centralcloud/oncall-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
oncall-engine/engine/requirements.in

71 lines
1.9 KiB
Text
Raw Normal View History

Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
babel==2.12.1
beautifulsoup4==4.12.2
celery[redis]==5.3.1
bump `uwsgi` to 2.0.26 + Python to 3.12.3 (#4495) # What this PR does - bumps `uwsgi` to latest version (`2.0.26`), which unblocks us from bumping Python to 3.12 - bumps Python to 3.12.3 - refactor the Snyk GitHub Actions workflow to use the composable actions for installed frontend and backend dependencies - fixes several `AttributeError`s in our tests that went from a warning to an error in Python 3.12 (see https://github.com/python/cpython/issues/100690) # Which issue(s) this PR closes Closes #4358 Closes https://github.com/grafana/oncall/issues/4387
2024-06-10 15:33:37 -04:00
cryptography==42.0.8
Bump django from 4.2.11 to 4.2.15 in /engine (#4801) Bumps [django](https://github.com/django/django) from 4.2.11 to 4.2.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/django/django/commit/4d32ebcd57340aa8de2d6d31613f1646dc6391f6"><code>4d32ebc</code></a> [4.2.x] Bumped version for 4.2.15 release.</li> <li><a href="https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28"><code>f4af67b</code></a> [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection att...</li> <li><a href="https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f"><code>efea1ef</code></a> [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.htm...</li> <li><a href="https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88"><code>d0a82e2</code></a> [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizet...</li> <li><a href="https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b"><code>fc76660</code></a> [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in flo...</li> <li><a href="https://github.com/django/django/commit/7b1a76f899f7a7acb7d70b433cb0064c2184186b"><code>7b1a76f</code></a> [4.2.x] Added stub release notes and release date for 4.2.15.</li> <li><a href="https://github.com/django/django/commit/96a349740048ecd4746ac2f15751865219d445cf"><code>96a3497</code></a> [4.2.x] Fixed <a href="https://redirect.github.com/django/django/issues/35627">#35627</a> -- Raised a LookupError rather than an unhandled ValueEr...</li> <li><a href="https://github.com/django/django/commit/c5d196a65264136ee6795356871a29f3d22ec52f"><code>c5d196a</code></a> [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.</li> <li><a href="https://github.com/django/django/commit/8e59e33400ffcec262116d75f7886d96e2b57980"><code>8e59e33</code></a> [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39...</li> <li><a href="https://github.com/django/django/commit/72f6c7d3a6551b1aed1e4d248e5fbe94d2a8fc0b"><code>72f6c7d</code></a> [4.2.x] Post-release version bump.</li> <li>Additional commits viewable in <a href="https://github.com/django/django/compare/4.2.11...4.2.15">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=django&package-manager=pip&previous-version=4.2.11&new-version=4.2.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grafana/oncall/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-09 16:30:50 -04:00
django==4.2.15
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
django-add-default-value==0.10.0
django-amazon-ses==4.0.1
Address deprecation warnings in tests (#4681) Related to https://github.com/grafana/oncall/issues/4496 [No warnings](https://github.com/grafana/oncall/actions/runs/10359091611/job/28674729718?pr=4681#step:5:305)!
2024-08-13 17:51:18 -03:00
django-anymail==11.1
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
django-cors-headers==3.7.0
# pyroscope-io==0.8.1
django-dbconn-retry==0.1.7
django-debug-toolbar==4.1
django-deprecate-fields==0.1.1
django-filter==2.4.0
django-ipware==4.0.2
django-log-request-id==1.6.0
django-migration-linter==4.1.0
django-mirage-field==1.3.0
django-mysql==4.6.0
django-polymorphic==3.1.0
django-ratelimit==2.0.0
django-redis==5.4.0
django-rest-polymorphic==0.1.10
django-silk==5.0.3
django-sns-view==0.1.2
Bump djangorestframework from 3.14.0 to 3.15.2 in /engine (#4593) Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.14.0 to 3.15.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/encode/django-rest-framework/releases">djangorestframework's releases</a>.</em></p> <blockquote> <h2>Version 3.15.1</h2> <h2>What's Changed</h2> <ul> <li>Update the message to be consistent with the Django `HttpResponseBa… by <a href="https://github.com/maycuatroi"><code>@​maycuatroi</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9287">encode/django-rest-framework#9287</a></li> <li>Make <code>inflection</code> package truly optional by <a href="https://github.com/browniebroke"><code>@​browniebroke</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9303">encode/django-rest-framework#9303</a></li> <li>Fix broken links in release notes for 3.15 by <a href="https://github.com/browniebroke"><code>@​browniebroke</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9305">encode/django-rest-framework#9305</a></li> <li>TokenAdmin.autocomplete_fields Breaks Some Use Cases, Revert by <a href="https://github.com/alexdlaird"><code>@​alexdlaird</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9301">encode/django-rest-framework#9301</a></li> <li>Add drf-sendables to third-party-packages.md by <a href="https://github.com/amikrop"><code>@​amikrop</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9261">encode/django-rest-framework#9261</a></li> <li>Revert &quot;feat: Add some changes to ValidationError to support django style vad…&quot; by <a href="https://github.com/auvipy"><code>@​auvipy</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9326">encode/django-rest-framework#9326</a></li> <li>Revert &quot;Re-prefetch related objects after updating&quot; by <a href="https://github.com/auvipy"><code>@​auvipy</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9327">encode/django-rest-framework#9327</a></li> <li>Revert <a href="https://redirect.github.com/encode/django-rest-framework/issues/8863">#8863</a> by <a href="https://github.com/tomchristie"><code>@​tomchristie</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9330">encode/django-rest-framework#9330</a></li> <li>Revert <a href="https://redirect.github.com/encode/django-rest-framework/issues/8009">#8009</a> by <a href="https://github.com/tomchristie"><code>@​tomchristie</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9332">encode/django-rest-framework#9332</a></li> <li>Revert <a href="https://redirect.github.com/encode/django-rest-framework/issues/9030">#9030</a> by <a href="https://github.com/tomchristie"><code>@​tomchristie</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9333">encode/django-rest-framework#9333</a></li> <li>Revert &quot;Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces&quot; by <a href="https://github.com/auvipy"><code>@​auvipy</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9335">encode/django-rest-framework#9335</a></li> <li><code>SearchFilter.get_search_terms</code> returns list. by <a href="https://github.com/tomchristie"><code>@​tomchristie</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9338">encode/django-rest-framework#9338</a></li> <li>Version 3.15.1 by <a href="https://github.com/tomchristie"><code>@​tomchristie</code></a> in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9339">encode/django-rest-framework#9339</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/maycuatroi"><code>@​maycuatroi</code></a> made their first contribution in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9287">encode/django-rest-framework#9287</a></li> <li><a href="https://github.com/alexdlaird"><code>@​alexdlaird</code></a> made their first contribution in <a href="https://redirect.github.com/encode/django-rest-framework/pull/9301">encode/django-rest-framework#9301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/django-rest-framework/compare/3.15.0...3.15.1">https://github.com/encode/django-rest-framework/compare/3.15.0...3.15.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/encode/django-rest-framework/commit/c7a7eae551528b6887614df816c8a26df70272d6"><code>c7a7eae</code></a> Version 3.15.2 (<a href="https://redirect.github.com/encode/django-rest-framework/issues/9439">#9439</a>)</li> <li><a href="https://github.com/encode/django-rest-framework/commit/3b41f0124194430da957b119712978fa2266b642"><code>3b41f01</code></a> Fix potential XSS vulnerability in break_long_headers template filter (<a href="https://redirect.github.com/encode/django-rest-framework/issues/9435">#9435</a>)</li> <li><a href="https://github.com/encode/django-rest-framework/commit/fe92f0dd0d4c587eed000c7de611ddbff241bd6a"><code>fe92f0d</code></a> Add <code>__hash__</code> method for <code>permissions.OperandHolder</code> class (<a href="https://redirect.github.com/encode/django-rest-framework/issues/9417">#9417</a>)</li> <li><a href="https://github.com/encode/django-rest-framework/commit/fbdab09c776d5ceef041793a7acd1c9e91695e5d"><code>fbdab09</code></a> docs: Correct some evaluation results and a httpie option in Tutorial1 (<a href="https://redirect.github.com/encode/django-rest-framework/issues/9421">#9421</a>)</li> <li><a href="https://github.com/encode/django-rest-framework/commit/36d5c0e74f562cbe3055f0d20818bd48d3c32359"><code>36d5c0e</code></a> tests: Check urlpatterns after cleanups (<a href="https://redirect.github.com/encode/django-rest-framework/issues/9400">#9400</a>)</li> <li><a href="https://github.com/encode/django-rest-framework/commit/9d4ed054bf8acfac6209b7e7f837fc97517affcc"><code>9d4ed05</code></a> Don't use Windows line endings</li> <li><a href="https://github.com/encode/django-rest-framework/commit/b34bde47d7fff403df4143a35c71975d7c2e7763"><code>b34bde4</code></a> Fix typo in setup.cfg setting</li> <li><a href="https://github.com/encode/django-rest-framework/commit/ab681f2d5e4a9645aa68eabf1ff18e41d0d5f642"><code>ab681f2</code></a> Update requirements in docs</li> <li><a href="https://github.com/encode/django-rest-framework/commit/22377241a89c8233b45441b5adde5b858edef371"><code>2237724</code></a> bump pygments (security hygiene)</li> <li><a href="https://github.com/encode/django-rest-framework/commit/d58b8da591120abedc94c1b71576cb9afb2d7868"><code>d58b8da</code></a> Update deprecation hints</li> <li>Additional commits viewable in <a href="https://github.com/encode/django-rest-framework/compare/3.14.0...3.15.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=djangorestframework&package-manager=pip&previous-version=3.14.0&new-version=3.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grafana/oncall/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com> Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
2024-08-09 19:06:43 +00:00
djangorestframework==3.15.2
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
factory-boy<3.0
drf-spectacular==0.26.5
emoji==2.4.0
Use local arm64 grpcio wheel to make local builds on arm64 faster (#4000) This is the workaround to make local image build faster on arm64 machines This commit can be reverted once https://github.com/grpc/grpc/issues/34998 is resolved
2024-03-05 14:31:58 +08:00
# If the version of grpcio is changed
# upload a new arm64 wheel instead of /engine/grpcio-1.57.0-cp311-cp311-linux_aarch64.whl
bump `uwsgi` to 2.0.26 + Python to 3.12.3 (#4495) # What this PR does - bumps `uwsgi` to latest version (`2.0.26`), which unblocks us from bumping Python to 3.12 - bumps Python to 3.12.3 - refactor the Snyk GitHub Actions workflow to use the composable actions for installed frontend and backend dependencies - fixes several `AttributeError`s in our tests that went from a warning to an error in Python 3.12 (see https://github.com/python/cpython/issues/100690) # Which issue(s) this PR closes Closes #4358 Closes https://github.com/grafana/oncall/issues/4387
2024-06-10 15:33:37 -04:00
grpcio==1.64.1
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
fcm-django @ https://github.com/grafana/fcm-django/archive/refs/tags/v1.0.12r1.tar.gz#sha256=7ec7cd9d353fc9edf19a4acd4fa14090a31d83d02ac986c5e5e081dea29f564f
hiredis==2.2.3
Address deprecation warnings in tests (#4681) Related to https://github.com/grafana/oncall/issues/4496 [No warnings](https://github.com/grafana/oncall/actions/runs/10359091611/job/28674729718?pr=4681#step:5:305)!
2024-08-13 17:51:18 -03:00
humanize==4.10.0
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
icalendar==5.0.10
bump `uwsgi` to 2.0.26 + Python to 3.12.3 (#4495) # What this PR does - bumps `uwsgi` to latest version (`2.0.26`), which unblocks us from bumping Python to 3.12 - bumps Python to 3.12.3 - refactor the Snyk GitHub Actions workflow to use the composable actions for installed frontend and backend dependencies - fixes several `AttributeError`s in our tests that went from a warning to an error in Python 3.12 (see https://github.com/python/cpython/issues/100690) # Which issue(s) this PR closes Closes #4358 Closes https://github.com/grafana/oncall/issues/4387
2024-06-10 15:33:37 -04:00
lxml==5.2.2
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
markdown2==2.4.10
fix synk security scan on CI (#4875) # Which issue(s) this PR closes Closes https://github.com/grafana/oncall/issues/4503 Closes https://github.com/grafana/oncall-private/issues/2876 ## Checklist - [ ] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes.
2024-08-20 15:06:54 -04:00
opentelemetry-sdk==1.26.0
opentelemetry-api==1.26.0
opentelemetry-exporter-otlp-proto-grpc==1.26.0
opentelemetry-instrumentation-logging==0.47b0
opentelemetry-instrumentation-wsgi==0.47b0
opentelemetry-instrumentation-requests==0.47b0
opentelemetry-instrumentation-django==0.47b0
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
phonenumbers==8.10.0
prometheus_client==0.16.0
psutil==5.9.4
psycopg2==2.9.3
pymdown-extensions==10.0
Bump pymysql from 1.1.0 to 1.1.1 in /engine (#4372) Bumps [pymysql](https://github.com/PyMySQL/PyMySQL) from 1.1.0 to 1.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyMySQL/PyMySQL/releases">pymysql's releases</a>.</em></p> <blockquote> <h2>v1.1.1</h2> <blockquote> <p>[!WARNING] This release fixes a vulnerability (CVE-2024-36039). All users are recommended to update to this version.</p> <p>If you can not update soon, check the input value from untrusted source has an expected type. Only dict input from untrusted source can be an attack vector.</p> </blockquote> <h2>What's Changed</h2> <ul> <li>Prohibit dict parameter for <code>Cursor.execute()</code>. It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039)</li> <li>Added ssl_key_password param by <a href="https://github.com/svaskov"><code>@​svaskov</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1145">PyMySQL/PyMySQL#1145</a></li> </ul> <h2>Merged PRs</h2> <ul> <li>Add support for Python 3.12 by <a href="https://github.com/hugovk"><code>@​hugovk</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1134">PyMySQL/PyMySQL#1134</a></li> <li>chore(deps): update actions/checkout action to v4 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1136">PyMySQL/PyMySQL#1136</a></li> <li>Update codecov/codecov-action action to v4 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1137">PyMySQL/PyMySQL#1137</a></li> <li>ci: use codecov@v3 by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1142">PyMySQL/PyMySQL#1142</a></li> <li>chore(deps): update dessant/lock-threads action to v5 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1141">PyMySQL/PyMySQL#1141</a></li> <li>doc: use rtd theme by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1143">PyMySQL/PyMySQL#1143</a></li> <li>use Ruff as formatter by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1144">PyMySQL/PyMySQL#1144</a></li> <li>chore(deps): update dependency sphinx-rtd-theme to v2 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1147">PyMySQL/PyMySQL#1147</a></li> <li>chore(deps): update actions/setup-python action to v5 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1152">PyMySQL/PyMySQL#1152</a></li> <li>chore(deps): update github/codeql-action action to v3 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1154">PyMySQL/PyMySQL#1154</a></li> <li>chore(deps): update codecov/codecov-action action to v4 by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1158">PyMySQL/PyMySQL#1158</a></li> <li>Support error packet without sqlstate by <a href="https://github.com/methane"><code>@​methane</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1160">PyMySQL/PyMySQL#1160</a></li> <li>test json - mariadb without JSON type by <a href="https://github.com/grooverdan"><code>@​grooverdan</code></a> in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1165">PyMySQL/PyMySQL#1165</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hugovk"><code>@​hugovk</code></a> made their first contribution in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1134">PyMySQL/PyMySQL#1134</a></li> <li><a href="https://github.com/svaskov"><code>@​svaskov</code></a> made their first contribution in <a href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1145">PyMySQL/PyMySQL#1145</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1">https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md">pymysql's changelog</a>.</em></p> <blockquote> <h2>v1.1.1</h2> <p>Release date: 2024-05-21</p> <blockquote> <p>[!WARNING] This release fixes a vulnerability (CVE-2024-36039). All users are recommended to update to this version.</p> <p>If you can not update soon, check the input value from untrusted source has an expected type. Only dict input from untrusted source can be an attack vector.</p> </blockquote> <ul> <li>Prohibit dict parameter for <code>Cursor.execute()</code>. It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039)</li> <li>Added ssl_key_password param. <a href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1145">#1145</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/2cab9ecc641e962565c6254a5091f90c47f59b35"><code>2cab9ec</code></a> v1.1.1</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c"><code>521e400</code></a> forbid dict parameter</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/7f032a699d55340f05101deb4d7d4f63db4adc11"><code>7f032a6</code></a> remove coveralls from requirements</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/69f6c7439bee14784e0ea70ae107af6446cc0c67"><code>69f6c74</code></a> ruff format</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/b4ed6884a1105df0a27f948f52b3e81d5585634f"><code>b4ed688</code></a> test json - mariadb without JSON type (<a href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1165">#1165</a>)</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/bbd049f40db9c696574ce6f31669880042c56d79"><code>bbd049f</code></a> Support error packet without sqlstate (<a href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1160">#1160</a>)</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/9694747ae619e88b792a8e0b4c08036572452584"><code>9694747</code></a> pyupgrade</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/1f0b7856de4008e7e4c1e8c1b215d5d4dfaecd1a"><code>1f0b785</code></a> chore(deps): update codecov/codecov-action action to v4 (<a href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1158">#1158</a>)</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/1e28be81c24dde66f8acbf4c5e24f60d6b5e72e7"><code>1e28be8</code></a> chore(deps): update github/codeql-action action to v3 (<a href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1154">#1154</a>)</li> <li><a href="https://github.com/PyMySQL/PyMySQL/commit/f13f054abcc18b39855a760a84be0a517f0da658"><code>f13f054</code></a> chore(deps): update actions/setup-python action to v5 (<a href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1152">#1152</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pymysql&package-manager=pip&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grafana/oncall/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
2024-05-22 16:11:02 +00:00
PyMySQL==1.1.1
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
python-telegram-bot==13.13
recurring-ical-events==2.1.0
redis==5.0.1
regex==2021.11.2
Fix missing `setuptools` dep (#4799) # What this PR does _tldr;_ I think we should install `setuptools` into our engine `Dockerfile` + in our CI env because Python 3.12 no longer installs `distutils` by default. This should unblock us from being able to merge #4656 and #4555. **More details** I would like to be able to merge #4656 and #4555. _However_, in both of these PRs `setuptools` is being removed from `requirements-dev.txt` ([here](https://github.com/grafana/oncall/pull/4555/files#diff-d8146d0816a943b0fa69a20399d7bbdb58e1c84c8b7933b2ba6dea7c10c410f5L113-L116) and [here](https://github.com/grafana/oncall/pull/4656/files#diff-d8146d0816a943b0fa69a20399d7bbdb58e1c84c8b7933b2ba6dea7c10c410f5L113-L116)). This leads to things breaking because of: ```bash File "/opt/hostedtoolcache/Python/3.12.3/x64/lib/python3.12/site-packages/polymorphic/__init__.py", line 9, in <module> import pkg_resources ModuleNotFoundError: No module named 'pkg_resources' ``` - https://github.com/grafana/oncall/actions/runs/9865348392/job/27242117474?pr=4555#step:5:98 - https://github.com/grafana/oncall/actions/runs/10078898966/job/27864920455?pr=4656#step:5:100 Python 3.12 made a change to no longer pre-install `distutils` ([relevant release notes](https://docs.python.org/3/whatsnew/3.12.html#:~:text=The%20third%2Dparty%20Setuptools%20package%20continues%20to%20provide%20distutils%2C%20if%20you%20still%20require%20it%20in%20Python%203.12%20and%20beyond)): > [PEP 632](https://peps.python.org/pep-0632/): Remove the distutils package. See [the migration guide](https://peps.python.org/pep-0632/#migration-advice) for advice replacing the APIs it provided. The third-party [Setuptools](https://setuptools.pypa.io/en/latest/deprecated/distutils-legacy.html) package continues to provide distutils, if you still require it in Python 3.12 and beyond. > > [gh-95299](https://github.com/python/cpython/issues/95299): Do not pre-install setuptools in virtual environments created with [venv](https://docs.python.org/3/library/venv.html#module-venv). This means that distutils, setuptools, pkg_resources, and easy_install will no longer available by default; to access these run pip install setuptools in the [activated](https://docs.python.org/3/library/venv.html#venv-explanation) virtual environment. Additionally, `setuptools` is in `pip-tools` `UNSAFE_PACKAGES` list ([related GitHub issue](https://github.com/pypa/pipenv/issues/1417#issuecomment-364795745)), hence why I think Dependabot is removing it in #4656 and #4555. ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes.
2024-08-09 16:09:47 -04:00
requests==2.32.3
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
slack-export-viewer==1.1.4
slack_sdk==3.21.3
Bump social-auth-app-django from 5.3.0 to 5.4.1 in /engine (#4274) Bumps [social-auth-app-django](https://github.com/python-social-auth/social-app-django) from 5.3.0 to 5.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-social-auth/social-app-django/releases">social-auth-app-django's releases</a>.</em></p> <blockquote> <h2>Release 5.4.1</h2> <h3>Changed</h3> <ul> <li>Added reverse migration for JSON field</li> <li>Fixed improper handling of case sensitivity with MySQL/MariaDB (<a href="https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3">CVE-2024-32879</a>)</li> </ul> <h2>Release 5.4.0</h2> <h3>Changed</h3> <ul> <li>Improved JSON field migration performance</li> <li>Introduce configuration to request POST only requests for social authentication</li> <li>Updated list of supported Django and Python versions</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md">social-auth-app-django's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/python-social-auth/social-app-django/releases/tag/5.4.1">5.4.1</a> - 2024-04-24</h2> <h3>Changed</h3> <ul> <li>Added reverse migration for JSON field</li> <li>Fixed improper handling of case sensitivity with MySQL/MariaDB (CVE-2024-32879)</li> </ul> <h2><a href="https://github.com/python-social-auth/social-app-django/releases/tag/5.4.0">5.4.0</a> - 2023-10-17</h2> <h3>Changed</h3> <ul> <li>Improved JSON field migration performance</li> <li>Introduce configuration to request POST only requests for social authentication</li> <li>Updated list of supported Django and Python versions</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-social-auth/social-app-django/commit/593ee4638eab9b1d9f252393a21ead643e3ceae6"><code>593ee46</code></a> Version bump 5.4.1</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138"><code>31c3e0c</code></a> models: make sure uid is compared case-sensitive</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/7033ff73993a4c3666d989930bbc15e87925abc9"><code>7033ff7</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/39da389c6b2a1d8f50768633269558fd609454b8"><code>39da389</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/0ec1bca6d6193e291a22f576ce30d44614258e96"><code>0ec1bca</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/03bce61f71978ae52fdd1db4118055f48de9f901"><code>03bce61</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/2278da6a1b20f9af23884084854b345a9284bf37"><code>2278da6</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/033302cdbf7a25ce900b6894bc0e683586b6162e"><code>033302c</code></a> build(deps-dev): bump tox from 4.14.1 to 4.14.2</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/c50bc4a81127fff2fe4fdc619dd2e360bbe132b0"><code>c50bc4a</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/python-social-auth/social-app-django/commit/13e10d943b836e68fcf7a7307d705519ec153481"><code>13e10d9</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li>Additional commits viewable in <a href="https://github.com/python-social-auth/social-app-django/compare/5.3.0...5.4.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=social-auth-app-django&package-manager=pip&previous-version=5.3.0&new-version=5.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grafana/oncall/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-24 16:45:48 -03:00
social-auth-app-django==5.4.1
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
twilio~=6.37.0
Bump urllib3 from 1.26.18 to 1.26.19 in /engine (#4555) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>1.26.19</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Changes</h2> <ul> <li>Added the <code>Proxy-Authorization</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19">https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19</a></p> <p>Note that due to an issue with our release automation, no <code> multiple.intoto.jsonl</code> file is available for this release.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h2>1.26.19 (2024-06-17)</h2> <ul> <li>Added the <code>Proxy-Authorization</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li> <li>Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS. (<code>[#3405](https://github.com/urllib3/urllib3/issues/3405) &lt;https://github.com/urllib3/urllib3/issues/3405&gt;</code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/d9d85c88aa644af56d5e129634e750ce76e1a765"><code>d9d85c8</code></a> Release 1.26.19</li> <li><a href="https://github.com/urllib3/urllib3/commit/8528b63b6fe5cfd7b21942cf988670de68fcd8c0"><code>8528b63</code></a> [1.26] Fix downstream tests (<a href="https://redirect.github.com/urllib3/urllib3/issues/3409">#3409</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468"><code>40b6d16</code></a> Merge pull request from GHSA-34jh-p97f-mpxf</li> <li><a href="https://github.com/urllib3/urllib3/commit/29cfd02f66376c61bd20f1725477925106321f68"><code>29cfd02</code></a> Fix handling of OpenSSL 3.2.0 new error message &quot;record layer failure&quot; (<a href="https://redirect.github.com/urllib3/urllib3/issues/3405">#3405</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/b60064388302f54a3455259ddab121618650a154"><code>b600643</code></a> [1.26] Bump RECENT_DATE (<a href="https://redirect.github.com/urllib3/urllib3/issues/3404">#3404</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/7e2d3890926d4788e219f63e2e36fbeb8714827f"><code>7e2d389</code></a> [1.26] Fix running CPython 2.7 tests in CI (<a href="https://redirect.github.com/urllib3/urllib3/issues/3137">#3137</a>)</li> <li>See full diff in <a href="https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.18&new-version=1.26.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grafana/oncall/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-09 16:30:38 -04:00
urllib3==1.26.19
bump `uwsgi` to 2.0.26 + Python to 3.12.3 (#4495) # What this PR does - bumps `uwsgi` to latest version (`2.0.26`), which unblocks us from bumping Python to 3.12 - bumps Python to 3.12.3 - refactor the Snyk GitHub Actions workflow to use the composable actions for installed frontend and backend dependencies - fixes several `AttributeError`s in our tests that went from a warning to an error in Python 3.12 (see https://github.com/python/cpython/issues/100690) # Which issue(s) this PR closes Closes #4358 Closes https://github.com/grafana/oncall/issues/4387
2024-06-10 15:33:37 -04:00
uwsgi==2.0.26
Use pip-tools to handle Python deps (#3892) [pip-tools](https://github.com/jazzband/pip-tools) helps making builds deterministic, controlling deps (and indirect deps) upgrades (and versions consistency) avoiding unexpected (and potentially breaking) changes. We keep our direct deps in `requirements.in` from which we generate the `requirements.txt` (where *all* deps are pinned). We also constrain dev (and enterprise) deps based on base requirements. Check how to [update deps](https://github.com/jazzband/pip-tools?tab=readme-ov-file#updating-requirements).
2024-02-20 14:44:15 -03:00
whitenoise==5.3.0
Google OAuth2 flow + fetch Google Calendar OOO events (#4067) # What this PR does The following is deployed under a feature flag. **How it works** 1. The user clicks on the "Connect using your Google account" button in the user profile settings modal 2. The UI makes a call to `GET /api/internal/v1/login/google-oauth2`. The backend has now been configured to add `apps.social_auth.backends.GoogleOAuth2` as a "`social_auth` backend". 3. The backend will respond w/ a URL which points to the Google OAuth2 consent screen. The frontend then proceeds by sending the user to this page. This URL includes the following query parameters (amongst others): - `redirect_uri` - this will send the user back to `/api/internal/v1/complete/google-oauth2` (ie. make another API call to the OnCall backend to finalize the Google OAuth2 flow) - `state` - this represents an `apps.auth_token.models.GoogleOAuth2Token` token. This allows us to identify the OnCall user once they've linked their Google account. 4. Once redirected back to `/api/internal/v1/complete/google-oauth2`, this will complete the OAuth2 flow. At this point, the backend has access to several pieces of information about the Google user, including their `access_token` and `refresh_token`. We persist these (encrypted) for future use to fetch the user's out-of-office calendar events 5. The response from the API call in 4 above ☝️ is HTTP 302 (redirect) to `/a/grafana-oncall-app/users/me` (ie. open the user profile settings modal). At this point the user will see that their account has been connected and they can further configure the settings ![image](https://github.com/grafana/oncall/assets/9406895/c7673055-8485-4f9a-98df-b4f7347229ce) ## Which issue(s) this PR closes Closes https://github.com/grafana/oncall-private/issues/2584 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - will be done in https://github.com/grafana/oncall-private/issues/2591 - [x] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes. - will be done in https://github.com/grafana/oncall-private/issues/2591 --------- Co-authored-by: Dominik <dominik.broj@grafana.com> Co-authored-by: Maxim Mordasov <maxim.mordasov@grafana.com>
2024-04-02 14:59:03 -04:00
google-api-python-client==2.122.0
google-auth-httplib2==0.2.0
google-auth-oauthlib==1.2.0
address outstanding CVEs + remove `plop` from `grafana-plugin/` (#4871) # Which issue(s) this PR closes Closes the following dependabot alerts/CVEs: - [x] https://github.com/grafana/oncall/security/dependabot/117 - CVE-2022-42969 - [x] https://github.com/grafana/oncall/security/dependabot/106 and https://github.com/grafana/oncall/security/dependabot/105 - CVE-2024-3651 - [x] https://github.com/grafana/oncall/security/dependabot/51 - CVE-2022-46175 - [x] https://github.com/grafana/oncall/security/dependabot/124 - CVE-2024-4068 - [ ] https://github.com/grafana/oncall/security/dependabot/78 - CVE-2023-44270 - [ ] https://github.com/grafana/oncall/security/dependabot/132 and https://github.com/grafana/oncall/security/dependabot/131 - CVE-2024-39689 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [ ] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes.
2024-08-20 10:29:01 -04:00
# we are manually pinning idna to 3.7 to fix CVE-2024-3651
# requests==2.32.3 is installing idna==3.6 but supports idna>=2.5,<4
# https://github.com/psf/requests/blob/v2.32.3/setup.py#L63
idna==3.7
Reference in a new issue Copy permalink