mirror of
https://github.com/blackboxprogramming/BlackRoad-Operating-System.git
synced 2026-03-18 00:34:01 -05:00
chore: bump the pip group across 1 directory with 5 updates (#189)
Bumps the pip group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.22` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` | | [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.5` | | [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.18.0` | `0.19.1` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `1.39.1` | `1.45.1` | Updates `python-multipart` from 0.0.6 to 0.0.22 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p> <blockquote> <h2>Version 0.0.22</h2> <h2>What's Changed</h2> <ul> <li>Drop directory path from filename in <code>File</code> <a href="9433f4bbc9">9433f4b</a>.</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22">https://github.com/Kludex/python-multipart/compare/0.0.21...0.0.22</a></p> <h2>Version 0.0.21</h2> <h2>What's Changed</h2> <ul> <li>Add support for Python 3.14 and drop EOL 3.8 and 3.9 by <a href="https://github.com/hugovk"><code>@hugovk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/216">Kludex/python-multipart#216</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/waketzheng"><code>@waketzheng</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/203">Kludex/python-multipart#203</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21">https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.21</a></p> <h2>Version 0.0.20</h2> <h2>What's Changed</h2> <ul> <li>Handle messages containing only end boundary, fixes <a href="https://redirect.github.com/Kludex/python-multipart/issues/38">#38</a> by <a href="https://github.com/jhnstrk"><code>@jhnstrk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/142">Kludex/python-multipart#142</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Mr-Sunglasses"><code>@Mr-Sunglasses</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/185">Kludex/python-multipart#185</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20">https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.20</a></p> <h2>Version 0.0.19</h2> <h2>What's Changed</h2> <ul> <li>Don't warn when CRLF is found after last boundary by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/193">Kludex/python-multipart#193</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19">https://github.com/Kludex/python-multipart/compare/0.0.18...0.0.19</a></p> <h2>Version 0.0.18</h2> <h2>What's Changed</h2> <ul> <li>Hard break if found data after last boundary on <code>MultipartParser</code> by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/189">Kludex/python-multipart#189</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.17...0.0.18">https://github.com/Kludex/python-multipart/compare/0.0.17...0.0.18</a></p> <h2>Version 0.0.17</h2> <h2>What's Changed</h2> <ul> <li>Handle PermissionError in fallback code for old import name by <a href="https://github.com/defnull"><code>@defnull</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/182">Kludex/python-multipart#182</a></li> </ul> <hr /> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md">python-multipart's changelog</a>.</em></p> <blockquote> <h2>0.0.22 (2026-01-25)</h2> <ul> <li>Drop directory path from filename in <code>File</code> <a href="9433f4bbc9">9433f4b</a>.</li> </ul> <h2>0.0.21 (2025-12-17)</h2> <ul> <li>Add support for Python 3.14 and drop EOL 3.8 and 3.9 <a href="https://redirect.github.com/Kludex/python-multipart/pull/216">#216</a>.</li> </ul> <h2>0.0.20 (2024-12-16)</h2> <ul> <li>Handle messages containing only end boundary <a href="https://redirect.github.com/Kludex/python-multipart/pull/142">#142</a>.</li> </ul> <h2>0.0.19 (2024-11-30)</h2> <ul> <li>Don't warn when CRLF is found after last boundary on <code>MultipartParser</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/193">#193</a>.</li> </ul> <h2>0.0.18 (2024-11-28)</h2> <ul> <li>Hard break if found data after last boundary on <code>MultipartParser</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/189">#189</a>.</li> </ul> <h2>0.0.17 (2024-10-31)</h2> <ul> <li>Handle PermissionError in fallback code for old import name <a href="https://redirect.github.com/Kludex/python-multipart/pull/182">#182</a>.</li> </ul> <h2>0.0.16 (2024-10-27)</h2> <ul> <li>Add dunder attributes to <code>multipart</code> package <a href="https://redirect.github.com/Kludex/python-multipart/pull/177">#177</a>.</li> </ul> <h2>0.0.15 (2024-10-27)</h2> <ul> <li>Replace <code>FutureWarning</code> to <code>PendingDeprecationWarning</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/174">#174</a>.</li> <li>Add missing files to SDist <a href="https://redirect.github.com/Kludex/python-multipart/pull/171">#171</a>.</li> </ul> <h2>0.0.14 (2024-10-24)</h2> <ul> <li>Fix import scheme for <code>multipart</code> module (<a href="https://redirect.github.com/Kludex/python-multipart/pull/168">#168</a>).</li> </ul> <h2>0.0.13 (2024-10-20)</h2> <ul> <li>Rename import to <code>python_multipart</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/166">#166</a>.</li> </ul> <h2>0.0.12 (2024-09-29)</h2> <ul> <li>Improve error message when boundary character does not match <a href="https://redirect.github.com/Kludex/python-multipart/pull/124">#124</a>.</li> <li>Add mypy strict typing <a href="https://redirect.github.com/Kludex/python-multipart/pull/140">#140</a>.</li> <li>Enforce 100% coverage <a href="https://redirect.github.com/Kludex/python-multipart/pull/159">#159</a>.</li> </ul> <h2>0.0.11 (2024-09-28)</h2> <ul> <li>Improve performance, especially in data with many CR-LF <a href="https://redirect.github.com/Kludex/python-multipart/pull/137">#137</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="bea7bbb290"><code>bea7bbb</code></a> Version 0.0.22 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/222">#222</a>)</li> <li><a href="0fb59a9df0"><code>0fb59a9</code></a> chore: add return type on test (<a href="https://redirect.github.com/Kludex/python-multipart/issues/221">#221</a>)</li> <li><a href="9433f4bbc9"><code>9433f4b</code></a> Merge commit from fork</li> <li><a href="d5c91ecb0a"><code>d5c91ec</code></a> Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/219">#219</a>)</li> <li><a href="5a90631b48"><code>5a90631</code></a> bump uv (<a href="https://redirect.github.com/Kludex/python-multipart/issues/218">#218</a>)</li> <li><a href="1f72955602"><code>1f72955</code></a> Version 0.0.21 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/217">#217</a>)</li> <li><a href="47ecfed353"><code>47ecfed</code></a> Add support for Python 3.14 and drop EOL 3.8 and 3.9 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/216">#216</a>)</li> <li><a href="f18b70941b"><code>f18b709</code></a> Bump the github-actions group across 1 directory with 4 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/214">#214</a>)</li> <li><a href="b388e9a7a8"><code>b388e9a</code></a> chore: use depedency-groups in <code>pyproject.toml</code> (<a href="https://redirect.github.com/Kludex/python-multipart/issues/212">#212</a>)</li> <li><a href="6113e75097"><code>6113e75</code></a> Bump the github-actions group across 1 directory with 3 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/210">#210</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Kludex/python-multipart/compare/0.0.6...0.0.22">compare view</a></li> </ul> </details> <br /> Updates `jinja2` from 3.1.2 to 3.1.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.6</h2> <p>This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a> Changes: <a href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li> </ul> <h2>3.1.5</h2> <p>This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.5/">https://pypi.org/project/Jinja2/3.1.5/</a> Changes: <a href="https://jinja.palletsprojects.com/changes/#version-3-1-5">https://jinja.palletsprojects.com/changes/#version-3-1-5</a> Milestone: <a href="https://github.com/pallets/jinja/milestone/16?closed=1">https://github.com/pallets/jinja/milestone/16?closed=1</a></p> <ul> <li>The sandboxed environment handles indirect calls to <code>str.format</code>, such as by passing a stored reference to a filter that calls its argument. <a href="https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h">GHSA-q2x7-8rv6-6q7h</a></li> <li>Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <a href="https://redirect.github.com/pallets/jinja/issues/1792">#1792</a>, <a href="https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699">GHSA-gmj6-6f8f-6699</a></li> <li>Sandbox does not allow <code>clear</code> and <code>pop</code> on known mutable sequence types. <a href="https://redirect.github.com/pallets/jinja/issues/2032">#2032</a></li> <li>Calling sync <code>render</code> for an async template uses <code>asyncio.run</code>. <a href="https://redirect.github.com/pallets/jinja/issues/1952">#1952</a></li> <li>Avoid unclosed <code>auto_aiter</code> warnings. <a href="https://redirect.github.com/pallets/jinja/issues/1960">#1960</a></li> <li>Return an <code>aclose</code>-able <code>AsyncGenerator</code> from <code>Template.generate_async</code>. <a href="https://redirect.github.com/pallets/jinja/issues/1960">#1960</a></li> <li>Avoid leaving <code>root_render_func()</code> unclosed in <code>Template.generate_async</code>. <a href="https://redirect.github.com/pallets/jinja/issues/1960">#1960</a></li> <li>Avoid leaving async generators unclosed in blocks, includes and extends. <a href="https://redirect.github.com/pallets/jinja/issues/1960">#1960</a></li> <li>The runtime uses the correct <code>concat</code> function for the current environment when calling block references. <a href="https://redirect.github.com/pallets/jinja/issues/1701">#1701</a></li> <li>Make <code>|unique</code> async-aware, allowing it to be used after another async-aware filter. <a href="https://redirect.github.com/pallets/jinja/issues/1781">#1781</a></li> <li><code>|int</code> filter handles <code>OverflowError</code> from scientific notation. <a href="https://redirect.github.com/pallets/jinja/issues/1921">#1921</a></li> <li>Make compiling deterministic for tuple unpacking in a <code>{% set ... %}</code> call. <a href="https://redirect.github.com/pallets/jinja/issues/2021">#2021</a></li> <li>Fix dunder protocol (<code>copy</code>/<code>pickle</code>/etc) interaction with <code>Undefined</code> objects. <a href="https://redirect.github.com/pallets/jinja/issues/2025">#2025</a></li> <li>Fix <code>copy</code>/<code>pickle</code> support for the internal <code>missing</code> object. <a href="https://redirect.github.com/pallets/jinja/issues/2027">#2027</a></li> <li><code>Environment.overlay(enable_async)</code> is applied correctly. <a href="https://redirect.github.com/pallets/jinja/issues/2061">#2061</a></li> <li>The error message from <code>FileSystemLoader</code> includes the paths that were searched. <a href="https://redirect.github.com/pallets/jinja/issues/1661">#1661</a></li> <li><code>PackageLoader</code> shows a clearer error message when the package does not contain the templates directory. <a href="https://redirect.github.com/pallets/jinja/issues/1705">#1705</a></li> <li>Improve annotations for methods returning copies. <a href="https://redirect.github.com/pallets/jinja/issues/1880">#1880</a></li> <li><code>urlize</code> does not add <code>mailto:</code> to values like <code>@a@b</code>. <a href="https://redirect.github.com/pallets/jinja/issues/1870">#1870</a></li> <li>Tests decorated with <code>@pass_context</code> can be used with the <code>|select</code> filter. <a href="https://redirect.github.com/pallets/jinja/issues/1624">#1624</a></li> <li>Using <code>set</code> for multiple assignment (<code>a, b = 1, 2</code>) does not fail when the target is a namespace attribute. <a href="https://redirect.github.com/pallets/jinja/issues/1413">#1413</a></li> <li>Using <code>set</code> in all branches of <code>{% if %}{% elif %}{% else %}</code> blocks does not cause the variable to be considered initially undefined. <a href="https://redirect.github.com/pallets/jinja/issues/1253">#1253</a></li> </ul> <h2>3.1.4</h2> <p>This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.</p> <p>PyPI: <a href="https://pypi.org/project/Jinja2/3.1.4/">https://pypi.org/project/Jinja2/3.1.4/</a> Changes: <a href="https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4">https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4</a></p> <ul> <li>The <code>xmlattr</code> filter does not allow keys with <code>/</code> solidus, <code>></code> greater-than sign, or <code>=</code> equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj</li> </ul> <h2>3.1.3</h2> <p>This is a fix release for the 3.1.x feature branch.</p> <ul> <li>Fix for <a href="https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95">GHSA-h5c8-rqwp-cp95</a>. You are affected if you are using <code>xmlattr</code> and passing user input as attribute keys.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.6</h2> <p>Released 2025-03-05</p> <ul> <li>The <code>|attr</code> filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:<code>cpwx-vrp4-4pq7</code></li> </ul> <h2>Version 3.1.5</h2> <p>Released 2024-12-21</p> <ul> <li>The sandboxed environment handles indirect calls to <code>str.format</code>, such as by passing a stored reference to a filter that calls its argument. :ghsa:<code>q2x7-8rv6-6q7h</code></li> <li>Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:<code>1792</code>, :ghsa:<code>gmj6-6f8f-6699</code></li> <li>Sandbox does not allow <code>clear</code> and <code>pop</code> on known mutable sequence types. :issue:<code>2032</code></li> <li>Calling sync <code>render</code> for an async template uses <code>asyncio.run</code>. :pr:<code>1952</code></li> <li>Avoid unclosed <code>auto_aiter</code> warnings. :pr:<code>1960</code></li> <li>Return an <code>aclose</code>-able <code>AsyncGenerator</code> from <code>Template.generate_async</code>. :pr:<code>1960</code></li> <li>Avoid leaving <code>root_render_func()</code> unclosed in <code>Template.generate_async</code>. :pr:<code>1960</code></li> <li>Avoid leaving async generators unclosed in blocks, includes and extends. :pr:<code>1960</code></li> <li>The runtime uses the correct <code>concat</code> function for the current environment when calling block references. :issue:<code>1701</code></li> <li>Make <code>|unique</code> async-aware, allowing it to be used after another async-aware filter. :issue:<code>1781</code></li> <li><code>|int</code> filter handles <code>OverflowError</code> from scientific notation. :issue:<code>1921</code></li> <li>Make compiling deterministic for tuple unpacking in a <code>{% set ... %}</code> call. :issue:<code>2021</code></li> <li>Fix dunder protocol (<code>copy</code>/<code>pickle</code>/etc) interaction with <code>Undefined</code> objects. :issue:<code>2025</code></li> <li>Fix <code>copy</code>/<code>pickle</code> support for the internal <code>missing</code> object. :issue:<code>2027</code></li> <li><code>Environment.overlay(enable_async)</code> is applied correctly. :pr:<code>2061</code></li> <li>The error message from <code>FileSystemLoader</code> includes the paths that were searched. :issue:<code>1661</code></li> <li><code>PackageLoader</code> shows a clearer error message when the package does not contain the templates directory. :issue:<code>1705</code></li> <li>Improve annotations for methods returning copies. :pr:<code>1880</code></li> <li><code>urlize</code> does not add <code>mailto:</code> to values like <code>@a@b</code>. :pr:<code>1870</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="15206881c0"><code>1520688</code></a> release version 3.1.6</li> <li><a href="90457bbf33"><code>90457bb</code></a> Merge commit from fork</li> <li><a href="065334d1ee"><code>065334d</code></a> attr filter uses env.getattr</li> <li><a href="033c20015c"><code>033c200</code></a> start version 3.1.6</li> <li><a href="bc68d4efa9"><code>bc68d4e</code></a> use global contributing guide (<a href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li> <li><a href="247de5e0c5"><code>247de5e</code></a> use global contributing guide</li> <li><a href="ab8218c7a1"><code>ab8218c</code></a> use project advisory link instead of global</li> <li><a href="b4ffc8ff29"><code>b4ffc8f</code></a> release version 3.1.5 (<a href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li> <li><a href="877f6e51be"><code>877f6e5</code></a> release version 3.1.5</li> <li><a href="8d58859265"><code>8d58859</code></a> remove test pypi</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/3.1.2...3.1.6">compare view</a></li> </ul> </details> <br /> Updates `cryptography` from 41.0.7 to 46.0.5 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.5 - 2026-02-10</p> <pre><code> * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release. <p>.. v46-0-4:</p> <p>46.0.4 - 2026-01-27<br /> </code></pre></p> <ul> <li><code>Dropped support for win_arm64 wheels</code>_.</li> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.</li> </ul> <p>.. _v46-0-3:</p> <p>46.0.3 - 2025-10-15</p> <pre><code> * Fixed compilation when using LibreSSL 4.2.0. <p>.. _v46-0-2:</p> <p>46.0.2 - 2025-09-30<br /> </code></pre></p> <ul> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.</li> </ul> <p>.. _v46-0-1:</p> <p>46.0.1 - 2025-09-16</p> <pre><code> * Fixed an issue where users installing via ``pip`` on Python 3.14 development versions would not properly install a dependency. * Fixed an issue building the free-threaded macOS 3.14 wheels. <p>.. _v46-0-0:</p> <p>46.0.0 - 2025-09-16<br /> </code></pre></p> <ul> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for Python 3.7 has been removed.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="06e120e682"><code>06e120e</code></a> bump version for 46.0.5 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14289">#14289</a>)</li> <li><a href="0eebb9dbb6"><code>0eebb9d</code></a> EC check key on cofactor > 1 (<a href="https://redirect.github.com/pyca/cryptography/issues/14287">#14287</a>)</li> <li><a href="bedf6e186b"><code>bedf6e1</code></a> fix openssl version on 46 branch (<a href="https://redirect.github.com/pyca/cryptography/issues/14220">#14220</a>)</li> <li><a href="e6f44fc8e6"><code>e6f44fc</code></a> bump for 46.0.4 and drop win arm64 due to CI issues (<a href="https://redirect.github.com/pyca/cryptography/issues/14217">#14217</a>)</li> <li><a href="c0af4dd7b7"><code>c0af4dd</code></a> release 46.0.3 (<a href="https://redirect.github.com/pyca/cryptography/issues/13681">#13681</a>)</li> <li><a href="99efe5ad15"><code>99efe5a</code></a> bump version for 46.0.2 (<a href="https://redirect.github.com/pyca/cryptography/issues/13531">#13531</a>)</li> <li><a href="e735cfc275"><code>e735cfc</code></a> release 46.0.1 (<a href="https://redirect.github.com/pyca/cryptography/issues/13450">#13450</a>)</li> <li><a href="4e457ffba4"><code>4e457ff</code></a> Explicitly specify python in mac uv build invocation (<a href="https://redirect.github.com/pyca/cryptography/issues/13447">#13447</a>)</li> <li><a href="2726efdb6d"><code>2726efd</code></a> Depend on CFFI 2.0.0 or newer on Python > 3.8 (<a href="https://redirect.github.com/pyca/cryptography/issues/13448">#13448</a>)</li> <li><a href="62230623d1"><code>6223062</code></a> release 46.0.0 (<a href="https://redirect.github.com/pyca/cryptography/issues/13446">#13446</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/41.0.7...46.0.5">compare view</a></li> </ul> </details> <br /> Updates `ecdsa` from 0.18.0 to 0.19.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tlsfuzzer/python-ecdsa/releases">ecdsa's releases</a>.</em></p> <blockquote> <h2>ecdsa 0.19.1</h2> <p>New API:</p> <ul> <li><code>der.remove_implicit</code> and <code>der.encode_implicit</code> for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes</li> </ul> <p>Bug fixes:</p> <ul> <li>Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)</li> <li>Fix arithmetic to work with curves that have (0, 0) on the curve</li> <li>Fix canonicalization of signatures when <code>s</code> is just slightly above half of curve order</li> </ul> <p>Maintenance:</p> <ul> <li>Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)</li> <li>Officially support Python 3.12 and 3.13 (add them to CI)</li> <li>Removal of few more unnecessary <code>six.b</code> literals (Alexandre Detiste)</li> <li>Fix typos in warning messages</li> </ul> <h2>ecdsa 0.19.0</h2> <h2>New API:</h2> <ul> <li><code>to_ssh</code> in <code>VerifyingKey</code> and <code>SigningKey</code>, supports Ed25519 keys only (Pablo Mazzini)</li> </ul> <h2>New features:</h2> <ul> <li>Support for twisted Brainpool curves</li> </ul> <h2>Doc fix:</h2> <ul> <li>Fix curve equation in glossary</li> <li>Documentation for signature encoding and signature decoding functions</li> </ul> <h2>Maintenance:</h2> <ul> <li>Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)</li> <li>Fixes around hypothesis parameters</li> <li>Officially support Python 3.11 and 3.12</li> <li>Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies</li> <li>Dropped the internal <code>_rwlock</code> module as it's unused</li> <li>Added mutation testing to CI, lots of speed-ups to the test suite to make it happen</li> <li>Removal of unnecessary <code>six.b</code> literals (Alexandre Detiste)</li> </ul> <p>Deprecations:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS">ecdsa's changelog</a>.</em></p> <blockquote> <ul> <li>Release 0.19.1 (13 Mar 2025)</li> </ul> <p>New API:</p> <ul> <li><code>der.remove_implitic</code> and <code>der.encode_implicit</code> for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes</li> </ul> <p>Bug fixes:</p> <ul> <li>Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)</li> <li>Fix arithmetic to work with curves that have (0, 0) on the curve</li> <li>Fix canonicalization of signatures when <code>s</code> is just slightly above half of curve order</li> </ul> <p>Maintenance:</p> <ul> <li> <p>Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)</p> </li> <li> <p>Officialy support Python 3.12 and 3.13 (add them to CI)</p> </li> <li> <p>Removal of few more unnecessary <code>six.b</code> literals (Alexandre Detiste)</p> </li> <li> <p>Fix typos in warning messages</p> </li> <li> <p>Release 0.19.0 (08 Apr 2024)</p> </li> </ul> <p>New API:</p> <ul> <li><code>to_ssh</code> in <code>VerifyingKey</code> and <code>SigningKey</code>, supports Ed25519 keys only (Pablo Mazzini)</li> </ul> <p>New features:</p> <ul> <li>Support for twisted Brainpool curves</li> </ul> <p>Doc fix:</p> <ul> <li>Fix curve equation in glossary</li> <li>Documentation for signature encoding and signature decoding functions</li> </ul> <p>Maintenance:</p> <ul> <li>Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)</li> <li>Fixes aroung hypothesis parameters</li> <li>Officially support Python 3.11 and 3.12</li> <li>Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies</li> <li>Dropped the internal <code>_rwlock</code> module as it's unused</li> <li>Added mutation testing to CI, lots of speed-ups to the test suite to make it happen</li> <li>Removal of unnecessary <code>six.b</code> literals (Alexandre Detiste)</li> </ul> <p>Deprecations:</p> <ul> <li><code>int_to_string</code>, <code>string_to_int</code>, and <code>digest_integer</code> from <code>ecdsa.ecdsa</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="2a6593d840"><code>2a6593d</code></a> Merge pull request <a href="https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/359">#359</a> from tlsfuzzer/release-0.19.1</li> <li><a href="658ddc81bb"><code>658ddc8</code></a> add release notes for 0.19.1 release</li> <li><a href="3c5df06ae8"><code>3c5df06</code></a> Merge pull request <a href="https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/358">#358</a> from tlsfuzzer/high-s-values</li> <li><a href="b6d43c60e3"><code>b6d43c6</code></a> use integer division for canonicalization of signatures</li> <li><a href="aa81ba3b73"><code>aa81ba3</code></a> Merge pull request <a href="https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/357">#357</a> from tlsfuzzer/new-badge</li> <li><a href="ef75fea937"><code>ef75fea</code></a> use the new badge URL for the build status</li> <li><a href="10d74353c4"><code>10d7435</code></a> Merge pull request <a href="https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/356">#356</a> from tlsfuzzer/implicit-tags</li> <li><a href="dba9f80962"><code>dba9f80</code></a> add support for encoding</li> <li><a href="8e3f653e66"><code>8e3f653</code></a> add support for parsing implicit DER tags</li> <li><a href="55d2b569d4"><code>55d2b56</code></a> Merge pull request <a href="https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/355">#355</a> from tlsfuzzer/doc-update</li> <li>Additional commits viewable in <a href="https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.18.0...python-ecdsa-0.19.1">compare view</a></li> </ul> </details> <br /> Updates `sentry-sdk` from 1.39.1 to 1.45.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>1.45.1</h2> <p><strong>This is a security backport release.</strong></p> <ul> <li> <p>Don't send full env to subprocess (892dd800) by <a href="https://github.com/kmichel-aiven"><code>@kmichel-aiven</code></a></p> <p>See also <a href="https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2">https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2</a></p> </li> </ul> <h2>1.45.0</h2> <p>This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.</p> <h3>Various fixes & improvements</h3> <ul> <li> <p>Allow to upsert monitors (<a href="https://redirect.github.com/getsentry/sentry-python/issues/2929">#2929</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> <p>It's now possible to provide <code>monitor_config</code> to the <code>monitor</code> decorator/context manager directly:</p> <pre lang="python"><code>from sentry_sdk.crons import monitor <h1>All keys except <code>schedule</code> are optional</h1> <p>monitor_config = {<br /> "schedule": {"type": "crontab", "value": "0 0 * * *"},<br /> "timezone": "Europe/Vienna",<br /> "checkin_margin": 10,<br /> "max_runtime": 10,<br /> "failure_issue_threshold": 5,<br /> "recovery_threshold": 5,<br /> }</p> <p><a href="https://github.com/monitor"><code>@monitor</code></a>(monitor_slug='<monitor-slug>', monitor_config=monitor_config)<br /> def tell_the_world():<br /> print('My scheduled task...')<br /> </code></pre></p> <p>Check out <a href="https://docs.sentry.io/platforms/python/crons/">the cron docs</a> for details.</p> </li> <li> <p>Add Django <code>signals_denylist</code> to filter signals that are attached to by <code>signals_spans</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/2758">#2758</a>) by <a href="https://github.com/lieryan"><code>@lieryan</code></a></p> <p>If you want to exclude some Django signals from performance tracking, you can use the new <code>signals_denylist</code> Django option:</p> <pre lang="python"><code>import django.db.models.signals import sentry_sdk <p>sentry_sdk.init(<br /> ...<br /> integrations=[<br /> DjangoIntegration(<br /> ...<br /> signals_denylist=[<br /> </code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/1.45.1/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>1.45.1</h2> <p><strong>This is a security backport release.</strong></p> <ul> <li> <p>Don't send full env to subprocess (892dd800) by <a href="https://github.com/kmichel-aiven"><code>@kmichel-aiven</code></a></p> <p>See also <a href="https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2">https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2</a></p> </li> </ul> <h2>1.45.0</h2> <p>This is the final 1.x release for the forseeable future. Development will continue on the 2.x release line. The first 2.x version will be available in the next few weeks.</p> <h3>Various fixes & improvements</h3> <ul> <li> <p>Allow to upsert monitors (<a href="https://redirect.github.com/getsentry/sentry-python/issues/2929">#2929</a>) by <a href="https://github.com/sentrivana"><code>@sentrivana</code></a></p> <p>It's now possible to provide <code>monitor_config</code> to the <code>monitor</code> decorator/context manager directly:</p> <pre lang="python"><code>from sentry_sdk.crons import monitor <h1>All keys except <code>schedule</code> are optional</h1> <p>monitor_config = {<br /> "schedule": {"type": "crontab", "value": "0 0 * * *"},<br /> "timezone": "Europe/Vienna",<br /> "checkin_margin": 10,<br /> "max_runtime": 10,<br /> "failure_issue_threshold": 5,<br /> "recovery_threshold": 5,<br /> }</p> <p><a href="https://github.com/monitor"><code>@monitor</code></a>(monitor_slug='<monitor-slug>', monitor_config=monitor_config)<br /> def tell_the_world():<br /> print('My scheduled task...')<br /> </code></pre></p> <p>Check out <a href="https://docs.sentry.io/platforms/python/crons/">the cron docs</a> for details.</p> </li> <li> <p>Add Django <code>signals_denylist</code> to filter signals that are attached to by <code>signals_spans</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/2758">#2758</a>) by <a href="https://github.com/lieryan"><code>@lieryan</code></a></p> <p>If you want to exclude some Django signals from performance tracking, you can use the new <code>signals_denylist</code> Django option:</p> <pre lang="python"><code>import django.db.models.signals import sentry_sdk <p>sentry_sdk.init(<br /> ...<br /> integrations=[<br /> DjangoIntegration(<br /> </code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="282b8f7fae"><code>282b8f7</code></a> Update CHANGELOG.md</li> <li><a href="6c867c45e8"><code>6c867c4</code></a> release: 1.45.1</li> <li><a href="388e68e573"><code>388e68e</code></a> Fix tests (<a href="https://redirect.github.com/getsentry/sentry-python/issues/3341">#3341</a>)</li> <li><a href="dfcab26957"><code>dfcab26</code></a> Run integrations tests on 1.x</li> <li><a href="2812640f06"><code>2812640</code></a> Run CI on 1.x branch</li> <li><a href="892dd800cc"><code>892dd80</code></a> fix(integrations): don't send full env to subprocess</li> <li><a href="51a906c1b7"><code>51a906c</code></a> Update CHANGELOG.md</li> <li><a href="7570e39ae3"><code>7570e39</code></a> release: 1.45.0</li> <li><a href="e22abb636f"><code>e22abb6</code></a> fix(metrics): Change <code>data_category</code> from <code>statsd</code> to <code>metric_bucket</code> (<a href="https://redirect.github.com/getsentry/sentry-python/issues/2954">#2954</a>)</li> <li><a href="fab65e6574"><code>fab65e6</code></a> feat(metrics): New normalization of keys, values, units (<a href="https://redirect.github.com/getsentry/sentry-python/issues/2946">#2946</a>)</li> <li>Additional commits viewable in <a href="https://github.com/getsentry/sentry-python/compare/1.39.1...1.45.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/blackboxprogramming/BlackRoad-Operating-System/network/alerts). </details>
This commit is contained in:
Alexa Amundson