 5.0.1 to 5.1.1 (pinterest#401) Bumps [redis](https://github.com/redis/redis-py) from 5.0.1 to 5.1.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v5.0.1...v5.1.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Improve german translation (pinterest#412) * Improve german translation The translation was very inconsistent in naming the components and addressing the user. This has been improved. * Further improvements to the german translation Fix some more mistakes in the translation * Update messages.po minor improvements * [Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.6 (pinterest#409) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309091 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update NL messages.po (pinterest#424) fix typo * add French translation by snaaky404, fixes pinterest#380 (pinterest#422) * update image to use safepass * update branding in the base theme * add pre-commit config file * project configuration * update placeholder for secret input * chore: add matomo js stuff * chore: add matomo values injector * chore: fix matomo.php's path * Patch: get secrets id using a query parameter (#36) * chore: set and retreive passwords using a query parameter * chore: disallow matomo from tracking query params * Add wp ci (#40) * chore: remove old drone file * builds: add new wp builds file * Bump actions/checkout from 3 to 4 (pinterest#282) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Install deps from requirements.txt (pinterest#303) * Bump github/codeql-action from 2 to 3 (pinterest#309) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add i18n to Snappass * fix i18n (pinterest#375) * fix i18n * Ignore linter error regarding _ * ci(pc): add pre-commit configuration * feat(branding): add safepass branding * ci(workflows): update branch names in triggers * ci(pc): add samplr pc hook * fix(project): fix formatting issues * ci(samplr): add samplr configuration * build(gitignore): update ignores for environment configuration * refactor(compose): revert docker compose file * fix(main.py): add matomo environment variables * ci: setup samplr * refactor(i18n): update branding from snappass to safepass --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Devin Lundberg <devin60070@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Yuru Shao <yshao@pinterest.com> Co-authored-by: Yuping Li <ypli@ksu.edu> Co-authored-by: vin01 <30344579+vin01@users.noreply.github.com> Co-authored-by: systeembeheerder <19684880+systeembeheerder@users.noreply.github.com> Co-authored-by: Reinoud van Leeuwen <github@leeuwen.net> Co-authored-by: Reinoud van Leeuwen <reinoud.van.leeuwen@itcreation.nl> Co-authored-by: Emilien GUILMINEAU <XREvo@users.noreply.github.com> Co-authored-by: Emilien GUILMINEAU <guilmineau.emilien@gmail.com> Co-authored-by: Egg <45681670+Radical-Egg@users.noreply.github.com> Co-authored-by: Viktor Haid <52320564+viktorhaid@users.noreply.github.com> Co-authored-by: S. Neuhaus <neuhaus@users.noreply.github.com> Co-authored-by: George Khoury <g.khoury@josa.ngo> Co-authored-by: Baraa Al-Masri <pub@mbaraa.com> Co-authored-by: thamudi <18720062+thamudi@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 22, 2024

yurushao approved these changes Feb 23, 2024

View reviewed changes

yurushao merged commit 5d37e45 into master Feb 23, 2024

dependabot Bot deleted the dependabot/github_actions/actions/cache-4 branch February 23, 2024 21:49

silverl mentioned this pull request Mar 6, 2024

Bringing in latest from upstream repo trackabout/snappass#40

Merged

silverl mentioned this pull request Nov 2, 2024

ls/latest updates trackabout/snappass#45

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/cache from 3 to 4#320

Bump actions/cache from 3 to 4#320
yurushao merged 1 commit intomasterfrom
dependabot/github_actions/actions/cache-4

dependabot Bot commented on behalf of github Jan 22, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jan 22, 2024

v4.0.0

What's Changed

New Contributors

v3.3.3

What's Changed

New Contributors

v3.3.2

What's Changed

New Contributors

v3.3.1

What's Changed

v3.3.0

What's Changed

Releases

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant