From db09abf815a9c2d483ed156156fc0f87f78dd5fb Mon Sep 17 00:00:00 2001 From: lanery Date: Thu, 24 Apr 2025 13:40:30 -0700 Subject: [PATCH 1/2] Update h11 Fix for security alert: https://github.com/Arcadia-Science/ramanalysis/security/dependabot/7 --- poetry.lock | 34 +++++++++++++++------------------- pyproject.toml | 1 + 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/poetry.lock b/poetry.lock index b49fea9..e1d65f1 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1080,51 +1080,48 @@ sphinx-basic-ng = ">=1.0.0.beta2" [[package]] name = "h11" -version = "0.14.0" +version = "0.16.0" description = "A pure-Python, bring-your-own-I/O implementation of HTTP/1.1" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "h11-0.14.0-py3-none-any.whl", hash = "sha256:e3fe4ac4b851c468cc8363d500db52c2ead036020723024a109d37346efaa761"}, - {file = "h11-0.14.0.tar.gz", hash = "sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d"}, + {file = "h11-0.16.0-py3-none-any.whl", hash = "sha256:63cf8bbe7522de3bf65932fda1d9c2772064ffb3dae62d55932da54b31cb6c86"}, + {file = "h11-0.16.0.tar.gz", hash = "sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1"}, ] [[package]] name = "httpcore" -version = "1.0.6" +version = "0.13.2" description = "A minimal low-level HTTP client." optional = false -python-versions = ">=3.8" +python-versions = ">=3.6" files = [ - {file = "httpcore-1.0.6-py3-none-any.whl", hash = "sha256:27b59625743b85577a8c0e10e55b50b5368a4f2cfe8cc7bcfa9cf00829c2682f"}, - {file = "httpcore-1.0.6.tar.gz", hash = "sha256:73f6dbd6eb8c21bbf7ef8efad555481853f5f6acdeaff1edb0694289269ee17f"}, + {file = "httpcore-0.13.2-py3-none-any.whl", hash = "sha256:52b7d9413f6f5592a667de9209d70d4d41aba3fb0540dd7c93475c78b85941e9"}, + {file = "httpcore-0.13.2.tar.gz", hash = "sha256:c16efbdf643e1b57bde0adc12c53b08645d7d92d6d345a3f71adfc2a083e7fd2"}, ] [package.dependencies] -certifi = "*" -h11 = ">=0.13,<0.15" +h11 = "==0.*" +sniffio = "==1.*" [package.extras] -asyncio = ["anyio (>=4.0,<5.0)"] http2 = ["h2 (>=3,<5)"] -socks = ["socksio (==1.*)"] -trio = ["trio (>=0.22.0,<1.0)"] [[package]] name = "httpx" -version = "0.27.2" +version = "0.25.1" description = "The next generation HTTP client." optional = false python-versions = ">=3.8" files = [ - {file = "httpx-0.27.2-py3-none-any.whl", hash = "sha256:7bb2708e112d8fdd7829cd4243970f0c223274051cb35ee80c03301ee29a3df0"}, - {file = "httpx-0.27.2.tar.gz", hash = "sha256:f7c2be1d2f3c3c3160d441802406b206c2b76f5947b11115e6df10c6c65e66c2"}, + {file = "httpx-0.25.1-py3-none-any.whl", hash = "sha256:fec7d6cc5c27c578a391f7e87b9aa7d3d8fbcd034f6399f9f79b45bcc12a866a"}, + {file = "httpx-0.25.1.tar.gz", hash = "sha256:ffd96d5cf901e63863d9f1b4b6807861dbea4d301613415d9e6e57ead15fc5d0"}, ] [package.dependencies] anyio = "*" certifi = "*" -httpcore = "==1.*" +httpcore = "*" idna = "*" sniffio = "*" @@ -1133,7 +1130,6 @@ brotli = ["brotli", "brotlicffi"] cli = ["click (==8.*)", "pygments (==2.*)", "rich (>=10,<14)"] http2 = ["h2 (>=3,<5)"] socks = ["socksio (==1.*)"] -zstd = ["zstandard (>=0.18.0)"] [[package]] name = "identify" @@ -4370,4 +4366,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = ">=3.10,<4.0" -content-hash = "9f2fd5051a6f288960488d89c435f264205b4b569ca5bcd768be454d3b5964a1" +content-hash = "d5f8b30b5753158e2e1b0ecc704cfb0d58a0b626fe19768abc21f00c93139cba" diff --git a/pyproject.toml b/pyproject.toml index 0a97ac2..dce9d11 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -46,6 +46,7 @@ matplotlib = "^3.9.2" ramanspy = "^0.2.10" jinja2 = "^3.1.6" cryptography = "^44.0.2" +h11 = ">=0.15" [tool.poetry.group.dev.dependencies] pre-commit = "3.5.0" From b9eab1937ee93558b2ea4df4b42b00be94c79ec1 Mon Sep 17 00:00:00 2001 From: lanery Date: Wed, 28 May 2025 10:05:10 -0700 Subject: [PATCH 2/2] Update h11>=0.16 --- poetry.lock | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/poetry.lock b/poetry.lock index e1d65f1..5e07a01 100644 --- a/poetry.lock +++ b/poetry.lock @@ -4366,4 +4366,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = ">=3.10,<4.0" -content-hash = "d5f8b30b5753158e2e1b0ecc704cfb0d58a0b626fe19768abc21f00c93139cba" +content-hash = "ac64db510df2a029d20c95d628773387abdb79ad2480036a1edd3cf728a0fac7" diff --git a/pyproject.toml b/pyproject.toml index dce9d11..067cb76 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -46,7 +46,7 @@ matplotlib = "^3.9.2" ramanspy = "^0.2.10" jinja2 = "^3.1.6" cryptography = "^44.0.2" -h11 = ">=0.15" +h11 = ">=0.16" [tool.poetry.group.dev.dependencies] pre-commit = "3.5.0"