Dependabot-updates #94
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [resolvelib](https://github.com/sarugaku/resolvelib) from 0.8.1 to 1.0.1. - [Release notes](https://github.com/sarugaku/resolvelib/releases) - [Changelog](https://github.com/sarugaku/resolvelib/blob/main/CHANGELOG.rst) - [Commits](sarugaku/resolvelib@0.8.1...1.0.1) --- updated-dependencies: - dependency-name: resolvelib dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [pip](https://github.com/pypa/pip) from 23.1 to 23.1.2. - [Release notes](https://github.com/pypa/pip/releases) - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@23.1...23.1.2) --- updated-dependencies: - dependency-name: pip dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [ansible-compat](https://github.com/ansible/ansible-compat) from 3.0.1 to 4.1.0. - [Release notes](https://github.com/ansible/ansible-compat/releases) - [Commits](ansible/ansible-compat@v3.0.1...v4.1.0) --- updated-dependencies: - dependency-name: ansible-compat dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [pip](https://github.com/pypa/pip) from 23.1 to 23.1.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>23.1.2 (2023-04-26)</h1> <h2>Vendored Libraries</h2> <ul> <li>Upgrade setuptools to 67.7.2</li> </ul> <h1>23.1.1 (2023-04-22)</h1> <h2>Bug Fixes</h2> <ul> <li>Revert <code>[#11487](pypa/pip#11487) <https://github.com/pypa/pip/pull/11487></code><em>, as it causes issues with virtualenvs created by the Windows Store distribution of Python. (<code>[#11987](pypa/pip#11987) <https://github.com/pypa/pip/issues/11987></code></em>)</li> </ul> <h2>Vendored Libraries</h2> <ul> <li>Revert pkg_resources (via setuptools) back to 65.6.3</li> </ul> <h2>Improved Documentation</h2> <ul> <li>Update documentation to reflect the new behavior of using the cache of locally built wheels in hash-checking mode. (<code>[#11967](pypa/pip#11967) <https://github.com/pypa/pip/issues/11967></code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/3fe7e54fceac7a03bcb88ce26cfd0937acfe5e40"><code>3fe7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/bc7621aaf827a992a455fe5c2c4ec59cfc26186e"><code>bc7621a</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11997">#11997</a> from pfmoore/vendoring-setuptools</li> <li><a href="https://github.com/pypa/pip/commit/cbc92fd6dd7e0bae4ec81b87521b5c27b0601be5"><code>cbc92fd</code></a> Upgrade setuptools to 67.7.2</li> <li><a href="https://github.com/pypa/pip/commit/4428130fbe44259562280f0601f034bb8c43bef2"><code>4428130</code></a> Suppress pkg_resources deprecation warning</li> <li><a href="https://github.com/pypa/pip/commit/f1a7a6f942b869ae3428dbf55dfc1ca756c78d94"><code>f1a7a6f</code></a> Upgrade setuptools to 67.6.1</li> <li><a href="https://github.com/pypa/pip/commit/51afe45cda2854d810d9714e3891e256b1509737"><code>51afe45</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11992">#11992</a> from pfmoore/release/23.1.1</li> <li><a href="https://github.com/pypa/pip/commit/5cbf00c49e2a6974d794534d8041cf370218e98d"><code>5cbf00c</code></a> Bump for development</li> <li><a href="https://github.com/pypa/pip/commit/ee40d71817df8346af3d96051a298db8f22e52f1"><code>ee40d71</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/d5a779d96c0460f49da23abe8b4f557ce80b0a70"><code>d5a779d</code></a> Merge pull request <a href="https://github.com/pypa/pip/issues/11987">#11987</a> from pfmoore/revert_56e5fa3</li> <li><a href="https://github.com/pypa/pip/commit/b64e74de42d0a6e4f3a81a06b7fd33eea00b7160"><code>b64e74d</code></a> Add a news file</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/23.1...23.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.28.2...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
…tes/ansible-compat-4.1.0
Bumps [ansible-compat](https://github.com/ansible/ansible-compat) from 3.0.1 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ansible/ansible-compat/releases">ansible-compat's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h2>Minor Changes</h2> <ul> <li>Enable access to available plugins (<a href="https://github.com/ansible/ansible-compat/issues/277">#277</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>Bugfixes</h2> <ul> <li>Avoid creating ~/.ansible/collections (<a href="https://github.com/ansible/ansible-compat/issues/280">#280</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>v4.0.5</h2> <h2>Bugfixes</h2> <ul> <li>Improve requirements.yml detection (<a href="https://github.com/ansible/ansible-compat/issues/275">#275</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>v4.0.4</h2> <h2>Bugfixes</h2> <ul> <li>Allow use of * version on dependencies (<a href="https://github.com/ansible/ansible-compat/issues/268">#268</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>v4.0.3</h2> <h2>Bugfixes</h2> <ul> <li>Automatically install tests/requirements.yml when found (<a href="https://github.com/ansible/ansible-compat/issues/266">#266</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Also install requirements from galaxy.yml files (<a href="https://github.com/ansible/ansible-compat/issues/265">#265</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Include original message in AnsibleWarning (<a href="https://github.com/ansible/ansible-compat/issues/264">#264</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>v4.0.2</h2> <h2>Bugfixes</h2> <ul> <li>Revert to previous behavior for ansible_collections_path (<a href="https://github.com/ansible/ansible-compat/issues/261">#261</a>) <a href="https://github.com/ajinkyau"><code>@ajinkyau</code></a></li> </ul> <h2>v4.0.1</h2> <h2>Major Changes</h2> <ul> <li>Rename Runtime.exec to Runtime.run (<a href="https://github.com/ansible/ansible-compat/issues/256">#256</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Introduce use of JSON recursive type (<a href="https://github.com/ansible/ansible-compat/issues/253">#253</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>ruff: Make optional arguments keyword-only (<a href="https://github.com/ansible/ansible-compat/issues/251">#251</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Finish pathlib migration (<a href="https://github.com/ansible/ansible-compat/issues/245">#245</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Make Runtime.project_dir use Path (<a href="https://github.com/ansible/ansible-compat/issues/244">#244</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Migrate some functions to use Path (<a href="https://github.com/ansible/ansible-compat/issues/243">#243</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Make Runtime.cache_dir use Path (<a href="https://github.com/ansible/ansible-compat/issues/240">#240</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> <li>Remove support for py38 (<a href="https://github.com/ansible/ansible-compat/issues/239">#239</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>Minor Changes</h2> <ul> <li>Monkeypatch ansible core Display.warning (<a href="https://github.com/ansible/ansible-compat/issues/238">#238</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <h2>Bugfixes</h2> <ul> <li>Use YAML safe loader instead of full loader (<a href="https://github.com/ansible/ansible-compat/issues/255">#255</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ansible/ansible-compat/commit/d30965cd023b4116f6e959ace0e4dbf219677952"><code>d30965c</code></a> Avoid creating ~/.ansible/collections (<a href="https://github.com/ansible/ansible-compat/issues/280">#280</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/786297429b699a49056b1e9fd293296a310a4e57"><code>7862974</code></a> Enable access to available plugins (<a href="https://github.com/ansible/ansible-compat/issues/277">#277</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/34c1459e319e22238faffa9ff86a214ee26905f8"><code>34c1459</code></a> Improve requirements.yml detection (<a href="https://github.com/ansible/ansible-compat/issues/275">#275</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/18aae33066462b9e744b3b81ff72372e03835333"><code>18aae33</code></a> Correct coverage settings (<a href="https://github.com/ansible/ansible-compat/issues/273">#273</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/680e568eeee4de9be7a4d7d5a5a7ac9282b0e6ba"><code>680e568</code></a> Update test dependencies and enable ansible 2.15 testing (<a href="https://github.com/ansible/ansible-compat/issues/272">#272</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/291d775b6bce2bfd05a51d68af5401eab342ad19"><code>291d775</code></a> Allow use of * version on dependencies (<a href="https://github.com/ansible/ansible-compat/issues/268">#268</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/f93bf7c611c4210c4e35fd1209626e288d699f6f"><code>f93bf7c</code></a> Automatically install tests/requirements.yml when found (<a href="https://github.com/ansible/ansible-compat/issues/266">#266</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/d099028a7f513828d7df38eaa3ddf96283fb2c83"><code>d099028</code></a> Also install requirements from galaxy.yml files (<a href="https://github.com/ansible/ansible-compat/issues/265">#265</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/99f7703bf06999b244e93ea51e14e69ffed8ddfe"><code>99f7703</code></a> Remove password (<a href="https://github.com/ansible/ansible-compat/issues/263">#263</a>)</li> <li><a href="https://github.com/ansible/ansible-compat/commit/a40ff273c9877ac13f15220136728b12ba533767"><code>a40ff27</code></a> Include original message in AnsibleWarning (<a href="https://github.com/ansible/ansible-compat/issues/264">#264</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ansible/ansible-compat/compare/v3.0.1...v4.1.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.31.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.31.0</h2> <h2>2.31.0 (2023-05-22)</h2> <p><strong>Security</strong></p> <ul> <li> <p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of <code>Proxy-Authorization</code> headers to destination servers when following HTTPS redirects.</p> <p>When proxies are defined with user info (<a href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>), Requests will construct a <code>Proxy-Authorization</code> header that is attached to the request to authenticate with the proxy.</p> <p>In cases where Requests receives a redirect response, it previously reattached the <code>Proxy-Authorization</code> header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are <em>strongly</em> encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.</p> <p>Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.</p> <p>Full details can be read in our <a href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github Security Advisory</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p> </li> </ul> <h2>v2.30.0</h2> <h2>2.30.0 (2023-05-03)</h2> <p><strong>Dependencies</strong></p> <ul> <li> <p>⚠️ Added support for urllib3 2.0.⚠️ </p> <p>This may contain minor breaking changes so we advise careful testing and reviewing <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a> prior to upgrading.</p> <p>Users who wish to stay on urllib3 1.x can pin to <code>urllib3<2</code>.</p> </li> </ul> <h2>v2.29.0</h2> <h2>2.29.0 (2023-04-26)</h2> <p><strong>Improvements</strong></p> <ul> <li>Requests now defers chunked requests to the urllib3 implementation to improve standardization. (<a href="https://github.com/psf/requests/issues/6226">#6226</a>)</li> <li>Requests relaxes header component requirements to support bytes/str subclasses. (<a href="https://github.com/psf/requests/issues/6356">#6356</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.31.0 (2023-05-22)</h2> <p><strong>Security</strong></p> <ul> <li> <p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of <code>Proxy-Authorization</code> headers to destination servers when following HTTPS redirects.</p> <p>When proxies are defined with user info (<a href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>), Requests will construct a <code>Proxy-Authorization</code> header that is attached to the request to authenticate with the proxy.</p> <p>In cases where Requests receives a redirect response, it previously reattached the <code>Proxy-Authorization</code> header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are <em>strongly</em> encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.</p> <p>Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.</p> <p>Full details can be read in our <a href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github Security Advisory</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p> </li> </ul> <h2>2.30.0 (2023-05-03)</h2> <p><strong>Dependencies</strong></p> <ul> <li> <p>⚠️ Added support for urllib3 2.0.