Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Renovate update minor and patch updates (Python) #2170

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 4, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
gevent (changelog) ==24.10.2 -> ==24.10.3 age adoption passing confidence
locust (source) ==2.31.8 -> ==2.32.1 age adoption passing confidence
markupsafe (changelog) ==3.0.1 -> ==3.0.2 age adoption passing confidence
psutil ==6.0.0 -> ==6.1.0 age adoption passing confidence
werkzeug (changelog) ==3.0.4 -> ==3.0.6 age adoption passing confidence
zope-interface ==7.1.0 -> ==7.1.1 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-49766

On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.

CVE-2024-49767

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size setting.

The Request.max_content_length setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.


Release Notes

locustio/locust (locust)

v2.32.1

Compare Source

What's Changed

New Contributors

Full Changelog: locustio/locust@2.32.0...2.32.1

v2.32.0

Compare Source

Full Changelog

Fixed bugs:

  • logfile is erroniously written when there are many workers. #​2927
  • Form field for users, spawn rate, and run time still visible in UI although CustomShape defined without use_common_options. #​2924
  • --html with --process 4 then get ValueError: StatsEntry.use_response_times_cache must be set to True #​2908
  • IPV6 check doesn't work as expected on AWS EKS #​2787

Merged pull requests:

pallets/markupsafe (markupsafe)

v3.0.2

Compare Source

Released 2024-10-18

  • Fix compatibility when __str__ returns a str subclass. :issue:472
  • Build requires setuptools >= 70.1. :issue:475
giampaolo/psutil (psutil)

v6.1.0

Compare Source

=====

2024-10-17

Enhancements

  • 2366_, [Windows]: drastically speedup process_iter(). We now determine
    process unique identity by using process "fast" create time method. This
    will considerably speedup those apps which use process_iter()
    only once,
    e.g. to look for a process with a certain name.
  • 2446_: use pytest instead of unittest.
  • 2448_: add make install-sysdeps target to install the necessary system
    dependencies (python-dev, gcc, etc.) on all supported UNIX flavors.
  • 2449_: add make install-pydeps-test and make install-pydeps-dev
    targets. They can be used to install dependencies meant for running tests and
    for local development. They can also be installed via pip install .[test]
    and pip install .[dev].
  • 2456_: allow to run tests via python3 -m psutil.tests even if pytest
    module is not installed. This is useful for production environments that
    don't have pytest installed, but still want to be able to test psutil
    installation.

Bug fixes

  • 2427_: psutil (segfault) on import in the free-threaded (no GIL) version of
    Python 3.13. (patch by Sam Gross)
  • 2455_, [Linux]: IndexError may occur when reading /proc/pid/stat and
    field 40 (blkio_ticks) is missing.
  • 2457_, [AIX]: significantly improve the speed of Process.open_files()_ for
    some edge cases.
  • 2460_, [OpenBSD]: Process.num_fds()_ and Process.open_files()_ may fail
    with NoSuchProcess_ for PID 0. Instead, we now return "null" values (0 and
    [] respectively).
zopefoundation/zope.interface (zope-interface)

v7.1.1

Compare Source

==================

  • Fix segmentation faults in weakrefobject.c on Python 3.12 and 3.13.
    (#&#8203;323 <https://github.com/zopefoundation/zope.interface/issues/323>_)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner November 4, 2024 10:48
@renovate renovate bot added dependencies Pull requests that update a dependency file Renovate SecurityAlert labels Nov 4, 2024
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 11:02 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 11:09 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 11:21 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 12:03 Failure
@renovate renovate bot force-pushed the renovate-all-minor-patch-updates-python branch from a9a78c8 to a7983b1 Compare November 4, 2024 12:12
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 12:29 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 13:36 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 14:37 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 14:47 Failure
@renovate renovate bot force-pushed the renovate-all-minor-patch-updates-python branch from a7983b1 to d3c9554 Compare November 4, 2024 15:09
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 15:19 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 15:34 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 4, 2024 15:42 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 5, 2024 09:38 Failure
@renovate renovate bot had a problem deploying to dev_2170renovateallm November 7, 2024 09:56 Failure
@nickdavis2001
Copy link
Contributor

build broken. try closing this and let renovate re-open it to see if that fixes it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file Renovate SecurityAlert
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant