Skip to content

Bump the pip group across 1 directory with 5 updates #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the pip group across 1 directory with 5 updates #5

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 24, 2024

Bumps the pip group with 5 updates in the /blog/hn_scraper directory:

Package From To
scrapy 0.24.5 2.11.1
twisted 15.1.0 23.10.0
cryptography 0.8.2 42.0.4
lxml 3.4.3 4.9.1
pyopenssl 0.15.1 17.5.0

Updates scrapy from 0.24.5 to 2.11.1

Release notes

Sourced from scrapy's releases.

2.11.1

  • Security bug fixes.
  • Support for Twisted >= 23.8.0.
  • Documentation improvements.

See the full changelog.

2.11.0

  • Spiders can now modify settings in their from_crawler methods, e.g. based on spider arguments.
  • Periodic logging of stats.
  • Bug fixes.

See the full changelog.

2.10.1

Marked Twisted >= 23.8.0 as unsupported.

2.10.0

  • Added Python 3.12 support, dropped Python 3.7 support.
  • The new add-ons framework simplifies configuring 3rd-party components that support it.
  • Exceptions to retry can now be configured.
  • Many fixes and improvements for feed exports.

See the full changelog.

2.9.0

  • Per-domain download settings.
  • Compatibility with new cryptography and new parsel.
  • JMESPath selectors from the new parsel.
  • Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

  • Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older
  • Bug fixes

See the full changelog

2.7.0

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.11.1 (2024-02-14)

Highlights:

  • Security bug fixes.

  • Support for Twisted >= 23.8.0.

  • Documentation improvements.

Security bug fixes


-   Addressed `ReDoS vulnerabilities`_:

-   ``scrapy.utils.iterators.xmliter`` is now deprecated in favor of
    :func:`~scrapy.utils.iterators.xmliter_lxml`, which
    :class:`~scrapy.spiders.XMLFeedSpider` now uses.

To minimize the impact of this change on existing code,
:func:`~scrapy.utils.iterators.xmliter_lxml` now supports indicating
the node namespace with a prefix in the node name, and big files with
highly nested trees when using libxml2 2.7+.



    

  • Fixed regular expressions in the implementation of the
    
:func:~scrapy.utils.response.open_in_browser function.
    • 



Please, see the cc65-xxvf-f7r9 security advisory_ for more information.


.. _ReDoS vulnerabilities: https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

.. _cc65-xxvf-f7r9 security advisory: GHSA-cc65-xxvf-f7r9




    

  • 

    :setting:DOWNLOAD_MAXSIZE and :setting:DOWNLOAD_WARNSIZE now also apply
to the decompressed response body. Please, see the 7j7m-v7m3-jqm7 security advisory_ for more information.
    

    .. _7j7m-v7m3-jqm7 security advisory: GHSA-7j7m-v7m3-jqm7
    

    • 

  • 

    Also in relation with the 7j7m-v7m3-jqm7 security advisory_, the
deprecated scrapy.downloadermiddlewares.decompression module has been
removed.
    

    • 

  • 

    The Authorization header is now dropped on redirects to a different
domain. Please, see the cw9j-q3vf-hrrv security advisory_ for more
information.
    

    .. _cw9j-q3vf-hrrv security advisory: GHSA-cw9j-q3vf-hrrv
    

    • 



Modified requirements
</tr></table>

... (truncated)

Commits
  • 2f1d345 Solve test issues
  • 502addc Bump version: 2.11.0 → 2.11.1
  • 6b88b33 Set the release date of versions 2.11.1 and 1.8.4
  • 479619b Merge branch '2.11-redos' into 2.11
  • 809bfac Merge branch '2.11-compression-bomb' into 2.11
  • 5bcb8fd Merge branch '2.11-authorization' into 2.11
  • a55e933 Release notes for 2.11.1 (#6150)
  • 5e5a920 Remove slow leftovers
  • 810aaa6 Undo an unintended change
  • c5dad41 Speed up tests, remove comments without regexps
  • Additional commits viewable in compare view

Updates twisted from 15.1.0 to 23.10.0

Release notes

Sourced from twisted's releases.

Twisted 23.10.0 (2023-10-31)

No changes since 23.10.0.rc1.

Features

  • twisted.python.filepath.FilePath and related classes (twisted.python.filepath.IFilepath, twisted.python.filepath.AbstractFilePath, twisted.python.zippath.ZipPath, and twisted.python.zippath.ZipArchive) now have type annotations. Additionally, FilePath is now generic, describing its mode, so you can annotate variables as FilePath[str] or FilePath[bytes] depending on the types that you wish to get back from the 'path' attribute and related methods like 'basename'. (#11822)
  • When using CPython, functions wrapped by twisted.internet.defer.inlineCallbacks can have their arguments and return values freed immediately after completion (due to there no longer being circular references). (#11885)

Bugfixes

  • Fix TypeError on t.i.cfreactor due to 3.10 type annotation syntax (#11965)
  • Fix the type annotations of DeferredLock.run, DeferredSemaphore.run, maybeDeferred, ensureDeferred, inlineCallbacks and fromCoroutine that used to return Deferred[Any] to return the result of the passed Coroutine/Coroutine function (#11985)
  • Fixed significant performance overhead (CPU and bandwidth) when doing small writes to a TLS transport. Specifically, small writes to a TLS transport are now buffered until the next reactor iteration. (#11989)
  • fix mypy due to hypothesis 6.85 (#11995)

Improved Documentation

  • The search and version navigation for the documentation hosted on Read The Docs was fixed. This was a regression introduced with 23.8.0. (#12012)

Deprecations and Removals

  • Drop support for Python 3.7. Remove twisted[contextvars] extra (contextvars are always available in Python 3.7+) (#11913)

Misc

Conch

No significant changes.

Web

... (truncated)

Changelog

Sourced from twisted's changelog.

Twisted 23.10.0 (2023-10-31)

No changes since 23.10.0.rc1.

Features

  • twisted.python.filepath.FilePath and related classes (twisted.python.filepath.IFilepath, twisted.python.filepath.AbstractFilePath, twisted.python.zippath.ZipPath, and twisted.python.zippath.ZipArchive) now have type annotations. Additionally, FilePath is now generic, describing its mode, so you can annotate variables as FilePath[str] or FilePath[bytes] depending on the types that you wish to get back from the 'path' attribute and related methods like 'basename'. (#11822)
  • When using CPython, functions wrapped by twisted.internet.defer.inlineCallbacks can have their arguments and return values freed immediately after completion (due to there no longer being circular references). (#11885)

Bugfixes

  • Fix TypeError on t.i.cfreactor due to 3.10 type annotation syntax (#11965)
  • Fix the type annotations of DeferredLock.run, DeferredSemaphore.run, maybeDeferred, ensureDeferred, inlineCallbacks and fromCoroutine that used to return Deferred[Any] to return the result of the passed Coroutine/Coroutine function (#11985)
  • Fixed significant performance overhead (CPU and bandwidth) when doing small writes to a TLS transport. Specifically, small writes to a TLS transport are now buffered until the next reactor iteration. (#11989)
  • fix mypy due to hypothesis 6.85 (#11995)

Improved Documentation

  • The search and version navigation for the documentation hosted on Read The Docs was fixed. This was a regression introduced with 23.8.0. (#12012)

Deprecations and Removals

  • Drop support for Python 3.7. Remove twisted[contextvars] extra (contextvars are always available in Python 3.7+) (#11913)

Misc

Conch

No significant changes.

Web

... (truncated)

Commits
  • f3f3389 python -m incremental.update Twisted --newversion
  • 2d15c00 Add CVE id to bug.
  • 61c46d4 tox -e towncrier
  • 650c59d python -m incremental.update Twisted --rc
  • 157cd8e #11985 fix DeferredLock.run/Semaphore.run/maybeDeferred/ensureDeferred/inline...
  • ed25d4a [pre-commit.ci] auto fixes from pre-commit.com hooks
  • 5eb2078 Merge branch 'trunk' into fix-concurrency-primative-type
  • 2df4c76 Update src/twisted/test/test_defer.py
  • 105a9f5 #11989 Lots of small writes to the TLS transport use a lot of cpu (#11996)
  • 524a2fa Fix lint
  • Additional commits viewable in compare view

Updates cryptography from 0.8.2 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20


* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.