⚠️ </p> <p>This may contain minor breaking changes so we advise careful testing and reviewing <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a> prior to upgrading.</p> <p>Users who wish to stay on urllib3 1.x can pin to <code>urllib3<2</code>.</p> </li> </ul> <h2>2.29.0 (2023-04-26)</h2> <p><strong>Improvements</strong></p> <ul> <li>Requests now defers chunked requests to the urllib3 implementation to improve standardization. (<a href="https://github.com/psf/requests/issues/6226">#6226</a>)</li> <li>Requests relaxes header component requirements to support bytes/str subclasses. (<a href="https://github.com/psf/requests/issues/6356">#6356</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"><code>147c851</code></a> v2.31.0</li> <li><a href="https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5"><code>74ea7cf</code></a> Merge pull request from GHSA-j8r2-6x86-q33q</li> <li><a href="https://github.com/psf/requests/commit/302225334678490ec66b3614a9dddb8a02c5f4fe"><code>3022253</code></a> test on pypy 3.8 and pypy 3.9 on windows and macos (<a href="https://github.com/psf/requests/issues/6424">#6424</a>)</li> <li><a href="https://github.com/psf/requests/commit/b639e66c816514e40604d46f0088fbceec1a5149"><code>b639e66</code></a> test on py3.12 (<a href="https://github.com/psf/requests/issues/6448">#6448</a>)</li> <li><a href="https://github.com/psf/requests/commit/d3d504436ef0c2ac7ec8af13738b04dcc8c694be"><code>d3d5044</code></a> Fixed a small typo (<a href="https://github.com/psf/requests/issues/6452">#6452</a>)</li> <li><a href="https://github.com/psf/requests/commit/2ad18e0e10e7d7ecd5384c378f25ec8821a10a29"><code>2ad18e0</code></a> v2.30.0</li> <li><a href="https://github.com/psf/requests/commit/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773"><code>f2629e9</code></a> Remove strict parameter (<a href="https://github.com/psf/requests/issues/6434">#6434</a>)</li> <li><a href="https://github.com/psf/requests/commit/87d63de8739263bbe17034fba2285c79780da7e8"><code>87d63de</code></a> v2.29.0</li> <li><a href="https://github.com/psf/requests/commit/51716c4ef390136b0d4b800ec7665dd5503e64fc"><code>51716c4</code></a> enable the warnings plugin (<a href="https://github.com/psf/requests/issues/6416">#6416</a>)</li> <li><a href="https://github.com/psf/requests/commit/a7da1ab3498b10ec3a3582244c94b2845f8a8e71"><code>a7da1ab</code></a> try on ubuntu 22.04 (<a href="https://github.com/psf/requests/issues/6418">#6418</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.28.2...v2.31.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gignsky/tdarr-node-switcher/network/alerts). </details>
Bumps [setuptools](https://github.com/pypa/setuptools) from 59.6.0 to 67.8.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](pypa/setuptools@v59.6.0...v67.8.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [setuptools](https://github.com/pypa/setuptools) from 59.6.0 to 67.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/releases">setuptools's releases</a>.</em></p> <blockquote> <h2>v67.8.0</h2> <p>No release notes provided.</p> <h2>v67.7.2</h2> <p>No release notes provided.</p> <h2>v67.7.1</h2> <p>No release notes provided.</p> <h2>v67.7.0</h2> <p>No release notes provided.</p> <h2>v67.6.1</h2> <p>No release notes provided.</p> <h2>v67.6.0</h2> <p>No release notes provided.</p> <h2>v67.5.1</h2> <p>No release notes provided.</p> <h2>v67.5.0</h2> <p>No release notes provided.</p> <h2>v67.4.0</h2> <p>No release notes provided.</p> <h2>v67.3.3</h2> <p>No release notes provided.</p> <h2>v67.3.2</h2> <p>No release notes provided.</p> <h2>v67.3.1</h2> <p>No release notes provided.</p> <h2>v67.2.0</h2> <p>No release notes provided.</p> <h2>v67.1.0</h2> <p>No release notes provided.</p> <h2>v67.0.0</h2> <p>No release notes provided.</p> <h2>v66.1.1</h2> <p>No release notes provided.</p> <h2>v66.1.0</h2> <p>No release notes provided.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/CHANGES.rst">setuptools's changelog</a>.</em></p> <blockquote> <h2>v67.8.0</h2> <p>Changes ^^^^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3128">#3128</a>: In deprecated easy_install, reload and merge the pth file before saving.