Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the pip group across 1 directory with 12 updates #23

Merged
merged 1 commit into from
Jul 6, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 6, 2024

Bumps the pip group with 11 updates in the /app directory:

Package From To
fastapi 0.104.1 0.109.1
python-multipart 0.0.5 0.0.7
requests 2.31.0 2.32.2
gunicorn 21.2.0 22.0.0
black 24.1.0 24.3.0
cryptography 42.0.1 42.0.4
dnspython 2.5.0 2.6.1
ecdsa 0.18.0 0.19.0
flask-cors 4.0.0 4.0.1
idna 3.6 3.7
urllib3 2.1.0 2.2.2

Updates fastapi from 0.104.1 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

  • ⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

Refactors

  • ✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @​emmettbutler.
  • ♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @​eukub.
  • 🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @​jiridanek.
  • ✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @​ooknimm.

Docs

Translations

  • 🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @​pablocm83.
  • 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @​SnowSuno.

... (truncated)

Commits

Updates python-multipart from 0.0.5 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

  • Refactor header option parser to use the standard library instead of a custom RegEx #75.

0.0.6 (2023-02-27)

  • Migrate package installation to pyproject.toml (PEP 621) #54.
  • Use yaml.safe_load instead of yaml.load #46.
  • Add support for Python 3.11, drop EOL 3.6 #51.
  • Add support for Python 3.8-3.10, drop EOL 2.7-3.5 #42.
  • QuerystringParser: don't raise an AttributeError in __repr__ #30.
Commits

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================
  • use utime to notify workers liveness
  • migrate setup to pyproject.toml
  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
  • parsing additional requests is no longer attempted past unsupported request framing
  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
  • Trailer fields are no longer inspected for headers indicating secure scheme
  • support Python 3.12

** Breaking changes **

  • minimum version is Python 3.7
  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
  • requests specifying unsupported transfer coding (order) are refused by default (rare)
  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/
Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view

Updates black from 24.1.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

Updates cryptography from 42.0.1 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20


* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.

.. _v42-0-3:

42.0.3 - 2024-02-15

  • Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.

.. _v42-0-1:

Commits

Updates dnspython from 2.5.0 to 2.6.1

Release notes

Sourced from dnspython's releases.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.6.1

  • The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

  • As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.

    This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

  • Added support for the NSID EDNS option.

  • Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose.

  • The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.

Commits
  • 0a742b9 update CI
  • 0ea5ad0 The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)
  • f12d398 2.6.1 version prep
  • cecb853 Further improve CVE fix coverage to 100% for sync and async.
  • 7952e31 test IgnoreErrors
  • e093299 For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.
  • 3af9f78 2.6.0 versioning
  • ca63d95 Require cryptography >=41 instead of 42.
  • 902cbf3 Create CODE_OF_CONDUCT.md
  • ed9795f github contributing and pull request template
  • Additional commits viewable in compare view

Updates ecdsa from 0.18.0 to 0.19.0

Release notes

Sourced from ecdsa's releases.

ecdsa 0.19.0

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
  • Fixes around hypothesis parameters
  • Officially support Python 3.11 and 3.12
  • Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
  • Dropped the internal _rwlock module as it's unused
  • Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
  • Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

  • int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
  • Fixes aroung hypothesis parameters
  • Officially support Python 3.11 and 3.12
  • Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
  • Dropped the internal _rwlock module as it's unused
  • Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
  • Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

  • int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

  • Release 0.18.0 (09 Jul 2022)

New API:

  • curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

  • Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.
  • Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

  • Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.
  • Make object names more consistent, make them into hyperlinks on the readthedocs documentation.
  • Make security note more explicit (Ian Rodney)

... (truncated)

Commits
  • be70016 Merge pull request #337 from tlsfuzzer/release-0.19
  • 217735b allow early exit from worker processes when running mutation testing
  • 6e7adff don't check rate if no tests executed
  • c56030e make coveralls submission work with py2.6 again
  • 66d0d74 add release notes for 0.19.0 release
  • 0d5a38c Merge pull request #156 from tomato42/cosmic-ray
  • 02c8350 be more permissive for the PR mutation test coverage
  • 4845e8f better is_prime()
  • 09f0d10 add hard timeout for test mutation test suite
  • e16173b two digit precision for the mutation score badge
  • Additional commits viewable in compare view

Updates flask-cors from 4.0.0 to 4.0.1

Release notes

Sourced from flask-cors's releases.

4.0.1

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Changelog

Sourced from flask-cors's changelog.

4.0.1

Security

Commits

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates starlette from 0.27.0 to 0.35.1

Release notes

Sourced from starlette's releases.

Version 0.35.1

Fixed

  • Stop using the deprecated "method" parameter in FileResponse inside of StaticFiles #2406.
  • Make typing-extensions optional again #2409.

Full Changelog: encode/starlette@0.35.0...0.35.1

Version 0.35.0

Added

  • Add *args to Middleware and improve its type hints #2381.

Fixed

  • Use Iterable instead Iterator on iterate_in_threadpool #2362.

Changes

  • Handle root_path to keep compatibility with mounted ASGI applications and WSGI #2400.
  • Turn scope["client"] to None on TestClient #2377.

Full Changelog: encode/starlette@0.34.0...0.35.0

Version 0.34.0

Added

  • Use ParamSpec for run_in_threadpool #2375.
  • Add UploadFile.__repr__ #2360.

Fixed

  • Merge URLs properly on TestClient #2376.
  • Take weak ETags in consideration on StaticFiles #2334.

Deprecated

  • Deprecate FileResponse(method=...) parameter #2366.

Full Changelog: encode/starlette@0.33.0...0.34.0

Version 0.33.0

Added

... (truncated)

Changelog

Sourced from starlette's changelog.

0.35.1

January 11, 2024

Fixed

  • Stop using the deprecated "method" parameter in FileResponse inside of StaticFiles #2406.
  • Make typing-extensions optional again #2409.

0.35.0

January 11, 2024

Added

  • Add *args to Middleware and improve its type hints #2381.

Fixed

  • Use Iterable instead Iterator on iterate_in_threadpool #2362.

Changes

  • Handle root_path to keep compatibility with mounted ASGI applications and WSGI #2400.
  • Turn scope["client"] to None on TestClient #2377.

0.34.0

December 16, 2023

Added

  • Use ParamSpec for run_in_threadpool #2375.
  • Add UploadFile.__repr__ #2360.

Fixed

Description has been truncated

Bumps the pip group with 11 updates in the /app directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/tiangolo/fastapi) | `0.104.1` | `0.109.1` |
| [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.5` | `0.0.7` |
| [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `21.2.0` | `22.0.0` |
| [black](https://github.com/psf/black) | `24.1.0` | `24.3.0` |
| [cryptography](https://github.com/pyca/cryptography) | `42.0.1` | `42.0.4` |
| [dnspython](https://github.com/rthalley/dnspython) | `2.5.0` | `2.6.1` |
| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.18.0` | `0.19.0` |
| [flask-cors](https://github.com/corydolphin/flask-cors) | `4.0.0` | `4.0.1` |
| [idna](https://github.com/kjd/idna) | `3.6` | `3.7` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.1.0` | `2.2.2` |



Updates `fastapi` from 0.104.1 to 0.109.1
- [Release notes](https://github.com/tiangolo/fastapi/releases)
- [Commits](fastapi/fastapi@0.104.1...0.109.1)

Updates `python-multipart` from 0.0.5 to 0.0.7
- [Release notes](https://github.com/andrew-d/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.5...0.0.7)

Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

Updates `gunicorn` from 21.2.0 to 22.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@21.2.0...22.0.0)

Updates `black` from 24.1.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@24.1.0...24.3.0)

Updates `cryptography` from 42.0.1 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@42.0.1...42.0.4)

Updates `dnspython` from 2.5.0 to 2.6.1
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](rthalley/dnspython@v2.5.0...v2.6.1)

Updates `ecdsa` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.18.0...python-ecdsa-0.19.0)

Updates `flask-cors` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@4.0.0...4.0.1)

Updates `idna` from 3.6 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.6...v3.7)

Updates `starlette` from 0.27.0 to 0.35.1
- [Release notes](https://github.com/encode/starlette/releases)
- [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md)
- [Commits](encode/starlette@0.27.0...0.35.1)

Updates `urllib3` from 2.1.0 to 2.2.2
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.1.0...2.2.2)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-multipart
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: black
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: indirect
  dependency-group: pip
- dependency-name: dnspython
  dependency-type: indirect
  dependency-group: pip
- dependency-name: ecdsa
  dependency-type: indirect
  dependency-group: pip
- dependency-name: flask-cors
  dependency-type: indirect
  dependency-group: pip
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
- dependency-name: starlette
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 6, 2024
@wittenator wittenator merged commit 62d674c into main Jul 6, 2024
2 checks passed
@dependabot dependabot bot deleted the dependabot/pip/app/pip-744630b5c1 branch July 6, 2024 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant