Skip to content
This repository was archived by the owner on Jun 25, 2024. It is now read-only.

Bump the pip group group in /stays with 1 update #13

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Bump the pip group group in /stays with 1 update #13

wants to merge 16 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2024

Bumps the pip group group in /stays with 1 update: orjson.

Updates orjson from 3.9.5 to 3.9.15

Release notes

Sourced from orjson's releases.

3.9.15

Fixed

  • Implement recursion limit of 1024 on orjson.loads().
  • Use byte-exact read on str formatting SIMD path to avoid crash.

3.9.14

Fixed

  • Fix crash serializing str introduced in 3.9.11.

Changed

  • Build now depends on Rust 1.72 or later.

3.9.13

Fixed

  • Serialization str escape uses only 128-bit SIMD.
  • Fix compatibility with CPython 3.13 alpha 3.

Changed

  • Publish musllinux_1_2 instead of musllinux_1_1 wheels.
  • Serialization uses small integer optimization in CPython 3.12 or later.

3.9.12

Fixed

  • Minimal musllinux_1_1 build due to sporadic CI failure.

Changed

  • Update benchmarks in README.

3.9.11

Changed

  • Improve performance of serializing. str is significantly faster. Documents using dict, list, and tuple are somewhat faster.

3.9.10

Fixed

  • Fix debug assert failure on 3.12 --profile=dev build.

3.9.9

Changed

  • orjson module metadata explicitly marks subinterpreters as not supported.

... (truncated)

Changelog

Sourced from orjson's changelog.

3.9.15 - 2024-02-23

Fixed

  • Implement recursion limit of 1024 on orjson.loads().
  • Use byte-exact read on str formatting SIMD path to avoid crash.

3.9.14 - 2024-02-14

Fixed

  • Fix crash serializing str introduced in 3.9.11.

Changed

  • Build now depends on Rust 1.72 or later.

3.9.13 - 2024-02-03

Fixed

  • Serialization str escape uses only 128-bit SIMD.
  • Fix compatibility with CPython 3.13 alpha 3.

Changed

  • Publish musllinux_1_2 instead of musllinux_1_1 wheels.
  • Serialization uses small integer optimization in CPython 3.12 or later.

3.9.12 - 2024-01-18

Changed

  • Update benchmarks in README.

Fixed

  • Minimal musllinux_1_1 build due to sporadic CI failure.

3.9.11 - 2024-01-18

Changed

  • Improve performance of serializing. str is significantly faster. Documents using dict, list, and tuple are somewhat faster.

... (truncated)

Commits
  • a348f59 3.9.15
  • b0e4d2c yyjson 0eca326, recursion limit
  • 5067ead impl_escape_unchecked() byte exact read
  • e04ea73 cargo update, build misc
  • ba8c701 3.9.14
  • a2f7b7b impl_format_simd!() lift create from loop, rotate left
  • 528220f format_escaped_str() fast and slow paths depending on page boundary
  • 29884e6 Fix buffer overread in format_escaped_str
  • c825472 cargo update
  • 4eb4f00 3.9.13
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot bot and others added 16 commits December 9, 2023 12:32
@dependabot
Bump urllib3 from 2.0.4 to 2.0.7 in /stays
2363a9e 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.4 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.4...2.0.7)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump pillow from 10.0.0 to 10.0.1 in /stays
15be684 
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.0.0 to 10.0.1.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@10.0.0...10.0.1)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump django from 4.2.4 to 4.2.7 in /stays
ae9bb4e 
Bumps [django](https://github.com/django/django) from 4.2.4 to 4.2.7.
- [Commits](django/django@4.2.4...4.2.7)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump cryptography from 41.0.3 to 41.0.6 in /stays
a8abecf 
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@41.0.3...41.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@nojoven
Merge pull request #4 from nojoven/dependabot/pip/stays/cryptography-…
59da89a 
…41.0.6

Bump cryptography from 41.0.3 to 41.0.6 in /stays
@nojoven
Merge pull request #3 from nojoven/dependabot/pip/stays/django-4.2.7
6aa9d67 
Bump django from 4.2.4 to 4.2.7 in /stays
@pixeebot
Disable Django Debug Mode
b6c3aa2
@nojoven
Merge branch 'main' into dependabot/pip/stays/pillow-10.0.1
e50094e
@nojoven
Merge pull request #2 from nojoven/dependabot/pip/stays/pillow-10.0.1
d8e97ce 
Bump pillow from 10.0.0 to 10.0.1 in /stays
@nojoven
Merge pull request #5 from nojoven/pixeebot/drip-2023-12-09-pixee-pyt…
1c985ea 
…hon/django-debug-flag-on

Disable Django Debug Mode
@nojoven
Merge pull request #1 from nojoven/dependabot/pip/stays/urllib3-2.0.7
298bce5 
Bump urllib3 from 2.0.4 to 2.0.7 in /stays
@pixeebot
Secure Setting for Django SESSION_COOKIE_SECURE flag
3665b7e
@nojoven
Merge pull request #6 from nojoven/pixeebot/drip-2023-12-19-pixee-pyt…
9cf67b8 
…hon/django-session-cookie-secure-off

Secure Setting for Django `SESSION_COOKIE_SECURE` flag
@dependabot
Bump the pip group across 1 directories with 2 updates
78976c0 
Bumps the pip group with 2 updates in the /stays directory: [django](https://github.com/django/django) and [cryptography](https://github.com/pyca/cryptography).


Updates `django` from 4.2.7 to 4.2.10
- [Commits](django/django@4.2.7...4.2.10)

Updates `cryptography` from 41.0.6 to 42.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@41.0.6...42.0.4)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: cryptography
  dependency-type: indirect
  dependency-group: pip-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@nojoven
Merge pull request #11 from nojoven/dependabot/pip/stays/pip-security…
3ab8079 
…-group-37c6ab6909

Bump the pip group across 1 directories with 2 updates
@dependabot
Bump the pip group group in /stays with 1 update
ceb5443 
Bumps the pip group group in /stays with 1 update: [orjson](https://github.com/ijl/orjson).


Updates `orjson` from 3.9.5 to 3.9.15
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.9.5...3.9.15)

---
updated-dependencies:
- dependency-name: orjson
  dependency-type: indirect
  dependency-group: pip-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nojoven @pixeebot