</li> </ul> <p>Misc ^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3915">#3915</a>: Adequate tests to the latest changes in <code>virtualenv</code> for Python 3.12.</li> </ul> <h2>v67.7.2</h2> <p>Misc ^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3902">#3902</a>: Fixed wrong URLs used in warnings and logs.</li> </ul> <h2>v67.7.1</h2> <p>Misc ^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3898">#3898</a>: Fixes setuptools.dist:invalid_unless_false when value is false don't raise error -- by :user:<code>jammarher</code></li> </ul> <h2>v67.7.0</h2> <p>Changes ^^^^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3849">#3849</a>: Overhaul warning system for better visibility.</li> </ul> <p>Documentation changes ^^^^^^^^^^^^^^^^^^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3859">#3859</a>: Added a note about historical presence of <code>wheel</code> in <code>build-system.requires</code>, in <code>pyproject.toml</code>.</li> <li><a href="https://github.com/pypa/setuptools/issues/3893">#3893</a>: Improved the documentation example regarding making a thin :pep:<code>517</code> in-tree backend wrapper of <code>setuptools.build_meta</code> that is future-proof and supports :pep:<code>660</code> hook too -- by :user:<code>webknjaz</code>.</li> </ul> <p>Misc ^^^^</p> <ul> <li><a href="https://github.com/pypa/setuptools/issues/3884">#3884</a>: Add a <code>stacklevel</code> parameter to <code>warnings.warn()</code> to provide more information to the user.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/1aed0ff9ba8091f127cd3638bd26661fa0ff8371"><code>1aed0ff</code></a> Bump version: 67.7.2 → 67.8.0</li> <li><a href="https://github.com/pypa/setuptools/commit/b3416b0d6f6a2867cb354e9b937df8e51f11f35b"><code>b3416b0</code></a> Merge pull request <a href="https://github.com/pypa/setuptools/issues/3128">#3128</a> from gst/fix-easy-install-pth-file-not-reloaded-befo...</li> <li><a href="https://github.com/pypa/setuptools/commit/89e68d753641346dd84eba89d1d3c03f6144be5d"><code>89e68d7</code></a> 👹 Feed the hobgoblins (delint).</li> <li><a href="https://github.com/pypa/setuptools/commit/0294954a7869bee9d351e7f4993a3f2b8796736e"><code>0294954</code></a> 👹 Feed the hobgoblins (delint).</li> <li><a href="https://github.com/pypa/setuptools/commit/b60b0079c15624c5e3c419530d7234f3ae1f93f9"><code>b60b007</code></a> 👹 Feed the hobgoblins (delint).</li> <li><a href="https://github.com/pypa/setuptools/commit/784fb8f07c9b3ac7f55bcb9264d67a47b0625ab4"><code>784fb8f</code></a> Add changelog</li> <li><a href="https://github.com/pypa/setuptools/commit/e9c4bd5cbf8021e1a9ad4a0b7438e679e3bd9ba4"><code>e9c4bd5</code></a> Merge branch 'main' into fix-easy-install-pth-file-not-reloaded-before-save</li> <li><a href="https://github.com/pypa/setuptools/commit/98e5aa47690e85cc438b6d1cf82cb1765fd959f7"><code>98e5aa4</code></a> 👹 Feed the hobgoblins (delint).</li> <li><a href="https://github.com/pypa/setuptools/commit/8c21342040f7d41088d6db91df5c32c2936de3a0"><code>8c21342</code></a> ⚫ Fade to black.</li> <li><a href="https://github.com/pypa/setuptools/commit/e76db4408e40a5c0a218ef6f652454f69c5aca59"><code>e76db44</code></a> Merge pull request <a href="https://github.com/pypa/setuptools/issues/3923">#3923</a> from pypa/debt/disable-cygwin</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v59.6.0...v67.8.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…ed outside of its required version for ansible
Bumps [resolvelib](https://github.com/sarugaku/resolvelib) from 0.8.1 to 1.0.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sarugaku/resolvelib/blob/main/CHANGELOG.rst">resolvelib's changelog</a>.