Bump the pip group across 9 directories with 9 updates by dependabot[bot] · Pull Request #22 · ollionorg/datapipes-airbyte

dependabot · 2024-03-20T17:20:54Z

Bumps the pip group with 1 update in the / directory: black.
Bumps the pip group with 4 updates in the /airbyte-ci/connectors/qa-engine directory: gitpython, aiohttp, pyarrow and urllib3.
Bumps the pip group with 2 updates in the /airbyte-integrations/bases/connector-acceptance-test directory: requests and urllib3.
Bumps the pip group with 3 updates in the /airbyte-integrations/connectors/destination-duckdb directory: black, urllib3 and jinja2.
Bumps the pip group with 1 update in the /airbyte-integrations/connectors/destination-sftp-json directory: paramiko.
Bumps the pip group with 1 update in the /airbyte-integrations/connectors/source-airtable directory: urllib3.
Bumps the pip group with 1 update in the /airbyte-integrations/connectors/source-amazon-ads directory: urllib3.
Bumps the pip group with 1 update in the /airbyte-integrations/connectors/source-amplitude directory: urllib3.
Bumps the pip group with 2 updates in the /airbyte-lib directory: pyarrow and orjson.

Updates black from 22.3.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

552baf8 Prepare release 24.3.0 (#4279)
f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
1abcffc Use regex where we ignore case on windows (#4252)
719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
e5510af update plugin url for Thonny (#4259)
6af7d11 Fix AST safety check false negative (#4270)
f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
e4bfedb fix: Don't move comments while splitting delimiters (#4248)
d0287e1 Make trailing comma logic more concise (#4202)
Additional commits viewable in compare view

Updates gitpython from 3.1.32 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

Add __all__ in git.exc by @EliahKagan in gitpython-developers/GitPython#1719

Set submodule update cadence to weekly by @EliahKagan in gitpython-developers/GitPython#1721

Never modify sys.path by @EliahKagan in gitpython-developers/GitPython#1720

Bump git/ext/gitdb from 8ec2390 to ec58b7e by @dependabot in gitpython-developers/GitPython#1722

Revise comments, docstrings, some messages, and a bit of code by @EliahKagan in gitpython-developers/GitPython#1725

Use zero-argument super() by @EliahKagan in gitpython-developers/GitPython#1726

Remove obsolete note in _iter_packed_refs by @EliahKagan in gitpython-developers/GitPython#1727

Reorganize test_util and make xfail marks precise by @EliahKagan in gitpython-developers/GitPython#1729

Clarify license and make module top comments more consistent by @EliahKagan in gitpython-developers/GitPython#1730

Deprecate compat.is_, rewriting all uses by @EliahKagan in gitpython-developers/GitPython#1732

Revise and restore some module docstrings by @EliahKagan in gitpython-developers/GitPython#1735

Make the rmtree callback Windows-only by @EliahKagan in gitpython-developers/GitPython#1739

List all non-passing tests in test summaries by @EliahKagan in gitpython-developers/GitPython#1740

Document some minor subtleties in test_util.py by @EliahKagan in gitpython-developers/GitPython#1749

Always read metadata files as UTF-8 in setup.py by @EliahKagan in gitpython-developers/GitPython#1748

Test native Windows on CI by @EliahKagan in gitpython-developers/GitPython#1745

Test macOS on CI by @EliahKagan in gitpython-developers/GitPython#1752

Let close_fds be True on all platforms by @EliahKagan in gitpython-developers/GitPython#1753

Fix IndexFile.from_tree on Windows by @EliahKagan in gitpython-developers/GitPython#1751

Remove unused TASKKILL fallback in AutoInterrupt by @EliahKagan in gitpython-developers/GitPython#1754

Don't return with operand when conceptually void by @EliahKagan in gitpython-developers/GitPython#1755

Group .gitignore entries by purpose by @EliahKagan in gitpython-developers/GitPython#1758

Adding dubious ownership handling by @marioaag in gitpython-developers/GitPython#1746

Avoid brittle assumptions about preexisting temporary files in tests by @EliahKagan in gitpython-developers/GitPython#1759

Overhaul noqa directives by @EliahKagan in gitpython-developers/GitPython#1760

Clarify some Git.execute kill_after_timeout limitations by @EliahKagan in gitpython-developers/GitPython#1761

Bump actions/setup-python from 4 to 5 by @dependabot in gitpython-developers/GitPython#1763

Don't install black on Cygwin by @EliahKagan in gitpython-developers/GitPython#1766

Extract all "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1765

Extract remaining local "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1768

Replace xfail with gc.collect in TestSubmodule.test_rename by @EliahKagan in gitpython-developers/GitPython#1767

Enable CodeQL by @EliahKagan in gitpython-developers/GitPython#1769

Replace some uses of the deprecated mktemp function by @EliahKagan in gitpython-developers/GitPython#1770

Bump github/codeql-action from 2 to 3 by @dependabot in gitpython-developers/GitPython#1773

Run some Windows environment variable tests only on Windows by @EliahKagan in gitpython-developers/GitPython#1774

Fix TemporaryFileSwap regression where file_path could not be Path by @EliahKagan in gitpython-developers/GitPython#1776

Improve hooks tests by @EliahKagan in gitpython-developers/GitPython#1777

Fix if items of Index is of type PathLike by @stegm in gitpython-developers/GitPython#1778

Better document IterableObj.iter_items and improve some subclasses by @EliahKagan in gitpython-developers/GitPython#1780

Revert "Don't install black on Cygwin" by @EliahKagan in gitpython-developers/GitPython#1783

Add missing pip in $PATH on Cygwin CI by @EliahKagan in gitpython-developers/GitPython#1784

Shorten Iterable docstrings and put IterableObj first by @EliahKagan in gitpython-developers/GitPython#1785

Fix incompletely revised Iterable/IterableObj docstrings by @EliahKagan in gitpython-developers/GitPython#1786

Pre-deprecate setting Git.USE_SHELL by @EliahKagan in gitpython-developers/GitPython#1782

... (truncated)

Commits

f288738 bump patch level
ef3192c Merge pull request #1792 from EliahKagan/popen
1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
3eb7c2a Move safer_popen from git.util to git.cmd
c551e91 Extract shared logic for using Popen safely on Windows
15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
f44524a Avoid spurious "location may have moved" on Windows
a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
7751436 Extract venv management from test_installation
66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
Additional commits viewable in compare view

Updates aiohttp from 3.8.5 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates pyarrow from 12.0.1 to 14.0.1

Commits

ba53748 MINOR: [Release] Update versions for 14.0.1
529f376 MINOR: [Release] Update .deb/.rpm changelogs for 14.0.1
b84bbca MINOR: [Release] Update CHANGELOG.md for 14.0.1
f141709 GH-38607: [Python] Disable PyExtensionType autoload (#38608)
5a37e74 GH-38431: [Python][CI] Update fs.type_name checks for s3fs tests (#38455)
2dcee3f MINOR: [Release] Update versions for 14.0.0
297428c MINOR: [Release] Update .deb/.rpm changelogs for 14.0.0
3e9734f MINOR: [Release] Update CHANGELOG.md for 14.0.0
9f90995 GH-38332: [CI][Release] Resolve symlinks in RAT lint (#38337)
bd61239 GH-35531: [Python] C Data Interface PyCapsule Protocol (#37797)
Additional commits viewable in compare view

Updates urllib3 from 1.26.16 to 1.26.18

Release notes

Sourced from urllib3's releases.

1.26.18

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

Changelog

Sourced from urllib3's changelog.

1.26.18 (2023-10-17)

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

Commits

9c2c230 Release 1.26.18 (#3159)
b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4
944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport
c9016bf Release 1.26.17
0122035 Backport GHSA-v845-jxx5-vc9f (#3139)
e63989f Fix installing brotli extra on Python 2.7
2e7a24d [1.26] Configure OS for RTD to fix building docs
57181d6 [1.26] Improve error message when calling urllib3.request() (#3058)
3c01480 [1.26] Run coverage even with failed jobs
See full diff in compare view

Updates requests from 2.28.2 to 2.31.0

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

⚠️ Added support for urllib3 2.0. ⚠️

This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

Users who wish to stay on urllib3 1.x can pin to urllib3<2.

v2.29.0

2.29.0 (2023-04-26)

Improvements

Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)

Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

⚠️ Added support for urllib3 2.0. ⚠️

This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

Users who wish to stay on urllib3 1.x can pin to urllib3<2.

