Skip to content

Bump the production-dependencies group across 1 directory with 4 updates #1523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Bump the production-dependencies group across 1 directory with 4 updates #1523

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 22, 2024
edited
Loading

Bumps the production-dependencies group with 4 updates in the / directory: marshmallow-dataclass, aiohttp, pycryptodome and ledgerwallet.

Updates marshmallow-dataclass from 8.7.0 to 8.7.1

Changelog

Sourced from marshmallow-dataclass's changelog.

v8.7.1 (2024-09-12)

  • Relax dependency pins for typeguard and typing-inspect. (#273, #272)

#272: lovasoa/marshmallow_dataclass#272 #273: lovasoa/marshmallow_dataclass#273

Commits

Updates aiohttp from 3.10.5 to 3.10.11

Release notes

Sourced from aiohttp's releases.

3.10.11

Bug fixes

  • Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

    Related issues and pull requests on GitHub: #9436.

  • Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

    Related issues and pull requests on GitHub: #9506.

  • Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

    The connector was not cancellation-safe.

    Related issues and pull requests on GitHub: #9670, #9671.

  • Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

    Related issues and pull requests on GitHub: #9686.

  • Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: #9851.

  • Fixed system routes polluting the middleware cache -- by :user:bdraco.

    Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.11 (2024-11-13)

Bug fixes

  • Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

    Related issues and pull requests on GitHub: :issue:9436.

  • Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

    Related issues and pull requests on GitHub: :issue:9506.

  • Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

    The connector was not cancellation-safe.

    Related issues and pull requests on GitHub: :issue:9670, :issue:9671.

  • Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:9686.

  • Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:9851.

  • Fixed system routes polluting the middleware cache -- by :user:bdraco.

... (truncated)

Commits
  • 3e09325 Remove 3.10.11rc0 from 3.10 changelog (#9858)
  • beb7b74 Release 3.10.11 (#9857)
  • 259edc3 [PR #9851/541d86d backport][3.10] Fix incorrect parsing of chunk extensions w...
  • bc15db6 [PR #9852/249855a backport][3.10] Fix system routes polluting the middleware ...
  • 158bf30 Release 3.10.11rc0 (#9848)
  • e5917cd [PR #9844/fabf3884 backport][3.10] Fix compressed get request benchmark paylo...
  • 68a1f42 [PR #9840/cc5fa316 backport][3.10] Add benchmark for sending compressed paylo...
  • 4f4b90f [PR #9835/32ccfc9a backport][3.10] Adjust client payload benchmarks to better...
  • f3dd0f9 [PR #9832/006f4070 backport][3.10] Increase allowed import time for Python 3....
  • f2aab2e [PR #9827/14fcfd4c backport][3.10] Adjust client GET read benchmarks to inclu...
  • Additional commits viewable in compare view

Updates pycryptodome from 3.20.0 to 3.21.0

Release notes

Sourced from pycryptodome's releases.

v3.21.0 - Bourdeaux

New features

  • By setting the PYCRYPTODOME_DISABLE_GMP environment variable, the GMP library will not be used even if detected.
  • Add support for Curve25519 / X25519.
  • Add support for Curve448 / X448.
  • Add attribute curve to EccPoint and EccXPoint classes, with the canonical name of the curve.
  • GH#781: the label for the SP800_108_Counter KDF may now contain zero bytes. Thanks to Julien Rische.
  • GH#814: RSA keys for PSS can be imported.

Resolved issues

  • GH#810: fixed negation of Ed25519 points.
  • GH#819: accept an RFC5916 ECPrivateKey even if it doesn't contain any of the optional elements (parameters [0] and publicKey[1]).

Other changes

  • Remove support for Python 3.5.
Changelog

Sourced from pycryptodome's changelog.

3.21.0 (30 September 2024) ++++++++++++++++++++++++++

New features

  • By setting the PYCRYPTODOME_DISABLE_GMP environment variable, the GMP library will not be used even if detected.
  • Add support for Curve25519 / X25519.
  • Add support for Curve448 / X448.
  • Add attribute curve to EccPoint and EccXPoint classes, with the canonical name of the curve.
  • GH#781: the label for the SP800_108_Counter KDF may now contain zero bytes. Thanks to Julien Rische.
  • GH#814: RSA keys for PSS can be imported.

Resolved issues

  • GH#810: fixed negation of Ed25519 points.
  • GH#819: accept an RFC5916 ECPrivateKey even if it doesn't contain any of the optional elements (parameters [0] and publicKey[1]).

Other changes

  • Remove support for Python 3.5.
Commits
  • 5e40a18 Bump version
  • cd4cb45 Fix docs and changelog
  • d499d27 Decrypt PKCS#8 key even if the password is empty
  • 0c86527 Build wheel on Windows 2019
  • fdd7892 Bump required version of pycryptodome-test-vectors
  • 5040405 Build wheel for Python 3.13
  • 19494e0 Bump version for test vectors package
  • 66420a7 Fix tests for x448/x25519
  • 05bcdff Add tag for Python 3.13
  • 2ddda6a Fixed typo in documentation
  • Additional commits viewable in compare view

Updates ledgerwallet from 0.5.0 to 0.5.1

Changelog

Sourced from ledgerwallet's changelog.

[0.5.1] - 2024-08-23

Fixed

  • For Nano S+ and X, generate NBGL compliant buffer (uncompressed) for app icon (from api_level > 5)
Commits
  • e14223b Merge pull request #78 from LedgerHQ/y333/support_nbgl_icon_for_nano
  • 6b47bb4 Fix unit tests
  • ea67ecc Use api_level to switch between BAGL or NBGL compliant buffers for Nano S+/X
  • 4e40be7 Update CHANGELOG
  • 1fddb3b Icon shall be transformed into NBGL uncompressed buffer for Nano S+ and X
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 22, 2024
@dependabot dependabot bot mentioned this pull request Nov 22, 2024
Closed
@dependabot
Bump the production-dependencies group across 1 directory with 4 updates
7cc34f0 
Bumps the production-dependencies group with 4 updates in the / directory: [marshmallow-dataclass](https://github.com/lovasoa/marshmallow_dataclass), [aiohttp](https://github.com/aio-libs/aiohttp), [pycryptodome](https://github.com/Legrandin/pycryptodome) and [ledgerwallet](https://github.com/LedgerHQ/ledgerctl).


Updates `marshmallow-dataclass` from 8.7.0 to 8.7.1
- [Changelog](https://github.com/lovasoa/marshmallow_dataclass/blob/master/CHANGELOG.md)
- [Commits](lovasoa/marshmallow_dataclass@v8.7.0...v8.7.1)

Updates `aiohttp` from 3.10.5 to 3.10.11
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.10.5...v3.10.11)

Updates `pycryptodome` from 3.20.0 to 3.21.0
- [Release notes](https://github.com/Legrandin/pycryptodome/releases)
- [Changelog](https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst)
- [Commits](Legrandin/pycryptodome@v3.20.0...v3.21.0)

Updates `ledgerwallet` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/LedgerHQ/ledgerctl/releases)
- [Changelog](https://github.com/LedgerHQ/ledgerctl/blob/master/CHANGELOG.md)
- [Commits](LedgerHQ/ledgerctl@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: marshmallow-dataclass
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: pycryptodome
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: ledgerwallet
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/production-dependencies-06f95adbd5 branch from e735c94 to 7cc34f0 Compare November 22, 2024 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant