From 7860280196eecd619c66987c6df3518a5e728e74 Mon Sep 17 00:00:00 2001 From: h3adach3 Date: Wed, 12 Nov 2025 19:08:21 +0500 Subject: [PATCH 1/4] cfg --- dependabot.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 dependabot.yml diff --git a/dependabot.yml b/dependabot.yml new file mode 100644 index 0000000..9e1a87f --- /dev/null +++ b/dependabot.yml @@ -0,0 +1,20 @@ +# Basic `dependabot.yml` file with +# minimum configuration for two package managers + +version: 2 +updates: + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates every day (weekdays) + schedule: + interval: "daily" + + # Enable version updates for Docker + - package-ecosystem: "docker" + # Look for a `Dockerfile` in the `root` directory + directory: "/" + # Check for updates once a week + schedule: + interval: "weekly" From c9180da08c4fbe87544c5c6e591aad96777976a5 Mon Sep 17 00:00:00 2001 From: h3adach3 Date: Wed, 12 Nov 2025 19:26:16 +0500 Subject: [PATCH 2/4] vulns --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index f6dda04..b9c51bf 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,8 +21,8 @@ Pillow==9.2.0 pyasn1==0.4.8 pyasn1-modules==0.2.8 pycparser==2.21 -Pygments==2.13.0 -pyOpenSSL==22.1.0 +Pygments==2.0 +pyOpenSSL==17.5.0 pyparsing==3.0.9 redis==4.3.4 rich==12.6.0 From 66a2836c53ad371316d54414a36f78ac04e9031f Mon Sep 17 00:00:00 2001 From: h3adach3 Date: Wed, 12 Nov 2025 19:27:32 +0500 Subject: [PATCH 3/4] vulns2 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b9c51bf..bcd5929 100644 --- a/requirements.txt +++ b/requirements.txt @@ -22,7 +22,7 @@ pyasn1==0.4.8 pyasn1-modules==0.2.8 pycparser==2.21 Pygments==2.0 -pyOpenSSL==17.5.0 +pyOpenSSL==17.4.0 pyparsing==3.0.9 redis==4.3.4 rich==12.6.0 From 00031de540bce6b15d84d691622712dc8d87db3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 14:28:41 +0000 Subject: [PATCH 4/4] Bump the pip group across 1 directory with 7 updates Bumps the pip group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cryptography](https://github.com/pyca/cryptography) | `38.0.1` | `44.0.1` | | [django](https://github.com/django/django) | `4.1.2` | `4.2.26` | | [idna](https://github.com/kjd/idna) | `3.4` | `3.7` | | [pillow](https://github.com/python-pillow/Pillow) | `9.2.0` | `10.3.0` | | [redis](https://github.com/redis/redis-py) | `4.3.4` | `4.4.4` | | [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.4.3` | `0.5.0` | | [twisted](https://github.com/twisted/twisted) | `22.8.0` | `24.7.0rc1` | Updates `cryptography` from 38.0.1 to 44.0.1 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/38.0.1...44.0.1) Updates `django` from 4.1.2 to 4.2.26 - [Commits](https://github.com/django/django/compare/4.1.2...4.2.26) Updates `idna` from 3.4 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7) Updates `pillow` from 9.2.0 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/9.2.0...10.3.0) Updates `redis` from 4.3.4 to 4.4.4 - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v4.3.4...v4.4.4) Updates `sqlparse` from 0.4.3 to 0.5.0 - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](https://github.com/andialbrecht/sqlparse/compare/0.4.3...0.5.0) Updates `twisted` from 22.8.0 to 24.7.0rc1 - [Release notes](https://github.com/twisted/twisted/releases) - [Changelog](https://github.com/twisted/twisted/blob/twisted-24.7.0rc1/NEWS.rst) - [Commits](https://github.com/twisted/twisted/compare/twisted-22.8.0...twisted-24.7.0rc1) --- updated-dependencies: - dependency-name: cryptography dependency-version: 44.0.1 dependency-type: direct:production dependency-group: pip - dependency-name: django dependency-version: 4.2.26 dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-version: 10.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: redis dependency-version: 4.4.4 dependency-type: direct:production dependency-group: pip - dependency-name: sqlparse dependency-version: 0.5.0 dependency-type: direct:production dependency-group: pip - dependency-name: twisted dependency-version: 24.7.0rc1 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- requirements.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements.txt b/requirements.txt index bcd5929..bb7b5c1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,28 +8,28 @@ channels==3.0.5 channels-redis==4.0.0 commonmark==0.9.1 constantly==15.1.0 -cryptography==38.0.1 +cryptography==44.0.1 daphne==3.0.2 Deprecated==1.2.13 -Django==4.1.2 +Django==4.2.26 hyperlink==21.0.0 -idna==3.4 +idna==3.7 incremental==22.10.0 msgpack==1.0.4 packaging==21.3 -Pillow==9.2.0 +Pillow==10.3.0 pyasn1==0.4.8 pyasn1-modules==0.2.8 pycparser==2.21 Pygments==2.0 pyOpenSSL==17.4.0 pyparsing==3.0.9 -redis==4.3.4 +redis==4.4.4 rich==12.6.0 service-identity==21.1.0 six==1.16.0 -sqlparse==0.4.3 -Twisted==22.8.0 +sqlparse==0.5.0 +Twisted==24.7.0rc1 txaio==22.2.1 typing_extensions==4.4.0 wrapt==1.14.1