2.29.0 (2023-04-26)

Improvements

Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)

Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

Commits

147c851 v2.31.0
74ea7cf Merge pull request from GHSA-j8r2-6x86-q33q
3022253 test on pypy 3.8 and pypy 3.9 on windows and macos (#6424)
b639e66 test on py3.12 (#6448)
d3d5044 Fixed a small typo (#6452)
2ad18e0 v2.30.0
f2629e9 Remove strict parameter (#6434)
87d63de v2.29.0
51716c4 enable the warnings plugin (#6416)
a7da1ab try on ubuntu 22.04 (#6418)
Additional commits viewable in compare view

Updates urllib3 from 1.26.18 to 2.2.1

Release notes

Sourced from urllib3's releases.

1.26.18

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

Changelog

Sourced from urllib3's changelog.

1.26.18 (2023-10-17)

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

Commits

9c2c230 Release 1.26.18 (#3159)
b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4
944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport
c9016bf Release 1.26.17
0122035 Backport GHSA-v845-jxx5-vc9f (#3139)
e63989f Fix installing brotli extra on Python 2.7
2e7a24d [1.26] Configure OS for RTD to fix building docs
57181d6 [1.26] Improve error message when calling urllib3.request() (#3058)
3c01480 [1.26] Run coverage even with failed jobs
See full diff in compare view

Updates black from 23.11.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

552baf8 Prepare release 24.3.0 (#4279)
f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
1abcffc Use regex where we ignore case on windows (#4252)
719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
e5510af update plugin url for Thonny (#4259)
6af7d11 Fix AST safety check false negative (#4270)
f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
e4bfedb fix: Don't move comments while splitting delimiters (#4248)
d0287e1 Make trailing comma logic more concise (#4202)
Additional commits viewable in compare view

Updates urllib3 from 2.1.0 to 2.2.1

Release notes

Sourced from urllib3's releases.

1.26.18

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

Changelog

Sourced from urllib3's changelog.

1.26.18 (2023-10-17)

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

1.26.17 (2023-10-02)

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ([#3139](https://github.com/urllib3/urllib3/issues/3139) <https://github.com/urllib3/urllib3/pull/3139>_)

Commits

9c2c230 Release 1.26.18 (#3159)
b594c5c Merge pull request from GHSA-g4mx-q9vg-27p4
944f0eb [1.26] Use vendored six in urllib3.contrib.securetransport
c9016bf Release 1.26.17
0122035 Backport GHSA-v845-jxx5-vc9f (#3139)
e63989f Fix installing brotli extra on Python 2.7
2e7a24d [1.26] Configure OS for RTD to fix building docs
57181d6 [1.26] Improve error message when calling urllib3.request() (#3058)
3c01480 [1.26] Run coverage even with failed jobs
See full diff in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates paramiko from 2.10.1 to 3.4.0

Commits

f0881ba Cut 3.4.0
3e4bdf9 Changelog/comment updates
30b447b Linting
33508c9 Expand MessageOrderError use to handle more packet types
96db1e2 Raise exception when sequence numbers rollover during initial kex
58785d2 Changelog tweak re: other new Transport kwarg
8dcb237 Test-suite-only bugfix: defer did not actually imply skip_verify
fa46de7 Reset sequence numbers on rekey
75e311d Enforce zero seqno on kexinit
73f079f Fill in CVE number for Terrapin attack
Additional commits viewable in compare view

Updates urllib3 from 2.2.0 to 2.2.1

Release notes

Sourced from urllib3's releases.

1.26.18

Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

1.26.17

Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

Changelog

Sourced from urllib3's changelog.

1.26.18 (2023-10-17)

Description has been truncated

Bumps the pip group with 1 update in the / directory: [black](https://github.com/psf/black). Bumps the pip group with 4 updates in the /airbyte-ci/connectors/qa-engine directory: [gitpython](https://github.com/gitpython-developers/GitPython), [aiohttp](https://github.com/aio-libs/aiohttp), [pyarrow](https://github.com/apache/arrow) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 2 updates in the /airbyte-integrations/bases/connector-acceptance-test directory: [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 3 updates in the /airbyte-integrations/connectors/destination-duckdb directory: [black](https://github.com/psf/black), [urllib3](https://github.com/urllib3/urllib3) and [jinja2](https://github.com/pallets/jinja). Bumps the pip group with 1 update in the /airbyte-integrations/connectors/destination-sftp-json directory: [paramiko](https://github.com/paramiko/paramiko). Bumps the pip group with 1 update in the /airbyte-integrations/connectors/source-airtable directory: [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /airbyte-integrations/connectors/source-amazon-ads directory: [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 1 update in the /airbyte-integrations/connectors/source-amplitude directory: [urllib3](https://github.com/urllib3/urllib3). Bumps the pip group with 2 updates in the /airbyte-lib directory: [pyarrow](https://github.com/apache/arrow) and [orjson](https://github.com/ijl/orjson). Updates `black` from 22.3.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@22.3.0...24.3.0) Updates `gitpython` from 3.1.32 to 3.1.41 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.32...3.1.41) Updates `aiohttp` from 3.8.5 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.5...v3.9.2) Updates `pyarrow` from 12.0.1 to 14.0.1 - [Commits](apache/arrow@r-12.0.1...go/v14.0.1) Updates `urllib3` from 1.26.16 to 1.26.18 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.16...1.26.18) Updates `requests` from 2.28.2 to 2.31.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.28.2...v2.31.0) Updates `urllib3` from 1.26.18 to 2.2.1 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.16...1.26.18) Updates `black` from 23.11.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@22.3.0...24.3.0) Updates `urllib3` from 2.1.0 to 2.2.1 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.16...1.26.18) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `paramiko` from 2.10.1 to 3.4.0 - [Commits](paramiko/paramiko@2.10.1...3.4.0) Updates `urllib3` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.16...1.26.18) Updates `urllib3` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.16...1.26.18) Updates `urllib3` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.16...1.26.18) Updates `pyarrow` from 14.0.2 to 15.0.2 - [Commits](apache/arrow@r-12.0.1...go/v14.0.1) Updates `orjson` from 3.9.13 to 3.9.15 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.9.13...3.9.15) --- updated-dependencies: - dependency-name: black dependency-type: direct:development dependency-group: pip-security-group - dependency-name: gitpython dependency-type: direct:production dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: pyarrow dependency-type: indirect dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group - dependency-name: requests dependency-type: direct:production dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: black dependency-type: direct:development dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: indirect dependency-group: pip-security-group - dependency-name: paramiko dependency-type: direct:production dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group - dependency-name: urllib3 dependency-type: indirect dependency-group: pip-security-group - dependency-name: pyarrow dependency-type: direct:production dependency-group: pip-security-group - dependency-name: orjson dependency-type: direct:production dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 20, 2024

datapipes-robot Bot added the size/XL label Mar 20, 2024

rishabh-cldcvr force-pushed the main branch from 6131958 to d4bcd49 Compare September 2, 2024 06:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 9 directories with 9 updates#22

Bump the pip group across 9 directories with 9 updates#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-security-group-70f80ed821

dependabot Bot commented on behalf of github Mar 20, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 20, 2024

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

Configuration

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

3.1.41 - fix Windows security issue

What's Changed

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

1.26.18

1.26.17

1.26.18 (2023-10-17)

1.26.17 (2023-10-02)

v2.31.0

2.31.0 (2023-05-22)

v2.30.0

2.30.0 (2023-05-03)

v2.29.0

2.29.0 (2023-04-26)

2.31.0 (2023-05-22)

2.30.0 (2023-05-03)

2.29.0 (2023-04-26)

1.26.18

1.26.17

1.26.18 (2023-10-17)

1.26.17 (2023-10-02)

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

Configuration

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

1.26.18

1.26.17

1.26.18 (2023-10-17)

1.26.17 (2023-10-02)

3.1.3

Version 3.1.3

1.26.18

1.26.17

1.26.18 (2023-10-17)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants