Bump the minor-and-patch group in /backend with 3 updates
Type: Pull Request
State: Closed
![dependabot[bot]](https://github.com/dependabot.png)
Association: Contributor
Comments: 3
(5 months ago)
(5 months ago)
(5 months ago)
Bumps the minor-and-patch group in /backend with 3 updates: python-dotenv, pydantic-settings and python-jose[cryptography].
Updates python-dotenv
from 1.0.1 to 1.1.0
Release notes
Sourced from python-dotenv's releases.
v1.1.0
What's Changed
- Add a security policy by
@bbc2
in theskumar/python-dotenv#512- Keep GitHub Actions up to date with GitHub's Dependabot by
@cclauss
in theskumar/python-dotenv#506- ci: fix multiline string in test.yml & use fail-fast strategy by
@cclauss
in theskumar/python-dotenv#514- Enhance dotenv run: Switch to execvpe for better resource management and signal handling by
@eekstunt
in theskumar/python-dotenv#523- ci: add py3.13 to test.yml by
@waketzheng
in theskumar/python-dotenv#527- Add Python 3.13 trove classifier by
@edgarrmondragon
in theskumar/python-dotenv#535- Bump the github-actions group with 2 updates by
@dependabot
in theskumar/python-dotenv#529- Add support for python 3.13 and drop 3.8 by
@theskumar
in theskumar/python-dotenv#551- docs: Update README.md by
@chapeupreto
in theskumar/python-dotenv#516- Some more s/Python-dotenv/python-dotenv/ by
@theskumar
in theskumar/python-dotenv#552- add _is_debugger so load_dotenv will work in pdb by
@randomseed42
in theskumar/python-dotenv#553New Contributors
@eekstunt
made their first contribution in theskumar/python-dotenv#523@waketzheng
made their first contribution in theskumar/python-dotenv#527@edgarrmondragon
made their first contribution in theskumar/python-dotenv#535@dependabot
made their first contribution in theskumar/python-dotenv#529@chapeupreto
made their first contribution in theskumar/python-dotenv#516@randomseed42
made their first contribution in theskumar/python-dotenv#553Full Changelog: https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.1.0
Changelog
Sourced from python-dotenv's changelog.
[1.1.0] - 2025-03-25
Feature
- Add support for python 3.13
- Enhance
dotenv run
, switch toexecvpe
for better resource management and signal handling (#523) by [@eekstunt
]Fixed
find_dotenv
andload_dotenv
now correctly looks up at the current directory when running in debugger or pdb (#553 by [@randomseed42
])Misc
- Drop support for Python 3.8
Commits
6a02ef5
update mkdocs -> mkdocstrings config36c6270
Update changelog2198b69
Bump version: 1.0.1 → 1.1.0c89fb6d
Update changelog8dd413e
Add _is_debugger so load_dotenv will work in pdb (#553)9acba4a
Some more s/Python-dotenv/python-dotenv/ (#552)3c19c03
s/Python-dotenv/python-dotenv/ (#516)4159388
Add support for python 3.13 and drop 3.8 (#551)2b8635b
Bump the github-actions group with 2 updates (#529)533f8ac
Add Python 3.13 trove classifier (#535)- Additional commits viewable in compare view
Updates pydantic-settings
from 2.7.1 to 2.9.1
Release notes
Sourced from pydantic-settings's releases.
v2.9.1
What's Changed
- fix: Expose ConfigFileSourceMixing on top level sources/init.py by
@jbw-vtl
in pydantic/pydantic-settings#597- Fix typo in gcp secret manager error message by
@christian-heusel
in pydantic/pydantic-settings#598- Prepare release 2.9.1 by
@hramezani
in pydantic/pydantic-settings#600New Contributors
@jbw-vtl
made their first contribution in pydantic/pydantic-settings#597@christian-heusel
made their first contribution in pydantic/pydantic-settings#598Full Changelog: https://github.com/pydantic/pydantic-settings/compare/v2.9.0...v2.9.1
v2.9.0
What's Changed
- Drop support for Python 3.8 by
@Viicos
in pydantic/pydantic-settings#560- Switch to
typing-inspection
by@Viicos
in pydantic/pydantic-settings#556- Introduce
uv
for Project Management by@KanchiShimono
in pydantic/pydantic-settings#547- Refactor sources.py into a subpackage (#546) by
@ezwiefel
in pydantic/pydantic-settings#548- chore: cleanup by
@CodeWithEmad
in pydantic/pydantic-settings#563- Fix typo in documentation by
@CodeWithEmad
in pydantic/pydantic-settings#564- Add support for AWS Secrets Manager by
@mavwolverine
in pydantic/pydantic-settings#532- Fix minor typo: conotations => connotations by
@svenevs
in pydantic/pydantic-settings#577- Azure Key Vault: Don't load disabled secret by
@AndreuCodina
in pydantic/pydantic-settings#578- Add support for GCP Secret Manager by
@ezwiefel
