Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
• https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/werkzeug/milestone/22?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
• Milestone: https://github.com/pallets/werkzeug/milestone/19?closed=1

2.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.1.x branch is now the supported bugfix branch, the 2.0.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
• Milestone: https://github.com/pallets/werkzeug/milestone/16?closed=1

2.0.3

• Changes: https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-3
• Milestone: https://github.com/pallets/werkzeug/milestone/18?closed=1

... (truncated)

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

• Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533
• Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508
• parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531
• Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421
• Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549
• Fix handling of header extended parameters such that they are no longer quoted. :issue:2529
• LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558
• A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.
• Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

• Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489
• Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489
• Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493
• Parsing of some invalid header characters is more robust. :pr:2494
• When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480
• LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485
• Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

• 22a254f release version 2.2.3
• 517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
• babc8d9 rewrite docs about request data limits
• 09449ee clean up docs
• fe899d0 limit the maximum number of multipart form parts
• cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
• 8c2b4b8 don't strip leading = when parsing cookie
• 7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
• 19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
• a83d3b8 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Sourced from ipython's releases.

See https://pypi.org/project/ipython/

We do not use GitHub release anymore. Please see PyPI https://pypi.org/project/ipython/

7.9.0

No release notes provided.

7.8.0

No release notes provided.

7.7.0

No release notes provided.

7.6.1

No release notes provided.

7.6.0

No release notes provided.

• 15ea1ed release 8.10.0
• 560ad10 DOC: Update what's new for 8.10 (#13939)
• 7557ade DOC: Update what's new for 8.10
• 385d693 Merge pull request from GHSA-29gw-9793-fvw7
• e548ee2 Swallow potential exceptions from showtraceback() (#13934)
• 0694b08 MAINT: mock slowest test. (#13885)
• 8655912 MAINT: mock slowest test.
• a011765 Isolate the attack tests with setUp and tearDown methods
• c7a9470 Add some regression tests for this change
• fd34cf5 Swallow potential exceptions from showtraceback()
• Additional commits viewable in compare view

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

Sourced from babel's releases.

Version 2.9.1

Bugfixes

• The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

Version 2.9.0

Upcoming version support changes

• This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

• CLDR: Use CLDR 37 – Aarni Koskela (#734)
• Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (#741)
• Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (#726)

Bugfixes

• Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
• Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
• Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
• Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
• Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
• Tests: fix tests when using Python 3.9 – Felix Schwarz
• Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
• Tests: Support Py.test 6.x – Aarni Koskela
• Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (#724)
• Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation

• Update parse_number comments – Brad Martin (#708)
• Add iter to Catalog documentation – @​CyanNani123

Version 2.8.1

This patch version only differs from 2.8.0 in that it backports in #752.

Version 2.8.0

Improvements

• CLDR: Upgrade to CLDR 36.0 - Aarni Koskela (#679)
• Messages: Don't even open files with the "ignore" extraction method - @​sebleblanc (#678)

Bugfixes

• Numbers: Fix formatting very small decimals when quantization is disabled - Lev Lybin, @​miluChen (#662)
• Messages: Attempt to sort all messages – Mario Frasca (#651, #606)

Docs

... (truncated)

Sourced from babel's changelog.

Version 2.9.1

Bugfixes

* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
  allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!
Version 2.9.0
Upcoming version support changes

• This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

Improvements

* CLDR: Use CLDR 37 – Aarni Koskela ([#734](https://github.com/python-babel/babel/issues/734))
* Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon ([#741](https://github.com/python-babel/babel/issues/741))
* Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar ([#726](https://github.com/python-babel/babel/issues/726))
Bugfixes

* Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
* Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
* Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
* Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
* Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
* Tests: fix tests when using Python 3.9 – Felix Schwarz
* Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
* Tests: Support Py.test 6.x – Aarni Koskela
* Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin ([#724](https://github.com/python-babel/babel/issues/724))
* Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

Documentation
</code></pre>
<ul>
<li>Update parse_number comments – Brad Martin (<a href="https://github-redirect.dependabot.com/python-babel/babel/issues/708">#708</a>)</li>
<li>Add <strong>iter</strong> to Catalog documentation – <a href="https://github.com/CyanNani123"><code>@​CyanNani123</code></a></li>
</ul>
<h2>Version 2.8.1</h2>
<p>This is solely a patch release to make running tests on Py.test 6+ possible.</p>
<p>Bugfixes</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/python-babel/babel/commit/a99fa2474c808b51ebdabea18db871e389751559"><code>a99fa24</code></a> Use 2.9.0's setup.py for 2.9.1</li>
<li><a href="https://github.com/python-babel/babel/commit/60b33e083801109277cb068105251e76d0b7c14e"><code>60b33e0</code></a> Become 2.9.1</li>
<li><a href="https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3"><code>412015e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-babel/babel/issues/782">#782</a> from python-babel/locale-basename</li>
<li><a href="https://github.com/python-babel/babel/commit/5caf717ceca4bd235552362b4fbff88983c75d8c"><code>5caf717</code></a> Disallow special filenames on Windows</li>
<li><a href="https://github.com/python-babel/babel/commit/3a700b5b8b53606fd98ef8294a56f9510f7290f8"><code>3a700b5</code></a> Run locale identifiers through <code>os.path.basename()</code></li>
<li><a href="https://github.com/python-babel/babel/commit/5afe2b2f11dcdd6090c00231d342c2e9cd1bdaab"><code>5afe2b2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-babel/babel/issues/754">#754</a> from python-babel/github-ci</li>
<li><a href="https://github.com/python-babel/babel/commit/58de8342f865df88697a4a166191e880e3c84d82"><code>58de834</code></a> Replace Travis + Appveyor with GitHub Actions (WIP)</li>
<li><a href="https://github.com/python-babel/babel/commit/d1bbc08e845d03d8e1f0dfa0e04983d755f39cb5"><code>d1bbc08</code></a> import_cldr: use logging; add -q option</li>
<li><a href="https://github.com/python-babel/babel/commit/156b7fb9f377ccf58c71cf01dc69fb10c7b69314"><code>156b7fb</code></a> Quiesce CLDR download progress bar if requested (or not a TTY)</li>
<li><a href="https://github.com/python-babel/babel/commit/613dc1700f91c3d40b081948c0dd6023d8ece057"><code>613dc17</code></a> Make the import warnings about unsupported number systems less verbose</li>
<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.7.0...v2.9.1">compare view</a></li>
</ul>
</details>

<br />



[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=babel&package-manager=pip&previous-version=2.7.0&new-version=2.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ONSEIGmbH/flask-dialogflow/network/alerts).



Bump urllib3 from 1.25.3 to 1.26.5

opened on 2021-06-01 23:57:13 by dependabot[bot]
Bumps urllib3 from 1.25.3 to 1.26.5.

Release notes
Sourced from urllib3's releases.

1.26.5
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed deprecation warnings emitted in Python 3.10.
Updated vendored six library to 1.16.0.
Improved performance of URL parser when splitting the authority component.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors
1.26.4
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors
1.26.3
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap


Fixed bytes and string comparison issue with headers (Pull #2141)


Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)


If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors
1.26.2
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

1.26.0
:warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap


Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)


Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002)
Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail


Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST
and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS,
Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...)
(Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed




... (truncated)


Changelog
Sourced from urllib3's changelog.

1.26.5 (2021-05-26)

Fixed deprecation warnings emitted in Python 3.10.
Updated vendored six library to 1.16.0.
Improved performance of URL parser when splitting
the authority component.

1.26.4 (2021-03-15)

Changed behavior of the default SSLContext when connecting to HTTPS proxy
during HTTPS requests. The default SSLContext now sets check_hostname=True.

1.26.3 (2021-01-26)


Fixed bytes and string comparison issue with headers (Pull #2141)


Changed ProxySchemeUnknown error message to be
more actionable if the user supplies a proxy URL without
a scheme. (Pull #2107)


1.26.2 (2020-11-12)

Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't
be imported properly on Python 2.7.8 and earlier (Pull #2052)

1.26.1 (2020-11-11)

Fixed an issue where two User-Agent headers would be sent if a
User-Agent header key is passed as bytes (Pull #2047)

1.26.0 (2020-11-10)


NOTE: urllib3 v2.0 will drop support for Python 2.
Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.


Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)


Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning




... (truncated)


Commits

d161647 Release 1.26.5
2d4a3fe Improve performance of sub-authority splitting in URL
2698537 Update vendored six to 1.16.0
07bed79 Fix deprecation warnings for Python 3.10 ssl module
d725a9b Add Python 3.10 to GitHub Actions
339ad34 Use pytest==6.2.4 on Python 3.10+
f271c9c Apply latest Black formatting
1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
a891304 Release 1.26.4
8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
Additional commits viewable in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ONSEIGmbH/flask-dialogflow/network/alerts).



        
        
        
Releases


 2019-10-12 13:40:34