From a14280506fd3b62b1b76283c9a813d3c648b0b28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 20:48:53 +0000 Subject: [PATCH 01/12] Bump pillow from 9.3.0 to 10.3.0 Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.3.0 to 10.3.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/9.3.0...10.3.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..8de7792 100644 --- a/requirements.txt +++ b/requirements.txt @@ -116,7 +116,7 @@ pbr==1.10.0 pep8==1.7.0 # Pillow reverted due to apparent bug with sorl-thumbnail # https://sorl-thumbnail.readthedocs.io/en/latest/requirements.html#image-library -Pillow==9.3.0 +Pillow==10.3.0 pip==23.3 pluggy==1.0.0 prettytable==0.7.2 From e49eb30ffe6d6fb28acc778efd93594cde47b372 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Apr 2024 01:50:07 +0000 Subject: [PATCH 02/12] Bump idna from 3.4 to 3.7 Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..ec16279 100644 --- a/requirements.txt +++ b/requirements.txt @@ -81,7 +81,7 @@ greenlet==2.0.1 gunicorn==20.1.0 hsmodels==1.0.0 html5lib==1.1 -idna==3.4 +idna==3.7 inflection==0.3.1 iniconfig==1.1.1 ipaddress==1.0.22 From 894f7247bbe2b9052537c841b2910f531029ffdd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Apr 2024 22:00:59 +0000 Subject: [PATCH 03/12] Bump dnspython from 2.2.1 to 2.6.1 Bumps [dnspython](https://github.com/rthalley/dnspython) from 2.2.1 to 2.6.1. - [Release notes](https://github.com/rthalley/dnspython/releases) - [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst) - [Commits](https://github.com/rthalley/dnspython/compare/v2.2.1...v2.6.1) --- updated-dependencies: - dependency-name: dnspython dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..a713419 100644 --- a/requirements.txt +++ b/requirements.txt @@ -55,7 +55,7 @@ django-security==0.12.0 django-test-without-migrations==0.6 django-timedeltafield==0.7.10 django-widget-tweaks==1.4.1 -dnspython==2.2.1 +dnspython==2.6.1 docker-py==1.7.2 dominate==2.4.0 DoubleMetaphone==0.1 From a438ba630c05e8ff4a16aa10ff290a6975a697c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 22:59:34 +0000 Subject: [PATCH 04/12] Bump sqlparse from 0.4.4 to 0.5.0 Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.4 to 0.5.0. - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](https://github.com/andialbrecht/sqlparse/compare/0.4.4...0.5.0) --- updated-dependencies: - dependency-name: sqlparse dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..2624eb3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -163,7 +163,7 @@ six==1.16.0 sorl-thumbnail==12.8.0 soupsieve==2.3.2.post1 spam_patterns@git+https://github.com/CUAHSI/spam_patterns.git@0.0.4 -sqlparse==0.4.4 +sqlparse==0.5.0 strict-rfc3339==0.7 suds-jurko==0.6 timeago==1.0.10 From c5af4a07c9327f5b4e3b38f29435eb5568ed3c45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Apr 2024 01:48:52 +0000 Subject: [PATCH 05/12] Bump gunicorn from 20.1.0 to 22.0.0 Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 20.1.0 to 22.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](https://github.com/benoitc/gunicorn/compare/20.1.0...22.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..3bb3a0c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -78,7 +78,7 @@ geopy==1.16.0 gevent==23.9.1 grappelli-safe==1.1.1 greenlet==2.0.1 -gunicorn==20.1.0 +gunicorn==22.0.0 hsmodels==1.0.0 html5lib==1.1 idna==3.4 From 17608f45025b19c34f0d0880cbefd4ba289c2768 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Apr 2024 15:57:59 +0000 Subject: [PATCH 06/12] Bump aiohttp from 3.9.2 to 3.9.4 Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.2 to 3.9.4. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.2...v3.9.4) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..dab9ce5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # generated using pipdeptree https://github.com/tox-dev/pipdeptree # pipdeptree -f | sed 's/ //g' | sort -u > requirements.txt -aiohttp==3.9.2 +aiohttp==3.9.4 amqp==5.1.1 anyjson==0.3.3 arrow==0.7.0 From b2fa6fa8e7bf1bbe11b1bd83e7efd0a98db33023 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 21:12:43 +0000 Subject: [PATCH 07/12] Bump jinja2 from 3.1.3 to 3.1.4 Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..ad505e3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -87,7 +87,7 @@ iniconfig==1.1.1 ipaddress==1.0.22 isodate==0.5.4 itypes==1.2.0 -Jinja2==3.1.3 +Jinja2==3.1.4 jsonpointer==1.14 jsonschema==2.6.0 jwcrypto==1.5.6 From 21a69a91c2d28d1d8471fa9fe27a0507fa9b9d35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 05:39:32 +0000 Subject: [PATCH 08/12] --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..40084fb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -150,7 +150,7 @@ PyYAML==6.0 rcssmin==1.1.0 rdflib==5.0.0 redis==4.4.4 -requests==2.31.0 +requests==2.32.0 requests-oauthlib==1.3.1 rfc3987==1.3.8 rjsmin==1.2.0 From bd9915c6230beb82e3d16eb4af84bc84d1960f71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 23:34:29 +0000 Subject: [PATCH 09/12] Bump tornado from 6.3.3 to 6.4.1 Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.3.3 to 6.4.1. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.3.3...v6.4.1) --- updated-dependencies: - dependency-name: tornado dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..52ba54d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -168,7 +168,7 @@ strict-rfc3339==0.7 suds-jurko==0.6 timeago==1.0.10 tomli==2.0.1 -tornado==6.3.3 +tornado==6.4.1 typing_extensions==4.9.0 tzdata==2022.7 tzlocal==4.2 From 08ae69a5ed17115c5627de40bb8194f63d88d29e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 01:36:15 +0000 Subject: [PATCH 10/12] Bump urllib3 from 1.26.18 to 1.26.19 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..c78d945 100644 --- a/requirements.txt +++ b/requirements.txt @@ -174,7 +174,7 @@ tzdata==2022.7 tzlocal==4.2 ua-parser==0.16.1 uritemplate==3.0.0 -urllib3==1.26.18 +urllib3==1.26.19 validate-email==1.3 vine==5.0.0 virtualenv==15.0.2 From 28266f1e9701e5bdc8540513c184acad685cf5d1 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Mon, 24 Jun 2024 14:15:29 -0400 Subject: [PATCH 11/12] update dependencies --- requirements.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13e9e2b..d79deb0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -52,6 +52,7 @@ django-oauth-toolkit==2.1.0 djangorestframework==3.12.4 django-robots==4.0 django-security==0.12.0 +django-storages[google]==1.14.3 django-test-without-migrations==0.6 django-timedeltafield==0.7.10 django-widget-tweaks==1.4.1 @@ -72,6 +73,7 @@ freezegun==1.4.0 funcsigs==1.0.2 future==0.18.3 GDAL==2.4.1 +google-cloud-pubsub==2.21.2 geographiclib==1.52 geojson==1.3.2 geopy==1.16.0 @@ -107,10 +109,11 @@ nameparser==0.5.7 netCDF4==1.6.3 nose==1.3.7 nose-timer==0.7.6 -numpy==1.22 +numpy==1.26.4 oauthlib==3.1.0 OWSLib==0.28.1 packaging==21.3 +pandas==2.2.2 paramiko==3.4.0 pbr==1.10.0 pep8==1.7.0 From 3b9a8d0eaa93e9f49f5d13f891fb66b189165520 Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Mon, 24 Jun 2024 16:48:37 -0400 Subject: [PATCH 12/12] Revert "Merge branch 'dependabot/pip/pillow-10.3.0' into security-updates" This reverts commit 0efd5f586c7c500aa8bf7170164b3ae33f3d513e, reversing changes made to b0bd15f265cd007105b6c5dcf36654febdc1a5f7. --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 0cec1d8..c768c77 100644 --- a/requirements.txt +++ b/requirements.txt @@ -119,7 +119,7 @@ pbr==1.10.0 pep8==1.7.0 # Pillow reverted due to apparent bug with sorl-thumbnail # https://sorl-thumbnail.readthedocs.io/en/latest/requirements.html#image-library -Pillow==10.3.0 +Pillow==9.3.0 pip==23.3 pluggy==1.0.0 prettytable==0.7.2