in pydantic/pydantic-settings#567- CLI JSON Optional Default by
@kschwab
in pydantic/pydantic-settings#581- Fix for env nested enum. by
@kschwab
in pydantic/pydantic-settings#589- CLI submodel suppress. by
@kschwab
in pydantic/pydantic-settings#587- Cli retrieve unknown args by
@kschwab
in pydantic/pydantic-settings#588- Update pydantic by
@hramezani
in pydantic/pydantic-settings#593- Fix check in CI by
@hramezani
in pydantic/pydantic-settings#595New Contributors
@ezwiefel
made their first contribution in pydantic/pydantic-settings#548@CodeWithEmad
made their first contribution in pydantic/pydantic-settings#563@mavwolverine
made their first contribution in pydantic/pydantic-settings#532@svenevs
made their first contribution in pydantic/pydantic-settings#577Full Changelog: https://github.com/pydantic/pydantic-settings/compare/v2.8.1...v2.9.0
v2.8.1
What's Changed
- Fix for init source kwarg alias resolution. by
@kschwab
in pydantic/pydantic-settings#550- Revert usage of positional only argument in
BaseSettings.__init__
by@Viicos
in pydantic/pydantic-settings#557- Revert use of
object
instead ofAny
by@Viicos
in pydantic/pydantic-settings#559- Prepare release 2.8.1 by
@hramezani
in pydantic/pydantic-settings#558Full Changelog: https://github.com/pydantic/pydantic-settings/compare/v2.8.0...v2.8.1
v2.8.0
... (truncated)
Commits
1874740
Prepare release 2.9.1 (#600)88e77bc
Fix typo in gcp secret manager error message (#598)e973d9a
fix: Expose ConfigFileSourceMixing on top level sources/init.py (#597)8c0f5f1
Fix check in CI (#595)0ac2312
Prepare release 2.9.0 (#594)f3e5ac3
Update pydantic (#593)20640b0
Cli retrieve unknown args (#588)ed7fd42
CLI submodel suppress. (#587)e9fb316
Fix for env nested enum. (#589)0e9b329
CLI JSON Optional Default (#581)- Additional commits viewable in compare view
Updates python-jose[cryptography]
from 3.3.0 to 3.4.0
Release notes
Sourced from python-jose[cryptography]'s releases.
3.4.0
News
- Remove support for Python 3.6 and 3.7
- Added support for Python 3.10 and 3.11
Bug fixes and Improvements
- Updating
CryptographyAESKey::encrypt
to generate 96 bit IVs for GCM block cipher mode- Fix for PEM key comparisons caused by line lengths and new lines
- Fix for CVE-2024-33664 - JWE limited to 250KiB
- Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
- Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)
Housekeeping
- Updated Github Actions Workflows
- Updated to use tox 4.x
- Revise codecov integration
- Fixed DeprecationWarnings
Changelog
Sourced from python-jose[cryptography]'s changelog.
3.4.0 -- 2025-02-14
News
- Remove support for Python 3.6 and 3.7
- Added support for Python 3.10 and 3.11
Bug fixes and Improvements
- Updating
CryptographyAESKey::encrypt
to generate 96 bit IVs for GCM block cipher mode- Fix for PEM key comparisons caused by line lengths and new lines
- Fix for CVE-2024-33664 - JWE limited to 250KiB
- Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
- Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)
Housekeeping
- Updated Github Actions Workflows
- Updated to use tox 4.x
- Revise codecov integration
- Fixed DeprecationWarnings
Commits
82cd15f
Added release date to CHANGELOG.md for 3.4.0 (#371)4e01847
Prepare 3.4.0 release (#370)0360fa3
Replace usage of deprecated datetime.utcnow() with datetime.now(UTC) (#360)12f30c8
Fix for CVE-2024-33663 (forbid public key for HMAC) (#369)638d047
Bump cryptography from 42.0.4 to 43.0.1 (#368)8e1f521
Fix for CVE-2024-33664. JWE limited to 250K (#352)c9403b5
Bump cryptography from 41.0.3 to 42.0.4 (#358)58e543e
Bump cryptography from 39.0.1 to 41.0.350d1997
Disabling test build for Python 3.7 on OS X since arm64 is no longer supporte...1967754
Addingget_pem_for_key
andnormalize_pem
methods to normalize PEM formatt...- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions
Pull Request Statistics
2
1
+3
-3
Package Dependencies
pydantic-settings
pip
2.7.1 → 2.9.1
Minor
/backend
python-dotenv
pip
1.0.1 → 1.1.0
Minor
/backend
Security Advisories
Xuxueli xxl-job template injection vulnerability
python-jose algorithm confusion with OpenSSH ECDSA keys
python-jose denial of service via compressed JWE content
Technical Details
ID: | 594191 |
UUID: | 2538933564 |
Node ID: | PR_kwDOOctpPM6XVQ08 |
Host: | GitHub |
Repository: | Randroids-Dojo/typescript-and-python-bootstrap |
Mergeable: | Yes |
Merge State: | Unstable |
Rebaseable: | Yes |