Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps) Updated packages for security vulnerabilities #4035

Closed
wants to merge 61 commits into from
Closed

chore(deps) Updated packages for security vulnerabilities #4035

wants to merge 61 commits into from

Conversation

sarvex
Copy link

@sarvex sarvex commented May 19, 2023
edited
Loading

[Describe your pull request here. Please read the text below the line, and make sure you follow the checklist.]

Pull request checklist

Read the Contribution Guidelines for detailed information.

  • Changes are described in the pull request, or an existing issue is referenced.
  • The test suite compiles and runs without error.
  • Code coverage is 100%. Test cases can be added by editing the test suite.
  • The source code is amalgamated; that is, after making changes to the sources in the include/nlohmann directory, run make amalgamate to create the single-header files single_include/nlohmann/json.hpp and single_include/nlohmann/json_fwd.hpp. The whole process is described here.

Please don't

  • The C++11 support varies between different compilers and versions. Please note the list of supported compilers. Some compilers like GCC 4.7 (and earlier), Clang 3.3 (and earlier), or Microsoft Visual Studio 13.0 and earlier are known not to work due to missing or incomplete C++11 support. Please refrain from proposing changes that work around these compiler's limitations with #ifdefs or other means.
  • Specifically, I am aware of compilation problems with Microsoft Visual Studio (there even is an issue label for this kind of bug). I understand that even in 2016, complete C++11 support isn't there yet. But please also understand that I do not want to drop features or uglify the code just to make Microsoft's sub-standard compiler happy. The past has shown that there are ways to express the functionality such that the code compiles with the most recent MSVC - unfortunately, this is not the main objective of the project.
  • Please refrain from proposing changes that would break JSON conformance. If you propose a conformant extension of JSON to be supported by the library, please motivate this extension.
  • Please do not open pull requests that address multiple issues.

dependabot bot and others added 6 commits May 15, 2023 20:55
@dependabot
⬆️ Bump pymdown-extensions from 9.9 to 10.0 in /docs/mkdocs
bf13bdb 
Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 9.9 to 10.0.
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@9.9...10.0)

---
updated-dependencies:
- dependency-name: pymdown-extensions
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #5 from sarvex/dependabot/pip/docs/mkdocs/pymdown-…
362aded 
…extensions-10.0

⬆️ Bump pymdown-extensions from 9.9 to 10.0 in /docs/mkdocs
@dependabot
⬆️ Bump gitpython from 3.1.29 to 3.1.30 in /docs/mkdocs
0e93717 
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.29 to 3.1.30.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.29...3.1.30)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Create renovate.json
ceab478
@sarvex
Merge pull request #6 from sarvex/dependabot/pip/docs/mkdocs/gitpytho…
68b684e 
…n-3.1.30

⬆️ Bump gitpython from 3.1.29 to 3.1.30 in /docs/mkdocs
@sarvex
Create codeql.yml
0deb90c
@sarvex sarvex requested a review from nlohmann as a code owner May 19, 2023 06:12
@coveralls
Copy link

Coverage Status

Coverage: 100.0%. Remained the same when pulling 0deb90c on sarvex:main into 6af826d on nlohmann:develop.

dependabot bot and others added 3 commits May 23, 2023 05:48
@dependabot
⬆️ Bump requests from 2.28.1 to 2.31.0 in /docs/mkdocs
dc1797e 
Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.28.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #7 from sarvex/dependabot/pip/docs/mkdocs/requests…
8a1756f 
…-2.31.0

⬆️ Bump requests from 2.28.1 to 2.31.0 in /docs/mkdocs
@sarvex
Merge branch 'nlohmann:develop' into main
f618d33
@mbeaulie
Copy link

I believe nltk needs to be bumped 3.8 -> 3.8.1 for VS-2022-0437 and VS-2022-0438 security fixed too.

dependabot bot and others added 12 commits May 25, 2023 18:53
@dependabot
⬆️ Bump tornado from 6.2 to 6.3.2 in /docs/mkdocs
84c2895 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.2 to 6.3.2.
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.2.0...v6.3.2)

---
updated-dependencies:
- dependency-name: tornado
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #8 from sarvex/dependabot/pip/docs/mkdocs/tornado-…
d9a6945 
…6.3.2

⬆️ Bump tornado from 6.2 to 6.3.2 in /docs/mkdocs
@sarvex
Merge branch 'nlohmann:develop' into main
4bcd79d
@dependabot
⬆️ Bump pygments from 2.13.0 to 2.15.0 in /docs/mkdocs
7a3cf57 
Bumps [pygments](https://github.com/pygments/pygments) from 2.13.0 to 2.15.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](pygments/pygments@2.13.0...2.15.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
⬆️ Bump certifi from 2022.12.7 to 2023.7.22 in /docs/mkdocs
d588e54 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22.
- [Commits](certifi/python-certifi@2022.12.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
⬆️ Bump gitpython from 3.1.30 to 3.1.32 in /docs/mkdocs
1c5414a 
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.30 to 3.1.32.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.30...3.1.32)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #11 from sarvex/dependabot/pip/docs/mkdocs/gitpyth…
dc055b0 
…on-3.1.32

⬆️ Bump gitpython from 3.1.30 to 3.1.32 in /docs/mkdocs
@dependabot
⬆️ Bump tornado from 6.3.2 to 6.3.3 in /docs/mkdocs
3d654aa 
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.3.2 to 6.3.3.
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.3.2...v6.3.3)

---
updated-dependencies:
- dependency-name: tornado
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #12 from sarvex/dependabot/pip/docs/mkdocs/tornado…
b79118a 
…-6.3.3

⬆️ Bump tornado from 6.3.2 to 6.3.3 in /docs/mkdocs
@sarvex
Merge pull request #10 from sarvex/dependabot/pip/docs/mkdocs/certifi…
980bcb4 
…-2023.7.22

⬆️ Bump certifi from 2022.12.7 to 2023.7.22 in /docs/mkdocs
@sarvex
Merge pull request #9 from sarvex/dependabot/pip/docs/mkdocs/pygments…
b977b84 
…-2.15.0

⬆️ Bump pygments from 2.13.0 to 2.15.0 in /docs/mkdocs
@sarvex
Merge branch 'nlohmann:develop' into main
604d094
@nlohmann
Copy link
Owner

nlohmann commented Sep 2, 2023

We only use Python for generating the documentation pages. I don't see the value of adding this.

dependabot bot and others added 2 commits September 6, 2023 18:42
@dependabot
Bump gitpython from 3.1.32 to 3.1.34 in /docs/mkdocs
12cbe05 
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.32 to 3.1.34.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.32...3.1.34)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #13 from sarvex/dependabot/pip/docs/mkdocs/gitpyth…
9da1f5d 
…on-3.1.34

Bump gitpython from 3.1.32 to 3.1.34 in /docs/mkdocs
@github-actions github-actions bot added L and removed M labels Oct 29, 2023
renovate bot and others added 20 commits October 29, 2023 12:23
@renovate
Update dependency mkdocs-redirects to v1.2.1
b563f99
@sarvex
Merge pull request #26 from sarvex/renovate/mkdocs-redirects-1.x
d4440f6 
Update dependency mkdocs-redirects to v1.2.1
@renovate
Update dependency gitdb to v4.0.11
e9c07ce
@renovate
Update dependency pytz to v2022.7.1
a36b7bf
@sarvex
Merge pull request #24 from sarvex/renovate/gitdb-4.x
78f6e40 
Update dependency gitdb to v4.0.11
@sarvex
Merge pull request #28 from sarvex/renovate/pytz-2022.x
28188b7 
Update dependency pytz to v2022.7.1
@renovate
Update dependency nltk to v3.8.1
6634bb8
@sarvex
Merge pull request #27 from sarvex/renovate/nltk-3.x
6cb61d8 
Update dependency nltk to v3.8.1
@renovate
Update dependency markdown-include to v0.8.1
f2a2a14
@sarvex
Merge pull request #25 from sarvex/renovate/markdown-include-0.x
60d1139 
Update dependency markdown-include to v0.8.1
@renovate
Update dependency smmap to v5.0.1
9f2d53e
@renovate
Update dependency Babel to v2.13.1
ddda0db
@sarvex
Merge pull request #30 from sarvex/renovate/babel-2.x
e1ece30 
Update dependency Babel to v2.13.1
@sarvex
Merge pull request #29 from sarvex/renovate/smmap-5.x
bc8f4f8 
Update dependency smmap to v5.0.1
@renovate
Update dependency click to v8.1.7
7b311cf
@sarvex
Merge pull request #23 from sarvex/renovate/click-8.x
42e72f0 
Update dependency click to v8.1.7
@dependabot
Bump gitpython from 3.1.40 to 3.1.41 in /docs/mkdocs
e798e18 
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.40 to 3.1.41.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.40...3.1.41)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump jinja2 from 3.1.2 to 3.1.3 in /docs/mkdocs
fad57ee 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.2...3.1.3)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@sarvex
Merge pull request #38 from sarvex/dependabot/pip/docs/mkdocs/jinja2-…
697567b 
…3.1.3

Bump jinja2 from 3.1.2 to 3.1.3 in /docs/mkdocs
@sarvex
Merge pull request #37 from sarvex/dependabot/pip/docs/mkdocs/gitpyth…
1e00c62 
…on-3.1.41

Bump gitpython from 3.1.40 to 3.1.41 in /docs/mkdocs
@nlohmann nlohmann closed this Apr 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nlohmann nlohmann Awaiting requested review from nlohmann nlohmann is a code owner

Assignees
No one assigned
Labels
CI documentation L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sarvex @coveralls @mbeaulie @nlohmann