Skip to content

chore(deps)(deps): bump the all-dependencies group with 2 updates#188

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-dependencies-2187fe9397
Open

chore(deps)(deps): bump the all-dependencies group with 2 updates#188
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-dependencies-2187fe9397

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on icalendar and pip-audit to permit the latest version.
Updates icalendar from 7.1.2 to 7.1.3

Release notes

Sourced from icalendar's releases.

v7.1.3

To view the changes, please see the Changelog. This release can be installed from PyPI.

Changelog

Sourced from icalendar's changelog.

7.1.3 (2026-06-15)

Bug fixes


- Comparing components with ``Component.__eq__`` is no longer exponential in the subcomponent nesting depth, removing a denial-of-service vector where a deeply nested component could take minutes to compare. See `GHSA-cv84-9p8j-fj68 <https://github.com/collective/icalendar/security/advisories/GHSA-cv84-9p8j-fj68>`_. @tidusec
Commits
  • f7240bc version 7.1.3
  • e85eb8e Merge commit from fork
  • 9c783f6 Make test_deeply_nested_equality_at_depth_50 a regression test.
  • dc90e91 Update news/+component-equality-complexity.bugfix
  • 66264ef Update src/icalendar/cal/component.py
  • cad40cd fix: comments
  • b6b2608 fix: improve time complexity in src/icalendar/cal
  • See full diff in compare view

Updates pip-audit to 2.10.1

Release notes

Sourced from pip-audit's releases.

v2.10.1

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)
Changelog

Sourced from pip-audit's changelog.

[2.10.1]

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)

[2.10.0]

Added

  • pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

  • pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

  • The minimum version of Python is now 3.10 (#905)

Fixed

  • Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

  • CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

[2.9.0]

Added

  • pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

[2.8.0]

Added

... (truncated)

Commits
  • 8894eb8 Merge pull request #1056 from pypa/copilot/release-2101
  • 1c625b7 Update version in README.md to 2.10.1
  • fd2094b Prep 2.10.1 release
  • 58d2488 build(deps): bump github/codeql-action from 4.35.2 to 4.36.1 (#1052)
  • 8df9420 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#1044)
  • 3f618d3 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1053)
  • 4849132 Restrict OIDC token to publish job (#1050)
  • c1eb69a Fix KeyError when OSV affected entry omits optional ranges field (#1046)
  • 68de07f Merge pull request #1054 from pypa/fix/1047
  • ef31c9e Formatting fixes
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the all-dependencies group with 2 updates
30d3cd2 
Updates the requirements on [icalendar](https://github.com/collective/icalendar) and [pip-audit](https://github.com/pypa/pip-audit) to permit the latest version.

Updates `icalendar` from 7.1.2 to 7.1.3
- [Release notes](https://github.com/collective/icalendar/releases)
- [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst)
- [Commits](collective/icalendar@v7.1.2...v7.1.3)

Updates `pip-audit` to 2.10.1
- [Release notes](https://github.com/pypa/pip-audit/releases)
- [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md)
- [Commits](pypa/pip-audit@v2.10.0...v2.10.1)

---
updated-dependencies:
- dependency-name: icalendar
  dependency-version: 7.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: pip-audit
  dependency-version: 2.10.1
  dependency-type: direct:development
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from weirdtangent as a code owner June 16, 2026 21:34
@dependabot dependabot Bot added the security label Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@weirdtangent weirdtangent Awaiting requested review from weirdtangent weirdtangent is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants