Bump the pip group across 1 directory with 5 updates #6

dependabot · 2024-05-14T22:15:15Z

Bumps the pip group with 5 updates in the /blog/hn_scraper directory:

Package	From	To
scrapy	`0.24.5`	`2.11.2`
twisted	`15.1.0`	`23.10.0`
cryptography	`0.8.2`	`42.0.4`
lxml	`3.4.3`	`4.9.1`
pyopenssl	`0.15.1`	`17.5.0`

Updates scrapy from 0.24.5 to 2.11.2

Release notes

Sourced from scrapy's releases.

2.11.2

Mostly bug fixes, including security bug fixes.

See the full changelog.

2.11.1

Security bug fixes.

Support for Twisted >= 23.8.0.

Documentation improvements.

See the full changelog.

2.11.0

Spiders can now modify settings in their from_crawler methods, e.g. based on spider arguments.

Periodic logging of stats.

Bug fixes.

See the full changelog.

2.10.1

Marked Twisted >= 23.8.0 as unsupported.

2.10.0

Added Python 3.12 support, dropped Python 3.7 support.

The new add-ons framework simplifies configuring 3rd-party components that support it.

Exceptions to retry can now be configured.

Many fixes and improvements for feed exports.

See the full changelog.

2.9.0

Per-domain download settings.

Compatibility with new cryptography and new parsel.

JMESPath selectors from the new parsel.

Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older

Bug fixes

See the full changelog

2.7.0

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.11.2 (2024-05-14)

Security bug fixes


-   Redirects to non-HTTP protocols are no longer followed. Please, see the
    `23j4-mw76-5v7h security advisory`_ for more information. (:issue:`457`)
.. _23j4-mw76-5v7h security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h



The Authorization header is now dropped on redirects to a different
scheme (http:// or https://) or port, even if the domain is the
same. Please, see the 4qqq-9vqf-3h3f security advisory_ for more
information.
.. _4qqq-9vqf-3h3f security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f


When using system proxy settings that are different for http:// and
https://, redirects to a different URL scheme will now also trigger the
corresponding change in proxy settings for the redirected request. Please,
see the jm3v-qxmh-hxwv security advisory_ for more information.
(:issue:767)
.. _jm3v-qxmh-hxwv security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv


:attr:Spider.allowed_domains &lt;scrapy.Spider.allowed_domains&gt; is now
enforced for all requests, and not only requests from spider callbacks.
(:issue:1042, :issue:2241, :issue:6358)


:func:~scrapy.utils.iterators.xmliter_lxml no longer resolves XML
entities. (:issue:6265)


defusedxml_ is now used to make
:class:scrapy.http.request.rpc.XmlRpcRequest more secure.
(:issue:6250, :issue:6251)
.. _defusedxml: https://github.com/tiran/defusedxml


Bug fixes

-   Restored support for brotlipy_, which had been dropped in Scrapy 2.11.1 in
    favor of brotli_. (:issue:`6261`)
.. _brotli: https://github.com/google/brotli

.. note:: brotlipy is deprecated, both in Scrapy and upstream. Use brotli
    instead if you can.

&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/scrapy/scrapy/commit/e8cb5a03b382b98f2c8945355076390f708b918d&quot;&gt;&lt;code&gt;e8cb5a0&lt;/code&gt;&lt;/a> Bump version: 2.11.1 → 2.11.2</li>

<li><a href="https://github.com/scrapy/scrapy/commit/2c031f4061ae9bf486cc9e2a699355450638e8c2&quot;&gt;&lt;code&gt;2c031f4&lt;/code&gt;&lt;/a> Set the release date of 2.11.2</li>

<li><a href="https://github.com/scrapy/scrapy/commit/3ffa17c0204deb3bdf2c7c60f5a56c9f777698c6&quot;&gt;&lt;code&gt;3ffa17c&lt;/code&gt;&lt;/a> Use posargs for pypy3-pinned</li>

<li><a href="https://github.com/scrapy/scrapy/commit/c6a8f0e4d945622a7e71adf635e272b66eddbbd0&quot;&gt;&lt;code&gt;c6a8f0e&lt;/code&gt;&lt;/a> Update VERSION references</li>

<li><a href="https://github.com/scrapy/scrapy/commit/60d2577284128cd0cf4af54745730da4a9005177&quot;&gt;&lt;code&gt;60d2577&lt;/code&gt;&lt;/a> Merge remote-tracking branch '23j4/2.11.2-release-notes' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6&quot;&gt;&lt;code&gt;36287cb&lt;/code&gt;&lt;/a> Merge branch 'redirect-protocols' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/f138d5d1450ef38ee077c2472c136c70d8d673e8&quot;&gt;&lt;code&gt;f138d5d&lt;/code&gt;&lt;/a> Merge branch 'environ-proxy-protocol' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8&quot;&gt;&lt;code&gt;1d0502f&lt;/code&gt;&lt;/a> Merge branch 'advisory-fix' into 2.11</li>

<li><a href="https://github.com/scrapy/scrapy/commit/bb948af00babe545a7fb52700f4ba1424d206677&quot;&gt;&lt;code&gt;bb948af&lt;/code&gt;&lt;/a> Release notes for 2.11.2 (<a href="https://redirect.github.com/scrapy/scrapy/issues/6359&quot;&gt;#6359&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/scrapy/scrapy/commit/5ad9433dd59cd8436ce33bf2c44796516eef4c3c&quot;&gt;&lt;code&gt;5ad9433&lt;/code&gt;&lt;/a> Merge remote-tracking branch 'scrapy/2.11' into 2.11</li>

<li>Additional commits viewable in <a href="https://github.com/scrapy/scrapy/compare/0.24.5...2.11.2&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates twisted from 15.1.0 to 23.10.0

Release notes
Sourced from twisted's releases.

Twisted 23.10.0 (2023-10-31)
No changes since 23.10.0.rc1.
Features

twisted.python.filepath.FilePath and related classes (twisted.python.filepath.IFilepath, twisted.python.filepath.AbstractFilePath, twisted.python.zippath.ZipPath, and twisted.python.zippath.ZipArchive) now have type annotations.  Additionally, FilePath is now generic, describing its mode, so you can annotate variables as FilePath[str] or FilePath[bytes] depending on the types that you wish to get back from the 'path' attribute and related methods like 'basename'. (#11822)
When using CPython, functions wrapped by twisted.internet.defer.inlineCallbacks can have their arguments and return values freed immediately after completion (due to there no longer being circular references). (#11885)

Bugfixes

Fix TypeError on t.i.cfreactor due to 3.10 type annotation syntax (#11965)
Fix the type annotations of DeferredLock.run, DeferredSemaphore.run, maybeDeferred, ensureDeferred, inlineCallbacks and fromCoroutine that used to return Deferred[Any] to return the result of the passed Coroutine/Coroutine function (#11985)
Fixed significant performance overhead (CPU and bandwidth) when doing small writes to a TLS transport. Specifically, small writes to a TLS transport are now buffered until the next reactor iteration. (#11989)
fix mypy due to hypothesis 6.85 (#11995)

Improved Documentation

The search and version navigation for the documentation hosted on
Read The Docs was fixed.
This was a regression introduced with 23.8.0. (#12012)

Deprecations and Removals

Drop support for Python 3.7. Remove twisted[contextvars] extra (contextvars are always available in Python 3.7+) (#11913)

Misc

#5206, #11583, #11787, #11871, #11912, #11921, #11922, #11926, #11932, #11934, #11936, #11938, #11940, #11942, #11945, #11948, #11952, #11953, #11955, #11957, #11959, #11961, #11964, #11973, #11977, #11980, #11982, #11993, #11999, #12004, #12005, #12009

Conch
No significant changes.
Web


... (truncated)


Changelog
Sourced from twisted's changelog.

Twisted 23.10.0 (2023-10-31)
No changes since 23.10.0.rc1.
Features

twisted.python.filepath.FilePath and related classes (twisted.python.filepath.IFilepath, twisted.python.filepath.AbstractFilePath, twisted.python.zippath.ZipPath, and twisted.python.zippath.ZipArchive) now have type annotations.  Additionally, FilePath is now generic, describing its mode, so you can annotate variables as FilePath[str] or FilePath[bytes] depending on the types that you wish to get back from the 'path' attribute and related methods like 'basename'. (#11822)
When using CPython, functions wrapped by twisted.internet.defer.inlineCallbacks can have their arguments and return values freed immediately after completion (due to there no longer being circular references). (#11885)

Bugfixes

Fix TypeError on t.i.cfreactor due to 3.10 type annotation syntax (#11965)
Fix the type annotations of DeferredLock.run, DeferredSemaphore.run, maybeDeferred, ensureDeferred, inlineCallbacks and fromCoroutine that used to return Deferred[Any] to return the result of the passed Coroutine/Coroutine function (#11985)
Fixed significant performance overhead (CPU and bandwidth) when doing small writes to a TLS transport. Specifically, small writes to a TLS transport are now buffered until the next reactor iteration. (#11989)
fix mypy due to hypothesis 6.85 (#11995)

Improved Documentation

The search and version navigation for the documentation hosted on
Read The Docs was fixed.
This was a regression introduced with 23.8.0. (#12012)

Deprecations and Removals

Drop support for Python 3.7. Remove twisted[contextvars] extra (contextvars are always available in Python 3.7+) (#11913)

Misc

#5206, #11583, #11787, #11871, #11912, #11921, #11922, #11926, #11932, #11934, #11936, #11938, #11940, #11942, #11945, #11948, #11952, #11953, #11955, #11957, #11959, #11961, #11964, #11973, #11977, #11980, #11982, #11993, #11999, #12004, #12005, #12009

Conch
No significant changes.
Web


... (truncated)


Commits

f3f3389 python -m incremental.update Twisted --newversion
2d15c00 Add CVE id to bug.
61c46d4 tox -e towncrier
650c59d python -m incremental.update Twisted --rc
157cd8e #11985 fix DeferredLock.run/Semaphore.run/maybeDeferred/ensureDeferred/inline...
ed25d4a [pre-commit.ci] auto fixes from pre-commit.com hooks
5eb2078 Merge branch 'trunk' into fix-concurrency-primative-type
2df4c76 Update src/twisted/test/test_defer.py
105a9f5 #11989 Lots of small writes to the TLS transport use a lot of cpu (#11996)
524a2fa Fix lint
Additional commits viewable in compare view




Updates cryptography from 0.8.2 to 42.0.4

Changelog
Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15


Fixed an initialization issue that caused key loading failures for some
users.

.. _v42-0-2:
42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24


Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey
:meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in
:func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:
42.0.0 - 2024-01-22

</tr></table> 


... (truncated)


Commits

fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
Additional commits viewable in compare view




Updates lxml from 3.4.3 to 4.9.1

Changelog
Sourced from lxml's changelog.

4.9.1 (2022-07-01)
Bugs fixed

A crash was resolved when using iterwalk() (or canonicalize())
after parsing certain incorrect input.  Note that iterwalk() can crash
on valid input parsed with the same parser after failing to parse the
incorrect input.

4.9.0 (2022-06-01)
Bugs fixed

GH#341: The mixin inheritance order in lxml.html was corrected.
Patch by xmo-odoo.

Other changes


Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.


Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35
(libxml2 2.9.12+ and libxslt 1.1.34 on Windows).


GH#343: Windows-AArch64 build support in Visual Studio.
Patch by Steve Dower.


4.8.0 (2022-02-17)
Features added


GH#337: Path-like objects are now supported throughout the API instead of just strings.
Patch by Henning Janssen.


The ElementMaker now supports QName values as tags, which always override
the default namespace of the factory.


Bugs fixed

GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in
lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.



... (truncated)


Commits

d01872c Prevent parse failure in new test from leaking into later test runs.
d65e632 Prepare release of lxml 4.9.1.
86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
50c2764 Delete unused Travis CI config and reference in docs (GH-345)
8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
b9f7074 Remove debug print from test.
b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
853c9e9 Prepare release of 4.9.0.
d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
Additional commits viewable in compare view




Updates pyopenssl from 0.15.1 to 17.5.0

Changelog
Sourced from pyopenssl's changelog.

17.5.0 (2017-11-30)
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The minimum cryptography version is now 2.1.4.

Deprecations:
^^^^^^^^^^^^^
none
Changes:
^^^^^^^^

Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts.
[#723](https://github.com/pyca/pyopenssl/issues/723) <https://github.com/pyca/pyopenssl/pull/723>_
Added Connection.export_keying_material for RFC 5705 compatible export of keying material.
[#725](https://github.com/pyca/pyopenssl/issues/725) <https://github.com/pyca/pyopenssl/pull/725>_


17.4.0 (2017-11-21)
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
none
Deprecations:
^^^^^^^^^^^^^
none
Changes:
^^^^^^^^

Re-added a subset of the OpenSSL.rand module.
This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.



... (truncated)


Commits

d21fcd8 17.5.0 version bump (#726)
bdb7639 Export keying material support (#725)
e738186 fix a memory leak and a potential UAF and also #722 (#723)
f724786 Pin pytest until we drop 2.6 (#721)
736c621 define all to make wildcard import work (#719)
57051a5 reopen master (#718)
e61e202 Require urllib3 tests to pass; fixes #712 (#716)
5a3fb40 bump to 17.4.0 (#714)
acbd662 restore a subset of the rand module (#708)
4aa52c3 Don't use things after they're freed...duh (#709)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 5 updates in the /blog/hn_scraper directory: | Package | From | To | | --- | --- | --- | | [scrapy](https://github.com/scrapy/scrapy) | `0.24.5` | `2.11.2` | | [twisted](https://github.com/twisted/twisted) | `15.1.0` | `23.10.0` | | [cryptography](https://github.com/pyca/cryptography) | `0.8.2` | `42.0.4` | | [lxml](https://github.com/lxml/lxml) | `3.4.3` | `4.9.1` | | [pyopenssl](https://github.com/pyca/pyopenssl) | `0.15.1` | `17.5.0` | Updates `scrapy` from 0.24.5 to 2.11.2 - [Release notes](https://github.com/scrapy/scrapy/releases) - [Changelog](https://github.com/scrapy/scrapy/blob/master/docs/news.rst) - [Commits](scrapy/scrapy@0.24.5...2.11.2) Updates `twisted` from 15.1.0 to 23.10.0 - [Release notes](https://github.com/twisted/twisted/releases) - [Changelog](https://github.com/twisted/twisted/blob/trunk/NEWS.rst) - [Commits](twisted/twisted@twisted-15.1.0...twisted-23.10.0) Updates `cryptography` from 0.8.2 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@0.8.2...42.0.4) Updates `lxml` from 3.4.3 to 4.9.1 - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-3.4.3...lxml-4.9.1) Updates `pyopenssl` from 0.15.1 to 17.5.0 - [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst) - [Commits](pyca/pyopenssl@0.15.1...17.5.0) --- updated-dependencies: - dependency-name: scrapy dependency-type: direct:production dependency-group: pip - dependency-name: twisted dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-type: direct:production dependency-group: pip - dependency-name: lxml dependency-type: direct:production dependency-group: pip - dependency-name: pyopenssl dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label May 14, 2024

dependabot bot mentioned this pull request May 14, 2024

Bump the pip group across 1 directory with 5 updates #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directory with 5 updates #6

Bump the pip group across 1 directory with 5 updates #6

dependabot bot commented on behalf of github May 14, 2024

Twisted 23.10.0 (2023-10-31)

Features

Bugfixes

Improved Documentation

Deprecations and Removals

Misc

Conch

Web

Twisted 23.10.0 (2023-10-31)

Features

Bugfixes

Improved Documentation

Deprecations and Removals

Misc

Conch

Web

4.9.1 (2022-07-01)

Bugs fixed

4.9.0 (2022-06-01)

Bugs fixed

Other changes

4.8.0 (2022-02-17)

Features added

Bugs fixed

17.5.0 (2017-11-30)

17.4.0 (2017-11-21)

Bump the pip group across 1 directory with 5 updates #6

Are you sure you want to change the base?

Bump the pip group across 1 directory with 5 updates #6

Conversation

dependabot bot commented on behalf of github May 14, 2024

2.11.2

2.11.1

2.11.0

2.10.1

2.10.0

2.9.0

2.8.0

2.7.1

2.7.0

Scrapy 2.11.2 (2024-05-14)

Twisted 23.10.0 (2023-10-31)

Features

Bugfixes

Improved Documentation

Deprecations and Removals

Misc

Conch

Web

Twisted 23.10.0 (2023-10-31)

Features

Bugfixes

Improved Documentation

Deprecations and Removals

Misc

Conch

Web

4.9.1 (2022-07-01)

Bugs fixed

4.9.0 (2022-06-01)

Bugs fixed

Other changes

4.8.0 (2022-02-17)

Features added

Bugs fixed

17.5.0 (2017-11-30)

17.4.0 (2017-11-21)