Bump the pip group across 4 directories with 7 updates #18

dependabot · 2024-02-26T21:13:30Z

Bumps the pip group with 6 updates in the / directory:

Package	From	To
fastapi	`0.100.1`	`0.109.1`
jinja2	`3.1.2`	`3.1.3`
python-multipart	`0.0.6`	`0.0.7`
aiohttp	`3.8.5`	`3.9.2`
langchain	`0.0.198`	`0.1.0`
cryptography	`41.0.3`	`42.0.4`
Bumps the pip group with 3 updates in the /apps/langchain_agent directory: jinja2, aiohttp and cryptography.
Bumps the pip group with 2 updates in the /apps/telegram_bot directory: jinja2 and aiohttp.
Bumps the pip group with 3 updates in the /apps/telephony_app directory: jinja2, aiohttp and cryptography.

Updates fastapi from 0.100.1 to 0.109.1

Release notes

Sourced from fastapi's releases.

0.109.1

Security fixes

⬆️ Upgrade minimum version of python-multipart to >=0.0.7 to fix a vulnerability when using form data with a ReDos attack. You can also simply upgrade python-multipart.

Read more in the advisory: Content-Type Header ReDoS.

Features

✨ Include HTTP 205 in status codes with no body. PR #10969 by @tiangolo.

Refactors

✅ Refactor tests for duplicate operation ID generation for compatibility with other tools running the FastAPI test suite. PR #10876 by @emmettbutler.

♻️ Simplify string format with f-strings in fastapi/utils.py. PR #10576 by @eukub.

🔧 Fix Ruff configuration unintentionally enabling and re-disabling mccabe complexity check. PR #10893 by @jiridanek.

✅ Re-enable test in tests/test_tutorial/test_header_params/test_tutorial003.py after fix in Starlette. PR #10904 by @ooknimm.

Docs

📝 Tweak wording in help-fastapi.md. PR #11040 by @tiangolo.

📝 Tweak docs for Behind a Proxy. PR #11038 by @tiangolo.

📝 Add External Link: 10 Tips for adding SQLAlchemy to FastAPI. PR #11036 by @Donnype.

📝 Add External Link: Tips on migrating from Flask to FastAPI and vice-versa. PR #11029 by @jtemporal.

📝 Deprecate old tutorials: Peewee, Couchbase, encode/databases. PR #10979 by @tiangolo.

✏️ Fix typo in fastapi/security/oauth2.py. PR #10972 by @RafalSkolasinski.

📝 Update HTTPException details in docs/en/docs/tutorial/handling-errors.md. PR #5418 by @papb.

✏️ A few tweaks in docs/de/docs/tutorial/first-steps.md. PR #10959 by @nilslindemann.

✏️ Fix link in docs/en/docs/advanced/async-tests.md. PR #10960 by @nilslindemann.

✏️ Fix typos for Spanish documentation. PR #10957 by @jlopezlira.

📝 Add warning about lifespan functions and backwards compatibility with events. PR #10734 by @jacob-indigo.

✏️ Fix broken link in docs/tutorial/sql-databases.md in several languages. PR #10716 by @theoohoho.

✏️ Remove broken links from external_links.yml. PR #10943 by @Torabek.

📝 Update template docs with more info about url_for. PR #5937 by @EzzEddin.

📝 Update usage of Token model in security docs. PR #9313 by @piotrszacilowski.

✏️ Update highlighted line in docs/en/docs/tutorial/bigger-applications.md. PR #5490 by @papb.

📝 Add External Link: Explore How to Effectively Use JWT With FastAPI. PR #10212 by @aanchlia.

📝 Add hyperlink to docs/en/docs/tutorial/static-files.md. PR #10243 by @hungtsetse.

📝 Add External Link: Instrument a FastAPI service adding tracing with OpenTelemetry and send/show traces in Grafana Tempo. PR #9440 by @softwarebloat.

📝 Review and rewording of en/docs/contributing.md. PR #10480 by @nilslindemann.

📝 Add External Link: ML serving and monitoring with FastAPI and Evidently. PR #9701 by @mnrozhkov.

📝 Reword in docs, from "have in mind" to "keep in mind". PR #10376 by @malicious.

📝 Add External Link: Talk by Jeny Sadadia. PR #10265 by @JenySadadia.

📝 Add location info to tutorial/bigger-applications.md. PR #10552 by @nilslindemann.

✏️ Fix Pydantic method name in docs/en/docs/advanced/path-operation-advanced-configuration.md. PR #10826 by @ahmedabdou14.

Translations

🌐 Add Spanish translation for docs/es/docs/external-links.md. PR #10933 by @pablocm83.

🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, docs/ko/docs/tutorial/index.md, docs/ko/docs/tutorial/path-params.md, and docs/ko/docs/tutorial/query-params.md. PR #4218 by @SnowSuno.

... (truncated)

Commits

7633d15 🔖 Release version 0.109.1
a4de147 📝 Update release notes
9d34ad0 Merge pull request from GHSA-qf9m-vfgh-m389
ebf9723 📝 Update release notes
8590d0c 👥 Update FastAPI People (#11074)
063d7ff 📝 Update release notes
3c81e62 🌐 Add Spanish translation for docs/es/docs/external-links.md (#10933)
6c4a143 📝 Update release notes
d254e2f 🌐 Update Korean translation for docs/ko/docs/tutorial/first-steps.md, `docs...
6f6e786 📝 Update release notes
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates python-multipart from 0.0.6 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

Refactor header option parser to use the standard library instead of a custom RegEx #75.

Commits

c83e6da Version 0.0.7 (#77)
fb7d3c9 Bump pygments from 2.7.4 to 2.15.0 (#66)
20f0ef6 ♻️ Refactor header option parser to use the standard library instead of a cus...
d3d16da Use latest invoke version (2.2.0) (#73)
8e59feb Use single quotes to avoid special zsh chars '[' and ']' (#71)
86d422c Update changelog URL (#68)
3929f8e Move tests folder to root folder (#61)
See full diff in compare view

Updates aiohttp from 3.8.5 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates langchain from 0.0.198 to 0.1.0

Release notes

Sourced from langchain's releases.

v0.1.0

What's Changed

docs: contributor faq by @efriis in langchain-ai/langchain#15502

templates: fix deps by @efriis in langchain-ai/langchain#15439

infra: fail check_diffs if too many files changed by @efriis in langchain-ai/langchain#15423

docs: broken link in contributor docs by @efriis in langchain-ai/langchain#15436

docs: fix broken link by @efriis in langchain-ai/langchain#15509

add new chain howtos by @hwchase17 in langchain-ai/langchain#15430

Revert #15326 by @baskaryan in langchain-ai/langchain#15546

core[patch]: Release 0.1.6 by @baskaryan in langchain-ai/langchain#15547

core[patch]: Further restrict recursive URL loader by @eyurtsev in langchain-ai/langchain#15559

add ragatouille by @hwchase17 in langchain-ai/langchain#15561

langchain[minor]: add warnings when importing integrations from langchain by @baskaryan in langchain-ai/langchain#15505

removed deprecated openai model by @VpkPrasanna in langchain-ai/langchain#15533

Feat: support Milvus more params by @chyroc in langchain-ai/langchain#15447

Docs: Fix typos in question_answering by @Speuce in langchain-ai/langchain#15565

fix links by @hwchase17 in langchain-ai/langchain#15566

core[minor], langchain[minor]: deprecate Chain and BaseLanguageModel … by @baskaryan in langchain-ai/langchain#15499

update chain docs by @hwchase17 in langchain-ai/langchain#15495

langchain[patch]: deprecate old agent classes and methods by @baskaryan in langchain-ai/langchain#15558

update memory by @hwchase17 in langchain-ai/langchain#15507

core[patch]: add beta decorator by @baskaryan in langchain-ai/langchain#15589

google-vertexai: added langchain_google_vertexai package by @lkuligin in langchain-ai/langchain#15218

Fix chain docs redirects by @baskaryan in langchain-ai/langchain#15600

core[patch], community[patch]: mark context, load as beta by @baskaryan in langchain-ai/langchain#15603

openai[minor]: implement langchain-openai package by @efriis in langchain-ai/langchain#15503

infra: vertex integration test creds by @efriis in langchain-ai/langchain#15609

google-vertexai, openai: release candidate version by @efriis in langchain-ai/langchain#15611

core[patch]: Release 0.1.7 by @baskaryan in langchain-ai/langchain#15610

google-vertexai: release 0.0.1 by @efriis in langchain-ai/langchain#15613

infra: title release action runs by @efriis in langchain-ai/langchain#15612

openai: core version, rc1 by @efriis in langchain-ai/langchain#15614

community[patch]: Release 0.0.9 by @baskaryan in langchain-ai/langchain#15615

infra: community bump min core version by @baskaryan in langchain-ai/langchain#15617

core[patch]: deprecate v1 tracer by @baskaryan in langchain-ai/langchain#15608

openai[patch]: v0.0.2 by @efriis in langchain-ai/langchain#15618

docs: update cohere chat integration by @baskaryan in langchain-ai/langchain#15562

langchain[minor]: Release 0.1.0 by @baskaryan in langchain-ai/langchain#15619

infra: fix langchain openai test dep by @baskaryan in langchain-ai/langchain#15620

New Contributors

@VpkPrasanna made their first contribution in langchain-ai/langchain#15533

@Speuce made their first contribution in langchain-ai/langchain#15565

Full Changelog: langchain-ai/langchain@v0.0.354...v0.1.0

v0.0.354

What's Changed

Improve markdown list parser by @nfcampos in langchain-ai/langchain#15295

... (truncated)

Commits

4ac6167 infra: fix langchain openai test dep (#15620)
81810ce langchain[minor]: Release 0.1.0 (#15619)
c5226d7 docs: update cohere chat integration (#15562)
1bc6b19 openai[patch]: v0.0.2 (#15618)
46446a1 core[patch]: deprecate v1 tracer (#15608)
dbb582d infra: community bump min core version (#15617)
1e4b8f0 community[patch]: Release 0.0.9 (#15615)
7f8baa0 openai: core version, rc1 (#15614)
98be1e5 infra: title release action runs (#15612)
5ac3a06 google-vertexai: release 0.0.1 (#15613)
Additional commits viewable in compare view

Updates cryptography from 41.0.3 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the definitions in :rfc:`2633` :rfc:`3370`. .. _v42-0-3:

42.0.3 - 2024-02-15

Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. .. _v42-0-1:

42.0.1 - 2024-01-24

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
Additional commits viewable in compare view

Updates starlette from 0.27.0 to 0.35.1

Release notes

Sourced from starlette's releases.

Version 0.35.1

Fixed

Stop using the deprecated "method" parameter in FileResponse inside of StaticFiles #2406.

Make typing-extensions optional again #2409.

Full Changelog: encode/starlette@0.35.0...0.35.1

Version 0.35.0

Added

Add *args to Middleware and improve its type hints #2381.

Fixed

Use Iterable instead Iterator on iterate_in_threadpool #2362.

Changes

Handle root_path to keep compatibility with mounted ASGI applications and WSGI #2400.

Turn scope["client"] to None on TestClient #2377.

Full Changelog: encode/starlette@0.34.0...0.35.0

Version 0.34.0

Added

Use ParamSpec for run_in_threadpool #2375.

Add UploadFile.__repr__ #2360.

Fixed

Merge URLs properly on TestClient #2376.

Take weak ETags in consideration on StaticFiles #2334.

Deprecated

Deprecate FileResponse(method=...) parameter #2366.

Full Changelog: encode/starlette@0.33.0...0.34.0

Version 0.33.0

Added

... (truncated)

Changelog

Sourced from starlette's changelog.

0.35.1

January 11, 2024

Fixed

Stop using the deprecated "method" parameter in FileResponse inside of StaticFiles #2406.

Make typing-extensions optional again #2409.

0.35.0

January 11, 2024

Added

Add *args to Middleware and improve its type hints #2381.

Fixed

Use Iterable instead Iterator on iterate_in_threadpool #2362.

Changes

Handle root_path to keep compatibility with mounted ASGI applications and WSGI #2400.

Turn scope["client"] to None on TestClient #2377.

0.34.0

December 16, 2023

Added

Use ParamSpec for run_in_threadpool #2375.

Add UploadFile.__repr__ #2360.

Fixed

Merge URLs properly on TestClient #2376.

Take weak ETags in consideration on StaticFiles #2334.

Deprecated

Deprecate FileResponse(method=...) parameter #2366.

0.33.0

December 1, 2023

Added

... (truncated)

Commits

c817605 Version 0.35.1 (#2410)
6c4ffee Make typing-extensions optional again (#2409)
3734e85 ♻️ Do not use the deprecated method parameter in FileResponse inside of `...
1081520 Version 0.35.0 (#2404)
c3c6314 ♻️ Refactor logic to handle root_path to keep compatibility with ASGI and c...
8f2307d Bump trio from 0.22.2 to 0.23.2 (#2395)
d28d491 Bump ruff from 0.1.6 to 0.1.9 (#2396)
5f9da0b Bump coverage from 7.3.2 to 7.4.0 (#2397)
04684c2 Bump typing-extensions from 4.8.0 to 4.9.0 (#2393)
8924759 Bump importlib-metadata from 6.9.0 to 7.0.1 (#2394)
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates aiohttp from 3.8.5 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: #7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: #8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: #8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: #8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: #8074.

Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

Fixed server-side websocket connection leak.

Related issues and pull requests on GitHub: :issue:7978.

Fixed web.FileResponse doing blocking I/O in the event loop.

Related issues and pull requests on GitHub: :issue:8012.

Fixed double compress when compression enabled and compressed file exists in server file responses.

Related issues and pull requests on GitHub: :issue:8014.

Added runtime type check for ClientSession timeout parameter.

Related issues and pull requests on GitHub: :issue:8021.

Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits

24a6d64 Release v3.9.2 (#8082)
9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
d33bc21 Improve validation in HTTP parser (#8074) (#8078)
0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
Additional commits viewable in compare view

Updates cryptography from 41.0.3 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the definitions in :rfc:`2633` :rfc:`3370`. .. _v42-0-3:

42.0.3 - 2024-02-15

Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. .. _v42-0-1:

42.0.1 - 2024-01-24

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone:

Bumps the pip group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/tiangolo/fastapi) | `0.100.1` | `0.109.1` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.3` | | [python-multipart](https://github.com/andrew-d/python-multipart) | `0.0.6` | `0.0.7` | | [aiohttp](https://github.com/aio-libs/aiohttp) | `3.8.5` | `3.9.2` | | [langchain](https://github.com/langchain-ai/langchain) | `0.0.198` | `0.1.0` | | [cryptography](https://github.com/pyca/cryptography) | `41.0.3` | `42.0.4` | Bumps the pip group with 3 updates in the /apps/langchain_agent directory: [jinja2](https://github.com/pallets/jinja), [aiohttp](https://github.com/aio-libs/aiohttp) and [cryptography](https://github.com/pyca/cryptography). Bumps the pip group with 2 updates in the /apps/telegram_bot directory: [jinja2](https://github.com/pallets/jinja) and [aiohttp](https://github.com/aio-libs/aiohttp). Bumps the pip group with 3 updates in the /apps/telephony_app directory: [jinja2](https://github.com/pallets/jinja), [aiohttp](https://github.com/aio-libs/aiohttp) and [cryptography](https://github.com/pyca/cryptography). Updates `fastapi` from 0.100.1 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](fastapi/fastapi@0.100.1...0.109.1) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `python-multipart` from 0.0.6 to 0.0.7 - [Release notes](https://github.com/andrew-d/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.6...0.0.7) Updates `aiohttp` from 3.8.5 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.5...v3.9.2) Updates `langchain` from 0.0.198 to 0.1.0 - [Release notes](https://github.com/langchain-ai/langchain/releases) - [Commits](langchain-ai/langchain@v0.0.198...v0.1.0) Updates `cryptography` from 41.0.3 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.3...42.0.4) Updates `starlette` from 0.27.0 to 0.35.1 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](encode/starlette@0.27.0...0.35.1) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `aiohttp` from 3.8.5 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.5...v3.9.2) Updates `cryptography` from 41.0.3 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.3...42.0.4) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `aiohttp` from 3.8.4 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.5...v3.9.2) Updates `jinja2` from 3.1.2 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `aiohttp` from 3.8.5 to 3.9.2 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.8.5...v3.9.2) Updates `cryptography` from 41.0.3 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.3...42.0.4) --- updated-dependencies: - dependency-name: fastapi dependency-type: direct:production dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: python-multipart dependency-type: direct:production dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip-security-group - dependency-name: langchain dependency-type: direct:production dependency-group: pip-security-group - dependency-name: cryptography dependency-type: indirect dependency-group: pip-security-group - dependency-name: starlette dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: cryptography dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: indirect dependency-group: pip-security-group - dependency-name: aiohttp dependency-type: indirect dependency-group: pip-security-group - dependency-name: cryptography dependency-type: indirect dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-02-26T21:29:18Z

Superseded by #19.

* [docs sprint] Updates docs for using transcribers (#9) * [docs sprint] phrase trigger documentation (#16) * [docs sprint] update open source quickstarts (#15) * [docs sprint] Add Documentation on Using Vocode's Loguru Implementation (#19) * [docs sprint] Add Documentation on Using Vocode's Loguru Implementation * Remove Tracing --------- Co-authored-by: srhinos <[email protected]> * [docs sprint] Updates docs for using synthesizers (#8) * [docs sprint] using synthesizers docs update * update docs for elevenlabs ws * Apply suggestions from code review Co-authored-by: Adnaan Sachidanandan <[email protected]> --------- Co-authored-by: Adnaan Sachidanandan <[email protected]> * [docs sprint] Updates docs for react quickstart (#10) * [docs sprint] Updates docs for react quickstart * PR feedback * [docs sprint] Adds docs for conversation mechanics and moves endpointing docs from transcribers (#11) * [docs sprint] Updates docs for using transcribers * Adds docs for conversation mechanics and moves endpointing docs from transcribers * Update docs/open-source/conversation-mechanics.md Co-authored-by: Adnaan Sachidanandan <[email protected]> * use mdx * PR feedback --------- Co-authored-by: Adnaan Sachidanandan <[email protected]> * updates docs for events manager (#7) * [docs sprint] python quickstart + working with phone calls (#27) * deprecate SpeakerOutput * remove play.ht default voice id * rename open source quickstarts page * remove building block reference * update python quickstart * extra steps to deprecate speakeroutput * finish telephony docs * fix some references + language in how-to-use-it * fix test * [docs sprint] Add Sentry Docs to OS (#20) * Add Sentry Docs to OS * Remove Tracing * update docs and fix integration * remove free --------- Co-authored-by: srhinos <[email protected]> Co-authored-by: Ajay Raj <[email protected]> * update README * make mark terminated sync instead of async (#28) * [docs sprint] Add Docs on Creating and Using External Actions (#18) Also updated example for action agents * rename sentry + move around docs order * update README paths to docs * more updates to README * [docs sprint] update agent and action docs and move legacy docs (#29) --------- Co-authored-by: Adnaan Sachidanandan <[email protected]> Co-authored-by: Mac Wilkinson <[email protected]> Co-authored-by: srhinos <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 26, 2024

dependabot bot closed this Feb 26, 2024

dependabot bot deleted the dependabot/pip/pip-security-group-9485b7471d branch February 26, 2024 21:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 4 directories with 7 updates #18

Bump the pip group across 4 directories with 7 updates #18

dependabot bot commented on behalf of github Feb 26, 2024

dependabot bot commented on behalf of github Feb 26, 2024

Bump the pip group across 4 directories with 7 updates #18

Bump the pip group across 4 directories with 7 updates #18

Conversation

dependabot bot commented on behalf of github Feb 26, 2024

0.109.1

Security fixes

Features

Refactors

Docs

Translations

3.1.3

Version 3.1.3

0.0.7 (2024-02-03)

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

v0.1.0

What's Changed

New Contributors

v0.0.354

What's Changed

Version 0.35.1

Fixed

Version 0.35.0

Added

Fixed

Changes

Version 0.34.0

Added

Fixed

Deprecated

Version 0.33.0

Added

0.35.1

Fixed

0.35.0

Added

Fixed

Changes

0.34.0

Added

Fixed

Deprecated

0.33.0

Added

3.1.3

Version 3.1.3

3.9.2

Bug fixes

3.9.2 (2024-01-28)

Bug fixes

3.1.3

dependabot bot commented on behalf of github Feb 26, 2024