Bump the pip group across 1 directory with 10 updates (#48)

dependabot[bot] · web-flow · commit 98fab78712c9 · 2024-05-05T14:03:47.000+08:00
Bumps the pip group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2023.5.7` | `2023.7.22` | | [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `42.0.4` | | [flask](https://github.com/pallets/flask) | `2.2.2` | `2.2.5` | | [grpcio](https://github.com/grpc/grpc) | `1.54.2` | `1.54.3` | | [idna](https://github.com/kjd/idna) | `3.4` | `3.7` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.3` | | [requests](https://github.com/psf/requests) | `2.26.0` | `2.31.0` | | [tornado](https://github.com/tornadoweb/tornado) | `6.3.2` | `6.3.3` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `1.26.18` | | [werkzeug](https://github.com/pallets/werkzeug) | `2.3.4` | `2.3.8` | Updates `certifi` from 2023.5.7 to 2023.7.22 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"><code>8fb96ed</code></a> 2023.07.22</li> <li><a href="https://github.com/certifi/python-certifi/commit/afe77220e0eaa722593fc5d294213ff5275d1b40"><code>afe7722</code></a> Bump actions/setup-python from 4.6.1 to 4.7.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/230">#230</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/2038739ad56abec7aaddfa90ad2ce6b3ed7f5c7b"><code>2038739</code></a> Bump dessant/lock-threads from 3.0.0 to 4.0.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/229">#229</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/44df761f4c09d19f32b3cc09208a739043a5e25b"><code>44df761</code></a> Hash pin Actions and enable dependabot (<a href="https://redirect.github.com/certifi/python-certifi/issues/228">#228</a>)</li> <li>See full diff in <a href="https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22">compare view</a></li> </ul> </details> <br /> Updates `cryptography` from 40.0.2 to 42.0.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>42.0.4 - 2024-02-20</p> <pre><code> * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the definitions in :rfc:`2633` :rfc:`3370`. <p>.. _v42-0-3:</p> <p>42.0.3 - 2024-02-15 </code></pre></p> <ul> <li>Fixed an initialization issue that caused key loading failures for some users.</li> </ul> <p>.. _v42-0-2:</p> <p>42.0.2 - 2024-01-30</p> <pre><code> * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. <p>.. _v42-0-1:</p> <p>42.0.1 - 2024-01-24 </code></pre></p> <ul> <li>Fixed an issue with incorrect keyword-argument naming with <code>EllipticCurvePrivateKey</code> :meth:<code>~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign</code>.</li> <li>Resolved compatibility issue with loading certain RSA public keys in :func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>.</li> </ul> <p>.. _v42-0-0:</p> <p>42.0.0 - 2024-01-22</p> <pre><code> &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/fe18470f7d05f963e7267e34fdf985d81ea6ceea"><code>fe18470</code></a> Bump for 42.0.4 release (<a href="https://redirect.github.com/pyca/cryptography/issues/10445">#10445</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/aaa2dd06ed470695de818405a982d4c459869803"><code>aaa2dd0</code></a> Fix ASN.1 issues in PKCS#7 and S/MIME signing (<a href="https://redirect.github.com/pyca/cryptography/issues/10373">#10373</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10442">#10442</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/7a4d012991061974da5d9cb7614de65eac94f49b"><code>7a4d012</code></a> Fixes <a href="https://redirect.github.com/pyca/cryptography/issues/10422">#10422</a> -- don't crash when a PKCS#12 key and cert don't match (<a href="https://redirect.github.com/pyca/cryptography/issues/10423">#10423</a>) ...</li> <li><a href="https://github.com/pyca/cryptography/commit/df314bb182bdfd661333969a94325e4680d785f6"><code>df314bb</code></a> backport actions m1 switch to 42.0.x (<a href="https://redirect.github.com/pyca/cryptography/issues/10415">#10415</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/c49a7a5271178c6e8ef36fa1c499f62c63ec19b9"><code>c49a7a5</code></a> changelog and version bump for 42.0.3 (<a href="https://redirect.github.com/pyca/cryptography/issues/10396">#10396</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/396bcf64c5be826ec00e7d7f45838c858c049cbc"><code>396bcf6</code></a> fix provider loading take two (<a href="https://redirect.github.com/pyca/cryptography/issues/10390">#10390</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10395">#10395</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/0e0e46f5f73f477b8ee9682738c42129d5d60177"><code>0e0e46f</code></a> backport: initialize openssl's legacy provider in rust (<a href="https://redirect.github.com/pyca/cryptography/issues/10323">#10323</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10333">#10333</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/2202123b50de1b8788f909a3e5afe350c56ad81e"><code>2202123</code></a> changelog and version bump 42.0.2 (<a href="https://redirect.github.com/pyca/cryptography/issues/10268">#10268</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/f7032bdd409838f67fc2b93343f897fb5f397d80"><code>f7032bd</code></a> bump openssl in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/10298">#10298</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10299">#10299</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/002e886f16d8857151c09b11dc86b35f2ac9aec3"><code>002e886</code></a> Fixes <a href="https://redirect.github.com/pyca/cryptography/issues/10294">#10294</a> -- correct accidental change to exchange kwarg (<a href="https://redirect.github.com/pyca/cryptography/issues/10295">#10295</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10296">#10296</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/40.0.2...42.0.4">compare view</a></li> </ul> </details> <br /> Updates `flask` from 2.2.2 to 2.2.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/flask/releases">flask's releases</a>.</em></p> <blockquote> <h2>2.2.5</h2> <p>This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.</p> <ul> <li>Security advisory: <a href="https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq">https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq</a>, CVE-2023-30861</li> <li>Changes: <a href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5</a></li> <li>Milestone: <a href="https://github.com/pallets/flask/milestone/30?closed=1">https://github.com/pallets/flask/milestone/30?closed=1</a></li> </ul> <h2>2.2.4</h2> <p>This is a fix release for the 2.2.x release branch.</p> <ul> <li>Changes: <a href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4</a></li> <li>Milestone: <a href="https://github.com/pallets/flask/milestone/27?closed=1">https://github.com/pallets/flask/milestone/27?closed=1</a></li> </ul> <h2>2.2.3</h2> <p>This is a fix release for the 2.2.x release branch.</p> <ul> <li>Changes: <a href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3</a></li> <li>Milestone: <a href="https://github.com/pallets/flask/milestone/26?closed=1">https://github.com/pallets/flask/milestone/26?closed=1</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/flask/blob/main/CHANGES.rst">flask's changelog</a>.</em></p> <blockquote> <h2>Version 2.2.5</h2> <p>Released 2023-05-02</p> <ul> <li>Update for compatibility with Werkzeug 2.3.3.</li> <li>Set <code>Vary: Cookie</code> header when the session is accessed, modified, or refreshed.</li> </ul> <h2>Version 2.2.4</h2> <p>Released 2023-04-25</p> <ul> <li>Update for compatibility with Werkzeug 2.3.</li> </ul> <h2>Version 2.2.3</h2> <p>Released 2023-02-15</p> <ul> <li>Autoescape is enabled by default for <code>.svg</code> template files. :issue:<code>4831</code></li> <li>Fix the type of <code>template_folder</code> to accept <code>pathlib.Path</code>. :issue:<code>4892</code></li> <li>Add <code>--debug</code> option to the <code>flask run</code> command. :issue:<code>4777</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/flask/commit/47af817c8fe01045c641b97f8fb784c7ad864eee"><code>47af817</code></a> release version 2.2.5</li> <li><a href="https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965"><code>afd63b1</code></a> Merge pull request <a href="https://redirect.github.com/pallets/flask/issues/5109">#5109</a> from pallets/backport-vary-cookie</li> <li><a href="https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d"><code>8646edc</code></a> set <code>Vary: Cookie</code> header consistently for session</li> <li><a href="https://github.com/pallets/flask/commit/a6367dac747c1e149c60767eee7e8aa9c281c58e"><code>a6367da</code></a> Merge pull request <a href="https://redirect.github.com/pallets/flask/issues/5108">#5108</a> from pallets/werkzeug-compat</li> <li><a href="https://github.com/pallets/flask/commit/3fbfbad79fe294918459b70eb409d555b20de2c8"><code>3fbfbad</code></a> werkzeug 2.3.3 compatibility</li> <li><a href="https://github.com/pallets/flask/commit/726d3f4fa9e8a2960541debc2d2713571da54441"><code>726d3f4</code></a> start version 2.2.5</li> <li><a href="https://github.com/pallets/flask/commit/ddc7accaa2e83b328f969c120af2ce0804876b4a"><code>ddc7acc</code></a> Merge pull request <a href="https://redirect.github.com/pallets/flask/issues/5081">#5081</a> from pallets/release-2.2.4</li> <li><a href="https://github.com/pallets/flask/commit/74e03298200e33951ca350a35aa3a8c0b4ff8177"><code>74e0329</code></a> release version 2.2.4</li> <li><a href="https://github.com/pallets/flask/commit/2d460685b1b3d66c713739ee91183c22fb2e5dc8"><code>2d46068</code></a> update dev env</li> <li><a href="https://github.com/pallets/flask/commit/64bc45874daf4b9828830ea0037a19beb8364ee3"><code>64bc458</code></a> update dev dependencies</li> <li>Additional commits viewable in <a href="https://github.com/pallets/flask/compare/2.2.2...2.2.5">compare view</a></li> </ul> </details> <br /> Updates `grpcio` from 1.54.2 to 1.54.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc/releases">grpcio's releases</a>.</em></p> <blockquote> <h2>Release v1.54.3</h2> <p>This is release 1.54.3 (<a href="https://github.com/grpc/grpc/blob/master/doc/g_stands_for.md">gracious</a>) of gRPC Core.</p> <p>For gRPC documentation, see <a href="https://grpc.io/">grpc.io</a>. For previous releases, see <a href="https://github.com/grpc/grpc/releases">Releases</a>.</p> <p>This release contains refinements, improvements, and bug fixes, with highlights listed below.</p> <h2>Core</h2> <ul> <li>[backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by <a href="https://github.com/drfloob"><code>@​drfloob</code></a> in <a href="https://redirect.github.com/grpc/grpc/pull/33670">grpc/grpc#33670</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc/commit/868412b573a0663c8db41558498caf44098f4390"><code>868412b</code></a> [v1.54.x][Interop] Backport Python image update (<a href="https://redirect.github.com/grpc/grpc/issues/33865">#33865</a>)</li> <li><a href="https://github.com/grpc/grpc/commit/b80ee02fc9e0ced3721dfad913e4b4023b9641b0"><code>b80ee02</code></a> [Backport] [dependency] Restrict cython to less than 3.X (<a href="https://redirect.github.com/grpc/grpc/issues/33771">#33771</a>)</li> <li><a href="https://github.com/grpc/grpc/commit/c3fadd614f9a32ec95d7aed87bf64791b1aae283"><code>c3fadd6</code></a> [v1.54][Build] Update Phusion baseimage (<a href="https://redirect.github.com/grpc/grpc/issues/33767">#33767</a>) (<a href="https://redirect.github.com/grpc/grpc/issues/33835">#33835</a>)</li> <li><a href="https://github.com/grpc/grpc/commit/057ff9b71ce0af58e776c3c1d0193648763e680b"><code>057ff9b</code></a> [PSM Interop] Legacy tests: fix xDS test client build (v1.54.x backport) (<a href="https://redirect.github.com/grpc/grpc/issues/33">#33</a>...</li> <li><a href="https://github.com/grpc/grpc/commit/7a053ebbd0e01c40ec199ab884c0641f708ca492"><code>7a053eb</code></a> [PSM Interop] Legacy test builds always pull the driver from master (v1.54.x ...</li> <li><a href="https://github.com/grpc/grpc/commit/d084ddce377fa19ed81f32e506d8156bc487c207"><code>d084ddc</code></a> [release] Bump release version 1.54.3 (<a href="https://redirect.github.com/grpc/grpc/issues/33708">#33708</a>)</li> <li><a href="https://github.com/grpc/grpc/commit/b8fd152211b7895900127ee6d1a99278d4dd47ca"><code>b8fd152</code></a> Automated fix for refs/heads/v1.54.x (<a href="https://redirect.github.com/grpc/grpc/issues/33682">#33682</a>)</li> <li><a href="https://github.com/grpc/grpc/commit/f44cddbebae95935fa640aa19ed5d5786de2aafa"><code>f44cddb</code></a> [backport][iomgr][EventEngine] Improve server handling of file descriptor exh...</li> <li><a href="https://github.com/grpc/grpc/commit/da9ef3403dae11d7be1b1c5c381db1553691378f"><code>da9ef34</code></a> [PSM interop] Don't fail url_map target if sub-target already failed (v1.54.x...</li> <li><a href="https://github.com/grpc/grpc/commit/6894b4becebe99c7dec1628bbb5ec9b8f873c8f8"><code>6894b4b</code></a> [PSM interop] Don't fail target if sub-target already failed (<a href="https://redirect.github.com/grpc/grpc/issues/33222">#33222</a>) (<a href="https://redirect.github.com/grpc/grpc/issues/33303">#33303</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc/compare/v1.54.2...v1.54.3">compare view</a></li> </ul> </details> <br /> Updates `idna` from 3.4 to 3.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>.</em></p> <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> <p>Thanks to Guido Vranken for reporting the issue.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>.</em></p> <blockquote> <p>3.7 (2024-04-11) ++++++++++++++++</p> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> <p>Thanks to Guido Vranken for reporting the issue.</p> <p>3.6 (2023-11-25) ++++++++++++++++</p> <ul> <li>Fix regression to include tests in source distribution.</li> </ul> <p>3.5 (2023-11-24) ++++++++++++++++</p> <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now &quot;idna2008&quot; as overriding the system codec &quot;idna&quot; was not working.</li> <li>Fix typing error for codec encoding</li> <li>&quot;setup.cfg&quot; has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the &quot;idna-data&quot; tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> <p>Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v3.4...v3.7">compare view</a></li> </ul> </details> <br /> Updates `jinja2` from 3.1.2 to 3.1.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>3.1.3</h2> <p>This is a fix release for the 3.1.x feature branch.</p> <ul> <li>Fix for <a href="https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95">GHSA-h5c8-rqwp-cp95</a>. You are affected if you are using <code>xmlattr</code> and passing user input as attribute keys.</li> <li>Changes: <a href="https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3">https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3</a></li> <li>Milestone: <a href="https://github.com/pallets/jinja/milestone/15?closed=1">https://github.com/pallets/jinja/milestone/15?closed=1</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.3</h2> <p>Released 2024-01-10</p> <ul> <li>Fix compiler error when checking if required blocks in parent templates are empty. :pr:<code>1858</code></li> <li><code>xmlattr</code> filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95</li> <li>Make error messages stemming from invalid nesting of <code>{% trans %}</code> blocks more helpful. :pr:<code>1918</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/d9de4bb215fd1cc8092a410fb834c7c4060b1fc1"><code>d9de4bb</code></a> release version 3.1.3</li> <li><a href="https://github.com/pallets/jinja/commit/50124e16561f17f6c1ec85a692f6551418971cdc"><code>50124e1</code></a> skip test pypi</li> <li><a href="https://github.com/pallets/jinja/commit/9ea7222ef3f184480be0d0884e30ccfb4172b17b"><code>9ea7222</code></a> use trusted publishing</li> <li><a href="https://github.com/pallets/jinja/commit/da703f7aae36b1e88baaa20de334d7ff6378fdde"><code>da703f7</code></a> use trusted publishing</li> <li><a href="https://github.com/pallets/jinja/commit/bce174692547464512383ec40e0f8338b8811983"><code>bce1746</code></a> use trusted publishing</li> <li><a href="https://github.com/pallets/jinja/commit/7277d8068be593deab3555c7c14f974ada373af1"><code>7277d80</code></a> update pre-commit hooks</li> <li><a href="https://github.com/pallets/jinja/commit/5c8a10522421270f66376a24ec8e0d6812bc4b14"><code>5c8a105</code></a> Make