Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix dependency vulnerabilities in source packages #47

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from

Conversation

arpitjain099
Copy link

@arpitjain099 arpitjain099 commented Oct 20, 2024

You can find patched security vulnerabilities in this fork repo - https://github.com/arpitjain099/palantir-python-sdk/pulls?q=is%3Apr+label%3Adependencies+is%3Aclosed

It is important to merge this as this SDK gets used by other developers as well.

Type

  • Improvement
  • Fix

Description Fix dependency vulnerabilities in source packages

  • Generate changelog entry

dependabot bot and others added 15 commits October 20, 2024 04:47
Bumps the pip group with 1 update in the / directory: [black](https://github.com/psf/black).


Updates `black` from 23.3.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@23.3.0...24.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the pip group with 1 update in the / directory: [pyarrow](https://github.com/apache/arrow).


Updates `pyarrow` from 12.0.0 to 14.0.1
- [Release notes](https://github.com/apache/arrow/releases)
- [Commits](apache/arrow@go/v12.0.0...go/v14.0.1)

---
updated-dependencies:
- dependency-name: pyarrow
  dependency-type: direct:development
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the pip group with 1 update in the / directory: [idna](https://github.com/kjd/idna).


Updates `idna` from 3.4 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.4...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the pip group with 1 update in the / directory: [certifi](https://github.com/certifi/python-certifi).


Updates `certifi` from 2023.5.7 to 2024.7.4
- [Commits](certifi/python-certifi@2023.05.07...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the pip group with 1 update in the / directory: [requests](https://github.com/psf/requests).


Updates `requests` from 2.30.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.30.0...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bump requests from 2.30.0 to 2.32.2 in the pip group across 1 directory
Bump idna from 3.4 to 3.7 in the pip group across 1 directory
Bump certifi from 2023.5.7 to 2024.7.4 in the pip group across 1 directory
Bump black from 23.3.0 to 24.3.0 in the pip group across 1 directory
Bumps the pip group with 1 update in the / directory: [idna](https://github.com/kjd/idna).


Updates `idna` from 3.7 to 3.10
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.7...v3.10)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the pip group with 1 update in the / directory: [urllib3](https://github.com/urllib3/urllib3).


Updates `urllib3` from 2.0.2 to 2.2.2
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.2...2.2.2)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Bump pyarrow from 12.0.0 to 14.0.1 in the pip group across 1 directory
Bump idna from 3.7 to 3.10 in the pip group across 1 directory
Bump urllib3 from 2.0.2 to 2.2.2 in the pip group across 1 directory
@changelog-app
Copy link

changelog-app bot commented Oct 20, 2024

Generate changelog in changelog/@unreleased

What do the change types mean?
  • feature: A new feature of the service.
  • improvement: An incremental improvement in the functionality or operation of the service.
  • fix: Remedies the incorrect behaviour of a component of the service in a backwards-compatible way.
  • break: Has the potential to break consumers of this service's API, inclusive of both Palantir services
    and external consumers of the service's API (e.g. customer-written software or integrations).
  • deprecation: Advertises the intention to remove service functionality without any change to the
    operation of the service itself.
  • manualTask: Requires the possibility of manual intervention (running a script, eyeballing configuration,
    performing database surgery, ...) at the time of upgrade for it to succeed.
  • migration: A fully automatic upgrade migration task with no engineer input required.

Note: only one type should be chosen.

How are new versions calculated?
  • ❗The break and manual task changelog types will result in a major release!
  • 🐛 The fix changelog type will result in a minor release in most cases, and a patch release version for patch branches. This behaviour is configurable in autorelease.
  • ✨ All others will result in a minor version release.

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

Fix dependency vulnerabilities in source packages

Check the box to generate changelog(s)

  • Generate changelog entry

@arpitjain099
Copy link
Author

You can find patched security vulnerabilities in this fork repo - https://github.com/arpitjain099/palantir-python-sdk/pulls?q=is%3Apr+label%3Adependencies+is%3Aclosed

It is important to merge this as this SDK gets used by other developers as well.

Type

  • Improvement
  • Fix

Description Fix dependency vulnerabilities in source packages

  • Generate changelog entry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant