Skip to content

Bump requests from 2.25.1 to 2.31.0 in /fastcom#19

Open
dependabot[bot] wants to merge 233 commits intomasterfrom
dependabot/pip/fastcom/requests-2.31.0
Open

Bump requests from 2.25.1 to 2.31.0 in /fastcom#19
dependabot[bot] wants to merge 233 commits intomasterfrom
dependabot/pip/fastcom/requests-2.31.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Dec 1, 2023

Bumps requests from 2.25.1 to 2.31.0.

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

mzanetti and others added 30 commits August 31, 2022 12:07
@mzanetti
Fronius: Improve and translate error message for the user
79fae71
@mzanetti
TP-Link: Disable caching for some states where it's not needed
fecbe30
@dependabot
Bump oauthlib from 3.2.0 to 3.2.1 in /daikinairco
0fdd871 
Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/oauthlib/oauthlib/releases)
- [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst)
- [Commits](oauthlib/oauthlib@v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: oauthlib
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@mzanetti
MyStrom: Fix discovery for Swiss plugs
140c4d6
@mzanetti
MecMeter: Reduce some load by uncaching and rounding some states
71fbb89
@mzanetti
Shelly: Fix color state for rgbw2
562902e
@mzanetti
Fronius: Fix generating childs with multiple fronius connections
e74d9b0
@mzanetti
Tempo: Properly handle expired tokens
ff4cd2a
Merge PR nymea#600: Tempo: Properly handle expired tokens
32e9589
Merge PR nymea#601: Fronius: Improve and translate error message for …
7014510 
…the user
Merge PR nymea#606: MyStrom: Fix discovery for Swiss plugs
fc4024c
Merge PR nymea#608: Shelly: Fix color state for rgbw2
fbfb098
Merge PR nymea#609: Fronius: Fix generating childs with multiple fron…
5f7de0d 
…ius connections
Jenkins release build 1.4.1
da48352
@t-mon
Clean up network device discovery replies due to mechanism update
a21cc75
@mzanetti
go-e: Drop flooding useless debug print
a79614f
@Danfro
fix typo in shelly integrations card
d8d9919
@Danfro
add notes about connecting to shelly plug
0ebdd46
@Danfro
rephrase website info
c97f968
@Danfro
drop sections about wifi setup and local host updates, remove plug ref.
f65af7e
@mzanetti
AQI: Update to new interface specification
08a31ea
@t-mon
Update requirements
732a98d
@mzanetti
SMA: Disable caching for frequently changing states
e33f0ec
@mzanetti
Shelly: Allow choosing between unicast and multicast CoIoT
8ddea5c 
UDP multicast isn't properly working on some network setups
so we'll default to unicast by configuring our own IP to the
shelly. This has the downside that the Shelly device won't work
any more with other software or multiple nymea setups, so we'll
still allow choosing the multicast option in the setup params.
@mzanetti
Shelly: Add support for Shelly Flood, Smoke and Gas
3e1f89d
@mzanetti
Update translations
449b4e8
@mzanetti
Fix leaking action network replies
591e20a
@mzanetti
go-e: Uncache some states
d3440c4
@mzanetti
go-e: fix the charging state
7981d5e
Merge PR nymea#603: TP-Link: Disable caching for some states where it…
739f406 
…'s not needed
dependabot Bot and others added 28 commits November 9, 2023 08:52
@dependabot
Bump certifi from 2022.12.7 to 2023.7.22 in /daikinairco
7fb22e1 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22.
- [Commits](certifi/python-certifi@2022.12.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump urllib3 from 1.26.9 to 1.26.18 in /bimmerconnected
5e494d6 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.9 to 1.26.18.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.9...1.26.18)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump requests from 2.27.1 to 2.31.0 in /daikinairco
24ff8c7 
Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump cryptography from 39.0.1 to 41.0.6 in /bimmerconnected
0b077a4 
Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@39.0.1...41.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump cryptography from 39.0.1 to 41.0.6 in /neatobotvac
f50f461 
Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@39.0.1...41.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #8 from ConsolinnoEnergy/dependabot/pip/bimmerconn…
3bf98c6 
…ected/cryptography-41.0.6

Bump cryptography from 39.0.1 to 41.0.6 in /bimmerconnected
@ljonka
Merge pull request #7 from ConsolinnoEnergy/dependabot/pip/neatobotva…
744b854 
…c/cryptography-41.0.6

Bump cryptography from 39.0.1 to 41.0.6 in /neatobotvac
@ljonka
Merge pull request #1 from ConsolinnoEnergy/dependabot/pip/daikinairc…
3a3e655 
…o/certifi-2023.7.22

Bump certifi from 2022.12.7 to 2023.7.22 in /daikinairco
@ljonka
Merge pull request #2 from ConsolinnoEnergy/dependabot/pip/bimmerconn…
349f70d 
…ected/certifi-2023.7.22

Bump certifi from 2022.12.7 to 2023.7.22 in /bimmerconnected
@dependabot
Bump requests from 2.27.1 to 2.31.0 in /bimmerconnected
27301be 
Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #4 from ConsolinnoEnergy/dependabot/pip/bimmerconn…
9f337bc 
…ected/urllib3-1.26.18

Bump urllib3 from 1.26.9 to 1.26.18 in /bimmerconnected
@ljonka
Merge pull request #5 from ConsolinnoEnergy/dependabot/pip/daikinairc…
b32d957 
…o/requests-2.31.0

Bump requests from 2.27.1 to 2.31.0 in /daikinairco
@dependabot
Bump certifi from 2022.12.7 to 2023.7.22 in /yamahaavr
c32b2d9 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22.
- [Commits](certifi/python-certifi@2022.12.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump requests from 2.25.1 to 2.31.0 in /yamahaavr
fc68965 
Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #11 from ConsolinnoEnergy/dependabot/pip/yamahaavr…
25b3a91 
…/certifi-2023.7.22

Bump certifi from 2022.12.7 to 2023.7.22 in /yamahaavr
@dependabot
Bump urllib3 from 1.26.5 to 1.26.18 in /neatobotvac
63b7e5e 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to 1.26.18.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.5...1.26.18)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump numpy from 1.21.6 to 1.22.0 in /sunposition
cdec6a5 
Bumps [numpy](https://github.com/numpy/numpy) from 1.21.6 to 1.22.0.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.21.6...v1.22.0)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #12 from ConsolinnoEnergy/dependabot/pip/yamahaavr…
b62cbce 
…/requests-2.31.0

Bump requests from 2.25.1 to 2.31.0 in /yamahaavr
@ljonka
Merge pull request #14 from ConsolinnoEnergy/dependabot/pip/sunpositi…
ae96885 
…on/numpy-1.22.0

Bump numpy from 1.21.6 to 1.22.0 in /sunposition
@dependabot
Bump certifi from 2022.12.7 to 2023.7.22 in /neatobotvac
ce4b17c 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22.
- [Commits](certifi/python-certifi@2022.12.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #15 from ConsolinnoEnergy/dependabot/pip/neatobotv…
3b1425c 
…ac/certifi-2023.7.22

Bump certifi from 2022.12.7 to 2023.7.22 in /neatobotvac
@dependabot
Bump urllib3 from 1.26.5 to 1.26.18 in /yamahaavr
52a09f3 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to 1.26.18.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.5...1.26.18)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #13 from ConsolinnoEnergy/dependabot/pip/neatobotv…
e120ca6 
…ac/urllib3-1.26.18

Bump urllib3 from 1.26.5 to 1.26.18 in /neatobotvac
@dependabot
Bump requests from 2.25.1 to 2.31.0 in /neatobotvac
e09e65e 
Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljonka
Merge pull request #10 from ConsolinnoEnergy/dependabot/pip/yamahaavr…
2ff0840 
…/urllib3-1.26.18

Bump urllib3 from 1.26.5 to 1.26.18 in /yamahaavr
@ljonka
Merge pull request #16 from ConsolinnoEnergy/dependabot/pip/neatobotv…
84cc21b 
…ac/requests-2.31.0

Bump requests from 2.25.1 to 2.31.0 in /neatobotvac
@ljonka
Merge pull request #9 from ConsolinnoEnergy/dependabot/pip/bimmerconn…
82a77cc 
…ected/requests-2.31.0

Bump requests from 2.27.1 to 2.31.0 in /bimmerconnected
@dependabot
Bump requests from 2.25.1 to 2.31.0 in /fastcom
0e9a829 
Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@mzanetti @t-mon @Danfro @wayneoutthere @fetzerch @loosrob @ljonka