dependabot[bot]
f3edccdd1f
Bump tox from 4.6.0 to 4.11.3 ( #287 )
...
Bumps [tox](https://github.com/tox-dev/tox ) from 4.6.0 to 4.11.3.
- [Release notes](https://github.com/tox-dev/tox/releases )
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst )
- [Commits](https://github.com/tox-dev/tox/compare/4.6.0...4.11.3 )
---
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 23:36:02 -07:00
Devin Lundberg
31ae18d57d
[Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 ( #284 )
...
fix: requirements.txt to reduce vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-25 09:24:35 -07:00
dependabot[bot]
9d68d6b058
Bump actions/checkout from 3 to 4 ( #282 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 09:22:23 -07:00
dependabot[bot]
4c118cf022
Bump pytest-cov from 3.0.0 to 4.1.0 ( #266 )
...
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov ) from 3.0.0 to 4.1.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest-cov/compare/v3.0.0...v4.1.0 )
---
updated-dependencies:
- dependency-name: pytest-cov
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 12:52:57 -07:00
dependabot[bot]
5725b0db2e
Bump coverage from 6.4.1 to 7.2.7 ( #267 )
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 6.4.1 to 7.2.7.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.1...7.2.7 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 12:52:38 -07:00
dependabot[bot]
a34aaf8bb4
Bump redis from 4.5.3 to 4.5.5 ( #253 )
...
Bump redis from 4.3.3 to 4.5.5
Bumps [redis](https://github.com/redis/redis-py ) from 4.3.3 to 4.5.5.
- [Release notes](https://github.com/redis/redis-py/releases )
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES )
- [Commits](https://github.com/redis/redis-py/compare/v4.3.3...v4.5.5 )
---
updated-dependencies:
- dependency-name: redis
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuru Shao <yshao@pinterest.com>
2023-06-09 13:38:27 -07:00
dependabot[bot]
6fec10eaab
Bump pytest from 7.1.2 to 7.3.1 ( #243 )
...
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 7.1.2 to 7.3.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/7.1.2...7.3.1 )
---
updated-dependencies:
- dependency-name: pytest
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-09 13:38:04 -07:00
dependabot[bot]
147bdf390a
Bump flask from 2.1.2 to 2.3.2 ( #250 )
...
Bumps [flask](https://github.com/pallets/flask ) from 2.1.2 to 2.3.2.
- [Release notes](https://github.com/pallets/flask/releases )
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/flask/compare/2.1.2...2.3.2 )
---
updated-dependencies:
- dependency-name: flask
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-09 13:30:50 -07:00
dependabot[bot]
95f5c35291
Bump fakeredis from 1.7.5 to 2.14.1 ( #263 )
...
Bumps [fakeredis](https://github.com/cunla/fakeredis-py ) from 1.7.5 to 2.14.1.
- [Release notes](https://github.com/cunla/fakeredis-py/releases )
- [Commits](https://github.com/cunla/fakeredis-py/compare/v1.7.5...v2.14.1 )
---
updated-dependencies:
- dependency-name: fakeredis
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-09 13:19:43 -07:00
dependabot[bot]
013c0d1e77
Bump tox from 3.25.0 to 4.6.0 ( #262 )
...
Bumps [tox](https://github.com/tox-dev/tox ) from 3.25.0 to 4.6.0.
- [Release notes](https://github.com/tox-dev/tox/releases )
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst )
- [Commits](https://github.com/tox-dev/tox/compare/3.25.0...4.6.0 )
---
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-09 13:15:29 -07:00
dependabot[bot]
6f02f6e2b7
Bump cryptography from 39.0.2 to 41.0.1 ( #260 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 39.0.2 to 41.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/39.0.2...41.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-09 13:01:50 -07:00
Yuru Shao
1e1b189d77
Remove py3.7 ( #234 )
...
* Remove py3.7
* Restore cache action
2023-06-09 12:54:41 -07:00
dependabot[bot]
a2a887bb2c
Bump flake8 from 4.0.1 to 6.0.0 ( #205 )
...
Bumps [flake8](https://github.com/pycqa/flake8 ) from 4.0.1 to 6.0.0.
- [Release notes](https://github.com/pycqa/flake8/releases )
- [Commits](https://github.com/pycqa/flake8/compare/4.0.1...6.0.0 )
---
updated-dependencies:
- dependency-name: flake8
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-17 16:19:46 -07:00
Devin Lundberg
0aaf1ec89b
[Snyk] Security upgrade werkzeug from 2.1.2 to 2.2.3 ( #221 )
...
fix: requirements.txt to reduce vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-03-17 16:18:25 -07:00
dependabot[bot]
c251bffc89
Bump cryptography from 37.0.2 to 39.0.2 ( #224 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 37.0.2 to 39.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/37.0.2...39.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-17 16:15:29 -07:00
dependabot[bot]
7da90b08a4
Bump markupsafe from 1.1.1 to 2.1.1 ( #164 )
...
Bumps [markupsafe](https://github.com/pallets/markupsafe ) from 1.1.1 to 2.1.1.
- [Release notes](https://github.com/pallets/markupsafe/releases )
- [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/markupsafe/compare/1.1.1...2.1.1 )
---
updated-dependencies:
- dependency-name: markupsafe
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-16 13:26:48 -07:00
dependabot[bot]
26fb06efe3
Bump coverage from 6.3.3 to 6.4.1
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 6.3.3 to 6.4.1.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/6.3.3...6.4.1 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 19:02:08 +00:00
dependabot[bot]
4292228200
Bump tox from 3.1.2 to 3.25.0
...
Bumps [tox](https://github.com/tox-dev/tox ) from 3.1.2 to 3.25.0.
- [Release notes](https://github.com/tox-dev/tox/releases )
- [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst )
- [Commits](https://github.com/tox-dev/tox/compare/3.1.2...3.25.0 )
---
updated-dependencies:
- dependency-name: tox
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-28 19:01:42 +00:00
Yuru Shao
f13bc17d92
Upgrade jquery from 1.12.4 to 3.6.0 ( #183 )
2022-06-28 11:59:52 -07:00
Yuru Shao
1245b0c43f
Merge pull request #180 from pinterest/dependabot/pip/freezegun-1.2.1
...
Bump freezegun from 0.3.15 to 1.2.1
2022-06-28 10:15:28 -07:00
dependabot[bot]
25cd5740d4
Bump freezegun from 0.3.15 to 1.2.1
...
Bumps [freezegun](https://github.com/spulec/freezegun ) from 0.3.15 to 1.2.1.
- [Release notes](https://github.com/spulec/freezegun/releases )
- [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG )
- [Commits](https://github.com/spulec/freezegun/compare/0.3.15...1.2.1 )
---
updated-dependencies:
- dependency-name: freezegun
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-22 21:00:49 +00:00
Yuru Shao
3011638028
Merge pull request #153 from pinterest/dependabot/pip/itsdangerous-2.1.2
...
Bump itsdangerous from 0.24 to 2.1.2
2022-06-22 14:00:08 -07:00
dependabot[bot]
2304a29e7c
Bump itsdangerous from 0.24 to 2.1.2
...
Bumps [itsdangerous](https://github.com/pallets/itsdangerous ) from 0.24 to 2.1.2.
- [Release notes](https://github.com/pallets/itsdangerous/releases )
- [Changelog](https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/itsdangerous/compare/0.24...2.1.2 )
---
updated-dependencies:
- dependency-name: itsdangerous
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-22 18:44:21 +00:00
Yuru Shao
e61453d577
Merge pull request #173 from pinterest/dependabot/pip/redis-4.3.3
...
Bump redis from 2.10.6 to 4.3.3
2022-06-22 11:42:43 -07:00
dependabot[bot]
8f9ecb8a7a
Bump redis from 2.10.6 to 4.3.3
...
Bumps [redis](https://github.com/redis/redis-py ) from 2.10.6 to 4.3.3.
- [Release notes](https://github.com/redis/redis-py/releases )
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES )
- [Commits](https://github.com/redis/redis-py/compare/2.10.6...v4.3.3 )
---
updated-dependencies:
- dependency-name: redis
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-22 18:36:08 +00:00
Yuru Shao
b2a41073de
Merge pull request #171 from pinterest/dependabot/pip/werkzeug-2.1.2
...
Bump werkzeug from 0.15.6 to 2.1.2
2022-06-22 11:34:39 -07:00
Yuru Shao
bfae576fb2
Merge pull request #176 from pinterest/dependabot/pip/flask-2.1.2
...
Bump flask from 1.0.2 to 2.1.2
2022-06-22 11:27:36 -07:00
Yuru Shao
f89a8b2fdc
Merge pull request #175 from pinterest/codeql_setup
...
Create codeql-analysis.yml
2022-06-20 13:11:00 -07:00
Yuru Shao
36b2d79e38
add tests.py to on:pull_request:paths-ignore
2022-06-20 13:06:20 -07:00
dependabot[bot]
ecdcb70470
Bump werkzeug from 0.15.6 to 2.1.2
...
Bumps [werkzeug](https://github.com/pallets/werkzeug ) from 0.15.6 to 2.1.2.
- [Release notes](https://github.com/pallets/werkzeug/releases )
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/werkzeug/compare/0.15.6...2.1.2 )
---
updated-dependencies:
- dependency-name: werkzeug
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 03:43:08 +00:00
dependabot[bot]
ca3ba14c21
Bump flask from 1.0.2 to 2.1.2
...
Bumps [flask](https://github.com/pallets/flask ) from 1.0.2 to 2.1.2.
- [Release notes](https://github.com/pallets/flask/releases )
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/flask/compare/1.0.2...2.1.2 )
---
updated-dependencies:
- dependency-name: flask
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 03:42:48 +00:00
Yuru Shao
bdba9bf7f6
Merge pull request #168 from pinterest/dependabot/pip/jinja2-3.1.2
...
Bump jinja2 from 2.11.3 to 3.1.2
2022-06-19 20:42:17 -07:00
Yuru Shao
261fa83273
Update codeql workflow configs
2022-06-19 19:59:46 -07:00
Yuru Shao
bcef439238
Create codeql-analysis.yml
2022-06-19 00:07:49 -07:00
dependabot[bot]
abacd0c776
Bump actions/setup-python from 3 to 4
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-13 14:16:08 +00:00
dependabot[bot]
f16106acc7
Merge pull request #170 from pinterest/dependabot/pip/fakeredis-1.7.5
2022-05-18 14:49:45 +00:00
dependabot[bot]
d6aa58976e
Bump fakeredis from 0.7.0 to 1.7.5
...
Bumps [fakeredis](https://github.com/dsoftwareinc/fakeredis-py ) from 0.7.0 to 1.7.5.
- [Release notes](https://github.com/dsoftwareinc/fakeredis-py/releases )
- [Commits](https://github.com/dsoftwareinc/fakeredis-py/compare/0.7.0...v1.7.5 )
---
updated-dependencies:
- dependency-name: fakeredis
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-18 02:00:53 +00:00
dependabot[bot]
47f002ab2d
Bump jinja2 from 2.11.3 to 3.1.2
...
Bumps [jinja2](https://github.com/pallets/jinja ) from 2.11.3 to 3.1.2.
- [Release notes](https://github.com/pallets/jinja/releases )
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/jinja/compare/2.11.3...3.1.2 )
---
updated-dependencies:
- dependency-name: jinja2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-18 02:00:49 +00:00
Jon Parise
b8121166b7
Remove transitive dependencies ( #167 )
...
Given how we're currently managing our dependencies in this project, it
doesn't make sense to list transitive dependencies in this set of
requirements (i.e. it's not meant to act as a lock file).
2022-05-17 12:29:12 -07:00
dependabot[bot]
37cd63d394
Merge pull request #162 from pinterest/dependabot/pip/idna-3.3
2022-05-17 19:21:19 +00:00
dependabot[bot]
bdefc11a72
Bump idna from 2.9 to 3.3
...
Bumps [idna](https://github.com/kjd/idna ) from 2.9 to 3.3.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v2.9...v3.3 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-17 18:58:15 +00:00
dependabot[bot]
cbbe67dcae
Merge pull request #159 from pinterest/dependabot/pip/cryptography-37.0.2
2022-05-17 18:57:29 +00:00
Jon Parise
f21c696a5d
Report coverage information to the terminal ( #165 )
...
Also, upgrade the relevant package dependencies to their latest
versions.
2022-05-17 11:54:51 -07:00
dependabot[bot]
ff243787c7
Merge pull request #155 from pinterest/dependabot/pip/pytest-7.1.2
2022-05-17 18:42:33 +00:00
Jon Parise
2c702b0a39
Run flake8 across the entire code base ( #163 )
...
Also, make sure we're using a consistent version of flake8 in CI.
2022-05-17 11:41:01 -07:00
dependabot[bot]
5e47d5efa1
Bump pytest from 3.6.3 to 7.1.2
...
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 3.6.3 to 7.1.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/3.6.3...7.1.2 )
---
updated-dependencies:
- dependency-name: pytest
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-17 18:22:03 +00:00
dependabot[bot]
7102b4560b
Merge pull request #161 from pinterest/dependabot/pip/flake8-4.0.1
2022-05-17 18:21:07 +00:00
dependabot[bot]
8e946c2bdb
Bump flake8 from 3.5.0 to 4.0.1
...
Bumps [flake8](https://github.com/pycqa/flake8 ) from 3.5.0 to 4.0.1.
- [Release notes](https://github.com/pycqa/flake8/releases )
- [Commits](https://github.com/pycqa/flake8/compare/3.5.0...4.0.1 )
---
updated-dependencies:
- dependency-name: flake8
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-17 18:11:46 +00:00
Jon Parise
68c5f14cd4
Remove dependency on six ( #160 )
...
We no longer need six now that we require Python 3.x.
2022-05-17 11:10:58 -07:00
dependabot[bot]
c491c621d2
Bump cryptography from 3.3.2 to 37.0.2
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 3.3.2 to 37.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/3.3.2...37.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-17 18:05:11 +00:00