Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sixfeetup/scaf
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.8.1
Choose a base ref
...
head repository: sixfeetup/scaf
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.9.0
Choose a head ref
  • 11 commits
  • 9 files changed
  • 8 contributors

Commits on Jul 11, 2024

  1. docs: Make the generated README more contributor oriented (#230)

    The current state of the README is quite hard to follow for people not
    familiar with the setup already.
    
    One overall change was in the section titles and levels
    * I used "How to ..." because it makes the purpose of the section
    clearer for the writer and the reader in my opinion.
    * I adjusted the section levels because it was really not consistent.
    
    Two very confusing sections:
    1. The initialization of the github repo feels out of place because it
    happens once and is done by the person running scaf anyway. This should
    be in scaf itself, not in the generated README so I removed it
    2. The management of secrets seemed to be jumping between sealedSecrets
    and .envrc file so I made two clean sections instead
    
    To make the setup clearer for contributors I made two sections:
    
    * one for setting up the environment, done once
    * one for spinning up the app with commands that must be run every time
    
    ---------
    
    Co-authored-by: Roché Compaan <roche@upfrontsoftware.co.za>
    hillairet and rochecompaan authored Jul 11, 2024
    Copy the full SHA
    3b3e63d View commit details

Commits on Jul 15, 2024

  1. [Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 (#278)

    <p>This PR was automatically created by Snyk using the credentials of a
    real user.</p><br
    />![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
    
    ### Snyk has created this PR to fix 1 vulnerabilities in the pip
    dependencies of this project.
    
    #### Snyk changed the following file(s):
    
    - `requirements.txt`
    
    
    
    <details>
    <summary>⚠️ <b>Warning</b></summary>
    ```
    virtualenv 20.26.3 has requirement platformdirs<5,>=3.9.1, but you have platformdirs 2.5.1.
    virtualenv 20.26.3 has requirement filelock<4,>=3.12.2, but you have filelock 3.8.0.
    virtualenv 20.26.3 has requirement distlib<1,>=0.3.7, but you have distlib 0.3.5.
    flake8 4.0.1 has requirement importlib-metadata<4.3; python_version < "3.8", but you have importlib-metadata 6.7.0.
    
    ```
    </details>
    
    
    
    
    
    ---
    
    > [!IMPORTANT]
    >
    > - Check the changes in this PR to ensure they won't cause issues with
    your project.
    > - Max score is 1000. Note that the real score may have changed since
    the PR was raised.
    > - This PR was automatically created by Snyk using the credentials of a
    real user.
    > - Some vulnerabilities couldn't be fully fixed and so Snyk will still
    find them when the project is tested again. This may be because the
    vulnerability existed within more than one direct dependency, but not
    all of the affected dependencies could be upgraded.
    
    ---
    
    **Note:** _You are seeing this because you or someone else with access
    to this repository has authorized Snyk to open fix PRs._
    
    For more information: <img
    src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1ZWFkODJhZS0zOGU5LTQ0MDctOTVjMy1mNTVmNDM3NThmYmUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjVlYWQ4MmFlLTM4ZTktNDQwNy05NWMzLWY1NWY0Mzc1OGZiZSJ9fQ=="
    width="0" height="0"/>
    🧐 [View latest project
    report](https://app.snyk.io/org/calvinsixfeetup.com/project/4d495fc3-4887-4272-afb1-7a29b3658635?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
    📜 [Customise PR
    templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
    🛠 [Adjust project
    settings](https://app.snyk.io/org/calvinsixfeetup.com/project/4d495fc3-4887-4272-afb1-7a29b3658635?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
    📚 [Read about Snyk's upgrade
    logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
    
    ---
    
    **Learn how to fix vulnerabilities with free interactive lessons:**
    
    🦉 [Learn about vulnerability in an interactive lesson of Snyk
    Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)
    
    [//]: #
    'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"zipp","from":"3.15.0","to":"3.19.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof
    of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"},{"exploit_maturity":"Proof of
    Concept","id":"SNYK-PYTHON-ZIPP-7430899","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof
    of
    Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Infinite
    loop"}],"prId":"5ead82ae-38e9-4407-95c3-f55f43758fbe","prPublicId":"5ead82ae-38e9-4407-95c3-f55f43758fbe","packageManager":"pip","priorityScoreList":[738],"projectPublicId":"4d495fc3-4887-4272-afb1-7a29b3658635","projectUrl":"https://app.snyk.io/org/calvinsixfeetup.com/project/4d495fc3-4887-4272-afb1-7a29b3658635?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-ZIPP-7430899"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
    
    Co-authored-by: snyk-bot <snyk-bot@snyk.io>
    clshaw01 and snyk-bot authored Jul 15, 2024
    Copy the full SHA
    513a1cd View commit details
  2. [Snyk] Security upgrade certifi from 2023.7.22 to 2024.7.4 (#268)

    <p>This PR was automatically created by Snyk using the credentials of a
    real user.</p><br
    />![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
    
    ### Snyk has created this PR to fix 1 vulnerabilities in the pip
    dependencies of this project.
    
    #### Snyk changed the following file(s):
    
    - `requirements.txt`
    
    
    
    <details>
    <summary>⚠️ <b>Warning</b></summary>
    ```
    virtualenv 20.26.3 has requirement platformdirs<5,>=3.9.1, but you have platformdirs 2.5.1.
    virtualenv 20.26.3 has requirement distlib<1,>=0.3.7, but you have distlib 0.3.5.
    virtualenv 20.26.3 has requirement filelock<4,>=3.12.2, but you have filelock 3.8.0.
    flake8 4.0.1 has requirement importlib-metadata<4.3; python_version < "3.8", but you have importlib-metadata 6.7.0.
    
    ```
    </details>
    
    
    
    
    
    ---
    
    > [!IMPORTANT]
    >
    > - Check the changes in this PR to ensure they won't cause issues with
    your project.
    > - Max score is 1000. Note that the real score may have changed since
    the PR was raised.
    > - This PR was automatically created by Snyk using the credentials of a
    real user.
    > - Some vulnerabilities couldn't be fully fixed and so Snyk will still
    find them when the project is tested again. This may be because the
    vulnerability existed within more than one direct dependency, but not
    all of the affected dependencies could be upgraded.
    
    ---
    
    **Note:** _You are seeing this because you or someone else with access
    to this repository has authorized Snyk to open fix PRs._
    
    For more information: <img
    src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5MzdlZGRhMy02NGY0LTQwMmItODY5NS0xYWY0YzMyNTljY2YiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjkzN2VkZGEzLTY0ZjQtNDAyYi04Njk1LTFhZjRjMzI1OWNjZiJ9fQ=="
    width="0" height="0"/>
    🧐 [View latest project
    report](https://app.snyk.io/org/calvinsixfeetup.com/project/4d495fc3-4887-4272-afb1-7a29b3658635?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
    📜 [Customise PR
    templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
    🛠 [Adjust project
    settings](https://app.snyk.io/org/calvinsixfeetup.com/project/4d495fc3-4887-4272-afb1-7a29b3658635?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
    📚 [Read about Snyk's upgrade
    logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
    
    ---
    
    **Learn how to fix vulnerabilities with free interactive lessons:**
    
    🦉 [Learn about vulnerability in an interactive lesson of Snyk
    Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)
    
    [//]: #
    'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"certifi","from":"2023.7.22","to":"2024.7.4"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No
    Known
    Exploit","id":"SNYK-PYTHON-CERTIFI-7430173","priority_score":591,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insufficient
    Verification of Data Authenticity"},{"exploit_maturity":"No Known
    Exploit","id":"SNYK-PYTHON-CERTIFI-7430173","priority_score":591,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insufficient
    Verification of Data Authenticity"},{"exploit_maturity":"No Known
    Exploit","id":"SNYK-PYTHON-CERTIFI-7430173","priority_score":591,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insufficient
    Verification of Data Authenticity"},{"exploit_maturity":"No Known
    Exploit","id":"SNYK-PYTHON-CERTIFI-7430173","priority_score":591,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Insufficient
    Verification of Data
    Authenticity"}],"prId":"937edda3-64f4-402b-8695-1af4c3259ccf","prPublicId":"937edda3-64f4-402b-8695-1af4c3259ccf","packageManager":"pip","priorityScoreList":[591],"projectPublicId":"4d495fc3-4887-4272-afb1-7a29b3658635","projectUrl":"https://app.snyk.io/org/calvinsixfeetup.com/project/4d495fc3-4887-4272-afb1-7a29b3658635?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-CERTIFI-7430173"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
    
    Co-authored-by: snyk-bot <snyk-bot@snyk.io>
    clshaw01 and snyk-bot authored Jul 15, 2024
    Copy the full SHA
    d0cc847 View commit details
  3. chore(deps): bump urllib3 from 1.26.18 to 1.26.19 (#240)

    Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to
    1.26.19.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/urllib3/urllib3/releases">urllib3's
    releases</a>.</em></p>
    <blockquote>
    <h2>1.26.19</h2>
    <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
    <p><a
    href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
    is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
    long-term sustainable maintenance of the project after a sharp decline
    in financial support for 2023. If your company or organization uses
    Python and would benefit from HTTP/2 support in Requests, pip, cloud
    SDKs, and thousands of other projects <a
    href="https://opencollective.com/urllib3">please consider contributing
    financially</a> to ensure HTTP/2 support is developed sustainably and
    maintained for the long-haul.</p>
    <p>Thank you for your support.</p>
    <h2>Changes</h2>
    <ul>
    <li>Added the <code>Proxy-Authorization</code> header to the list of
    headers to strip from requests when redirecting to a different host. As
    before, different headers can be set via
    <code>Retry.remove_headers_on_redirect</code>.</li>
    </ul>
    <p><strong>Full Changelog</strong>: <a
    href="https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19">https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19</a></p>
    <p>Note that due to an issue with our release automation, no <code>
    multiple.intoto.jsonl</code> file is available for this release.</p>
    </blockquote>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst">urllib3's
    changelog</a>.</em></p>
    <blockquote>
    <h2>1.26.19 (2024-06-17)</h2>
    <ul>
    <li>Added the <code>Proxy-Authorization</code> header to the list of
    headers to strip from requests when redirecting to a different host. As
    before, different headers can be set via
    <code>Retry.remove_headers_on_redirect</code>.</li>
    <li>Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring
    an HTTP proxy as HTTPS.
    (<code>[#3405](urllib3/urllib3#3405)
    &lt;https://github.com/urllib3/urllib3/issues/3405&gt;</code>__)</li>
    </ul>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/urllib3/urllib3/commit/d9d85c88aa644af56d5e129634e750ce76e1a765"><code>d9d85c8</code></a>
    Release 1.26.19</li>
    <li><a
    href="https://github.com/urllib3/urllib3/commit/8528b63b6fe5cfd7b21942cf988670de68fcd8c0"><code>8528b63</code></a>
    [1.26] Fix downstream tests (<a
    href="https://github.com/urllib3/urllib3/issues/3409">#3409</a>)</li>
    <li><a
    href="https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468"><code>40b6d16</code></a>
    Merge pull request from GHSA-34jh-p97f-mpxf</li>
    <li><a
    href="https://github.com/urllib3/urllib3/commit/29cfd02f66376c61bd20f1725477925106321f68"><code>29cfd02</code></a>
    Fix handling of OpenSSL 3.2.0 new error message &quot;record layer
    failure&quot; (<a
    href="https://github.com/urllib3/urllib3/issues/3405">#3405</a>)</li>
    <li><a
    href="https://github.com/urllib3/urllib3/commit/b60064388302f54a3455259ddab121618650a154"><code>b600643</code></a>
    [1.26] Bump RECENT_DATE (<a
    href="https://github.com/urllib3/urllib3/issues/3404">#3404</a>)</li>
    <li><a
    href="https://github.com/urllib3/urllib3/commit/7e2d3890926d4788e219f63e2e36fbeb8714827f"><code>7e2d389</code></a>
    [1.26] Fix running CPython 2.7 tests in CI (<a
    href="https://github.com/urllib3/urllib3/issues/3137">#3137</a>)</li>
    <li>See full diff in <a
    href="https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.18&new-version=1.26.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts
    page](https://github.com/sixfeetup/scaf/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jul 15, 2024
    Copy the full SHA
    86ec919 View commit details
  4. chore(deps): bump requests from 2.31.0 to 2.32.0 (#229)

    Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.0.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/psf/requests/releases">requests's
    releases</a>.</em></p>
    <blockquote>
    <h2>v2.32.0</h2>
    <h2>2.32.0 (2024-05-20)</h2>
    <h2>🐍 PYCON US 2024 EDITION 🐍</h2>
    <p><strong>Security</strong></p>
    <ul>
    <li>Fixed an issue where setting <code>verify=False</code> on the first
    request from a
    Session will cause subsequent requests to the <em>same origin</em> to
    also ignore
    cert verification, regardless of the value of <code>verify</code>.
    (<a
    href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li>
    </ul>
    <p><strong>Improvements</strong></p>
    <ul>
    <li><code>verify=True</code> now reuses a global SSLContext which should
    improve
    request time variance between first and subsequent requests. It should
    also minimize certificate load time on Windows systems when using a
    Python
    version built with OpenSSL 3.x. (<a
    href="https://github.com/psf/requests/issues/6667">#6667</a>)</li>
    <li>Requests now supports optional use of character detection
    (<code>chardet</code> or <code>charset_normalizer</code>) when
    repackaged or vendored.
    This enables <code>pip</code> and other projects to minimize their
    vendoring
    surface area. The <code>Response.text()</code> and
    <code>apparent_encoding</code> APIs
    will default to <code>utf-8</code> if neither library is present. (<a
    href="https://github.com/psf/requests/issues/6702">#6702</a>)</li>
    </ul>
    <p><strong>Bugfixes</strong></p>
    <ul>
    <li>Fixed bug in length detection where emoji length was incorrectly
    calculated in the request content-length. (<a
    href="https://github.com/psf/requests/issues/6589">#6589</a>)</li>
    <li>Fixed deserialization bug in JSONDecodeError. (<a
    href="https://github.com/psf/requests/issues/6629">#6629</a>)</li>
    <li>Fixed bug where an extra leading <code>/</code> (path separator)
    could lead
    urllib3 to unnecessarily reparse the request URI. (<a
    href="https://github.com/psf/requests/issues/6644">#6644</a>)</li>
    </ul>
    <p><strong>Deprecations</strong></p>
    <ul>
    <li>Requests has officially added support for CPython 3.12 (<a
    href="https://github.com/psf/requests/issues/6503">#6503</a>)</li>
    <li>Requests has officially added support for PyPy 3.9 and 3.10 (<a
    href="https://github.com/psf/requests/issues/6641">#6641</a>)</li>
    <li>Requests has officially dropped support for CPython 3.7 (<a
    href="https://github.com/psf/requests/issues/6642">#6642</a>)</li>
    <li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a
    href="https://github.com/psf/requests/issues/6641">#6641</a>)</li>
    </ul>
    <p><strong>Documentation</strong></p>
    <ul>
    <li>Various typo fixes and doc improvements.</li>
    </ul>
    <p><strong>Packaging</strong></p>
    <ul>
    <li>Requests has started adopting some modern packaging practices.
    The source files for the projects (formerly <code>requests</code>) is
    now located
    in <code>src/requests</code> in the Requests sdist. (<a
    href="https://github.com/psf/requests/issues/6506">#6506</a>)</li>
    <li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517
    build system
    using <code>hatchling</code>. This should not impact the average user,
    but extremely old
    versions of packaging utilities may have issues with the new packaging
    format.</li>
    </ul>
    <h2>New Contributors</h2>
    <ul>
    <li><a
    href="https://github.com/matthewarmand"><code>@​matthewarmand</code></a>
    made their first contribution in <a
    href="https://github.com/psf/requests/pull/6258">psf/requests#6258</a></li>
    <li><a href="https://github.com/cpzt"><code>@​cpzt</code></a> made their
    first contribution in <a
    href="https://github.com/psf/requests/pull/6456">psf/requests#6456</a></li>
    </ul>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
    changelog</a>.</em></p>
    <blockquote>
    <h2>2.32.0 (2024-05-20)</h2>
    <p><strong>Security</strong></p>
    <ul>
    <li>Fixed an issue where setting <code>verify=False</code> on the first
    request from a
    Session will cause subsequent requests to the <em>same origin</em> to
    also ignore
    cert verification, regardless of the value of <code>verify</code>.
    (<a
    href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li>
    </ul>
    <p><strong>Improvements</strong></p>
    <ul>
    <li><code>verify=True</code> now reuses a global SSLContext which should
    improve
    request time variance between first and subsequent requests. It should
    also minimize certificate load time on Windows systems when using a
    Python
    version built with OpenSSL 3.x. (<a
    href="https://github.com/psf/requests/issues/6667">#6667</a>)</li>
    <li>Requests now supports optional use of character detection
    (<code>chardet</code> or <code>charset_normalizer</code>) when
    repackaged or vendored.
    This enables <code>pip</code> and other projects to minimize their
    vendoring
    surface area. The <code>Response.text()</code> and
    <code>apparent_encoding</code> APIs
    will default to <code>utf-8</code> if neither library is present. (<a
    href="https://github.com/psf/requests/issues/6702">#6702</a>)</li>
    </ul>
    <p><strong>Bugfixes</strong></p>
    <ul>
    <li>Fixed bug in length detection where emoji length was incorrectly
    calculated in the request content-length. (<a
    href="https://github.com/psf/requests/issues/6589">#6589</a>)</li>
    <li>Fixed deserialization bug in JSONDecodeError. (<a
    href="https://github.com/psf/requests/issues/6629">#6629</a>)</li>
    <li>Fixed bug where an extra leading <code>/</code> (path separator)
    could lead
    urllib3 to unnecessarily reparse the request URI. (<a
    href="https://github.com/psf/requests/issues/6644">#6644</a>)</li>
    </ul>
    <p><strong>Deprecations</strong></p>
    <ul>
    <li>Requests has officially added support for CPython 3.12 (<a
    href="https://github.com/psf/requests/issues/6503">#6503</a>)</li>
    <li>Requests has officially added support for PyPy 3.9 and 3.10 (<a
    href="https://github.com/psf/requests/issues/6641">#6641</a>)</li>
    <li>Requests has officially dropped support for CPython 3.7 (<a
    href="https://github.com/psf/requests/issues/6642">#6642</a>)</li>
    <li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a
    href="https://github.com/psf/requests/issues/6641">#6641</a>)</li>
    </ul>
    <p><strong>Documentation</strong></p>
    <ul>
    <li>Various typo fixes and doc improvements.</li>
    </ul>
    <p><strong>Packaging</strong></p>
    <ul>
    <li>Requests has started adopting some modern packaging practices.
    The source files for the projects (formerly <code>requests</code>) is
    now located
    in <code>src/requests</code> in the Requests sdist. (<a
    href="https://github.com/psf/requests/issues/6506">#6506</a>)</li>
    <li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517
    build system
    using <code>hatchling</code>. This should not impact the average user,
    but extremely old
    versions of packaging utilities may have issues with the new packaging
    format.</li>
    </ul>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/psf/requests/commit/d6ebc4a2f1f68b7e355fb7e4dd5ffc0845547f9f"><code>d6ebc4a</code></a>
    v2.32.0</li>
    <li><a
    href="https://github.com/psf/requests/commit/9a40d1277807f0a4f26c9a37eea8ec90faa8aadc"><code>9a40d12</code></a>
    Avoid reloading root certificates to improve concurrent performance (<a
    href="https://github.com/psf/requests/issues/6667">#6667</a>)</li>
    <li><a
    href="https://github.com/psf/requests/commit/0c030f78d24f29a459dbf39b28b4cc765e2153d7"><code>0c030f7</code></a>
    Merge pull request <a
    href="https://github.com/psf/requests/issues/6702">#6702</a>
    from nateprewitt/no_char_detection</li>
    <li><a
    href="https://github.com/psf/requests/commit/555b870eb19d497ddb67042645420083ec8efb02"><code>555b870</code></a>
    Allow character detection dependencies to be optional in post-packaging
    steps</li>
    <li><a
    href="https://github.com/psf/requests/commit/d6dded3f00afcf56a7e866cb0732799045301eb0"><code>d6dded3</code></a>
    Merge pull request <a
    href="https://github.com/psf/requests/issues/6700">#6700</a>
    from franekmagiera/update-redirect-to-invalid-uri-test</li>
    <li><a
    href="https://github.com/psf/requests/commit/bf24b7d8d17da34be720c19e5978b2d3bf94a53b"><code>bf24b7d</code></a>
    Use an invalid URI that will not cause httpbin to throw 500</li>
    <li><a
    href="https://github.com/psf/requests/commit/2d5f54779ad174035c5437b3b3c1146b0eaf60fe"><code>2d5f547</code></a>
    Pin 3.8 and 3.9 runners back to macos-13 (<a
    href="https://github.com/psf/requests/issues/6688">#6688</a>)</li>
    <li><a
    href="https://github.com/psf/requests/commit/f1bb07d39b74d6444e333879f8b8a3d9dd4d2311"><code>f1bb07d</code></a>
    Merge pull request <a
    href="https://github.com/psf/requests/issues/6687">#6687</a>
    from psf/dependabot/github_actions/github/codeql-act...</li>
    <li><a
    href="https://github.com/psf/requests/commit/60047ade64b0b882cbc94e047198818ab580911e"><code>60047ad</code></a>
    Bump github/codeql-action from 3.24.0 to 3.25.0</li>
    <li><a
    href="https://github.com/psf/requests/commit/31ebb8102c00f8cf8b396a6356743cca4362e07b"><code>31ebb81</code></a>
    Merge pull request <a
    href="https://github.com/psf/requests/issues/6682">#6682</a>
    from frenzymadness/pytest8</li>
    <li>Additional commits viewable in <a
    href="https://github.com/psf/requests/compare/v2.31.0...v2.32.0">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.31.0&new-version=2.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts
    page](https://github.com/sixfeetup/scaf/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jul 15, 2024
    Copy the full SHA
    2a77c8f View commit details

Commits on Jul 19, 2024

  1. build(deps): bump idna from 3.3 to 3.7 (#215)

    Bumps [idna](https://github.com/kjd/idna) from 3.3 to 3.7.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/kjd/idna/releases">idna's
    releases</a>.</em></p>
    <blockquote>
    <h2>v3.7</h2>
    <h2>What's Changed</h2>
    <ul>
    <li>Fix issue where specially crafted inputs to encode() could take
    exceptionally long amount of time to process. [CVE-2024-3651]</li>
    </ul>
    <p>Thanks to Guido Vranken for reporting the issue.</p>
    <p><strong>Full Changelog</strong>: <a
    href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a></p>
    </blockquote>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's
    changelog</a>.</em></p>
    <blockquote>
    <p>3.7 (2024-04-11)
    ++++++++++++++++</p>
    <ul>
    <li>Fix issue where specially crafted inputs to encode() could
    take exceptionally long amount of time to process. [CVE-2024-3651]</li>
    </ul>
    <p>Thanks to Guido Vranken for reporting the issue.</p>
    <p>3.6 (2023-11-25)
    ++++++++++++++++</p>
    <ul>
    <li>Fix regression to include tests in source distribution.</li>
    </ul>
    <p>3.5 (2023-11-24)
    ++++++++++++++++</p>
    <ul>
    <li>Update to Unicode 15.1.0</li>
    <li>String codec name is now &quot;idna2008&quot; as overriding the
    system codec
    &quot;idna&quot; was not working.</li>
    <li>Fix typing error for codec encoding</li>
    <li>&quot;setup.cfg&quot; has been added for this release due to some
    downstream
    lack of adherence to PEP 517. Should be removed in a future release
    so please prepare accordingly.</li>
    <li>Removed reliance on a symlink for the &quot;idna-data&quot; tool to
    comport
    with PEP 517 and the Python Packaging User Guide for sdist
    archives.</li>
    <li>Added security reporting protocol for project</li>
    </ul>
    <p>Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for
    contributions
    to this release.</p>
    <p>3.4 (2022-09-14)
    ++++++++++++++++</p>
    <ul>
    <li>Update to Unicode 15.0.0</li>
    <li>Migrate to pyproject.toml for build information (PEP 621)</li>
    <li>Correct another instance where generic exception was raised instead
    of
    IDNAError for malformed input</li>
    <li>Source distribution uses zeroized file ownership for improved
    reproducibility</li>
    </ul>
    <p>Thanks to Seth Michael Larson for contributions to this release.</p>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a>
    Release v3.7</li>
    <li><a
    href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a>
    Merge pull request <a
    href="https://github.com/kjd/idna/issues/172">#172</a> from
    kjd/optimize-contextj</li>
    <li><a
    href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a>
    Merge branch 'master' into optimize-contextj</li>
    <li><a
    href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a>
    Merge pull request <a
    href="https://github.com/kjd/idna/issues/152">#152</a> from
    elliotwutingfeng/dev</li>
    <li><a
    href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a>
    More efficient resolution of joiner contexts</li>
    <li><a
    href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a>
    Update ossf/scorecard-action to v2.3.1</li>
    <li><a
    href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a>
    Update Github actions/checkout to v4</li>
    <li><a
    href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a>
    Merge branch 'master' into dev</li>
    <li><a
    href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a>
    Fix typo in GitHub Actions workflow key</li>
    <li><a
    href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a>
    Merge branch 'master' into dev</li>
    <li>Additional commits viewable in <a
    href="https://github.com/kjd/idna/compare/v3.3...v3.7">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=3.3&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts
    page](https://github.com/sixfeetup/scaf/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jul 19, 2024
    Copy the full SHA
    5f867e6 View commit details
  2. build(deps): bump black from 22.1.0 to 24.3.0 (#191)

    Bumps [black](https://github.com/psf/black) from 22.1.0 to 24.3.0.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/psf/black/releases">black's
    releases</a>.</em></p>
    <blockquote>
    <h2>24.3.0</h2>
    <h3>Highlights</h3>
    <p>This release is a milestone: it fixes Black's first CVE security
    vulnerability. If you
    run Black on untrusted input, or if you habitually put thousands of
    leading tab
    characters in your docstrings, you are strongly encouraged to upgrade
    immediately to fix
    <a
    href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
    <p>This release also fixes a bug in Black's AST safety check that
    allowed Black to make
    incorrect changes to certain f-strings that are valid in Python 3.12 and
    higher.</p>
    <h3>Stable style</h3>
    <ul>
    <li>Don't move comments along with delimiters, which could cause crashes
    (<a
    href="https://github.com/psf/black/issues/4248">#4248</a>)</li>
    <li>Strengthen AST safety check to catch more unsafe changes to strings.
    Previous versions
    of Black would incorrectly format the contents of certain unusual
    f-strings containing
    nested strings with the same quote type. Now, Black will crash on such
    strings until
    support for the new f-string syntax is implemented. (<a
    href="https://github.com/psf/black/issues/4270">#4270</a>)</li>
    <li>Fix a bug where line-ranges exceeding the last code line would not
    work as expected
    (<a
    href="https://github.com/psf/black/issues/4273">#4273</a>)</li>
    </ul>
    <h3>Performance</h3>
    <ul>
    <li>Fix catastrophic performance on docstrings that contain large
    numbers of leading tab
    characters. This fixes
    <a
    href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
    (<a
    href="https://github.com/psf/black/issues/4278">#4278</a>)</li>
    </ul>
    <h3>Documentation</h3>
    <ul>
    <li>Note what happens when <code>--check</code> is used with
    <code>--quiet</code> (<a
    href="https://github.com/psf/black/issues/4236">#4236</a>)</li>
    </ul>
    <h2>24.2.0</h2>
    <h3>Stable style</h3>
    <ul>
    <li>Fixed a bug where comments where mistakenly removed along with
    redundant parentheses
    (<a
    href="https://github.com/psf/black/issues/4218">#4218</a>)</li>
    </ul>
    <h3>Preview style</h3>
    <ul>
    <li>Move the <code>hug_parens_with_braces_and_square_brackets</code>
    feature to the unstable style
    due to an outstanding crash and proposed formatting tweaks (<a
    href="https://github.com/psf/black/issues/4198">#4198</a>)</li>
    <li>Fixed a bug where base expressions caused inconsistent formatting of
    ** in tenary
    expression (<a
    href="https://github.com/psf/black/issues/4154">#4154</a>)</li>
    <li>Checking for newline before adding one on docstring that is almost
    at the line limit
    (<a
    href="https://github.com/psf/black/issues/4185">#4185</a>)</li>
    <li>Remove redundant parentheses in <code>case</code> statement
    <code>if</code> guards (<a
    href="https://github.com/psf/black/issues/4214">#4214</a>).</li>
    </ul>
    <h3>Configuration</h3>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/psf/black/blob/main/CHANGES.md">black's
    changelog</a>.</em></p>
    <blockquote>
    <h2>24.3.0</h2>
    <h3>Highlights</h3>
    <p>This release is a milestone: it fixes Black's first CVE security
    vulnerability. If you
    run Black on untrusted input, or if you habitually put thousands of
    leading tab
    characters in your docstrings, you are strongly encouraged to upgrade
    immediately to fix
    <a
    href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
    <p>This release also fixes a bug in Black's AST safety check that
    allowed Black to make
    incorrect changes to certain f-strings that are valid in Python 3.12 and
    higher.</p>
    <h3>Stable style</h3>
    <ul>
    <li>Don't move comments along with delimiters, which could cause crashes
    (<a
    href="https://github.com/psf/black/issues/4248">#4248</a>)</li>
    <li>Strengthen AST safety check to catch more unsafe changes to strings.
    Previous versions
    of Black would incorrectly format the contents of certain unusual
    f-strings containing
    nested strings with the same quote type. Now, Black will crash on such
    strings until
    support for the new f-string syntax is implemented. (<a
    href="https://github.com/psf/black/issues/4270">#4270</a>)</li>
    <li>Fix a bug where line-ranges exceeding the last code line would not
    work as expected
    (<a
    href="https://github.com/psf/black/issues/4273">#4273</a>)</li>
    </ul>
    <h3>Performance</h3>
    <ul>
    <li>Fix catastrophic performance on docstrings that contain large
    numbers of leading tab
    characters. This fixes
    <a
    href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
    (<a
    href="https://github.com/psf/black/issues/4278">#4278</a>)</li>
    </ul>
    <h3>Documentation</h3>
    <ul>
    <li>Note what happens when <code>--check</code> is used with
    <code>--quiet</code> (<a
    href="https://github.com/psf/black/issues/4236">#4236</a>)</li>
    </ul>
    <h2>24.2.0</h2>
    <h3>Stable style</h3>
    <ul>
    <li>Fixed a bug where comments where mistakenly removed along with
    redundant parentheses
    (<a
    href="https://github.com/psf/black/issues/4218">#4218</a>)</li>
    </ul>
    <h3>Preview style</h3>
    <ul>
    <li>Move the <code>hug_parens_with_braces_and_square_brackets</code>
    feature to the unstable style
    due to an outstanding crash and proposed formatting tweaks (<a
    href="https://github.com/psf/black/issues/4198">#4198</a>)</li>
    <li>Fixed a bug where base expressions caused inconsistent formatting of
    ** in tenary
    expression (<a
    href="https://github.com/psf/black/issues/4154">#4154</a>)</li>
    <li>Checking for newline before adding one on docstring that is almost
    at the line limit
    (<a
    href="https://github.com/psf/black/issues/4185">#4185</a>)</li>
    <li>Remove redundant parentheses in <code>case</code> statement
    <code>if</code> guards (<a
    href="https://github.com/psf/black/issues/4214">#4214</a>).</li>
    </ul>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/psf/black/commit/552baf822992936134cbd31a38f69c8cfe7c0f05"><code>552baf8</code></a>
    Prepare release 24.3.0 (<a
    href="https://github.com/psf/black/issues/4279">#4279</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8"><code>f000936</code></a>
    Fix catastrophic performance in lines_with_leading_tabs_expanded() (<a
    href="https://github.com/psf/black/issues/4278">#4278</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/7b5a657285f38126bf28483478bbd9ea928077ec"><code>7b5a657</code></a>
    Fix --line-ranges behavior when ranges are at EOF (<a
    href="https://github.com/psf/black/issues/4273">#4273</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/1abcffc81816257985678f08c61584ed4287f22a"><code>1abcffc</code></a>
    Use regex where we ignore case on windows (<a
    href="https://github.com/psf/black/issues/4252">#4252</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/719e67462c80574c81a96faa144886de6da84489"><code>719e674</code></a>
    Fix 4227: Improve documentation for --quiet --check (<a
    href="https://github.com/psf/black/issues/4236">#4236</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/e5510afc06cd238cd0cba4095283943a870a7e7b"><code>e5510af</code></a>
    update plugin url for Thonny (<a
    href="https://github.com/psf/black/issues/4259">#4259</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/6af7d1109693c4ad3af08ecbc34649c232b47a6d"><code>6af7d11</code></a>
    Fix AST safety check false negative (<a
    href="https://github.com/psf/black/issues/4270">#4270</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/f03ee113c9f3dfeb477f2d4247bfb7de2e5f465c"><code>f03ee11</code></a>
    Ensure <code>blib2to3.pygram</code> is initialized before use (<a
    href="https://github.com/psf/black/issues/4224">#4224</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/e4bfedbec2e8b10cc6b7b31442478f05db0ce06d"><code>e4bfedb</code></a>
    fix: Don't move comments while splitting delimiters (<a
    href="https://github.com/psf/black/issues/4248">#4248</a>)</li>
    <li><a
    href="https://github.com/psf/black/commit/d0287e1f7558d97e6c0ebd6dc5bcb5b970e2bf8c"><code>d0287e1</code></a>
    Make trailing comma logic more concise (<a
    href="https://github.com/psf/black/issues/4202">#4202</a>)</li>
    <li>Additional commits viewable in <a
    href="https://github.com/psf/black/compare/22.1.0...24.3.0">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=black&package-manager=pip&previous-version=22.1.0&new-version=24.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts
    page](https://github.com/sixfeetup/scaf/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jul 19, 2024
    Copy the full SHA
    dd959a6 View commit details
  3. build(deps): bump cookiecutter from 1.7.3 to 2.1.1 (#172)

    Bumps [cookiecutter](https://github.com/cookiecutter/cookiecutter) from
    1.7.3 to 2.1.1.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/cookiecutter/cookiecutter/releases">cookiecutter's
    releases</a>.</em></p>
    <blockquote>
    <h2>2.1.1</h2>
    <h2>Documentation updates</h2>
    <ul>
    <li>Fix local extensions documentation (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1686">#1686</a>)
    <a href="https://github.com/alkatar21"><code>@​alkatar21</code></a></li>
    </ul>
    <h2>Bugfixes</h2>
    <ul>
    <li>Sanitize Mercurial branch information before checkout. (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1689">#1689</a>)
    <a href="https://github.com/ericof"><code>@​ericof</code></a></li>
    </ul>
    <h2>This release is made by wonderful contributors:</h2>
    <p><a href="https://github.com/alkatar21"><code>@​alkatar21</code></a>,
    <a href="https://github.com/ericof"><code>@​ericof</code></a> and <a
    href="https://github.com/jensens"><code>@​jensens</code></a></p>
    <h2>2.1.0</h2>
    <h2>Preamble</h2>
    <p>This release log lists all changes from 1.7.3 to this release.
    It includes the log of the 2.0.x releases, which were never published on
    PyPI.
    Because of that it might look a bit blurry.</p>
    <p>We release the current stable state of the project, knowing there are
    a bunch of open pull requests.
    Those will be reviewed by the core-committers and merged or dropped.</p>
    <p>Future releases will happen more frequently. Stay tuned.</p>
    <p>Fetch fresh from PyPI <a
    href="https://pypi.org/project/cookiecutter/2.1.0/">https://pypi.org/project/cookiecutter/2.1.0/</a></p>
    <h2>Changes</h2>
    <ul>
    <li>Move contributors and backers to credits section (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1599">#1599</a>)
    <a href="https://github.com/doobrie"><code>@​doobrie</code></a></li>
    <li>test_generate_file_verbose_template_syntax_error fixed (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1671">#1671</a>)
    <a
    href="https://github.com/MaciejPatro"><code>@​MaciejPatro</code></a></li>
    <li>Removed changes related to setuptools_scm (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1629">#1629</a>)
    <a href="https://github.com/ozer550"><code>@​ozer550</code></a></li>
    <li>Release 2.0.1 (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1620">#1620</a>)
    <a
    href="https://github.com/audreyfeldroy"><code>@​audreyfeldroy</code></a></li>
    </ul>
    <h2>Breaking Changes</h2>
    <ul>
    <li>Release preparation for 2.0.1rc1 (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1608">#1608</a>)
    <a
    href="https://github.com/audreyfeldroy"><code>@​audreyfeldroy</code></a></li>
    <li>Replace poyo with pyyaml. (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1489">#1489</a>)
    <a href="https://github.com/dHannasch"><code>@​dHannasch</code></a></li>
    <li>Added: Path templates will be rendered when copy_without_render used
    (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/839">#839</a>)
    <a
    href="https://github.com/noirbizarre"><code>@​noirbizarre</code></a></li>
    <li>Added: End of line detection and configuration. (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1407">#1407</a>)
    <a href="https://github.com/insspb"><code>@​insspb</code></a></li>
    <li>Remove support for python2.7 (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1386">#1386</a>)
    <a href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a></li>
    </ul>
    <h2>Minor Changes</h2>
    <ul>
    <li>Documentation overhaul (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1677">#1677</a>)
    <a href="https://github.com/jensens"><code>@​jensens</code></a></li>
    <li>Feature/local extensions (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1240">#1240</a>)
    <a
    href="https://github.com/mwesterhof"><code>@​mwesterhof</code></a></li>
    <li>Adopt setuptools-scm packaging (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1577">#1577</a>)
    <a href="https://github.com/ssbarnea"><code>@​ssbarnea</code></a></li>
    <li>Log the error message when git clone fails, not just the return code
    (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1505">#1505</a>)
    <a href="https://github.com/logworthy"><code>@​logworthy</code></a></li>
    <li>allow jinja 3.0.0 (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1548">#1548</a>)
    <a href="https://github.com/wouterdb"><code>@​wouterdb</code></a></li>
    <li>Added uuid extension to be able to generate uuids (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1493">#1493</a>)
    <a href="https://github.com/jonaswre"><code>@​jonaswre</code></a></li>
    </ul>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/cookiecutter/cookiecutter/blob/main/HISTORY.md">cookiecutter's
    changelog</a>.</em></p>
    <blockquote>
    <h2>2.1.1 (2022-06-01)</h2>
    <h3>Documentation updates</h3>
    <ul>
    <li>Fix local extensions documentation (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1686">#1686</a>)
    <a href="https://github.com/alkatar21"><code>@​alkatar21</code></a></li>
    </ul>
    <h3>Bugfixes</h3>
    <ul>
    <li>Sanitize Mercurial branch information before checkout. (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1689">#1689</a>)
    <a href="https://github.com/ericof"><code>@​ericof</code></a></li>
    </ul>
    <h3>This release is made by wonderfull contributors:</h3>
    <p><a href="https://github.com/alkatar21"><code>@​alkatar21</code></a>,
    <a href="https://github.com/ericof"><code>@​ericof</code></a> and <a
    href="https://github.com/jensens"><code>@​jensens</code></a></p>
    <h2>2.1.0 (2022-05-30)</h2>
    <h3>Changes</h3>
    <ul>
    <li>Move contributors and backers to credits section (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1599">#1599</a>)
    <a href="https://github.com/doobrie"><code>@​doobrie</code></a></li>
    <li>test_generate_file_verbose_template_syntax_error fixed (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1671">#1671</a>)
    <a
    href="https://github.com/MaciejPatro"><code>@​MaciejPatro</code></a></li>
    <li>Removed changes related to setuptools_scm (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1629">#1629</a>)
    <a href="https://github.com/ozer550"><code>@​ozer550</code></a></li>
    <li>Feature/local extensions (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1240">#1240</a>)
    <a
    href="https://github.com/mwesterhof"><code>@​mwesterhof</code></a></li>
    </ul>
    <h3>CI/CD and QA changes</h3>
    <ul>
    <li>Check manifest: pre-commit, fixes, cleaning (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1683">#1683</a>)
    <a href="https://github.com/jensens"><code>@​jensens</code></a></li>
    <li>Follow PyPA guide to release package using GitHub Actions. (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1682">#1682</a>)
    <a href="https://github.com/ericof"><code>@​ericof</code></a></li>
    </ul>
    <h3>Documentation updates</h3>
    <ul>
    <li>Fix typo in dict_variables.rst (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1680">#1680</a>)
    <a href="https://github.com/ericof"><code>@​ericof</code></a></li>
    <li>Documentation overhaul (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1677">#1677</a>)
    <a href="https://github.com/jensens"><code>@​jensens</code></a></li>
    <li>Fixed incorrect link on docs. (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1649">#1649</a>)
    <a href="https://github.com/luzfcb"><code>@​luzfcb</code></a></li>
    </ul>
    <h3>Bugfixes</h3>
    <ul>
    <li>Restore accidentally deleted support for click 8.x (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1643">#1643</a>)
    <a href="https://github.com/jaklan"><code>@​jaklan</code></a></li>
    </ul>
    <h3>This release was made possible by our wonderful contributors:</h3>
    <p><a href="https://github.com/doobrie"><code>@​doobrie</code></a>, <a
    href="https://github.com/jensens"><code>@​jensens</code></a>, <a
    href="https://github.com/ericof"><code>@​ericof</code></a>, <a
    href="https://github.com/luzfcb"><code>@​luzfcb</code></a></p>
    <h2>2.0.2 (2021-12-27)</h2>
    <p><em>Remark: This release never made it to official PyPI</em></p>
    <ul>
    <li>Fix Python version number in cookiecutter --version and test on
    Python 3.10 (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1621">#1621</a>)
    <a href="https://github.com/ozer550"><code>@​ozer550</code></a></li>
    <li>Removed changes related to setuptools_scm (<a
    href="https://github.com/cookiecutter/cookiecutter/issues/1629">#1629</a>)
    <a
    href="https://github.com/audreyfeldroy"><code>@​audreyfeldroy</code></a>
    <a href="https://github.com/ozer550"><code>@​ozer550</code></a></li>
    </ul>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/f9376a96097086476ce9eb0b93297a471ae520e0"><code>f9376a9</code></a>
    Prepare release 2.1.1</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77"><code>fdffddb</code></a>
    Merge pull request <a
    href="https://github.com/cookiecutter/cookiecutter/issues/1689">#1689</a>
    from cookiecutter/sanitize-mercurial-checkout</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/85a7884f11a5200535706a6c5d31a9acbdadae1a"><code>85a7884</code></a>
    Lint fixes</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/e26c46582cd9033dcea318f1c29a1f06fb74f456"><code>e26c465</code></a>
    Sanitize Mercurial branch information before checkout.</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/94036d0324d09cd6a4eb5e2a5707062c1e409cd1"><code>94036d0</code></a>
    Merge pull request <a
    href="https://github.com/cookiecutter/cookiecutter/issues/1687">#1687</a>
    from cookiecutter/bump-version-back-to-dev</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/70b2ee2a3521ea71634269e72f3d3f701c51cb7d"><code>70b2ee2</code></a>
    Merge pull request <a
    href="https://github.com/cookiecutter/cookiecutter/issues/1686">#1686</a>
    from alkatar21/patch-1</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/8b33e96c94ac75277e8f67cc1a71d90f488b5edb"><code>8b33e96</code></a>
    Bump version to 2.1.1.dev0</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/58d716f51fda78ec793975eea5876691aa576b2c"><code>58d716f</code></a>
    [Docs] Fix local extensions documentation</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/f601b710324fd9d0255e790121dba8f74cb6e423"><code>f601b71</code></a>
    Merge pull request <a
    href="https://github.com/cookiecutter/cookiecutter/issues/1684">#1684</a>
    from cookiecutter/bump-release-2.1.0</li>
    <li><a
    href="https://github.com/cookiecutter/cookiecutter/commit/96c68260eac572505f33381e627ad42b61aef357"><code>96c6826</code></a>
    bump version and edit historie</li>
    <li>Additional commits viewable in <a
    href="https://github.com/cookiecutter/cookiecutter/compare/1.7.3...2.1.1">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cookiecutter&package-manager=pip&previous-version=1.7.3&new-version=2.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts
    page](https://github.com/sixfeetup/scaf/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Muhammad Umar <38706423+muhumar@users.noreply.github.com>
    dependabot[bot] and muhumar authored Jul 19, 2024
    Copy the full SHA
    825b68c View commit details
  4. chore(deps): bump jinja2 from 3.1.3 to 3.1.4 (#225)

    Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/pallets/jinja/releases">jinja2's
    releases</a>.</em></p>
    <blockquote>
    <h2>3.1.4</h2>
    <p>This is the Jinja 3.1.4 security release, which fixes security issues
    and bugs but does not otherwise change behavior and should not result in
    breaking changes.</p>
    <p>PyPI: <a
    href="https://pypi.org/project/Jinja2/3.1.4/">https://pypi.org/project/Jinja2/3.1.4/</a>
    Changes: <a
    href="https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4">https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4</a></p>
    <ul>
    <li>The <code>xmlattr</code> filter does not allow keys with
    <code>/</code> solidus, <code>&gt;</code> greater-than sign, or
    <code>=</code> equals sign, in addition to disallowing spaces.
    Regardless of any validation done by Jinja, user input should never be
    used as keys to this filter, or must be separately validated first.
    GHSA-h75v-3vvj-5mfj</li>
    </ul>
    </blockquote>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's
    changelog</a>.</em></p>
    <blockquote>
    <h2>Version 3.1.4</h2>
    <p>Released 2024-05-05</p>
    <ul>
    <li>The <code>xmlattr</code> filter does not allow keys with
    <code>/</code> solidus, <code>&gt;</code>
    greater-than sign, or <code>=</code> equals sign, in addition to
    disallowing spaces.
    Regardless of any validation done by Jinja, user input should never be
    used
    as keys to this filter, or must be separately validated first.
    :ghsa:<code>h75v-3vvj-5mfj</code></li>
    </ul>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    href="https://github.com/pallets/jinja/commit/dd4a8b5466d8790540c181590b14db4d4d889d57"><code>dd4a8b5</code></a>
    release version 3.1.4</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb"><code>0668239</code></a>
    Merge pull request from GHSA-h75v-3vvj-5mfj</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d"><code>d655030</code></a>
    disallow invalid characters in keys to xmlattr filter</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/a7863ba9d3521f1450f821119c50d19d7ecea329"><code>a7863ba</code></a>
    add ghsa links</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/b5c98e78c2ee7d2bf0aa06d29ed9bf7082de9cf4"><code>b5c98e7</code></a>
    start version 3.1.4</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/da3a9f0b804199845fcb76f2e08748bdaeba93ee"><code>da3a9f0</code></a>
    update project files (<a
    href="https://github.com/pallets/jinja/issues/1968">#1968</a>)</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/0ee5eb41d1a2d7d9a05a02dc26dd70e63aaaeeb1"><code>0ee5eb4</code></a>
    satisfy formatter, linter, and strict mypy</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/20477c63575175196bfc8103f223cc9f5642595d"><code>20477c6</code></a>
    update project files (<a
    href="https://github.com/pallets/jinja/issues/5457">#5457</a>)</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/e491223739dedbb1f4fc6a71340c1484e149d947"><code>e491223</code></a>
    update pyyaml dev dependency</li>
    <li><a
    href="https://github.com/pallets/jinja/commit/36f98854c721f98ba103f97f65a8a098da5af0d7"><code>36f9885</code></a>
    fix pr link</li>
    <li>Additional commits viewable in <a
    href="https://github.com/pallets/jinja/compare/3.1.3...3.1.4">compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after
    your CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge
    and block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts
    page](https://github.com/sixfeetup/scaf/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jul 19, 2024
    Copy the full SHA
    776c6aa View commit details

Commits on Jul 23, 2024

  1. Copy the full SHA
    c2392cb View commit details
  2. chore(release): 1.9.0 [skip ci]

    ## [1.9.0](v1.8.1...v1.9.0) (2024-07-23)
    
    ### Features
    
    * added support for debuggers, with initial support for pycharm (close [#277](#277)) ([c2392cb](c2392cb))
    
    ### Documentation
    
    * Make the generated README more contributor oriented ([#230](#230)) ([3b3e63d](3b3e63d))
    semantic-release-bot committed Jul 23, 2024
    Copy the full SHA
    c80868f View commit details
Loading