Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Bump the pip group across 1 directory with 3 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the pip group across 1 directory with 3 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 24, 2025

Bumps the pip group with 3 updates in the / directory: httplib2, protobuf and rsa.

Updates httplib2 from 0.9.2 to 0.19.0

Changelog

Sourced from httplib2's changelog.

0.19.0

auth: parse headers using pyparsing instead of regexp httplib2/httplib2#182

auth: WSSE token needs to be string not bytes httplib2/httplib2#179

0.18.1

explicit build-backend workaround for pip build isolation bug "AttributeError: 'module' object has no attribute 'legacy'" on pip install httplib2/httplib2#169

0.18.0

IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. Special thanks to Recar https://github.com/Ciyfly for discrete notification. https://cwe.mitre.org/data/definitions/93.html

0.17.4

Ship test suite in source dist httplib2/httplib2#168

0.17.3

IronPython2.7: relative import iri2uri fixes ImportError httplib2/httplib2#163

0.17.2

python3 + debug + IPv6 disabled: https raised "IndexError: Replacement index 1 out of range for positional args tuple" httplib2/httplib2#161

0.17.1

python3: no_proxy was not checked with https httplib2/httplib2#160

0.17.0

feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. httplib2/httplib2#156

0.16.0

... (truncated)

Commits
  • 81e80d0 v0.19.0 release
  • c3aed1e fix release script, interactive part
  • bd9ee25 parse auth headers using pyparsing instead of regexp
  • 33090ab initial fuzz testing integration with OSS-Fuzz
  • 595e248 auth: WSSE token needs to be string not bytes
  • 9bf300c v0.18.1 release
  • cb2940a explicit build-backend workaround pip build isolation bug 6264
  • 94f48ef check-manifest build tool
  • 828c26d Security Policy
  • 8373177 v0.18.0 release
  • Additional commits viewable in compare view

Updates protobuf from 3.4.0 to 4.25.8

Release notes

Sourced from protobuf's releases.

Protocol Buffers v3.20.3

Java

  • Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
  • Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
  • Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
  • Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
  • Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
  • This release addresses a Security Advisory for Java users

Protocol Buffers v3.20.2

C++

Protocol Buffers v3.20.1

PHP

  • Fix building packaged PHP extension (#9727)
  • Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819)

Ruby

  • Disable the aarch64 build on macOS until it can be fixed. (#9816)

Other

  • Fix versioning issues in 3.20.0

Protocol Buffers v3.20.1-rc1

PHP

  • Fix building packaged PHP extension (#9727)

Other

  • Fix versioning issues in 3.20.0

Protocol Buffers v3.20.0

2022-03-25 version 3.20.0 (C++/Java/Python/PHP/Objective-C/C#/Ruby/JavaScript)

Ruby

  • Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311)
  • Added Ruby 3.1 support for CI and releases (#9566).
  • Message.decode/encode: Add recursion_limit option (#9218/#9486)
  • Allocate with xrealloc()/xfree() so message allocation is visible to the Ruby GC. In certain tests this leads to much lower memory usage due to more frequent GC runs (#9586).
  • Fix conversion of singleton classes in Ruby (#9342)

... (truncated)

Commits
  • a4cbdd3 Updating version.json and repo version numbers to: 25.8
  • 29445be Merge pull request #21880 from shaod2/py-25
  • cc13b69 Remove debugging code and add EOLs
  • d31100c Manually backport recursion limit enforcement to 25.x
  • 88a3b90 Change pre-22 poison pill to only log once per affected message type. (#21754)
  • 320eafa Weaken vulnerable gencode poison pills to warning by default.
  • f584fe3 Merge branch 'protocolbuffers:25.x' into 25.x
  • c710036 Update test_upb.yml to use ubuntu-22
  • 9721758 Fix missing trailing newline.
  • cca7b28 Update test_upb.yml to use ubuntu-22
  • Additional commits viewable in compare view

Updates rsa from 3.4.2 to 4.7

Changelog

Sourced from rsa's changelog.

Version 4.7 - released 2021-01-10

  • Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
  • Add padding length check as described by PKCS#1 v1.5 (Fixes #164)
  • Reuse of blinding factors to speed up blinding operations. Fixes #162.
  • Declare & test support for Python 3.9

Version 4.4 & 4.6 - released 2020-06-12

Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires Python 3.5+. To avoid older Python installations from trying to upgrade to RSA 4.4, this is now made explicit in the python_requires argument in setup.py. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.4 as 4.6 as well.

No functional changes compared to version 4.2.

Version 4.3 & 4.5 - released 2020-06-12

Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the last to support Python 2.7. This is now made explicit in the python_requires argument in setup.py. Python 3.4 is not supported by this release. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as 4.5 as well.

Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.

  • Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
  • Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out.

Version 4.2 - released 2020-06-10

  • Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148
  • Limited SHA3 support to those Python versions (3.6+) that support it natively. The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix #147.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 3 updates
f2e1584 
Bumps the pip group with 3 updates in the / directory: [httplib2](https://github.com/httplib2/httplib2), [protobuf](https://github.com/protocolbuffers/protobuf) and [rsa](https://github.com/sybrenstuvel/python-rsa).


Updates `httplib2` from 0.9.2 to 0.19.0
- [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG)
- [Commits](httplib2/httplib2@0.9.2...v0.19.0)

Updates `protobuf` from 3.4.0 to 4.25.8
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](protocolbuffers/protobuf@v3.4.0...v4.25.8)

Updates `rsa` from 3.4.2 to 4.7
- [Changelog](https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md)
- [Commits](sybrenstuvel/python-rsa@version-3.4.2...version-4.7)

---
updated-dependencies:
- dependency-name: httplib2
  dependency-version: 0.19.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: protobuf
  dependency-version: 4.25.8
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: rsa
  dependency-version: '4.7'
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants