fix(deps) Update all non-major dependencies by renovate[bot] · Pull Request #122 · christopherpickering/flask-session2

renovate · 2024-02-11T06:46:22Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
@semantic-release/npm	`11.0.2` → `11.0.3`	devDependencies	patch
Flask-SQLAlchemy (changelog)	`3.0.5` → `3.1.1`	dev-dependencies	minor
asottile/pyupgrade	`v3.15.0` → `v3.21.2`	repository	minor
bandit (source, changelog)	`1.7.5` → `1.9.3`	dev-dependencies	minor
boto3	`1.33.13` → `1.42.54`	dev-dependencies	minor
cachelib (changelog)	`^0.10.0` → `^0.13.0`	dependencies	minor
coverage	`7.2.7` → `7.13.4`	dev-dependencies	minor
elasticsearch	`8.12.0` → `8.19.3`	dev-dependencies	minor
google-cloud-datastore	`2.19.0` → `2.23.0`	dev-dependencies	minor
google-cloud-firestore	`2.14.0` → `2.23.0`	dev-dependencies	minor
isort (changelog)	`5.11.5` → `5.13.2`	dev-dependencies	minor
macisamuele/language-formatters-pre-commit-hooks	`v2.12.0` → `v2.16.0`	repository	minor
myint/autoflake	`v2.2.1` → `v2.3.3`	repository	minor
mypy (changelog)	`1.4.1` → `1.19.1`	dev-dependencies	minor
peewee (changelog)	`3.17.0` → `3.19.0`	dev-dependencies	minor
pre-commit/pre-commit-hooks	`v4.5.0` → `v4.6.0`	repository	minor
pymongo	`4.7.3` → `4.16.0`	dev-dependencies	minor
python	`3.10` → `3.14`	uses-with	minor
redis (changelog)	`5.0.1` → `5.3.1`	dev-dependencies	minor
semantic-release	`23.0.0` → `23.1.1`	devDependencies	minor
supercharge/mongodb-github-action	`v1.10.0` → `1.12.1`	action	minor
supercharge/redis-github-action	`1.8.0` → `1.8.1`	action	patch
tox (changelog)	`4.8.0` → `4.44.0`	dev-dependencies	minor

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

semantic-release/npm (@semantic-release/npm)

`v11.0.3`

Compare Source

Bug Fixes

deps: raised the minimum accepted range of npm to v10.5.0 (#759) (a0313f8), closes semantic-release/semantic-release#3202

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

asottile/pyupgrade (asottile/pyupgrade)

PyCQA/bandit (bandit)

`v1.9.3`

Compare Source

What's Changed

Bump actions/checkout from 5 to 6 by @dependabot[bot] in #1334
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1335
Fix B608 to detect VALUES( without space by @kfess in #1337
Add check for hardcoded passwords in dicts. by @alanverresen in #1338
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1341
Update tox tests for Python 3.10 by @willschlitzer in #1346
Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in #1347
Limit B614 to torch.load deserializers by @dibussoc in #1348

New Contributors

@kfess made their first contribution in #1337
@alanverresen made their first contribution in #1338
@willschlitzer made their first contribution in #1346
@dibussoc made their first contribution in #1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

`v1.9.2`

Compare Source

What's Changed

Argparse Python 3.14 enhancements by @ericwb in #1331
Check whether Constant value is str by @ericwb in #1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

`v1.9.1`

Compare Source

What's Changed

More Python version related fixes by @ericwb in #1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

`v1.8.6`

Compare Source

What's Changed

Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @dependabot in #1279
Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot in #1278
added hint to FreeBSD package in doc/source/integrations.rst by @daniel-mohr in #1282
Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @dependabot in #1284
Huggingface revision pinning by @lukehinds in #1281

New Contributors

@daniel-mohr made their first contribution in #1282

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

`v1.8.5`

Compare Source

What's Changed

Fix the rendering of the CI/CD doc by @ericwb in #1274
Fix for publish to PyPI failure by @ericwb in #1273

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

`v1.8.3`

Compare Source

What's Changed

Bump docker/build-push-action from 6.10.0 to 6.11.0 by @dependabot in #1220
Bump docker/build-push-action from 6.11.0 to 6.12.0 by @dependabot in #1221
Bump docker/build-push-action from 6.12.0 to 6.13.0 by @dependabot in #1222
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1229
Update bug template to include latest released versions by @ericwb in #1218
Add markupsafe.Markup XSS plugin by @Daverball in #1225
Warn not error on an nonexistant test given by @ericwb in #1230
Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @dependabot in #1233
Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @dependabot in #1234
B107: Skip None values in hardcoded password detection by @lukehinds in #1232
Pytorch fix by @lukehinds in #1231

New Contributors

@Daverball made their first contribution in #1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

`v1.8.2`

Compare Source

What's Changed

Revert "Start testing with 3.14 alphas" by @ericwb in #1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

`v1.8.1`

Compare Source

What's Changed

Bump docker/build-push-action from 6.9.0 to 6.10.0 by @dependabot in #1209
Update the bug template with latest bandit version by @ericwb in #1208
Add Mercedes-Benz to sponsor list by @ericwb in #1210
Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @dependabot in #1211
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1213
Start testing with 3.14 alphas by @ericwb in #1189
Remove lxml (B320 & B410) from blacklist by @djbrown in #1212
Clarify "getting started" docs by @Flimm in #963

New Contributors

@djbrown made their first contribution in #1212
@Flimm made their first contribution in #963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

`v1.8.0`

Compare Source

What's Changed

Bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in #1178
Rename doc file to match proper bandit ID by @ericwb in #1183
Removal of Python 3.8 support by @ericwb in #1174
Add more insecure cryptography cipher algorithms by @ericwb in #1185
Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in #1186
Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #1187
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1162
No need to check httpx client without timeout defined by @ericwb in #1177
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1191
Mark Python 3.13 as officially supported by @ericwb in #1192
Update project urls with added links by @ericwb in #1193
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1196
Add a JSON to seek funding from the FLOSS/fund by @ericwb in #1194
Remove Sentry as a sponsor by @ericwb in #1198
Remove more leftover OpenStack references by @ericwb in #1195

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

`v1.7.10`

Compare Source

What's Changed

Bump docker/build-push-action from 5.4.0 to 6.0.0 by @dependabot in #1147
Suggested small refactors in assignments by @ericwb in #1150
Performance improvement in blacklist function by @ericwb in #1148
Add test for usage of FTP_TLS by @ericwb in #1149
New check: B113: TrojanSource - Bidirectional control characters by @Lucas-C in #757
Bump docker/build-push-action from 6.0.0 to 6.1.0 by @dependabot in #1152
feat(plugins): add support for httpx in B113 by @mkniewallner in #1060
Nit: remove unused variable by @ericwb in #1153
Add recent releases to version choice in bug report by @ericwb in #1151
Bump docker/build-push-action from 6.1.0 to 6.2.0 by @dependabot in #1155
Bump docker/build-push-action from 6.2.0 to 6.3.0 by @dependabot in #1157
Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @dependabot in #1156
Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @dependabot in #1158
Bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #1159
Bump docker/build-push-action from 6.3.0 to 6.5.0 by @dependabot in #1160
Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @dependabot in #1163
Bump docker/build-push-action from 6.5.0 to 6.6.1 by @dependabot in #1166
Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #1165
Bump docker/build-push-action from 6.6.1 to 6.7.0 by @dependabot in #1168
Use consistent file naming of docs by @ericwb in #1170
Pytorch Load / Save Plugin by @lukehinds in #1114

New Contributors

@Lucas-C made their first contribution in #757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

`v1.7.9`

Compare Source

What's Changed

Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #1117
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1119
New logo for Bandit based on raccoon by @ericwb in #1121
Start testing on Python 3.13 by @ericwb in #1122
Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #1123
Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in #1124
Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #1125
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1126
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1127
Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in #1130
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1131
Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1132
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1133
Updates banner logo so it renders well in dark mode by @ericwb in #1134
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1135
Add a sponsor section to README by @ericwb in #1137
Ensure sarif extra is included as part of doc build by @ericwb in #1139
Bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #1142
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1143
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #1145
Guard against empty call argument list by @ericwb in #1146
Bump docker/build-push-action from 5.3.0 to 5.4.0 by @dependabot in #1144
Support configfile in .bandit file by @bersbersbers in #1052

New Contributors

@pre-commit-ci made their first contribution in #1119
@bersbersbers made their first contribution in #1052

Full Changelog: PyCQA/bandit@1.7.8...1.7.9

`v1.7.8`

Compare Source

What's Changed

Incorrect tag naming in readme by @lukehinds in #1105
Utilize PyPI's trusted publishing by @ericwb in #1107
Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #1109
Add 1.7.7 to versions of bug template by @ericwb in #1110
Use datetime to avoid updating copyright year by @ericwb in #1112
filter data is safe for tarfile extractall by @etienneschalk in #1111
Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #1115
[B605] Add functions that are vulnerable to shell injection. by @shihai1991 in #1116
Add a SARIF output formatter by @ericwb in #1113

New Contributors

@etienneschalk made their first contribution in #1111
@shihai1991 made their first contribution in #1116

Full Changelog: PyCQA/bandit@1.7.7...1.7.8

`v1.7.7`

Compare Source

What's Changed

Add the new release to bandit versions of bug template by @ericwb in #1075
Bump actions/setup-python from 4 to 5 by @dependabot in #1076
Handle variant in how policy is passed in paramiko by @ericwb in #1078
Flag str.replace as possible sql injection by @costaparas in #1044
defusedxml: Show correct module name by @kajinamit in #1081
Add tidelift to the sponsor funding list by @ericwb in #1089
Create a security policy by @ericwb in #1091
Fix up issues found running Bandit on itself by @ericwb in #1093
Add random.randbytes to blacklist calls by @ericwb in #1096
Prepend ./ for files specified as CLI args by @ericwb in #1094
Rework GitPython dependency to be an extra for bandit-baseline by @ericwb in #1099
Bump actions/dependency-review-action from 3 to 4 by @dependabot in #1101
Introduce Official Bandit Images by @lukehinds in #1088
Remove markdown formatting in reStructuredText formatted README by @ericwb in #1103
Downsize the org:repo name by @lukehinds in #1104

New Contributors

@kajinamit made their first contribution in #1081

Full Changelog: PyCQA/bandit@1.7.6...1.7.7

`v1.7.6`

Compare Source

What's Changed

Update bug report to include version 1.7.5 by @ericwb in #993
Render Python 3.10 in drop down correctly by @ericwb in #997
Remove checks for Python2 urllib by @ericwb in #999
Improper detection of non-requests module by @ericwb in #1011
xmlrpclib replaced with xmlrpc in Python3 by @ericwb in #1012
language and linting updates by @marksmayo in #1015
Adds check for crypt module usage as weak hash by @ericwb in #1018
Switch to tox 4 by @mportesdev in #1020
Skip unnecessary pip install commands in the pythonpackage.yml workflow by @mportesdev in #1021
Update versions of used GitHub Actions by @mportesdev in #1024
Update pre-commit hooks by @mportesdev in #1026
Add random.Random to B311 checks by @shiftinv in #940
Add a copy button to all code snippets in docs by @ericwb in #1030
Replace pbr in favor of importlib by @ericwb in #1016
Switch from open collective to PSF by @ericwb in #1031
Make pre-commit run Bandit hook using a single process by @Klavionik in #1029
Remove support for Python 3.7 due to end-of-life by @ericwb in #1034
Update asserts.py documentation by @deronnax in #1036
Simplify wrap_file_object by @mportesdev in #1037
django_rawsql_used: support keyword arguments used in RawSQL by @kevinmarsh in #765
Avoid gitpyhon CVE-2022-24439 by @carlosduelo in #1048
Update blacklist call documentation by @costaparas in #1045
Support ignoring blacklists by name by @costaparas in #1046
Fix dependabot to update github actions by @ericwb in #1057
Bump actions/checkout from 3 to 4 by @dependabot in #1058
Fix for ReadtheDocs build by @ericwb in #1061
fix(plugins/B507): also detect class instances by @mkniewallner in #1064
Use mirror repository for black pre-commit hook by @mportesdev in #1070
Add official support of Python 3.12 by @ericwb in #1068
Fix crash on pyproject.toml without bandit config by @javajawa in #1073
refactor: remove importlib-metadata fallback by @mkniewallner in #1066
Fixes for sphinx build by @ericwb in #1063

New Contributors

@marksmayo made their first contribution in #1015
@shiftinv made their first contribution in #940
@Klavionik made their first contribution in #1029
@deronnax made their first contribution in #1036
@kevinmarsh made their first contribution in #765
@carlosduelo made their first contribution in #1048
@costaparas made their first contribution in #1045
@dependabot made their first contribution in #1058
@javajawa made their first contribution in #1073

Full Changelog: PyCQA/bandit@1.7.5...1.7.6

boto/boto3 (boto3)

`v1.42.54`

Compare Source

=======

api-change:appstream: [botocore] Adding new attribute to disable IMDS v1 APIs for fleet, Image Builder and AppBlockBuilder instances.
api-change:ecs: [botocore] Migrated to Smithy. No functional changes
api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
api-change:sagemaker-runtime: [botocore] Added support for S3OutputPathExtension and Filename parameters to the InvokeEndpointAsync API to allow users to customize the S3 output path and file name for async inference response payloads.
api-change:signer-data: [botocore] This release introduces AWS Signer Data Plane SDK client supporting GetRevocationStatus API. The new client enables AWS PrivateLink connectivity with both private DNS and VPC endpoint URLs.
api-change:ssm: [botocore] Add support for AssociationDispatchAssumeRole in AWS SSM State Manager.
api-change:trustedadvisor: [botocore] Adding a new enum attribute(statusReason) to TrustedAdvisorAPI response. This attribute explains reasoning behind check status for certain specific scenarios.

`v1.42.53`

Compare Source

=======

api-change:bcm-dashboards: [botocore] The Billing and Cost Management GetDashboard API now returns identifier for each widget, enabling users to uniquely identify widgets within their dashboards.
api-change:ecr: [botocore] Adds multiple artifact types filter support in ListImageReferrers API.
api-change:pca-connector-scep: [botocore] AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. With this launch, you can create VPC endpoints to connect to your SCEP connector privately.
enhancement:checksums: [botocore] Added support for the SHA512 checksum algorithm. When the optional AWS CRT (awscrt) dependency is installed, support is also enabled for the XXHASH64, XXHASH3, and XXHASH128 checksum algorithms. Also added pass-through support for customer-provided MD5 checksum headers (without SDK-side MD5 calculation or validation).

`v1.42.52`

Compare Source

=======

api-change:cleanrooms: [botocore] This release adds support for federated catalogs in Athena-sourced configured tables.
api-change:connect: [botocore] Correcting in-app notifications API documentation.

`v1.42.51`

Compare Source

=======

api-change:ec2: [botocore] Add Operator field to CreatePlacementGroup and DescribePlacementGroup APIs.
api-change:evidently: [botocore] The evidently client has been removed following the deprecation of the service.
api-change:grafana: [botocore] This release updates Amazon Managed Grafana's APIs to support customer managed KMS keys.
api-change:iotanalytics: [botocore] The iotanalytics client has been removed following the deprecation of the service.
api-change:rds: [botocore] Adds support for the StorageEncryptionType field to specify encryption type for DB clusters, DB instances, snapshots, automated backups, and global clusters.
api-change:workspaces-web: [botocore] Adds support for branding customization without requiring a custom wallpaper.

`v1.42.50`

Compare Source

=======

api-change:arc-region-switch: [botocore] Clarify documentation on ARC Region Switch start-plan-execution operation
api-change:ec2: [botocore] Documentation updates for EC2 Secondary Networks
api-change:ecr: [botocore] Adds support for enabling blob mounting, and removes support for Clair based image scanning
api-change:kafka: [botocore] Amazon MSK now supports dual-stack connectivity (IPv4 and IPv6) for existing MSK clusters. You can enable dual-stack on existing clusters by specifying the NetworkType parameter in updateConnectivity API.
api-change:kms: [botocore] Added support for Decrypt and ReEncrypt API's to use dry run feature without ciphertext for authorization validation
api-change:qconnect: [botocore] Update MessageType enum to include missing types.

`v1.42.49`

Compare Source

=======

api-change:cloudwatch: [botocore] Adding new evaluation states that provides information about the alarm evaluation process. Evaluation error Indicates configuration errors in alarm setup that require review and correction. Evaluation failure Indicates temporary CloudWatch issues.
api-change:connect: [botocore] API release for headerr notifications in the admin website. APIs allow customers to publish brief messages (including URLs) to a specified audience, and a new header icon will indicate when unread messages are available.
api-change:ec2: [botocore] This release adds geography information to EC2 region and availability zone APIs. DescribeRegions now includes a Geography field, while DescribeAvailabilityZones includes both Geography and SubGeography fields, enabling better geographic classification for AWS regions and zones.
api-change:inspector2: [botocore] Added .Net 10 (dotnet10) and Node 24.x (node24.x) runtime support for lambda package scanning
api-change:sagemaker: [botocore] Enable g7e instance type support for SageMaker Processing, and enable single file configuration provisioning for HyperPod Slurm, where customers have the option to use HyperPod API to provide the provisioning parameters.
enhancement:AWSCRT: [botocore] Update awscrt version to 0.31.2

`v1.42.48`

Compare Source

=======

api-change:ec2: [botocore] Launching nested virtualization. This feature allows you to run nested VMs inside virtual (non-bare metal) EC2 instances.

`v1.42.47`

Compare Source

=======

api-change:batch: [botocore] Add support for listing jobs by share identifier and getting snapshots of active capacity utilization by job queue and share.
api-change:ec2: [botocore] R8i instances powered by custom Intel Xeon 6 processors available only on AWS with sustained all-core 3.9 GHz turbo frequency
api-change:eks: [botocore] This release adds support for Windows Server 2025 in Amazon EKS Managed Node Groups.
api-change:kafkaconnect: [botocore] Support configurable upper limits on task count during autoscaling operations via maxAutoscalingTaskCount parameter.
api-change:s3tables: [botocore] S3 Tables now supports setting partition specifications and sort orders on tables. Partition specs allow users to define how data is organized using transform functions. Sort order configurations enable users to specify sort directions and null ordering preferences for optimized data layout.

`v1.42.46`

Compare Source

=======

api-change:bedrock-agentcore: [botocore] Added AgentCore browser proxy configuration support, allowing routing of browser traffic through HTTP and HTTPS proxy servers with authentication and bypass rules.
api-change:connect: [botocore] Amazon Connect now supports per-channel auto-accept and After Contact Work (ACW) timeouts. Configure agents with auto-accept and ACW timeout settings for chat, tasks, emails, and callbacks. Use the new UpdateUserConfig API to manage these settings.
api-change:eks: [botocore] Introducing an optional policy field, an IAM policy applied to pod identity associations in addition to IAM role policies. When specified, pod permissions are the intersection of IAM role policies and the policy field, ensuring the principle of least privilege.
api-change:kafka: [botocore] Amazon MSK adds three new APIs, CreateTopic, UpdateTopic, and DeleteTopic for managing Kafka topics in your MSK clusters.
api-change:rds: [botocore] This release adds backup configuration for RDS and Aurora restores, letting customers set backup retention period and preferred backup window during restore. It also enables viewing backup settings when describing snapshots or automated backups for instances and clusters.

`v1.42.45`

Compare Source

=======

api-change:connectcampaignsv2: [botocore] Add the missing event type for WhatsApp
api-change:ec2: [botocore] Amazon Secondary Networks is a networking feature that provides high-performance, low-latency connectivity for specialized workloads.
api-change:eks: [botocore] Amazon EKS adds a new DescribeUpdate update type, VendedLogsUpdate, to support an integration between EKS Auto Mode and Amazon CloudWatch Vended Logs.
api-change:imagebuilder: [botocore] EC2 Image Builder now supports wildcard patterns in lifecycle policies with recipes and enhances the experience of tag-scoped policies.
api-change:lakeformation: [botocore] Allow cross account v5 in put data lake settings
api-change:neptunedata: [botocore] Added edgeOnlyLoad boolean parameter to Neptune bulk load request. When TRUE, files are loaded in order without scanning. When FALSE (default), the loader scans files first, then loads vertex files before edge files automatically.
api-change:pcs: [botocore] Introduces RESUMING state for clusters, compute node groups, and queues.
api-change:transfer: [botocore] This release adds a documentation update for MdnResponse of type "ASYNC"

[`v1.42.44`](https://redirect.github.com/bo

Configuration

📅 Schedule: Branch creation - "before 10pm on Sunday" in timezone America/Chicago, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-02-11T06:46:25Z

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv flask-session2-hlBlwS4--py3.12 in /home/ubuntu/.cache/pypoetry/virtualenvs

The current project's Python requirement (>=3.7.2,<4.0.0) is not compatible with some of the required packages Python requirement:
  - cachelib requires Python >=3.8, so it will not be satisfied for Python >=3.7.2,<3.8

Because no versions of cachelib match >0.13.0,<0.14.0
 and cachelib (0.13.0) requires Python >=3.8, cachelib is forbidden.
So, because flask-session2 depends on cachelib (^0.13.0), version solving failed.

  • Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties
    
    For cachelib, a possible solution would be to set the `python` property to ">=3.8,<4.0.0"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers

renovate bot added maintenance renovate labels Feb 11, 2024

renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from f711d1f to 9999140 Compare February 17, 2024 04:19

renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 8f12b36 to 6a5e71e Compare February 25, 2024 11:43

renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 113102d to 63b8c12 Compare March 1, 2024 21:29

renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from b35674f to c43db40 Compare March 6, 2024 01:55

renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 4d6c960 to 4865a83 Compare July 20, 2025 22:38

renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 1b617e1 to be091e3 Compare August 5, 2025 21:12

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from cb4a042 to a8d1c5a Compare August 19, 2025 21:40

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 3d35788 to 9329cea Compare September 9, 2025 22:13

renovate bot force-pushed the renovate/all-minor-patch branch from 9329cea to 88f8301 Compare September 16, 2025 03:06

renovate bot force-pushed the renovate/all-minor-patch branch from 88f8301 to b27e14a Compare September 23, 2025 21:47

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from b80e0eb to 6fee96c Compare October 7, 2025 19:31

renovate bot force-pushed the renovate/all-minor-patch branch from 6fee96c to ba05a4b Compare October 9, 2025 22:29

renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 177cf63 to f6b4960 Compare November 11, 2025 17:12

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from b0d6d85 to 2d3ff33 Compare November 19, 2025 02:03

renovate bot force-pushed the renovate/all-minor-patch branch from 2d3ff33 to a23988a Compare December 1, 2025 10:39

renovate bot force-pushed the renovate/all-minor-patch branch from a23988a to ea925aa Compare December 19, 2025 00:53

renovate bot force-pushed the renovate/all-minor-patch branch from ea925aa to 8b7e63d Compare January 11, 2026 04:41

renovate bot force-pushed the renovate/all-minor-patch branch from 8b7e63d to 60318d6 Compare February 4, 2026 21:03

renovate bot force-pushed the renovate/all-minor-patch branch from 60318d6 to 7642b5c Compare February 18, 2026 04:29

fix(deps) Update all non-major dependencies

3fe7069

renovate bot force-pushed the renovate/all-minor-patch branch from 7642b5c to 3fe7069 Compare February 20, 2026 05:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

fix(deps) Update all non-major dependencies#122

fix(deps) Update all non-major dependencies#122
renovate[bot] wants to merge 1 commit intodevfrom
renovate/all-minor-patch

renovate bot commented Feb 11, 2024 •

edited

Loading

Uh oh!

renovate bot commented Feb 11, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

renovate bot commented Feb 11, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Bug Fixes

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

[v1.42.44](https://redirect.github.com/bo

Configuration

Uh oh!

renovate bot commented Feb 11, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠ Artifact update problem

File name: poetry.lock

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Feb 11, 2024 •

edited

Loading

[`v1.42.44`](https://redirect.github.com/bo

renovate bot commented Feb 11, 2024 •

edited

Loading