Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump the pip group across 1 directory with 2 updates #13

Closed
wants to merge 1 commit into from
Closed

chore(deps-dev): bump the pip group across 1 directory with 2 updates #13

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 12, 2024

Bumps the pip group with 2 updates in the / directory: idna and pymongo.

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates pymongo from 4.6.2 to 4.6.3

Changelog

Sourced from pymongo's changelog.

Changelog

Changes in Version 4.7

PyMongo 4.7 brings a number of improvements including:

  • Added the :class:pymongo.hello.Hello.connection_id, :attr:pymongo.monitoring.CommandStartedEvent.server_connection_id, :attr:pymongo.monitoring.CommandSucceededEvent.server_connection_id, and :attr:pymongo.monitoring.CommandFailedEvent.server_connection_id properties.

  • Fixed a bug where inflating a :class:~bson.raw_bson.RawBSONDocument containing a :class:~bson.code.Code would cause an error.

  • Significantly improved the performance of encoding BSON documents to JSON.

  • Support for named KMS providers for client side field level encryption. Previously supported KMS providers were only: aws, azure, gcp, kmip, and local. The KMS provider is now expanded to support name suffixes (e.g. local:myname). Named KMS providers enables more than one of each KMS provider type to be configured. See the docstring for :class:~pymongo.encryption_options.AutoEncryptionOpts. Note that named KMS providers requires pymongocrypt >=1.9 and libmongocrypt >=1.9.

  • :meth:~pymongo.encryption.ClientEncryption.encrypt and :meth:~pymongo.encryption.ClientEncryption.encrypt_expression now allow key_id to be passed in as a :class:uuid.UUID.

  • Fixed a bug where :class:~bson.int64.Int64 instances could not always be encoded by orjson_. The following now works::

    import orjson from bson import json_util orjson.dumps({'a': Int64(1)}, default=json_util.default, option=orjson.OPT_PASSTHROUGH_SUBCLASS)

.. _orjson: https://github.com/ijl/orjson

  • Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown" could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.
  • Added a warning when connecting to DocumentDB and CosmosDB clusters. For more information regarding feature compatibility and support please visit mongodb.com/supportability/documentdb <https://mongodb.com/supportability/documentdb>_ and mongodb.com/supportability/cosmosdb <https://mongodb.com/supportability/cosmosdb>_.
  • Added the :attr:pymongo.monitoring.ConnectionCheckedOutEvent.duration, :attr:pymongo.monitoring.ConnectionCheckOutFailedEvent.duration, and :attr:pymongo.monitoring.ConnectionReadyEvent.duration properties.
  • Added the type and kwargs arguments to :class:~pymongo.operations.SearchIndexModel to enable creating vector search indexes in MongoDB Atlas.
  • Fixed a bug where read_concern and write_concern were improperly added to :meth:~pymongo.collection.Collection.list_search_indexes queries.

Unavoidable breaking changes ............................

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps-dev): bump the pip group across 1 directory with 2 updates
6d70a3b 
Bumps the pip group with 2 updates in the / directory: [idna](https://github.com/kjd/idna) and [pymongo](https://github.com/mongodb/mongo-python-driver).


Updates `idna` from 3.6 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.6...v3.7)

Updates `pymongo` from 4.6.2 to 4.6.3
- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)
- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)
- [Commits](mongodb/mongo-python-driver@4.6.2...4.6.3)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pymongo
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 12, 2024
@dependabot dependabot bot mentioned this pull request Apr 12, 2024
Closed
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 17, 2024

Superseded by #14.

@dependabot dependabot bot closed this Apr 17, 2024
@dependabot dependabot bot deleted the dependabot/pip/pip-a11cd5ac9d branch April 17, 2024 02:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants