Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix dependency vulnerabilities in source packages #47

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Open

Fix dependency vulnerabilities in source packages #47

wants to merge 16 commits into from

Commits on Oct 20, 2024

  1. Bump black from 23.3.0 to 24.3.0 in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [black](https://github.com/psf/black).


Updates `black` from 23.3.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@23.3.0...24.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    5e6bb24 View commit details
    Browse the repository at this point in the history

  2. Bump pyarrow from 12.0.0 to 14.0.1 in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [pyarrow](https://github.com/apache/arrow).


Updates `pyarrow` from 12.0.0 to 14.0.1
- [Release notes](https://github.com/apache/arrow/releases)
- [Commits](apache/arrow@go/v12.0.0...go/v14.0.1)

---
updated-dependencies:
- dependency-name: pyarrow
  dependency-type: direct:development
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    22c7af1 View commit details
    Browse the repository at this point in the history

  3. Bump idna from 3.4 to 3.7 in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [idna](https://github.com/kjd/idna).


Updates `idna` from 3.4 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.4...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    a8aa0c8 View commit details
    Browse the repository at this point in the history

  4. Bump certifi in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [certifi](https://github.com/certifi/python-certifi).


Updates `certifi` from 2023.5.7 to 2024.7.4
- [Commits](certifi/python-certifi@2023.05.07...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    bd3a3ff View commit details
    Browse the repository at this point in the history

  5. Bump requests from 2.30.0 to 2.32.2 in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [requests](https://github.com/psf/requests).


Updates `requests` from 2.30.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.30.0...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    618f9d1 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #6 from arpitjain099/dependabot/pip/pip-775dd686c6 

    Bump requests from 2.30.0 to 2.32.2 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    b2d7c96 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #5 from arpitjain099/dependabot/pip/pip-a98e789dc2 

    Bump idna from 3.4 to 3.7 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    ac154b2 View commit details
    Browse the repository at this point in the history

  8. Merge pull request #4 from arpitjain099/dependabot/pip/pip-a8b23622d7 

    Bump certifi from 2023.5.7 to 2024.7.4 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    7e2d830 View commit details
    Browse the repository at this point in the history

  9. Merge pull request #3 from arpitjain099/dependabot/pip/pip-81350e123e 

    Bump black from 23.3.0 to 24.3.0 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    3b2a27b View commit details
    Browse the repository at this point in the history

  10. Bump idna from 3.7 to 3.10 in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [idna](https://github.com/kjd/idna).


Updates `idna` from 3.7 to 3.10
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.7...v3.10)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    99090be View commit details
    Browse the repository at this point in the history

  11. Merge branch 'dependency' into dependabot/pip/pip-fb879a73c4

    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    8ab9969 View commit details
    Browse the repository at this point in the history

  12. Bump urllib3 from 2.0.2 to 2.2.2 in the pip group across 1 directory 

    Bumps the pip group with 1 update in the / directory: [urllib3](https://github.com/urllib3/urllib3).


Updates `urllib3` from 2.0.2 to 2.2.2
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.2...2.2.2)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    1c92f58 View commit details
    Browse the repository at this point in the history

  13. Merge pull request #2 from arpitjain099/dependabot/pip/pip-fb879a73c4 

    Bump pyarrow from 12.0.0 to 14.0.1 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    2868042 View commit details
    Browse the repository at this point in the history

  14. Merge pull request #7 from arpitjain099/dependabot/pip/pip-69a3c6ef02 

    Bump idna from 3.7 to 3.10 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    c3629e9 View commit details
    Browse the repository at this point in the history

  15. Merge pull request #1 from arpitjain099/dependabot/pip/pip-48da786093 

    Bump urllib3 from 2.0.2 to 2.2.2 in the pip group across 1 directory
    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    a04ed6a View commit details
    Browse the repository at this point in the history

  16. Update pyproject.toml

    @arpitjain099
    arpitjain099 authored Oct 20, 2024
    Configuration menu
    Copy the full SHA
    e605b48 View commit details
    Browse the repository at this point in the history