nested-trans-block exceptions nicer (<a href="https://redirect.github.com/pallets/jinja/issues/1918">#1918</a>)</li> <li><a href="https://github.com/pallets/jinja/commit/19a55db3b411343309f2faaffaedbb089e841895"><code>19a55db</code></a> Make nested-trans-block exceptions nicer</li> <li><a href="https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7"><code>7167953</code></a> Merge pull request from GHSA-h5c8-rqwp-cp95</li> <li><a href="https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23"><code>7dd3680</code></a> xmlattr filter disallows keys with spaces</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/3.1.2...3.1.3">compare view</a></li> </ul> </details> <br /> Updates `requests` from 2.26.0 to 2.31.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.31.0</h2> <h2>2.31.0 (2023-05-22)</h2> <p><strong>Security</strong></p> <ul> <li> <p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of <code>Proxy-Authorization</code> headers to destination servers when following HTTPS redirects.</p> <p>When proxies are defined with user info (<a href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>), Requests will construct a <code>Proxy-Authorization</code> header that is attached to the request to authenticate with the proxy.</p> <p>In cases where Requests receives a redirect response, it previously reattached the <code>Proxy-Authorization</code> header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are <em>strongly</em> encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.</p> <p>Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.</p> <p>Full details can be read in our <a href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github Security Advisory</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p> </li> </ul> <h2>v2.30.0</h2> <h2>2.30.0 (2023-05-03)</h2> <p><strong>Dependencies</strong></p> <ul> <li> <p>⚠️ Added support for urllib3 2.0. ⚠️</p> <p>This may contain minor breaking changes so we advise careful testing and reviewing <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a> prior to upgrading.</p> <p>Users who wish to stay on urllib3 1.x can pin to <code>urllib3&lt;2</code>.</p> </li> </ul> <h2>v2.29.0</h2> <h2>2.29.0 (2023-04-26)</h2> <p><strong>Improvements</strong></p> <ul> <li>Requests now defers chunked requests to the urllib3 implementation to improve standardization. (<a href="https://redirect.github.com/psf/requests/issues/6226">#6226</a>)</li> <li>Requests relaxes header component requirements to support bytes/str subclasses. (<a href="https://redirect.github.com/psf/requests/issues/6356">#6356</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.31.0 (2023-05-22)</h2> <p><strong>Security</strong></p> <ul> <li> <p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of <code>Proxy-Authorization</code> headers to destination servers when following HTTPS redirects.</p> <p>When proxies are defined with user info (<code>https://user:pass@proxy:8080</code>), Requests will construct a <code>Proxy-Authorization</code> header that is attached to the request to authenticate with the proxy.</p> <p>In cases where Requests receives a redirect response, it previously reattached the <code>Proxy-Authorization</code> header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are <em>strongly</em> encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.</p> <p>Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.</p> <p>Full details can be read in our <a href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github Security Advisory</a> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p> </li> </ul> <h2>2.30.0 (2023-05-03)</h2> <p><strong>Dependencies</strong></p> <ul> <li> <p>⚠️ Added support for urllib3 2.0. ⚠️</p> <p>This may contain minor breaking changes so we advise careful testing and reviewing <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a> prior to upgrading.</p> <p>Users who wish to stay on urllib3 1.x can pin to <code>urllib3&lt;2</code>.</p> </li> </ul> <h2>2.29.0 (2023-04-26)</h2> <p><strong>Improvements</strong></p> <ul> <li>Requests now defers chunked requests to the urllib3 implementation to improve standardization. (<a href="https://redirect.github.com/psf/requests/issues/6226">#6226</a>)</li> <li>Requests relaxes header component requirements to support bytes/str subclasses. (<a href="https://redirect.github.com/psf/requests/issues/6356">#6356</a>)</li> </ul> <h2>2.28.2 (2023-01-12)</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"><code>147c851</code></a> v2.31.0</li> <li><a href="https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5"><code>74ea7cf</code></a> Merge pull request from GHSA-j8r2-6x86-q33q</li> <li><a href="https://github.com/psf/requests/commit/302225334678490ec66b3614a9dddb8a02c5f4fe"><code>3022253</code></a> test on pypy 3.8 and pypy 3.9 on windows and macos (<a href="https://redirect.github.com/psf/requests/issues/6424">#6424</a>)</li> <li><a href="https://github.com/psf/requests/commit/b639e66c816514e40604d46f0088fbceec1a5149"><code>b639e66</code></a> test on py3.12 (<a href="https://redirect.github.com/psf/requests/issues/6448">#6448</a>)</li> <li><a href="https://github.com/psf/requests/commit/d3d504436ef0c2ac7ec8af13738b04dcc8c694be"><code>d3d5044</code></a> Fixed a small typo (<a href="https://redirect.github.com/psf/requests/issues/6452">#6452</a>)</li> <li><a href="https://github.com/psf/requests/commit/2ad18e0e10e7d7ecd5384c378f25ec8821a10a29"><code>2ad18e0</code></a> v2.30.0</li> <li><a href="https://github.com/psf/requests/commit/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773"><code>f2629e9</code></a> Remove strict parameter (<a href="https://redirect.github.com/psf/requests/issues/6434">#6434</a>)</li> <li><a href="https://github.com/psf/requests/commit/87d63de8739263bbe17034fba2285c79780da7e8"><code>87d63de</code></a> v2.29.0</li> <li><a href="https://github.com/psf/requests/commit/51716c4ef390136b0d4b800ec7665dd5503e64fc"><code>51716c4</code></a> enable the warnings plugin (<a href="https://redirect.github.com/psf/requests/issues/6416">#6416</a>)</li> <li><a href="https://github.com/psf/requests/commit/a7da1ab3498b10ec3a3582244c94b2845f8a8e71"><code>a7da1ab</code></a> try on ubuntu 22.04 (<a href="https://redirect.github.com/psf/requests/issues/6418">#6418</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.26.0...v2.31.0">compare view</a></li> </ul> </details> <br /> Updates `tornado` from 6.3.2 to 6.3.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst">tornado's changelog</a>.</em></p> <blockquote> <h1>Release notes</h1> <p>.. toctree:: :maxdepth: 2</p> <p>releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0 releases/v2.3.0 releases/v2.2.1</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tornadoweb/tornado/commit/e4d698433b44f350d4908da9ca2cac475c92dfdc"><code>e4d6984</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3307">#3307</a> from bdarnell/branch6.3</li> <li><a href="https://github.com/tornadoweb/tornado/commit/6a9e6fbaf7830b3edae68805211f35f5954292ab"><code>6a9e6fb</code></a> ci: Don't test py312 in branch6.3</li> <li><a href="https://github.com/tornadoweb/tornado/commit/5c8a9a4fa792f8b18bd26bc7a8335e3bbe837852"><code>5c8a9a4</code></a> Set version to 6.3.3</li> <li><a href="https://github.com/tornadoweb/tornado/commit/7dfe8b597f2d179334d7b528f61e9449ac131273"><code>7dfe8b5</code></a> httpserver_test: Add ExpectLog to fix CI</li> <li><a href="https://github.com/tornadoweb/tornado/commit/217295b1dd30f556ea374d62007f6821688f00f0"><code>217295b</code></a> http1connection: Make content-length parsing more strict</li> <li><a href="https://github.com/tornadoweb/tornado/commit/e3aa6c5e2943242d8ab25448c2798365b3cb9945"><code>e3aa6c5</code></a> Merge pull request <a href="https://redirect.github.com/tornadoweb/tornado/issues/3267">#3267</a> from bdarnell/branch6.3</li> <li>See full diff in <a href="https://github.com/tornadoweb/tornado/compare/v6.3.2...v6.3.3">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 1.26.16 to 1.26.18 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>1.26.18</h2> <ul> <li>Made body stripped from HTTP requests changing the request method to GET after HTTP 303 &quot;See Other&quot; redirect responses. (GHSA-g4mx-q9vg-27p4)</li> </ul> <h2>1.26.17</h2> <ul> <li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (GHSA-v845-jxx5-vc9f)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>1.26.18 (2023-10-17)</h1> <ul> <li>Made body stripped from HTTP requests changing the request method to GET after HTTP 303 &quot;See Other&quot; redirect responses.</li> </ul> <h1>1.26.17 (2023-10-02)</h1> <ul> <li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (<code>[#3139](urllib3/urllib3#3139) &lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a> Release 1.26.18 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a> Merge pull request from GHSA-g4mx-q9vg-27p4</li> <li><a href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a> [1.26] Use vendored six in urllib3.contrib.securetransport</li> <li><a href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a> Release 1.26.17</li> <li><a href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a> Backport GHSA-v845-jxx5-vc9f (<a href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a> Fix installing <code>brotli</code> extra on Python 2.7</li> <li><a href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a> [1.26] Configure OS for RTD to fix building docs</li> <li><a href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a> [1.26] Improve error message when calling urllib3.request() (<a href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a> [1.26] Run coverage even with failed jobs</li> <li>See full diff in <a href="https://github.com/urllib3/urllib3/compare/1.26.16...1.26.18">compare view</a></li> </ul> </details> <br /> Updates `werkzeug` from 2.3.4 to 2.3.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p> <blockquote> <h2>2.3.8</h2> <p>This is a security release for the 2.3.x feature branch.</p> <ul> <li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-8">https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-8</a></li> </ul> <h2>2.3.7</h2> <p>This is a fix release for the 2.3.x feature branch.</p> <ul> <li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-7">https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-7</a></li> <li>Milestone: <a href="https://github.com/pallets/werkzeug/milestone/33?closed=1">https://github.com/pallets/werkzeug/milestone/33?closed=1</a></li> </ul> <h2>2.3.6</h2> <p>This is a fix release for the 2.3.x feature branch.</p> <ul> <li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-6">https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-6</a></li> <li>Milestone: <a href="https://github.com/pallets/werkzeug/milestone/32?closed=1">https://github.com/pallets/werkzeug/milestone/32?closed=1</a></li> </ul> <h2>2.3.5</h2> <p>This is a fix release for the 2.3.x feature branch.</p> <ul> <li>Changes: <a href="https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-5">https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-5</a></li> <li>Milestone: <a href="https://github.com/pallets/werkzeug/milestone/31?closed=1">https://github.com/pallets/werkzeug/milestone/31?closed=1</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's changelog</a>.</em></p> <blockquote> <h2>Version 2.3.8</h2> <p>Released 2023-11-08</p> <ul> <li>Fix slow multipart parsing for large parts potentially enabling DoS attacks.</li> </ul> <h2>Version 2.3.7</h2> <p>Released 2023-08-14</p> <ul> <li>Use <code>flit_core</code> instead of <code>setuptools</code> as build backend.</li> <li>Fix parsing of multipart bodies. :issue:<code>2734</code></li> <li>Adjust index of last newline in data start. :issue:<code>2761</code></li> <li>Parsing ints from header values strips spacing first. :issue:<code>2734</code></li> <li>Fix empty file streaming when testing. :issue:<code>2740</code></li> <li>Clearer error message when URL rule does not start with slash. :pr:<code>2750</code></li> <li><code>Accept</code> <code>q</code> value can be a float without a decimal part. :issue:<code>2751</code></li> </ul> <h2>Version 2.3.6</h2> <p>Released 2023-06-08</p> <ul> <li><code>FileStorage.content_length</code> does not fail if the form data did not provide a value. :issue:<code>2726</code></li> </ul> <h2>Version 2.3.5</h2> <p>Released 2023-06-07</p> <ul> <li>Python 3.12 compatibility. :issue:<code>2704</code></li> <li>Fix handling of invalid base64 values in <code>Authorization.from_header</code>. :issue:<code>2717</code></li> <li>The debugger escapes the exception message in the page title. :pr:<code>2719</code></li> <li>When binding <code>routing.Map</code>, a long IDNA <code>server_name</code> with a port does not fail encoding. :issue:<code>2700</code></li> <li><code>iri_to_uri</code> shows a deprecation warning instead of an error when passing bytes. :issue:<code>2708</code></li> <li>When parsing numbers in HTTP request headers such as <code>Content-Length</code>, only ASCII digits are accepted rather than any format that Python's <code>int</code> and <code>float</code> accept. :issue:<code>2716</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/werkzeug/commit/dc909431a6b399f341364233382aad73fb0ea56a"><code>dc90943</code></a> Release version 2.3.8</li> <li><a href="https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9"><code>f230020</code></a> Fix: slow multipart parsing for huge files with few CR/LF characters</li> <li><a href="https://github.com/pallets/werkzeug/commit/26f3e95168c5019d3dbf656c9042c19d621cb54f"><code>26f3e95</code></a> reformat lines</li> <li><a href="https://github.com/pallets/werkzeug/commit/828bab48b056f59c2884fe52eb5decd21415b4be"><code>828bab4</code></a> Start version 2.3.8</li> <li><a href="https://github.com/pallets/werkzeug/commit/3c2ba3da894c0767dd6dde7b2707cac65bad5422"><code>3c2ba3d</code></a> Release version 2.3.7</li> <li><a href="https://github.com/pallets/werkzeug/commit/ac9974c04fe44bf1a6fde752cad492432cd5c1b7"><code>ac9974c</code></a> Fix qvalue parsing (<a href="https://redirect.github.com/pallets/werkzeug/issues/2753">#2753</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/88f4ed649cf340f401c4225a418fb78aeec92e6f"><code>88f4ed6</code></a> qvalue parsing accepts float without decimal</li> <li><a href="https://github.com/pallets/werkzeug/commit/dd1f1371d092086095bc004dfbbdf3a29c4612f0"><code>dd1f137</code></a> Fix: Improve Error Message (<a href="https://redirect.github.com/pallets/werkzeug/issues/2750">#2750</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/fdc295a79c5a8a1da381d646b5430ac0e0230a92"><code>fdc295a</code></a> clearer url rule slash error</li> <li><a href="https://github.com/pallets/werkzeug/commit/a0f4bf4bb60a95a959314f3540a42f186f1f8ace"><code>a0f4bf4</code></a> fix: improve error message</li> <li>Additional commits viewable in <a href="https://github.com/pallets/werkzeug/compare/2.3.4...2.3.8">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/brucewzj99/tele-tracker-v2/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/requirements.txt b/requirements.txt
@@ -2,15 +2,15 @@ APScheduler==3.6.3
 asgiref==3.7.1
 CacheControl==0.12.11
 cachetools==4.2.2
-certifi==2023.5.7
+certifi==2023.7.22
 cffi==1.15.1
 charset-normalizer==2.0.12
 click==8.1.3
 colorama==0.4.6
-cryptography==40.0.2
+cryptography==42.0.4
 exceptiongroup==1.2.1
 firebase-admin==6.1.0
-Flask==2.2.2
+Flask==2.2.5
 google-api-core==2.11.0
 google-api-python-client==2.86.0
 google-auth==2.17.3
@@ -21,14 +21,14 @@ google-cloud-storage==2.9.0
 google-crc32c==1.5.0
 google-resumable-media==2.5.0
 googleapis-common-protos==1.59.0
-grpcio==1.54.2
+grpcio==1.54.3
 grpcio-status==1.54.2
 httplib2==0.22.0
-idna==3.4
+idna==3.7
 importlib-metadata==6.6.0
 iniconfig==2.0.0
 itsdangerous==2.1.2
-Jinja2==3.1.2
+Jinja2==3.1.3
 MarkupSafe==2.1.2
 msgpack==1.0.5
 packaging==24.0
@@ -46,15 +46,15 @@ python-dotenv==1.0.1
 python-telegram-bot==13.7
 pytz==2023.3
 PyYAML==6.0
-requests==2.26.0
+requests==2.31.0
 rsa==4.9
 six==1.16.0
 tomli==2.0.1
-tornado==6.3.2
+tornado==6.3.3
 typing_extensions==4.6.2
 tzdata==2023.3
 tzlocal==5.0.1
 uritemplate==4.1.1
-urllib3==1.26.16
-Werkzeug==2.3.4
+urllib3==1.26.18
+Werkzeug==2.3.8
 zipp==3.15.0
