Skip to content

chore(deps): bump haystack-ai from 2.0.1 to 2.3.1 in /packages/sample-app #1721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump haystack-ai from 2.0.1 to 2.3.1 in /packages/sample-app #1721

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 31, 2024
edited
Loading

Bumps haystack-ai from 2.0.1 to 2.3.1.

Release notes

Sourced from haystack-ai's releases.

v2.3.1

Release Notes

v2.3.1

⬆️ Upgrade Notes

  • OutputAdapter and ConditionalRouter can't return users inputs anymore.

Security Notes

  • Fix issue that could lead to remote code execution when using insecure Jinja template in the following Components:

    • PromptBuilder
    • ChatPromptBuilder
    • DynamicPromptBuilder
    • DynamicChatPromptBuilder
    • OutputAdapter
    • ConditionalRouter

    The same issue has been fixed in the PipelineTemplate class too.

🐛 Bug Fixes

  • Pins structlog to <= 24.2.0 to avoid some unit test failures. This is a temporary fix until we can upgrade tests to a newer versions of structlog.

v2.3.1-rc1

Release Notes

v2.3.1-rc1

⬆️ Upgrade Notes

  • OutputAdapter and ConditionalRouter can't return users inputs anymore.

Security Notes

  • Fix issue that could lead to remote code execution when using insecure Jinja template in the following Components:

    • PromptBuilder
    • ChatPromptBuilder
    • DynamicPromptBuilder
    • DynamicChatPromptBuilder
    • OutputAdapter
    • ConditionalRouter

    The same issue has been fixed in the PipelineTemplate class too.

🐛 Bug Fixes

... (truncated)

Commits
  • efc907c Bump version to 2.3.1
  • 9a5f58c Bump version to 2.3.1-rc1
  • 6c25a5c Fix issue that could lead to RCE if using unsecure Jinja templates in dynamic...
  • c077f4c Unpin structlog
  • ff79d66 chore: Combined main unblock (#8045)
  • cb1cecf build: unpin structlog (#8071)
  • 5a28246 fix: Fix issue that could lead to RCE if using unsecure Jinja templates (#8095)
  • aa740fa docs: add sentence window retrieval to api reference
  • 43bb0ad update version
  • 0118b0a refactor: Improve error messages shown during pipeline deserialization (#8016)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 31, 2024
@dependabot dependabot bot force-pushed the dependabot/pip/packages/sample-app/haystack-ai-2.3.1 branch 2 times, most recently from 5cf6f1f to 0e4c9f7 Compare August 5, 2024 13:52
@dependabot dependabot bot force-pushed the dependabot/pip/packages/sample-app/haystack-ai-2.3.1 branch 3 times, most recently from 59425b3 to 4cae434 Compare August 24, 2024 12:46
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Aug 29, 2024
@dependabot
chore(deps): bump haystack-ai in /packages/sample-app
5d347de 
Bumps [haystack-ai](https://github.com/deepset-ai/haystack) from 2.0.1 to 2.3.1.
- [Release notes](https://github.com/deepset-ai/haystack/releases)
- [Commits](deepset-ai/haystack@v2.0.1...v2.3.1)

---
updated-dependencies:
- dependency-name: haystack-ai
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/packages/sample-app/haystack-ai-2.3.1 branch from 4cae434 to 5d347de Compare August 29, 2024 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants