public
/
doxy
1
0
Fork 0
Code Issues Pull Requests Releases 3 Activity

fix(deps): update dependency requests to v2.31.0 (#12) 

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [requests](https://requests.readthedocs.io) ([source](https://github.com/psf/requests), [changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | dependencies | minor | `2.30.0` -> `2.31.0` |

---

### Release Notes

<details>
<summary>psf/requests</summary>

### [`v2.31.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#&#8203;2310-2023-05-22)

[Compare Source](https://github.com/psf/requests/compare/v2.30.0...v2.31.0)

**Security**

-   Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
    forwarding of `Proxy-Authorization` headers to destination servers when
    following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests
    will construct a `Proxy-Authorization` header that is attached to the request to
    authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached
    the `Proxy-Authorization` header incorrectly, resulting in the value being
    sent through the tunneled connection to the destination server. Users who rely on
    defining their proxy credentials in the URL are *strongly* encouraged to upgrade
    to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
    credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through
    the user information portion of their proxy URL are not subject to this
    vulnerability.

    Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q)
    and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS42MS4wIiwidXBkYXRlZEluVmVyIjoiMzUuNjEuMCJ9-->

Co-authored-by: Renovate Bot <renovate@localhost.localdomain>
Reviewed-on: #12
Co-authored-by: renovate <renovate@noreply.localhost>
Co-committed-by: renovate <renovate@noreply.localhost>
This commit is contained in:
renovate 2023-05-24 21:55:51 +02:00 committed by JayPiKay
parent 0e7b8adba8
commit 4c5c35d714
1 changed files with 4 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
poetry.lock generated
View File

@ -1,10 +1,9 @@
# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
# This file is automatically @generated by Poetry 1.5.0 and should not be changed by hand.
[[package]]
name = "certifi"
version = "2022.12.7"
description = "Python package for providing Mozilla's CA Bundle."
category = "main"
optional = false
python-versions = ">=3.6"
files = [
@ -16,7 +15,6 @@ files = [
name = "cfgv"
version = "3.3.1"
description = "Validate configuration and produce human readable error messages."
category = "dev"
optional = false
python-versions = ">=3.6.1"
files = [
@ -28,7 +26,6 @@ files = [
name = "charset-normalizer"
version = "3.1.0"
description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
category = "main"
optional = false
python-versions = ">=3.7.0"
files = [
@ -113,7 +110,6 @@ files = [
name = "click"
version = "8.1.3"
description = "Composable command line interface toolkit"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -128,7 +124,6 @@ colorama = {version = "*", markers = "platform_system == \"Windows\""}
name = "click-aliases"
version = "1.0.1"
description = "Enable aliases for Click"
category = "main"
optional = false
python-versions = "*"
files = [
@ -146,7 +141,6 @@ dev = ["coveralls", "flake8", "flake8-import-order", "pytest", "pytest-cov", "to
name = "colorama"
version = "0.4.6"
description = "Cross-platform colored terminal text."
category = "main"
optional = false
python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
files = [
@ -158,7 +152,6 @@ files = [
name = "dataclasses-json"
version = "0.5.7"
description = "Easily serialize dataclasses to and from JSON"
category = "main"
optional = false
python-versions = ">=3.6"
files = [
@ -178,7 +171,6 @@ dev = ["flake8", "hypothesis", "ipython", "mypy (>=0.710)", "portray", "pytest (
name = "distlib"
version = "0.3.6"
description = "Distribution utilities"
category = "dev"
optional = false
python-versions = "*"
files = [
@ -190,7 +182,6 @@ files = [
name = "exceptiongroup"
version = "1.1.1"
description = "Backport of PEP 654 (exception groups)"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -205,7 +196,6 @@ test = ["pytest (>=6)"]
name = "filelock"
version = "3.12.0"
description = "A platform independent file lock."
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -221,7 +211,6 @@ testing = ["covdefaults (>=2.3)", "coverage (>=7.2.3)", "diff-cover (>=7.5)", "p
name = "identify"
version = "2.5.22"
description = "File identification library for Python"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -236,7 +225,6 @@ license = ["ukkonen"]
name = "idna"
version = "3.4"
description = "Internationalized Domain Names in Applications (IDNA)"
category = "main"
optional = false
python-versions = ">=3.5"
files = [
@ -248,7 +236,6 @@ files = [
name = "iniconfig"
version = "2.0.0"
description = "brain-dead simple config-ini parsing"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -260,7 +247,6 @@ files = [
name = "markdown-it-py"
version = "2.2.0"
description = "Python port of markdown-it. Markdown parsing, done right!"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -285,7 +271,6 @@ testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"]
name = "marshmallow"
version = "3.19.0"
description = "A lightweight library for converting complex datatypes to and from native Python datatypes."
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -306,7 +291,6 @@ tests = ["pytest", "pytz", "simplejson"]
name = "marshmallow-enum"
version = "1.5.1"
description = "Enum field for Marshmallow"
category = "main"
optional = false
python-versions = "*"
files = [
@ -321,7 +305,6 @@ marshmallow = ">=2.0.0"
name = "mdurl"
version = "0.1.2"
description = "Markdown URL utilities"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -333,7 +316,6 @@ files = [
name = "mypy-extensions"
version = "1.0.0"
description = "Type system extensions for programs checked with the mypy type checker."
category = "main"
optional = false
python-versions = ">=3.5"
files = [
@ -345,7 +327,6 @@ files = [
name = "nodeenv"
version = "1.7.0"
description = "Node.js virtual environment builder"
category = "dev"
optional = false
python-versions = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*"
files = [
@ -360,7 +341,6 @@ setuptools = "*"
name = "packaging"
version = "23.1"
description = "Core utilities for Python packages"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -372,7 +352,6 @@ files = [
name = "platformdirs"
version = "3.2.0"
description = "A small Python package for determining appropriate platform-specific dirs, e.g. a \"user data dir\"."
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -388,7 +367,6 @@ test = ["appdirs (==1.4.4)", "covdefaults (>=2.3)", "pytest (>=7.2.2)", "pytest-
name = "pluggy"
version = "0.13.1"
description = "plugin and hook calling mechanisms for python"
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
files = [
@ -403,7 +381,6 @@ dev = ["pre-commit", "tox"]
name = "pre-commit"
version = "3.3.1"
description = "A framework for managing and maintaining multi-language pre-commit hooks."
category = "dev"
optional = false
python-versions = ">=3.8"
files = [
@ -422,7 +399,6 @@ virtualenv = ">=20.10.0"
name = "pygments"
version = "2.15.1"
description = "Pygments is a syntax highlighting package written in Python."
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -437,7 +413,6 @@ plugins = ["importlib-metadata"]
name = "pytest"
version = "7.3.1"
description = "pytest: simple powerful testing with Python"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -460,7 +435,6 @@ testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "no
name = "pyyaml"
version = "6.0"
description = "YAML parser and emitter for Python"
category = "main"
optional = false
python-versions = ">=3.6"
files = [
@ -508,14 +482,13 @@ files = [
[[package]]
name = "requests"
version = "2.30.0"
version = "2.31.0"
description = "Python HTTP for Humans."
category = "main"
optional = false
python-versions = ">=3.7"
files = [
{file = "requests-2.30.0-py3-none-any.whl", hash = "sha256:10e94cc4f3121ee6da529d358cdaeaff2f1c409cd377dbc72b825852f2f7e294"},
{file = "requests-2.30.0.tar.gz", hash = "sha256:239d7d4458afcb28a692cdd298d87542235f4ca8d36d03a15bfc128a6559a2f4"},
{file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"},
{file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"},
]
[package.dependencies]
@ -532,7 +505,6 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
name = "rich"
version = "13.3.5"
description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal"
category = "main"
optional = false
python-versions = ">=3.7.0"
files = [
@ -551,7 +523,6 @@ jupyter = ["ipywidgets (>=7.5.1,<9)"]
name = "semver"
version = "3.0.0"
description = "Python helper for Semantic Versioning (https://semver.org)"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -563,7 +534,6 @@ files = [
name = "setuptools"
version = "67.6.1"
description = "Easily download, build, install, upgrade, and uninstall Python packages"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -580,7 +550,6 @@ testing-integration = ["build[virtualenv]", "filelock (>=3.4.0)", "jaraco.envs (
name = "tomli"
version = "2.0.1"
description = "A lil' TOML parser"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -592,7 +561,6 @@ files = [
name = "typing-extensions"
version = "4.5.0"
description = "Backported and Experimental Type Hints for Python 3.7+"
category = "main"
optional = false
python-versions = ">=3.7"
files = [
@ -604,7 +572,6 @@ files = [
name = "typing-inspect"
version = "0.8.0"
description = "Runtime inspection utilities for typing module."
category = "main"
optional = false
python-versions = "*"
files = [
@ -620,7 +587,6 @@ typing-extensions = ">=3.7.4"
name = "urllib3"
version = "1.26.15"
description = "HTTP library with thread-safe connection pooling, file post, and more."
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
files = [
@ -637,7 +603,6 @@ socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
name = "virtualenv"
version = "20.22.0"
description = "Virtual Python Environment builder"
category = "dev"
optional = false
python-versions = ">=3.7"
files = [
@ -658,7 +623,6 @@ test = ["covdefaults (>=2.3)", "coverage (>=7.2.3)", "coverage-enable-subprocess
name = "yamldataclassconfig"
version = "1.5.0"
description = "This project helps you to import config file writen by YAML to Python data class."
category = "main"
optional = false
python-versions = ">=3.7"
files = [