From 12f3501938f26c1cd7079fb50421c7aaf70c3ac9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Mar 2025 11:17:28 +0000
Subject: [PATCH 1/2] Bump aiohappyeyeballs from 2.4.8 to 2.5.0 (#10524)

Bumps [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs)
from 2.4.8 to 2.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/aiohappyeyeballs/releases">aiohappyeyeballs's
releases</a>.</em></p>
<blockquote>
<h2>v2.5.0 (2025-03-06)</h2>
<h3>Features</h3>
<ul>
<li>Add callback for users to customize socket creation (<a
href="https://redirect.github.com/aio-libs/aiohappyeyeballs/pull/147">#147</a>,
<a
href="https://github.com/aio-libs/aiohappyeyeballs/commit/8e1bc6a4bc6282ccf29db441c33dd8d806003ffd"><code>8e1bc6a</code></a>)</li>
</ul>
<p>Co-authored-by: Kieren <!-- raw HTML omitted --></p>
<hr />
<p><strong>Detailed Changes</strong>: <a
href="https://github.com/aio-libs/aiohappyeyeballs/compare/v2.4.8...v2.5.0">v2.4.8...v2.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md">aiohappyeyeballs's
changelog</a>.</em></p>
<blockquote>
<h2>v2.5.0 (2025-03-06)</h2>
<h3>Features</h3>
<ul>
<li>Add callback for users to customize socket creation (<a
href="https://redirect.github.com/aio-libs/aiohappyeyeballs/issues/147">#147</a>)
(<a
href="https://github.com/aio-libs/aiohappyeyeballs/commit/8e1bc6a4bc6282ccf29db441c33dd8d806003ffd"><code>8e1bc6a</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aio-libs/aiohappyeyeballs/commit/3fed4432036740392483608a9da86637cf1bd64b"><code>3fed443</code></a>
2.5.0</li>
<li><a
href="https://github.com/aio-libs/aiohappyeyeballs/commit/8e1bc6a4bc6282ccf29db441c33dd8d806003ffd"><code>8e1bc6a</code></a>
feat: add callback for users to customize socket creation (<a
href="https://redirect.github.com/aio-libs/aiohappyeyeballs/issues/147">#147</a>)</li>
<li>See full diff in <a
href="https://github.com/aio-libs/aiohappyeyeballs/compare/v2.4.8...v2.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohappyeyeballs&package-manager=pip&previous-version=2.4.8&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/base.txt         | 2 +-
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/runtime-deps.txt | 2 +-
 requirements/test.txt         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 0621faefe4e..68cd7a8cc29 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -6,7 +6,7 @@
 #
 aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin"
     # via -r requirements/runtime-deps.in
-aiohappyeyeballs==2.4.8
+aiohappyeyeballs==2.5.0
     # via -r requirements/runtime-deps.in
 aiosignal==1.3.2
     # via -r requirements/runtime-deps.in
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 3075d4657e3..70c72b5f413 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin"
     # via
     #   -r requirements/lint.in
     #   -r requirements/runtime-deps.in
-aiohappyeyeballs==2.4.8
+aiohappyeyeballs==2.5.0
     # via -r requirements/runtime-deps.in
 aiohttp-theme==0.1.7
     # via -r requirements/doc.in
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 7cd3d62076f..0d3f72af89a 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -8,7 +8,7 @@ aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin"
     # via
     #   -r requirements/lint.in
     #   -r requirements/runtime-deps.in
-aiohappyeyeballs==2.4.8
+aiohappyeyeballs==2.5.0
     # via -r requirements/runtime-deps.in
 aiohttp-theme==0.1.7
     # via -r requirements/doc.in
diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt
index d3784409e9b..e4a4a6313c6 100644
--- a/requirements/runtime-deps.txt
+++ b/requirements/runtime-deps.txt
@@ -6,7 +6,7 @@
 #
 aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin"
     # via -r requirements/runtime-deps.in
-aiohappyeyeballs==2.4.8
+aiohappyeyeballs==2.5.0
     # via -r requirements/runtime-deps.in
 aiosignal==1.3.2
     # via -r requirements/runtime-deps.in
diff --git a/requirements/test.txt b/requirements/test.txt
index 18b9980cdf8..3c9562c7383 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -6,7 +6,7 @@
 #
 aiodns==3.2.0 ; sys_platform == "linux" or sys_platform == "darwin"
     # via -r requirements/runtime-deps.in
-aiohappyeyeballs==2.4.8
+aiohappyeyeballs==2.5.0
     # via -r requirements/runtime-deps.in
 aiosignal==1.3.2
     # via -r requirements/runtime-deps.in

From d841c4c06107d9aec3fd8ed9d334f0502876bbfa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Mar 2025 11:24:47 +0000
Subject: [PATCH 2/2] Bump jinja2 from 3.1.5 to 3.1.6 (#10525)

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/releases">jinja2's
releases</a>.</em></p>
<blockquote>
<h2>3.1.6</h2>
<p>This is the Jinja 3.1.6 security release, which fixes security issues
but does not otherwise change behavior and should not result in breaking
changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Jinja2/3.1.6/">https://pypi.org/project/Jinja2/3.1.6/</a>
Changes: <a
href="https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6">https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6</a></p>
<ul>
<li>The <code>|attr</code> filter does not bypass the environment's
attribute lookup, allowing the sandbox to apply its checks. <a
href="https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7">https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.6</h2>
<p>Released 2025-03-05</p>
<ul>
<li>The <code>|attr</code> filter does not bypass the environment's
attribute lookup,
allowing the sandbox to apply its checks.
:ghsa:<code>cpwx-vrp4-4pq7</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679"><code>1520688</code></a>
release version 3.1.6</li>
<li><a
href="https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"><code>90457bb</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7"><code>065334d</code></a>
attr filter uses env.getattr</li>
<li><a
href="https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145"><code>033c200</code></a>
start version 3.1.6</li>
<li><a
href="https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35"><code>bc68d4e</code></a>
use global contributing guide (<a
href="https://redirect.github.com/pallets/jinja/issues/2070">#2070</a>)</li>
<li><a
href="https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486"><code>247de5e</code></a>
use global contributing guide</li>
<li><a
href="https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f"><code>ab8218c</code></a>
use project advisory link instead of global</li>
<li><a
href="https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2"><code>b4ffc8f</code></a>
release version 3.1.5 (<a
href="https://redirect.github.com/pallets/jinja/issues/2066">#2066</a>)</li>
<li>See full diff in <a
href="https://github.com/pallets/jinja/compare/3.1.5...3.1.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.5&new-version=3.1.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 70c72b5f413..e28a552f52a 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -99,7 +99,7 @@ incremental==24.7.2
     # via towncrier
 iniconfig==2.0.0
     # via pytest
-jinja2==3.1.5
+jinja2==3.1.6
     # via
     #   sphinx
     #   towncrier
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 0d3f72af89a..d310adddc55 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -97,7 +97,7 @@ incremental==24.7.2
     # via towncrier
 iniconfig==2.0.0
     # via pytest
-jinja2==3.1.5
+jinja2==3.1.6
     # via
     #   sphinx
     #   towncrier
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index f1f9119e898..1a8192d575b 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -24,7 +24,7 @@ imagesize==1.4.1
     # via sphinx
 incremental==24.7.2
     # via towncrier
-jinja2==3.1.5
+jinja2==3.1.6
     # via
     #   sphinx
     #   towncrier
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 6ff0ccc7f70..2ffe6f3268f 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -24,7 +24,7 @@ imagesize==1.4.1
     # via sphinx
 incremental==24.7.2
     # via towncrier
-jinja2==3.1.5
+jinja2==3.1.6
     # via
     #   sphinx
     #   towncrier