agotool merge requestshttps://gitlab.sib.swiss/dlyon/agotool/-/merge_requests2021-01-08T13:47:32+01:00https://gitlab.sib.swiss/dlyon/agotool/-/merge_requests/2Bump lxml from 4.2.1 to 4.6.2 in /app2021-01-08T13:47:32+01:00David LyonBump lxml from 4.2.1 to 4.6.2 in /app*Created by: dependabot[bot]*
Bumps [lxml](https://github.com/lxml/lxml) from 4.2.1 to 4.6.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>...*Created by: dependabot[bot]*
Bumps [lxml](https://github.com/lxml/lxml) from 4.2.1 to 4.6.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p>
<blockquote>
<h1>4.6.2 (2020-11-26)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
which allowed JavaScript to pass through. The cleaner now removes more sneaky
"style" content.</li>
</ul>
<h1>4.6.1 (2020-10-18)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed
JavaScript to pass through. The cleaner now removes more sneaky "style" content.</li>
</ul>
<h1>4.6.0 (2020-10-17)</h1>
<h2>Features added</h2>
<ul>
<li>
<p>GH#310: <code>lxml.html.InputGetter</code> supports <code>__len__()</code> to count the number of input fields.
Patch by Aidan Woolley.</p>
</li>
<li>
<p><code>lxml.html.InputGetter</code> has a new <code>.items()</code> method to ease processing all input fields.</p>
</li>
<li>
<p><code>lxml.html.InputGetter.keys()</code> now returns the field names in document order.</p>
</li>
<li>
<p><a href="https://github-redirect.dependabot.com/lxml/lxml/issues/309">GH-309</a>: The API documentation is now generated using <code>sphinx-apidoc</code>.
Patch by Chris Mayo.</p>
</li>
</ul>
<h2>Bugs fixed</h2>
<ul>
<li>
<p>LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
when a default namespace was defined.</p>
</li>
<li>
<p><code>TreeBuilder.close()</code> raised <code>AssertionError</code> in some error cases where it
should have raised <code>XMLSyntaxError</code>. It now raises a combined exception to
keep up backwards compatibility, while switching to <code>XMLSyntaxError</code> as an
interface.</p>
</li>
</ul>
<p>4.5.2 (2020-07-09)</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/lxml/lxml/commit/4cb57362deb23bca0f70f41ab1efa13390fcdbb1"><code>4cb5736</code></a> Work around Py2's lack of "re.ASCII".</li>
<li><a href="https://github.com/lxml/lxml/commit/c30106ff2648cdafe7857654e9606c491b1acf4d"><code>c30106f</code></a> Prepare release of 4.6.2.</li>
<li><a href="https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7"><code>a105ab8</code></a> Prevent combinations of <math/svg> and <style> to sneak JavaScript through th...</li>
<li><a href="https://github.com/lxml/lxml/commit/c053dc159c7f0a6a98922c937a0baede7ce7af9d"><code>c053dc1</code></a> Add a recipe for a look-ahead generator to allow modifications during tree it...</li>
<li><a href="https://github.com/lxml/lxml/commit/b083124281d824eb861ff58e7276a5c1f1d8c18d"><code>b083124</code></a> lxml actually works in Py3.9.</li>
<li><a href="https://github.com/lxml/lxml/commit/0f80590d7ebe62c61d2bdf2a220a093821dcbab8"><code>0f80590</code></a> lxml actually works in Py3.9.</li>
<li><a href="https://github.com/lxml/lxml/commit/fd8893ccb538e95c5acb2a2b47f0e87003de5b0d"><code>fd8893c</code></a> Add a doc note that the .find() methods are usually faster than one might exp...</li>
<li><a href="https://github.com/lxml/lxml/commit/eb6df27fc265cea4462f966282a701acdad5d167"><code>eb6df27</code></a> Update release version on homepage.</li>
<li><a href="https://github.com/lxml/lxml/commit/69b5c9bd575800f80a6515aeef6421f33db0294d"><code>69b5c9b</code></a> Automate the build artefact downloading from github and appveyor.</li>
<li><a href="https://github.com/lxml/lxml/commit/61432a8489657744ed32367ed9fb17fafe405d8e"><code>61432a8</code></a> Prepare release of lxml 4.6.1.</li>
<li>Additional commits viewable in <a href="https://github.com/lxml/lxml/compare/lxml-4.2.1...lxml-4.6.2">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml&package-manager=pip&previous-version=4.2.1&new-version=4.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dblyon/agotool/network/alerts).
</details>https://gitlab.sib.swiss/dlyon/agotool/-/merge_requests/1Bump werkzeug from 0.14.1 to 0.15.3 in /app2019-12-21T13:15:46+01:00David LyonBump werkzeug from 0.14.1 to 0.15.3 in /app*Created by: dependabot[bot]*
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.14.1 to 0.15.3.
<details>
<summary>Release notes</summary>
*Sourced from [werkzeug's releases](https://github.com/pallets/werkzeug/releases).*
...*Created by: dependabot[bot]*
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.14.1 to 0.15.3.
<details>
<summary>Release notes</summary>
*Sourced from [werkzeug's releases](https://github.com/pallets/werkzeug/releases).*
> ## 0.15.3
> * Blog: https://palletsprojects.com/blog/werkzeug-0-15-3-released/
> * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-3
>
>
> ## 0.15.2
> * Blog: https://palletsprojects.com/blog/werkzeug-0-15-2-released/
> * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-2
>
> ## 0.15.1
> * Blog: https://palletsprojects.com/blog/werkzeug-0-15-1-released/
> * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/
>
> ## 0.15.0
> * Blog: https://palletsprojects.com/blog/werkzeug-0-15-0-released/
> * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/
</details>
<details>
<summary>Changelog</summary>
*Sourced from [werkzeug's changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst).*
> Version 0.15.3
> --------------
>
> Released 2019-05-14
>
> - Properly handle multi-line header folding in development server in
> Python 2.7. (:issue:`1080`)
> - Restore the ``response`` argument to :exc:`~exceptions.Unauthorized`.
> (:pr:`1527`)
> - :exc:`~exceptions.Unauthorized` doesn't add the ``WWW-Authenticate``
> header if ``www_authenticate`` is not given. (:issue:`1516`)
> - The default URL converter correctly encodes bytes to string rather
> than representing them with ``b''``. (:issue:`1502`)
> - Fix the filename format string in
> :class:`~middleware.profiler.ProfilerMiddleware` to correctly handle
> float values. (:issue:`1511`)
> - Update :class:`~middleware.lint.LintMiddleware` to work on Python 3.
> (:issue:`1510`)
> - The debugger detects cycles in chained exceptions and does not time
> out in that case. (:issue:`1536`)
> - When running the development server in Docker, the debugger security
> pin is now unique per container.
>
>
> Version 0.15.2
> --------------
>
> Released 2019-04-02
>
> - ``Rule`` code generation uses a filename that coverage will ignore.
> The previous value, "generated", was causing coverage to fail.
> (:issue:`1487`)
> - The test client removes the cookie header if there are no persisted
> cookies. This fixes an issue introduced in 0.15.0 where the cookies
> from the original request were used for redirects, causing functions
> such as logout to fail. (:issue:`1491`)
> - The test client copies the environ before passing it to the app, to
> prevent in-place modifications from affecting redirect requests.
> (:issue:`1498`)
> - The ``"werkzeug"`` logger only adds a handler if there is no handler
> configured for its level in the logging chain. This avoids double
> logging if other code configures logging first. (:issue:`1492`)
>
>
> Version 0.15.1
> --------------
>
> Released 2019-03-21
>
> - :exc:`~exceptions.Unauthorized` takes ``description`` as the first
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>
- [`9b1123a`](https://github.com/pallets/werkzeug/commit/9b1123a779e95b5c38ca911ce1329e87a3348a92) release version 0.15.3
- [`00bc43b`](https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246) unique debugger pin in Docker containers
- [`2cbdf2b`](https://github.com/pallets/werkzeug/commit/2cbdf2b02273daccf85845b1e1569096e65ffe58) Merge pull request [#1542](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1542) from asottile/exceptions_arent_always_hashable
- [`0e669f6`](https://github.com/pallets/werkzeug/commit/0e669f6be532801267d35de23c5f5237b8406d8a) Fix unhashable exception types
- [`bdc17e4`](https://github.com/pallets/werkzeug/commit/bdc17e4cd10bbb17449006cef385ec953a11fc36) Merge pull request [#1540](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1540) from pallets/break-tb-cycle
- [`44e38c2`](https://github.com/pallets/werkzeug/commit/44e38c2985bcd3a7c17467bead901b8f36528f5f) break cycle in chained exceptions
- [`777500b`](https://github.com/pallets/werkzeug/commit/777500b64647ea47b21e52e5e113ba1d86014c05) Merge pull request [#1518](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1518) from NiklasMM/fix/1510_lint-middleware-python3-compa...
- [`e00c7c2`](https://github.com/pallets/werkzeug/commit/e00c7c2cedcbcad3772e4522813c78bc9a860fbe) Make LintMiddleware Python 3 compatible and add tests
- [`d590cc7`](https://github.com/pallets/werkzeug/commit/d590cc7cf2fcb34ebc0783eb3c2913e8ce016ed8) Merge pull request [#1539](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1539) from pallets/profiler-format
- [`0388fc9`](https://github.com/pallets/werkzeug/commit/0388fc95e696513bbefbde293f3f76cc482df8fa) update filename_format for ProfilerMiddleware.
- Additional commits viewable in [compare view](https://github.com/pallets/werkzeug/compare/0.14.1...0.15.3)
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=0.14.1&new-version=0.15.3)](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dblyon/agotool/network/alerts).
</details>