</em></p> <blockquote> <h1>1.0.1 (2023-03-09)</h1> <h2>Bug Fixes</h2> <ul> <li>Fix calls to opaque objects and use provider interface calls instead. <code>[#126](sarugaku/resolvelib#126) <https://github.com/sarugaku/resolvelib/issues/126></code>_</li> </ul> <h1>1.0.0 (2023-03-08)</h1> <h2>Features</h2> <ul> <li>Implement backjumping to significantly speed up the resolution process by skipping over irrelevant parts of the resolution search space. <code>[#113](sarugaku/resolvelib#113) <https://github.com/sarugaku/resolvelib/issues/113></code>_</li> </ul> <h1>0.9.0 (2022-11-17)</h1> <h2>Features</h2> <ul> <li>A new reporter hook <code>rejecting_candidate</code> is added, replacing <code>backtracking</code>. The hook is called every time the resolver rejects a conflicting candidate before trying out the next one in line. <code>[#101](sarugaku/resolvelib#101) <https://github.com/sarugaku/resolvelib/issues/101></code>_</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Some valid states that were previously rejected are now accepted. This affects states where multiple candidates for the same dependency conflict with each other. The <code>information</code> argument passed to <code>AbstractProvider.get_preference</code> may now contain empty iterators. This has always been allowed by the method definition but it was previously not possible in practice. <code>[#91](sarugaku/resolvelib#91) <https://github.com/sarugaku/resolvelib/issues/91></code>_</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sarugaku/resolvelib/commit/c9ef371ad96e698bf3e0bb09acc682bd43e39bd7"><code>c9ef371</code></a> Release 1.0.1</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/fb97e4c71fe520ae6d1704b7be8bd742430cd6e6"><code>fb97e4c</code></a> Add missing news fragment for patch release</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/34bb1a7474e6a45103eeb08d9bbfd1a48e1b1cd3"><code>34bb1a7</code></a> Merge pull request <a href="https://github.com/sarugaku/resolvelib/issues/127">#127</a> from sarugaku/avoid-intermediate-set</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/409bcf753074ba5b03ffd259511bf12b5d181fde"><code>409bcf7</code></a> Use itertools.chain to avoid intermediate set</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/e8fecf776aafab9104eb0d101c4de08ce3c37eaf"><code>e8fecf7</code></a> Merge pull request <a href="https://github.com/sarugaku/resolvelib/issues/126">#126</a> from sarugaku/fix-</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/5ede4c4bd205e5c61d339ba957deb44c4f5400f9"><code>5ede4c4</code></a> use set comprehension</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/7e8adca961b96c159d3391049e6a6a37e25ed525"><code>7e8adca</code></a> fix: use the protocol method instead of .name attribute</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/02fb73619d536b14b621ecddb98ad24ccd6093d2"><code>02fb736</code></a> Merge pull request <a href="https://github.com/sarugaku/resolvelib/issues/125">#125</a> from sarugaku/release/1.0</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/69ae3253545a1da31a0096686693eed5c2dee08c"><code>69ae325</code></a> Update release process</li> <li><a href="https://github.com/sarugaku/resolvelib/commit/40c867a2b7d12e3736ccf6c621a44a1b0dbefbc7"><code>40c867a</code></a> Prebump to 1.0.1.dev0</li> <li>Additional commits viewable in <a href="https://github.com/sarugaku/resolvelib/compare/0.8.1...1.0.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
…th dependency graphs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps resolvelib from 0.8.1 to
1.0.1.
Changelog
Sourced from resolvelib's changelog.
Commits
c9ef371Release 1.0.1fb97e4cAdd missing news fragment for patch release34bb1a7Merge pull request #127 from sarugaku/avoid-intermediate-set409bcf7Use itertools.chain to avoid intermediate sete8fecf7Merge pull request #126 from sarugaku/fix-5ede4c4use set comprehension7e8adcafix: use the protocol method instead of .name attribute02fb736Merge pull request #125 from sarugaku/release/1.069ae325Update release process40c867aPrebump to 1.0.1.dev0You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any editsthat have been made to it
@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR afteryour CI passes on it
@dependabot cancel mergewill cancel a previously requested mergeand block automerging
@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreatingit. You can achieve the same result by closing it manually
@dependabot ignore this major versionwill close this PR and stopDependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
@dependabot ignore this minor versionwill close this PR and stopDependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
@dependabot ignore this dependencywill close this PR and stopDependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)