Skip to content

Bump the pip group across 2 directories with 5 updates#763

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/src/agents/hyperledger-fabric/pip-131bebdb0d
Open

Bump the pip group across 2 directories with 5 updates#763
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/src/agents/hyperledger-fabric/pip-131bebdb0d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026

Bumps the pip group with 1 update in the /src/agents/hyperledger-fabric directory: django.
Bumps the pip group with 5 updates in the /src/api-engine directory:

Package From To
django 4.2.16 4.2.30
cryptography 45.0.6 46.0.6
django-allauth 0.55.0 65.14.1
djangorestframework-simplejwt 5.3.1 5.5.1
requests 2.31.0 2.33.0

Updates django from 6.0 to 6.0.4

Commits

Updates django from 4.2.16 to 4.2.30

Commits

Updates cryptography from 45.0.6 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:


46.0.5 - 2026-02-10

  • An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007
  • Support for SECT* binary elliptic curves is deprecated and will be removed in the next release.

.. v46-0-4:

46.0.4 - 2026-01-27


* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:


46.0.3 - 2025-10-15

  • Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:

46.0.2 - 2025-09-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:


46.0.1 - 2025-09-16

... (truncated)

Commits

Updates django-allauth from 0.55.0 to 65.14.1

Commits

Updates djangorestframework-simplejwt from 5.3.1 to 5.5.1

Release notes

Sourced from djangorestframework-simplejwt's releases.

v5.5.1

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

  1. Roll back to the last known migration:
python manage.py migrate rest_framework_simplejwt.token_blacklist 0012
  1. Upgrade djangorestframework-simplejwt to the latest version.
  2. Apply the migrations correctly:
python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

New Contributors

Full Changelog: jazzband/djangorestframework-simplejwt@v5.5.0...v5.5.1

v5.5.0

Differing Behavior Change

What's Changed

... (truncated)

Changelog

Sourced from djangorestframework-simplejwt's changelog.

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

  1. Roll back to the last known migration:
python manage.py migrate rest_framework_simplejwt.token_blacklist 0012
  1. Upgrade djangorestframework-simplejwt to the latest version.
  2. Apply the migrations correctly:
python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

5.5.0

5.4.0

Commits

Updates requests from 2.31.0 to 2.33.0

Release notes

Sourced from requests's releases.

v2.33.0

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

... (truncated)

Changelog

Sourced from requests's changelog.

2.33.0 (2026-03-25)

Announcements

  • 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

  • CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

  • Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

  • Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

  • Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

  • Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

... (truncated)

Commits
  • bc04dfd v2.33.0
  • 66d21cb Merge commit from fork
  • 8b9bc8f Move badges to top of README (#7293)
  • e331a28 Remove unused extraction call (#7292)
  • 753fd08 docs: fix FAQ grammar in httplib2 example
  • 774a0b8 docs(socks): same block as other sections
  • 9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
  • ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
  • 0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
  • d568f47 docs: clarify Quickstart POST example (#6960)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 2 directories with 5 updates
378f24e 
Bumps the pip group with 1 update in the /src/agents/hyperledger-fabric directory: [django](https://github.com/django/django).
Bumps the pip group with 5 updates in the /src/api-engine directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `4.2.16` | `4.2.30` |
| [cryptography](https://github.com/pyca/cryptography) | `45.0.6` | `46.0.6` |
| [django-allauth](https://github.com/sponsors/pennersr) | `0.55.0` | `65.14.1` |
| [djangorestframework-simplejwt](https://github.com/jazzband/djangorestframework-simplejwt) | `5.3.1` | `5.5.1` |
| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |



Updates `django` from 6.0 to 6.0.4
- [Commits](django/django@6.0...6.0.4)

Updates `django` from 4.2.16 to 4.2.30
- [Commits](django/django@6.0...6.0.4)

Updates `cryptography` from 45.0.6 to 46.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@45.0.6...46.0.6)

Updates `django-allauth` from 0.55.0 to 65.14.1
- [Commits](https://github.com/sponsors/pennersr/commits)

Updates `djangorestframework-simplejwt` from 5.3.1 to 5.5.1
- [Release notes](https://github.com/jazzband/djangorestframework-simplejwt/releases)
- [Changelog](https://github.com/jazzband/djangorestframework-simplejwt/blob/master/CHANGELOG.md)
- [Commits](jazzband/djangorestframework-simplejwt@v5.3.1...v5.5.1)

Updates `requests` from 2.31.0 to 2.33.0
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.33.0)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 6.0.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: django
  dependency-version: 4.2.30
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: django-allauth
  dependency-version: 65.14.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: djangorestframework-simplejwt
  dependency-version: 5.5.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added Dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 8, 2026
This was referenced Apr 8, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants