From 60cf9764c5de2db9638e8b30851956baea9203cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 May 2025 11:20:46 +0000
Subject: [PATCH 1/2] Bump cryptography from 44.0.2 to 44.0.3 (#10830)
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.2
to 44.0.3.
Changelog
Sourced from cryptography's
changelog.
44.0.3 - 2025-05-02
* Fixed compilation when using LibreSSL 4.1.0.
.. _v44-0-2:
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/constraints.txt | 4 ++--
requirements/dev.txt | 4 ++--
requirements/lint.txt | 2 +-
requirements/test.txt | 4 ++--
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 0a6b9beb786..4d53e4152da 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -4,7 +4,7 @@
#
# pip-compile --allow-unsafe --output-file=requirements/constraints.txt --resolver=backtracking --strip-extras requirements/constraints.in
#
-aiodns==3.3.0 ; sys_platform == "linux" or sys_platform == "darwin"
+aiodns==3.3.0
# via
# -r requirements/lint.in
# -r requirements/runtime-deps.in
@@ -56,7 +56,7 @@ coverage==7.8.0
# via
# -r requirements/test.in
# pytest-cov
-cryptography==44.0.2
+cryptography==44.0.3
# via
# pyjwt
# trustme
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 0ef5fa477a7..dadba3df2be 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -4,7 +4,7 @@
#
# pip-compile --allow-unsafe --output-file=requirements/dev.txt --resolver=backtracking --strip-extras requirements/dev.in
#
-aiodns==3.3.0 ; sys_platform == "linux" or sys_platform == "darwin"
+aiodns==3.3.0
# via
# -r requirements/lint.in
# -r requirements/runtime-deps.in
@@ -56,7 +56,7 @@ coverage==7.8.0
# via
# -r requirements/test.in
# pytest-cov
-cryptography==44.0.2
+cryptography==44.0.3
# via
# pyjwt
# trustme
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 9fc54767fcd..1576ecf8bc5 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -21,7 +21,7 @@ cfgv==3.4.0
# via pre-commit
click==8.1.8
# via slotscheck
-cryptography==44.0.2
+cryptography==44.0.3
# via trustme
distlib==0.3.9
# via virtualenv
diff --git a/requirements/test.txt b/requirements/test.txt
index fb1dda3ed54..e2b9207c7bb 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -4,7 +4,7 @@
#
# pip-compile --allow-unsafe --output-file=requirements/test.txt --resolver=backtracking --strip-extras requirements/test.in
#
-aiodns==3.3.0 ; sys_platform == "linux" or sys_platform == "darwin"
+aiodns==3.3.0
# via -r requirements/runtime-deps.in
aiohappyeyeballs==2.6.1
# via -r requirements/runtime-deps.in
@@ -29,7 +29,7 @@ coverage==7.8.0
# via
# -r requirements/test.in
# pytest-cov
-cryptography==44.0.2
+cryptography==44.0.3
# via trustme
exceptiongroup==1.2.2
# via pytest
From b889fa532159323d9405a40b31adf6507383c4ae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 May 2025 11:26:28 +0000
Subject: [PATCH 2/2] Bump pycares from 4.7.0 to 4.8.0 (#10831)
Bumps [pycares](https://github.com/saghul/pycares) from 4.7.0 to 4.8.0.
Commits
6405d1f
Set version to 4.8.0a563896
Add ARES_FLAG_NO_DFLT_SVR and ARES_FLAG_EDNS to APIda561b2
Update bundled c-ares to v1.34.5 (#221)129c07c
Cancel previous CI jobs on pull request update- See full diff in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/base.txt | 4 ++--
requirements/constraints.txt | 2 +-
requirements/dev.txt | 2 +-
requirements/lint.txt | 2 +-
requirements/runtime-deps.txt | 4 ++--
requirements/test.txt | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/requirements/base.txt b/requirements/base.txt
index d81b4106930..192799e4335 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -4,7 +4,7 @@
#
# pip-compile --allow-unsafe --output-file=requirements/base.txt --strip-extras requirements/base.in
#
-aiodns==3.3.0 ; sys_platform == "linux" or sys_platform == "darwin"
+aiodns==3.3.0
# via -r requirements/runtime-deps.in
aiohappyeyeballs==2.6.1
# via -r requirements/runtime-deps.in
@@ -34,7 +34,7 @@ propcache==0.3.1
# via
# -r requirements/runtime-deps.in
# yarl
-pycares==4.7.0
+pycares==4.8.0
# via aiodns
pycparser==2.22
# via cffi
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 4d53e4152da..e5e8758ff89 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -149,7 +149,7 @@ proxy-py==2.4.10
# via
# -r requirements/lint.in
# -r requirements/test.in
-pycares==4.7.0
+pycares==4.8.0
# via aiodns
pycparser==2.22
# via cffi
diff --git a/requirements/dev.txt b/requirements/dev.txt
index dadba3df2be..21a6828c425 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -146,7 +146,7 @@ proxy-py==2.4.10
# via
# -r requirements/lint.in
# -r requirements/test.in
-pycares==4.7.0
+pycares==4.8.0
# via aiodns
pycparser==2.22
# via cffi
diff --git a/requirements/lint.txt b/requirements/lint.txt
index 1576ecf8bc5..f66e53811af 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -61,7 +61,7 @@ pre-commit==4.2.0
# via -r requirements/lint.in
proxy-py==2.4.10
# via -r requirements/lint.in
-pycares==4.7.0
+pycares==4.8.0
# via aiodns
pycparser==2.22
# via cffi
diff --git a/requirements/runtime-deps.txt b/requirements/runtime-deps.txt
index d8e6ef27e9c..9e1edf277d9 100644
--- a/requirements/runtime-deps.txt
+++ b/requirements/runtime-deps.txt
@@ -4,7 +4,7 @@
#
# pip-compile --allow-unsafe --output-file=requirements/runtime-deps.txt --strip-extras requirements/runtime-deps.in
#
-aiodns==3.3.0 ; sys_platform == "linux" or sys_platform == "darwin"
+aiodns==3.3.0
# via -r requirements/runtime-deps.in
aiohappyeyeballs==2.6.1
# via -r requirements/runtime-deps.in
@@ -30,7 +30,7 @@ propcache==0.3.1
# via
# -r requirements/runtime-deps.in
# yarl
-pycares==4.7.0
+pycares==4.8.0
# via aiodns
pycparser==2.22
# via cffi
diff --git a/requirements/test.txt b/requirements/test.txt
index e2b9207c7bb..e7071b3ade3 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -77,7 +77,7 @@ propcache==0.3.1
# yarl
proxy-py==2.4.10
# via -r requirements/test.in
-pycares==4.7.0
+pycares==4.8.0
# via aiodns
pycparser==2.22
# via cffi