-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync security updates to main. [NO MERGE] #897
base: main
Are you sure you want to change the base?
Conversation
…890) * Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cryptography from 3.4.8 to 41.0.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...41.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2021.5.30 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22. - [Commits](certifi/python-certifi@2021.05.30...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Updated libs to address all Critical and High severity alerts. * up * up * up * Updated libs. * fix * up * up * up * up --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump requests from 2.26.0 to 2.31.0 Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.26.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump cryptography from 3.4.8 to 41.0.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 41.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...41.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump certifi from 2021.5.30 to 2023.7.22 Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2023.7.22. - [Commits](certifi/python-certifi@2021.05.30...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Updated libs to address all Critical and High severity alerts. * up * up * up * Updated libs. * fix * up * up * up * up * Pillow 10.1.0 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Conflicts: # pybossa/themes/default
Pull Request Test Coverage Report for Build 12318796322Details
💛 - Coveralls |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be nice to have list of updates that are coming in with multiple libraries getting updated here so as to understand any particular area to be tested thoroughly. Approving PR as we discussed to rely on smoke test. Please hold on merge this PR until tests in dev is complete. Thanks!
Re: #890