.. _v42-0-3:


42.0.3 - 2024-02-15

  • Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.

.. _v42-0-1:


42.0.1 - 2024-01-24

  • Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
  • Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

Updates lxml from 3.4.3 to 4.9.1

Changelog

Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

  • A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

  • GH#341: The mixin inheritance order in lxml.html was corrected. Patch by xmo-odoo.

Other changes

  • Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

  • Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

  • GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

4.8.0 (2022-02-17)

Features added

  • GH#337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

  • The ElementMaker now supports QName values as tags, which always override the default namespace of the factory.

Bugs fixed

  • GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.

... (truncated)

Commits
  • d01872c Prevent parse failure in new test from leaking into later test runs.
  • d65e632 Prepare release of lxml 4.9.1.
  • 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
  • 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
  • 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
  • b9f7074 Remove debug print from test.
  • b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
  • 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
  • 853c9e9 Prepare release of 4.9.0.
  • d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
  • Additional commits viewable in compare view

Updates pyopenssl from 0.15.1 to 17.5.0

Changelog

Sourced from pyopenssl's changelog.

17.5.0 (2017-11-30)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • The minimum cryptography version is now 2.1.4.

Deprecations: ^^^^^^^^^^^^^

none

Changes: ^^^^^^^^

  • Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. [#723](https://github.com/pyca/pyopenssl/issues/723) <https://github.com/pyca/pyopenssl/pull/723>_
  • Added Connection.export_keying_material for RFC 5705 compatible export of keying material. [#725](https://github.com/pyca/pyopenssl/issues/725) <https://github.com/pyca/pyopenssl/pull/725>_

17.4.0 (2017-11-21)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

none

Deprecations: ^^^^^^^^^^^^^

none

Changes: ^^^^^^^^

  • Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 5 updates
94a2258 
Bumps the pip group with 5 updates in the /blog/hn_scraper directory:

| Package | From | To |
| --- | --- | --- |
| [scrapy](https://github.com/scrapy/scrapy) | `0.24.5` | `2.11.1` |
| [twisted](https://github.com/twisted/twisted) | `15.1.0` | `23.10.0` |
| [cryptography](https://github.com/pyca/cryptography) | `0.8.2` | `42.0.4` |
| [lxml](https://github.com/lxml/lxml) | `3.4.3` | `4.9.1` |
| [pyopenssl](https://github.com/pyca/pyopenssl) | `0.15.1` | `17.5.0` |



Updates `scrapy` from 0.24.5 to 2.11.1
- [Release notes](https://github.com/scrapy/scrapy/releases)
- [Changelog](https://github.com/scrapy/scrapy/blob/master/docs/news.rst)
- [Commits](scrapy/scrapy@0.24.5...2.11.1)

Updates `twisted` from 15.1.0 to 23.10.0
- [Release notes](https://github.com/twisted/twisted/releases)
- [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst)
- [Commits](twisted/twisted@twisted-15.1.0...twisted-23.10.0)

Updates `cryptography` from 0.8.2 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@0.8.2...42.0.4)

Updates `lxml` from 3.4.3 to 4.9.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-3.4.3...lxml-4.9.1)

Updates `pyopenssl` from 0.15.1 to 17.5.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@0.15.1...17.5.0)

---
updated-dependencies:
- dependency-name: scrapy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: twisted
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: lxml
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyopenssl
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 24, 2024
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github May 14, 2024

Superseded by #6.

@dependabot dependabot bot closed this May 14, 2024
@dependabot dependabot bot deleted the dependabot/pip/blog/hn_scraper/pip-7347953ca1 branch May 14, 2024 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant