Male' Map Telegram Bot

Overview

Male' Map TelegramBot

A simple TelegramBot to fetch residential addresses in Male', Maldives. The bot can be queried inline or directly.

sample .env file

DEBUG=false
SQLITE_SOURCE=databases/maalemap.db

MAPBOT_API_TOKEN=telegramtoken
MAPBOT_API_TOKEN_VIBER=vibertoken

# enable webhook support
WEBHOOK_URL=https://google.com
WEBHOOK_PATH=/maalemaps/bot

# local service
WEBAPP_HOST=0.0.0.0
#WEBAPP_PORT=8443

Testing

for testing webhooks, uncomment the following lines

from pyngrok import ngrok
WEBHOOK_URL = ngrok.connect(WEBAPP_PORT).replace("http", "https").rstrip("/")
Comments
  • Bump pydantic from 1.4 to 1.6.2

    Bump pydantic from 1.4 to 1.6.2

    Bumps pydantic from 1.4 to 1.6.2.

    Release notes

    Sourced from pydantic's releases.

    v1.6.2 (2021-05-11)

    Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, see security advisory CVE-2021-29510.

    v1.6.1 (2020-07-15)

    See Changelog.

    Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

    changes:

    v1.6 (2020-07-11)

    See Changelog.

    Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

    changes:

    • Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
    • add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
    • Document default regex anchoring semantics, #1648 by @​yurikhan
    • Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain. Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
    • Add conset(), analogous to conlist(), #1623 by @​patrickkwang
    • make pydantic errors (un)pickable, #1616 by @​PrettyWood
    • Allow custom encoding for dotenv files, #1615 by @​PrettyWood
    • Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
    • Update datetime parser to support negative timestamps, #1600 by @​mlbiche
    • Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
    • Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
    • Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
    • Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
    • Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
    • change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
    • Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
    • Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
    • Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
    • Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
    • Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
    • Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
    • Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
    • Avoid some side effects of default_factory by calling it only once if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
    • Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
    • Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
    • include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
    • Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and minimum are not included in the schema if they are equal to -math.inf and exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
    • Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang

    ... (truncated)

    Changelog

    Sourced from pydantic's changelog.

    v1.6.2 (2021-05-11)

    • Security fix: Fix date and datetime parsing so passing either 'infinity' or float('inf') (or their negative values) does not cause an infinite loop, See security advisory CVE-2021-29510

    v1.6.1 (2020-07-15)

    v1.6 (2020-07-11)

    Thank you to pydantic's sponsors: @​matin, @​tiangolo, @​chdsbd, @​jorgecarleitao, and 1 anonymous sponsor for their kind support.

    • Modify validators for conlist and conset to not have always=True, #1682 by @​samuelcolvin
    • add port check to AnyUrl (can't exceed 65536) ports are 16 insigned bits: 0 <= port <= 2**16-1 src: rfc793 header format, #1654 by @​flapili
    • Document default regex anchoring semantics, #1648 by @​yurikhan
    • Use chain.from_iterable in class_validators.py. This is a faster and more idiomatic way of using itertools.chain. Instead of computing all the items in the iterable and storing them in memory, they are computed one-by-one and never stored as a huge list. This can save on both runtime and memory space, #1642 by @​cool-RR
    • Add conset(), analogous to conlist(), #1623 by @​patrickkwang
    • make pydantic errors (un)pickable, #1616 by @​PrettyWood
    • Allow custom encoding for dotenv files, #1615 by @​PrettyWood
    • Ensure SchemaExtraCallable is always defined to get type hints on BaseConfig, #1614 by @​PrettyWood
    • Update datetime parser to support negative timestamps, #1600 by @​mlbiche
    • Update mypy, remove AnyType alias for Type[Any], #1598 by @​samuelcolvin
    • Adjust handling of root validators so that errors are aggregated from all failing root validators, instead of reporting on only the first root validator to fail, #1586 by @​beezee
    • Make __modify_schema__ on Enums apply to the enum schema rather than fields that use the enum, #1581 by @​therefromhere
    • Fix behavior of __all__ key when used in conjunction with index keys in advanced include/exclude of fields that are sequences, #1579 by @​xspirus
    • Subclass validators do not run when referencing a List field defined in a parent class when each_item=True. Added an example to the docs illustrating this, #1566 by @​samueldeklund
    • change schema.field_class_to_schema to support frozenset in schema, #1557 by @​wangpeibao
    • Call __modify_schema__ only for the field schema, #1552 by @​PrettyWood
    • Move the assignment of field.validate_always in fields.py so the always parameter of validators work on inheritance, #1545 by @​dcHHH
    • Added support for UUID instantiation through 16 byte strings such as b'\x12\x34\x56\x78' * 4. This was done to support BINARY(16) columns in sqlalchemy, #1541 by @​shawnwall
    • Add a test assertion that default_factory can return a singleton, #1523 by @​therefromhere
    • Add NameEmail.__eq__ so duplicate NameEmail instances are evaluated as equal, #1514 by @​stephen-bunn
    • Add datamodel-code-generator link in pydantic document site, #1500 by @​koxudaxi
    • Added a "Discussion of Pydantic" section to the documentation, with a link to "Pydantic Introduction" video by Alexander Hultnér, #1499 by @​hultner
    • Avoid some side effects of default_factory by calling it only once if possible and by not setting a default value in the schema, #1491 by @​PrettyWood
    • Added docs about dumping dataclasses to JSON, #1487 by @​mikegrima
    • Make BaseModel.__signature__ class-only, so getting __signature__ from model instance will raise AttributeError, #1466 by @​MrMrRobat
    • include 'format': 'password' in the schema for secret types, #1424 by @​atheuz
    • Modify schema constraints on ConstrainedFloat so that exclusiveMinimum and minimum are not included in the schema if they are equal to -math.inf and exclusiveMaximum and maximum are not included if they are equal to math.inf, #1417 by @​vdwees
    • Squash internal __root__ dicts in .dict() (and, by extension, in .json()), #1414 by @​patrickkwang
    • Move const validator to post-validators so it validates the parsed value, #1410 by @​selimb
    • Fix model validation to handle nested literals, e.g. Literal['foo', Literal['bar']], #1364 by @​DBCerigo
    • Remove user_required = True from RedisDsn, neither user nor password are required, #1275 by @​samuelcolvin

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pyyaml from 5.3.1 to 5.4

    Bump pyyaml from 5.3.1 to 5.4

    Bumps pyyaml from 5.3.1 to 5.4.

    Changelog

    Sourced from pyyaml's changelog.

    5.4 (2021-01-19)

    Commits
    • 58d0cb7 5.4 release
    • a60f7a1 Fix compatibility with Jython
    • ee98abd Run CI on PR base branch changes
    • ddf2033 constructor.timezone: _copy & deepcopy
    • fc914d5 Avoid repeatedly appending to yaml_implicit_resolvers
    • a001f27 Fix for CVE-2020-14343
    • fe15062 Add 3.9 to appveyor file for completeness sake
    • 1e1c7fb Add a newline character to end of pyproject.toml
    • 0b6b7d6 Start sentences and phrases for capital letters
    • c976915 Shell code improvements
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump aiohttp from 3.6.2 to 3.7.4

    Bump aiohttp from 3.6.2 to 3.7.4

    Bumps aiohttp from 3.6.2 to 3.7.4.

    Release notes

    Sourced from aiohttp's releases.

    aiohttp 3.7.3 release

    Features

    • Use Brotli instead of brotlipy [#3803](https://github.com/aio-libs/aiohttp/issues/3803) <https://github.com/aio-libs/aiohttp/issues/3803>_
    • Made exceptions pickleable. Also changed the repr of some exceptions. [#4077](https://github.com/aio-libs/aiohttp/issues/4077) <https://github.com/aio-libs/aiohttp/issues/4077>_

    Bugfixes

    • Raise a ClientResponseError instead of an AssertionError for a blank HTTP Reason Phrase. [#3532](https://github.com/aio-libs/aiohttp/issues/3532) <https://github.com/aio-libs/aiohttp/issues/3532>_
    • Fix web_middlewares.normalize_path_middleware behavior for patch without slash. [#3669](https://github.com/aio-libs/aiohttp/issues/3669) <https://github.com/aio-libs/aiohttp/issues/3669>_
    • Fix overshadowing of overlapped sub-applications prefixes. [#3701](https://github.com/aio-libs/aiohttp/issues/3701) <https://github.com/aio-libs/aiohttp/issues/3701>_
    • Make BaseConnector.close() a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax. [#3736](https://github.com/aio-libs/aiohttp/issues/3736) <https://github.com/aio-libs/aiohttp/issues/3736>_
    • Reset the sock_read timeout each time data is received for a aiohttp.client response. [#3808](https://github.com/aio-libs/aiohttp/issues/3808) <https://github.com/aio-libs/aiohttp/issues/3808>_
    • Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View [#3880](https://github.com/aio-libs/aiohttp/issues/3880) <https://github.com/aio-libs/aiohttp/issues/3880>_
    • Fixed querying the address families from DNS that the current host supports. [#5156](https://github.com/aio-libs/aiohttp/issues/5156) <https://github.com/aio-libs/aiohttp/issues/5156>_
    • Change return type of MultipartReader.aiter() and BodyPartReader.aiter() to AsyncIterator. [#5163](https://github.com/aio-libs/aiohttp/issues/5163) <https://github.com/aio-libs/aiohttp/issues/5163>_
    • Provide x86 Windows wheels. [#5230](https://github.com/aio-libs/aiohttp/issues/5230) <https://github.com/aio-libs/aiohttp/issues/5230>_

    Improved Documentation

    • Add documentation for aiohttp.web.FileResponse. [#3958](https://github.com/aio-libs/aiohttp/issues/3958) <https://github.com/aio-libs/aiohttp/issues/3958>_
    • Removed deprecation warning in tracing example docs [#3964](https://github.com/aio-libs/aiohttp/issues/3964) <https://github.com/aio-libs/aiohttp/issues/3964>_
    • Fixed wrong "Usage" docstring of aiohttp.client.request. [#4603](https://github.com/aio-libs/aiohttp/issues/4603) <https://github.com/aio-libs/aiohttp/issues/4603>_
    • Add aiohttp-pydantic to third party libraries [#5228](https://github.com/aio-libs/aiohttp/issues/5228) <https://github.com/aio-libs/aiohttp/issues/5228>_

    Misc

    ... (truncated)

    Changelog

    Sourced from aiohttp's changelog.

    3.7.4 (2021-02-25)

    Bugfixes

    • (SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

      Thanks to Beast Glatisant <https://github.com/g147>__ for finding the first instance of this issue and Jelmer Vernooij <https://jelmer.uk/>__ for reporting and tracking it down in aiohttp. [#5497](https://github.com/aio-libs/aiohttp/issues/5497) <https://github.com/aio-libs/aiohttp/issues/5497>_

    • Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.

      Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter. [#5498](https://github.com/aio-libs/aiohttp/issues/5498) <https://github.com/aio-libs/aiohttp/issues/5498>_


    3.7.3 (2020-11-18)

    Features

    • Use Brotli instead of brotlipy [#3803](https://github.com/aio-libs/aiohttp/issues/3803) <https://github.com/aio-libs/aiohttp/issues/3803>_
    • Made exceptions pickleable. Also changed the repr of some exceptions. [#4077](https://github.com/aio-libs/aiohttp/issues/4077) <https://github.com/aio-libs/aiohttp/issues/4077>_

    Bugfixes

    • Raise a ClientResponseError instead of an AssertionError for a blank HTTP Reason Phrase. [#3532](https://github.com/aio-libs/aiohttp/issues/3532) <https://github.com/aio-libs/aiohttp/issues/3532>_
    • Fix web_middlewares.normalize_path_middleware behavior for patch without slash. [#3669](https://github.com/aio-libs/aiohttp/issues/3669) <https://github.com/aio-libs/aiohttp/issues/3669>_
    • Fix overshadowing of overlapped sub-applications prefixes. [#3701](https://github.com/aio-libs/aiohttp/issues/3701) <https://github.com/aio-libs/aiohttp/issues/3701>_

    ... (truncated)

    Commits
    • 0a26acc Bump aiohttp to v3.7.4 for a security release
    • 021c416 Merge branch 'ghsa-v6wp-4m6f-gcjg' into master
    • 4ed7c25 Bump chardet from 3.0.4 to 4.0.0 (#5333)
    • b61f0fd Fix how pure-Python HTTP parser interprets //
    • 5c1efbc Bump pre-commit from 2.9.2 to 2.9.3 (#5322)
    • 0075075 Bump pygments from 2.7.2 to 2.7.3 (#5318)
    • 5085173 Bump multidict from 5.0.2 to 5.1.0 (#5308)
    • 5d1a75e Bump pre-commit from 2.9.0 to 2.9.2 (#5290)
    • 6724d0e Bump pre-commit from 2.8.2 to 2.9.0 (#5273)
    • c688451 Removed duplicate timeout parameter in ClientSession reference docs. (#5262) ...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump cryptography from 3.2 to 3.3.2

    Bump cryptography from 3.2 to 3.3.2

    Bumps cryptography from 3.2 to 3.3.2.

    Changelog

    Sourced from cryptography's changelog.

    3.3.2 - 2021-02-07

    
    * **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
      when symmetrically encrypting very large payloads (>2GB) could result in an
      integer overflow, leading to buffer overflows. *CVE-2020-36242*
    

    .. _v3-3-1:

    3.3.1 - 2020-12-09

    • Re-added a legacy symbol causing problems for older pyOpenSSL users.

    .. _v3-3:

    3.3 - 2020-12-08

    
    * **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to
      low usage and maintenance burden.
    * **BACKWARDS INCOMPATIBLE:** The
      :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and
      :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require
      64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change
      is to conform with an upcoming OpenSSL release that will no longer support
      sizes outside this window.
    * **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now
      raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an
      unsupported cipher is used. This change is to conform with an upcoming
      OpenSSL release that will no longer distinguish between error types.
    * **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field
      Diffie-Hellman parameters of less than 512 bits in length. This change is to
      conform with an upcoming OpenSSL release that no longer supports smaller
      sizes. These keys were already wildly insecure and should not have been used
      in any application outside of testing.
    * Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
      OpenSSL 1.1.1i.
    * Python 2 support is deprecated in ``cryptography``. This is the last release
      that will support Python 2.
    * Added the
      :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature`
      function to
      :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
      for recovering the signed data from an RSA signature.
    

    .. _v3-2-1:

    3.2.1 - 2020-10-27

    ... (truncated)

    Commits
    • 82b6ce2 correct buffer overflows cause by integer overflow in openssl (#5747)
    • 1ff0d50 re-add Cryptography_HAS_TLSEXT_HOSTNAME and bump for 3.3.1 (#5625)
    • 7e8fff7 Prepare for 3.3 release (#5603)
    • b5278c9 Fixed DH tests for latest CentOS FIPS OpenSSL (#5604)
    • 6693d55 Add support for RSA signature recovery (#5573)
    • 8686d52 Document that PKCS1v1.5 is not constant time (#5600)
    • 1be144a bump cffi minimum version to help out pyopenssl (#5598)
    • 96f2d96 remove legacy debugging code from setup.py (#5597)
    • 2660f93 Document that Firefox doesn't support unencrypted pkcs12 (#5596)
    • a209669 Added tls bindings for new OpenSSL APIs (#5595)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump cryptography from 2.9 to 3.2

    Bump cryptography from 2.9 to 3.2

    Bumps cryptography from 2.9 to 3.2.

    Changelog

    Sourced from cryptography's changelog.

    3.2 - 2020-10-25

    
    * **SECURITY ISSUE:** Attempted to make RSA PKCS#1v1.5 decryption more constant
      time, to protect against Bleichenbacher vulnerabilities. Due to limitations
      imposed by our API, we cannot completely mitigate this vulnerability and a
      future release will contain a new API which is designed to be resilient to
      these for contexts where it is required. Credit to **Hubert Kario** for
      reporting the issue. *CVE-2020-25659*
    * Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL
      will need to upgrade.
    * Added basic support for PKCS7 signing (including SMIME) via
      :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.
    

    .. _v3-1-1:

    3.1.1 - 2020-09-22

    • Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1h.

    .. _v3-1:

    3.1 - 2020-08-26

    
    * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
      :term:`U-label` parsing in various X.509 classes. This support was originally
      deprecated in version 2.1 and moved to an extra in 2.5.
    * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
      the OpenSSL project. The next version of ``cryptography`` will drop support
      for it.
    * Deprecated support for Python 3.5. This version sees very little use and will
      be removed in the next release.
    * ``backend`` arguments to functions are no longer required and the
      default backend will automatically be selected if no ``backend`` is provided.
    * Added initial support for parsing certificates from PKCS7 files with
      :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
      and
      :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
      .
    * Calling ``update`` or ``update_into`` on
      :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
      longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
      also resolves the same issue in :doc:`/fernet`.
    

    .. _v3-0:

    3.0 - 2020-07-20 </tr></table>

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump uvicorn from 0.11.3 to 0.11.7

    Bump uvicorn from 0.11.3 to 0.11.7

    ⚠️ Dependabot is rebasing this PR ⚠️

    If you make any changes to it yourself then they will take precedence over the rebase.


    Bumps uvicorn from 0.11.3 to 0.11.7.

    Release notes

    Sourced from uvicorn's releases.

    Version 0.11.7

    0.11.7

    • SECURITY FIX: Prevent sending invalid HTTP header names and values.
    • SECURITY FIX: Ensure path value is escaped before logging to the console.

    Version 0.11.6

    • Fix overriding the root logger.

    Version 0.11.5

    • Revert "Watch all files, not just .py" due to unexpected side effects.
    • Revert "Pass through gunicorn timeout config." due to unexpected side effects.

    Version 0.11.4

    • Use watchgod, if installed, for watching code changes.
    • Reload application when any files in watched directories change, not just .py files.
    Changelog

    Sourced from uvicorn's changelog.

    0.11.7

    • SECURITY FIX: Prevent sending invalid HTTP header names and values.
    • SECURITY FIX: Ensure path value is escaped before logging to the console.

    0.11.6

    • Fix overriding the root logger.

    0.11.5

    • Revert "Watch all files, not just .py" due to unexpected side effects.
    • Revert "Pass through gunicorn timeout config." due to unexpected side effects.

    0.11.4

    • Use watchgod, if installed, for watching code changes.
    • Watch all files, not just .py.
    • Pass through gunicorn timeout config.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump certifi from 2019.11.28 to 2022.12.7

    Bump certifi from 2019.11.28 to 2022.12.7

    Bumps certifi from 2019.11.28 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump numpy from 1.18.1 to 1.22.0

    Bump numpy from 1.18.1 to 1.22.0

    Bumps numpy from 1.18.1 to 1.22.0.

    Release notes

    Sourced from numpy's releases.

    v1.22.0

    NumPy 1.22.0 Release Notes

    NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

    • Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
    • A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
    • NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
    • New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
    • A new configurable allocator for use by downstream projects.

    These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

    The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

    Expired deprecations

    Deprecated numeric style dtype strings have been removed

    Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

    (gh-19539)

    Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

    numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

    (gh-19615)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump babel from 2.8.0 to 2.9.1

    Bump babel from 2.8.0 to 2.9.1

    Bumps babel from 2.8.0 to 2.9.1.

    Release notes

    Sourced from babel's releases.

    Version 2.9.1

    Bugfixes

    • The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!

    Version 2.9.0

    Upcoming version support changes

    • This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

    Improvements

    • CLDR: Use CLDR 37 – Aarni Koskela (#734)
    • Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon (#741)
    • Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar (#726)

    Bugfixes

    • Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
    • Import: Simplify iteration code in "import_cldr.py" – Felix Schwarz
    • Import: Stop using deprecated ElementTree methods "getchildren()" and "getiterator()" – Felix Schwarz
    • Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
    • Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
    • Tests: fix tests when using Python 3.9 – Felix Schwarz
    • Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
    • Tests: Support Py.test 6.x – Aarni Koskela
    • Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin (#724)
    • Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok

    Documentation

    • Update parse_number comments – Brad Martin (#708)
    • Add iter to Catalog documentation – @​CyanNani123

    Version 2.8.1

    This patch version only differs from 2.8.0 in that it backports in #752.

    Changelog

    Sourced from babel's changelog.

    Version 2.9.1

    Bugfixes

    
    * The internal locale-data loading functions now validate the name of the locale file to be loaded and only
      allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!
    

    Version 2.9.0

    Upcoming version support changes

    • This version, Babel 2.9, is the last version of Babel to support Python 2.7, Python 3.4, and Python 3.5.

    Improvements

    
    * CLDR: Use CLDR 37 – Aarni Koskela ([#734](https://github.com/python-babel/babel/issues/734))
    * Dates: Handle ZoneInfo objects in get_timezone_location, get_timezone_name - Alessio Bogon ([#741](https://github.com/python-babel/babel/issues/741))
    * Numbers: Add group_separator feature in number formatting - Abdullah Javed Nesar ([#726](https://github.com/python-babel/babel/issues/726))
    

    Bugfixes

    
    * Dates: Correct default Format().timedelta format to 'long' to mute deprecation warnings – Aarni Koskela
    * Import: Simplify iteration code in &quot;import_cldr.py&quot; – Felix Schwarz
    * Import: Stop using deprecated ElementTree methods &quot;getchildren()&quot; and &quot;getiterator()&quot; – Felix Schwarz
    * Messages: Fix unicode printing error on Python 2 without TTY. – Niklas Hambüchen
    * Messages: Introduce invariant that _invalid_pofile() takes unicode line. – Niklas Hambüchen
    * Tests: fix tests when using Python 3.9 – Felix Schwarz
    * Tests: Remove deprecated 'sudo: false' from Travis configuration – Jon Dufresne
    * Tests: Support Py.test 6.x – Aarni Koskela
    * Utilities: LazyProxy: Handle AttributeError in specified func – Nikiforov Konstantin ([#724](https://github.com/python-babel/babel/issues/724))
    * Utilities: Replace usage of parser.suite with ast.parse – Miro Hrončok
    

    Documentation </code></pre> <ul> <li>Update parse_number comments – Brad Martin (<a href="https://github-redirect.dependabot.com/python-babel/babel/issues/708">#708</a>)</li> <li>Add <strong>iter</strong> to Catalog documentation – <a href="https://github.com/CyanNani123"><code>@​CyanNani123</code></a></li> </ul> <h2>Version 2.8.1</h2> <p>This is solely a patch release to make running tests on Py.test 6+ possible.</p> <p>Bugfixes</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary>

    <ul> <li><a href="https://github.com/python-babel/babel/commit/a99fa2474c808b51ebdabea18db871e389751559"><code>a99fa24</code></a> Use 2.9.0's setup.py for 2.9.1</li> <li><a href="https://github.com/python-babel/babel/commit/60b33e083801109277cb068105251e76d0b7c14e"><code>60b33e0</code></a> Become 2.9.1</li> <li><a href="https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3"><code>412015e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-babel/babel/issues/782">#782</a> from python-babel/locale-basename</li> <li><a href="https://github.com/python-babel/babel/commit/5caf717ceca4bd235552362b4fbff88983c75d8c"><code>5caf717</code></a> Disallow special filenames on Windows</li> <li><a href="https://github.com/python-babel/babel/commit/3a700b5b8b53606fd98ef8294a56f9510f7290f8"><code>3a700b5</code></a> Run locale identifiers through <code>os.path.basename()</code></li> <li><a href="https://github.com/python-babel/babel/commit/5afe2b2f11dcdd6090c00231d342c2e9cd1bdaab"><code>5afe2b2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-babel/babel/issues/754">#754</a> from python-babel/github-ci</li> <li><a href="https://github.com/python-babel/babel/commit/58de8342f865df88697a4a166191e880e3c84d82"><code>58de834</code></a> Replace Travis + Appveyor with GitHub Actions (WIP)</li> <li><a href="https://github.com/python-babel/babel/commit/d1bbc08e845d03d8e1f0dfa0e04983d755f39cb5"><code>d1bbc08</code></a> import_cldr: use logging; add -q option</li> <li><a href="https://github.com/python-babel/babel/commit/156b7fb9f377ccf58c71cf01dc69fb10c7b69314"><code>156b7fb</code></a> Quiesce CLDR download progress bar if requested (or not a TTY)</li> <li><a href="https://github.com/python-babel/babel/commit/613dc1700f91c3d40b081948c0dd6023d8ece057"><code>613dc17</code></a> Make the import warnings about unsupported number systems less verbose</li> <li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.8.0...v2.9.1">compare view</a></li> </ul> </details>

    <br />

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump websockets from 8.1 to 9.1

    Bump websockets from 8.1 to 9.1

    Bumps websockets from 8.1 to 9.1.

    Changelog

    Sourced from websockets's changelog.

    9.1 ...

    May 27, 2021

    .. note::

    **Version 9.1 fixes a security issue introduced in version 8.0.**
    

    Version 8.0 was vulnerable to timing attacks on HTTP Basic Auth passwords.

    9.0.2 .....

    May 15, 2021

    • Restored compatibility of python -m websockets with Python < 3.9.

    • Restored compatibility with mypy.

    9.0.1 .....

    May 2, 2021

    • Fixed issues with the packaging of the 9.0 release.

    9.0 ...

    May 1, 2021

    .. note::

    **Version 9.0 moves or deprecates several APIs.**
    

    Aliases provide backwards compatibility for all previously public APIs.

    • :class:~datastructures.Headers and :exc:~datastructures.MultipleValuesError were moved from websockets.http to :mod:websockets.datastructures. If you're using them, you should adjust the import path.

    • The client, server, protocol, and auth modules were moved from the websockets package to websockets.legacy sub-package, as part of an upcoming refactoring. Despite the name, they're still fully supported. The refactoring should be a transparent upgrade for most uses when it's available. The legacy implementation will be preserved according to the backwards-compatibility policy_.

... (truncated)

Commits
  • d0f3288 Bump version number.
  • 547a26b Use constant-time comparison for passwords.
  • a14226a Bump version number.
  • 8900c13 Add mypy to dictionary.
  • 0713dbf Add test coverage.
  • b99c4fe Restore real imports for compatibility with mypy.
  • e44e085 Use relative imports everywhere, for consistency.
  • 70fadbf Restore compatibility with Python < 3.9.
  • 217ac2d Fix broken link.
  • fc176f4 Bump version number.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies 
opened by dependabot[bot] 0
  • Bump fastapi from 0.54.1 to 0.65.2

    Bump fastapi from 0.54.1 to 0.65.2

    Bumps fastapi from 0.54.1 to 0.65.2.

    Release notes

    Sourced from fastapi's releases.

    0.65.2

    Security fixes

    This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

    In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json).

    So, a request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted.

    But requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

    See CVE-2021-32677 for more details.

    Thanks to Dima Boger for the security report! 🙇🔒

    Internal

    0.65.1

    Security fixes

    0.65.0

    Breaking Changes - Upgrade

    • ⬆️ Upgrade Starlette to 0.14.2, including internal UJSONResponse migrated from Starlette. This includes several bug fixes and features from Starlette. PR #2335 by @​hanneskuettner.

    Translations

    Internal

    0.64.0

    Features

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump urllib3 from 1.25.8 to 1.26.5

    Bump urllib3 from 1.25.8 to 1.26.5

    Bumps urllib3 from 1.25.8 to 1.26.5.

    Release notes

    Sourced from urllib3's releases.

    1.26.5

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed deprecation warnings emitted in Python 3.10.
    • Updated vendored six library to 1.16.0.
    • Improved performance of URL parser when splitting the authority component.

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.4

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.3

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed bytes and string comparison issue with headers (Pull #2141)

    • Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme (Pull #2107)

    If you or your organization rely on urllib3 consider supporting us via GitHub Sponsors

    1.26.2

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

    1.26.1

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

    1.26.0

    :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap

    • Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

    • Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ssl_version=ssl.PROTOCOL_TLSv1_1 (Pull #2002) Starting in urllib3 v2.0: Connections that receive a DeprecationWarning will fail

    • Deprecated Retry options Retry.DEFAULT_METHOD_WHITELIST, Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST and Retry(method_whitelist=...) in favor of Retry.DEFAULT_ALLOWED_METHODS, Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT, and Retry(allowed_methods=...) (Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed

    ... (truncated)

    Changelog

    Sourced from urllib3's changelog.

    1.26.5 (2021-05-26)

    • Fixed deprecation warnings emitted in Python 3.10.
    • Updated vendored six library to 1.16.0.
    • Improved performance of URL parser when splitting the authority component.

    1.26.4 (2021-03-15)

    • Changed behavior of the default SSLContext when connecting to HTTPS proxy during HTTPS requests. The default SSLContext now sets check_hostname=True.

    1.26.3 (2021-01-26)

    • Fixed bytes and string comparison issue with headers (Pull #2141)

    • Changed ProxySchemeUnknown error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107)

    1.26.2 (2020-11-12)

    • Fixed an issue where wrap_socket and CERT_REQUIRED wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)

    1.26.1 (2020-11-11)

    • Fixed an issue where two User-Agent headers would be sent if a User-Agent header key is passed as bytes (Pull #2047)

    1.26.0 (2020-11-10)

    • NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>_.

    • Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)

    • Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning

    ... (truncated)

    Commits
    • d161647 Release 1.26.5
    • 2d4a3fe Improve performance of sub-authority splitting in URL
    • 2698537 Update vendored six to 1.16.0
    • 07bed79 Fix deprecation warnings for Python 3.10 ssl module
    • d725a9b Add Python 3.10 to GitHub Actions
    • 339ad34 Use pytest==6.2.4 on Python 3.10+
    • f271c9c Apply latest Black formatting
    • 1884878 [1.26] Properly proxy EOF on the SSLTransport test suite
    • a891304 Release 1.26.4
    • 8d65ea1 Merge pull request from GHSA-5phf-pp7p-vc2r
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Owner
    Naail Abdul Rahman
    Naail Abdul Rahman
    Telegram bot to stream videos in telegram voicechat for both groups and channels. Supports live strams, YouTube videos and telegram media.

    Telegram VCVideoPlayBot An Telegram Bot By @ZauteKm To Stream Videos in Telegram Voice Chat. NOTE: Make sure you have started a VoiceChat in your Grou

    Zaute 20 Oct 21, 2022
    Telegram bot to stream videos in telegram voicechat for both groups and channels. Supports live strams, YouTube videos and telegram media.

    Telegram bot to stream videos in telegram voicechat for both groups and channels. Supports live strams, YouTube videos and telegram media.

    SUBIN 449 Dec 27, 2022
    This is telegram bot to generate string session for using user bots. You can see live bot in https://telegram.dog/string_session_Nsbot

    TG String Session Generate Pyrogram String Session Using this bot. Demo Bot: Configs: API_HASH Get from Here. API_ID Get from Here. BOT_TOKEN Telegram

    Anonymous 27 Oct 28, 2022
    A telegram bot which can show you the status of telegram bot

    BotStatus-Ts-Bot An open source telegram Bot Status bot For demo you can check here The status is updated in every 1 hour About Bot This is a Bot stat

    Ts_Bots 8 Nov 17, 2022
    Telegram PHub Bot using ARQ Api and Pyrogram. This Bot can Download and Send PHub HQ videos in Telegram using ARQ API.

    Tg_PHub_Bot Telegram PHub Bot using ARQ Api and Pyrogram. This Bot can Download and Send PHub HQ videos in Telegram using ARQ API. OS Support All linu

    TheProgrammerCat 13 Oct 21, 2022
    veez music bot is a telegram music bot project, allow you to play music on voice chat group telegram.

    ?? Veez Music Bot Music bot for playing music on telegram voice chat group. Requirements ?? FFmpeg NodeJS nodesource.com Python 3.7+ PyTgCalls ?? Get

    levina 143 Jun 19, 2022
    A simple telegram voting bot based on the python-telegram-bot api.

    A simple telegram voting bot based on the python-telegram-bot api. *To make it more easy to use, I might make a C++ code in the future so you don't ha

    null 3 Sep 13, 2021
    An Telegram Bot By @AsmSafone To Stream Videos in Telegram Voice Chat. This is Also The Source Code of The Bot Which is Being Used In @SafoTheBot Group! ❤️

    Telegram Video Player Bot (Beta) An Telegram Bot By @AsmSafone To Stream Videos in Telegram Voice Chat. Special Features Supports Live Streaming From

    SAF ONE 206 Jan 3, 2023
    Telegram bot implementing Lex Arcana using python-telegram-bot library.

    Lex Arcana Telegram Bot ?? Telegram bot implementing Lex Arcana using python-telegram-bot library. This bot was evaluated for the course "Computer Eng

    Nicolò Sonnino 6 Jun 22, 2022
    A Telegram Filter Bot, Support Unlimited Filter. Also, The Bot can auto-filter telegram File | video

    A Telegram Filter Bot, Support Unlimited Filter. Also, The Bot can auto-filter telegram File | video

    Hash Minner 3 Nov 27, 2021
    A Powerful telegram giveawayz bot based on the python-telegram-bot API

    GiveawayZ Bot A Powerful telegram giveawayz bot based on the python-telegram-bot API. Powered by Team Zyntax and Team DFX Developed by @Zycho-Dev A pr

    Zycho #AFK 5 Jul 31, 2022
    Asad Alexa VC Bot Is A Telegram Bot Project That's Allow You To Play Audio And Video Music On Telegram Voice Chat Group.

    Asad Alexa VC Bot Is A Telegram Bot Project That's Allow You To Play Audio And Video Music On Telegram Voice Chat Group.

    Dr Asad Ali 6 Jun 20, 2022
    A telegram bot script for generating session string using pyrogram and telethon on Telegram bot

    String-session-Bot Telegram Bot to generate Pyrogram and Telethon String Session. A star ⭐ from you means a lot to us! Usage Deploy to Heroku Tap on a

    Wahyusaputra 8 Oct 28, 2022
    Video Bot: an Advanced Telegram Bot that's allow you to play Video & Music on Telegram Group Video Chat

    Video Bot is an Advanced Telegram Bot that's allow you to play Video & Music on

    null 5 Jan 26, 2022
    Web-music-bot - A telegram bot which get a *site Url* and sends all songs contain in the Url to telegram

    web music bot this is a telegram bot which get a site Url and sends all songs co

    Arya Shabane 4 Apr 2, 2022
    Telegram bot for logistic - Telegram bot for logistic

    Демонстрационный телеграм-бот для нужд транспортной компании Цель проекта Реализ

    M1chigun 1 Feb 5, 2022
    A simple Telegram bot that analyses a given word, built with python-telegram-bot

    Telegram Word Bot A simple Telegram bot that analyses a given word, built with python-telegram-bot. The bot is fairly useless - unless you often need

    Chris N 2 Jul 14, 2022
    Easy & powerful bot to check if your all Telegram bots are working or not. This bot status bot updates every 45 minutes & runs for 24x7 hours.

    PowerfulBotStatus-IDN-C-X Easy & powerful bot to check if your all Telegram bots are working or not. This bot status bot updates every 45 minutes & ru

    IDNCoderX 5 Oct 6, 2022