Bump the pip group across 2 directories with 7 updates

[dependabot]

Bumps the pip group with 7 updates in the / directory:

Package	From	To
black	23.3.0	24.3.0
jinja2	3.1.3	3.1.4
tornado	6.3.3	6.4
cryptography	41.0.6	42.0.4
jupyter-server	1.23.5	2.11.2
pymongo	4.3.3	4.6.3
dbt-core	1.7.4	1.7.13

Bumps the pip group with 1 update in the /mage_integrations directory: pymongo.

Updates black from 23.3.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates tornado from 6.3.3 to 6.4

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0 releases/v2.3.0 releases/v2.2.1

... (truncated)

Commits

• b3f2a4b Merge pull request #3352 from bdarnell/master
• 451419c Set version to 6.4 final
• 5a87723 Merge pull request #3348 from bdarnell/iostream-hostname-test
• 2da0a99 iostream_test: Don't require server-side log on windows
• 06e1a65 iostream_test: Test check_hostname functionality.
• a6dfd70 Merge pull request #3341 from bdarnell/more-utcnow
• c60d80c web,demos: Remove more uses of deprecated datetime utc methods
• 55db80e Merge pull request #3339 from tornadoweb/dependabot/pip/urllib3-1.26.18
• ec59fa0 Merge pull request #3332 from bdarnell/selector-thread-atexit
• dcc6e59 build(deps): bump urllib3 from 1.26.17 to 1.26.18
• Additional commits viewable in compare view

Updates cryptography from 41.0.6 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15

• Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24

• Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
• Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22

</tr></table> 

... (truncated)

Commits

• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• c49a7a5 changelog and version bump for 42.0.3 (#10396)
• 396bcf6 fix provider loading take two (#10390) (#10395)
• 0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
• 2202123 changelog and version bump 42.0.2 (#10268)
• f7032bd bump openssl in CI (#10298) (#10299)
• 002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
• Additional commits viewable in compare view

Updates jupyter-server from 1.23.5 to 2.11.2

Release notes

Sourced from jupyter-server's releases.

v2.11.2

2.11.2

(Full Changelog)

Contributors to this release

(GitHub contributors page for this release)

v2.11.1

2.11.1

(Full Changelog)

Bugs fixed

• avoid unhandled error on some invalid paths #1369 (@​minrk)
• Change md5 to hash and hash_algorithm, fix incompatibility #1367 (@​Wh1isper)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​fcollonval | @​minrk | @​Wh1isper

v2.11.0

2.11.0

(Full Changelog)

Enhancements made

• Support get file(notebook) md5 #1363 (@​Wh1isper)

Maintenance and upkeep improvements

• Update ruff and typings #1365 (@​blink1073)

Documentation improvements

• Update api docs with md5 param #1364 (@​Wh1isper)
• typo: ServerApp #1361 (@​IITII)

Contributors to this release

... (truncated)

Changelog

Sourced from jupyter-server's changelog.

2.11.2

(Full Changelog)

Contributors to this release

(GitHub contributors page for this release)

2.11.1

(Full Changelog)

Bugs fixed

• avoid unhandled error on some invalid paths #1369 (@​minrk)
• Change md5 to hash and hash_algorithm, fix incompatibility #1367 (@​Wh1isper)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​fcollonval | @​minrk | @​Wh1isper

2.11.0

(Full Changelog)

Enhancements made

• Support get file(notebook) md5 #1363 (@​Wh1isper)

Maintenance and upkeep improvements

• Update ruff and typings #1365 (@​blink1073)

Documentation improvements

• Update api docs with md5 param #1364 (@​Wh1isper)
• typo: ServerApp #1361 (@​IITII)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​IITII | @​welcome | @​Wh1isper

2.10.1

(Full Changelog)

... (truncated)

Commits

• 9bd9657 Publish 2.11.2
• 0056c3a Merge pull request from GHSA-h56g-gq9v-vc8r
• 88eca99 Bump to 2.12.0.dev0
• 3755794 Publish 2.11.1
• 40a95e5 avoid unhandled error on some invalid paths (#1369)
• ecd5b1f Change md5 to hash and hash_algorithm, fix incompatibility (#1367)
• 8e5d766 Bump to 2.12.0.dev0
• cc74bb6 Publish 2.11.0
• e7c0f33 Update api docs with md5 param (#1364)
• 0983b71 Update ruff and typings (#1365)
• Additional commits viewable in compare view

Updates pymongo from 4.3.3 to 4.6.3

Release notes

Sourced from pymongo's releases.

PyMongo 4.6.2

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404

PyMongo 4.6.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752

PyMongo 4.6.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866

PyMongo 4.5.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662

PyMongo 4.4.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045

PyMongo 4.4.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211

PyMongo 4.4.0b0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.6.3

PyMongo 4.6.3 fixes the following bug:

• Fixed a potential memory access violation when decoding invalid bson.

Issues Resolved ...............

See the PyMongo 4.6.3 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=38360

Changes in Version 4.6.2

PyMongo 4.6.2 fixes the following bug:

• Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown" could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.

Issues Resolved ...............

See the PyMongo 4.6.2 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.2 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37906

Changes in Version 4.6.1

PyMongo 4.6.1 fixes the following bug:

• Ensure retryable read OperationFailure errors re-raise exception when 0 or NoneType error code is provided.

Issues Resolved ...............

See the PyMongo 4.6.1 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.1 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37138

Changes in Version 4.6

PyMongo 4.6 brings a number of improvements including:

... (truncated)

Commits

• 8da192f BUMP 4.6.3
• 56b6b6d PYTHON-4305 Fix bson size check (#1564)
• 449d0f3 BUMP to 4.6.3.dev0
• e04576d DEVPROD-3871 Use teardown_task when there is one function/command (#1533)
• cf1c6a1 PYTHON-4219 Prep for 4.6.2 Release (#1530)
• d29b2b7 PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (#1...
• 0477b9b PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (#1527)
• ecad17d BUMP 4.6.2.dev0
• 485e0a5 BUMP 4.6.1
• 995365c PYTHON-4038 [v4.6]: Ensure retryable read OperationFailures re-raise except...
• Additional commits viewable in compare view

Updates dbt-core from 1.7.4 to 1.7.13

Release notes

Sourced from dbt-core's releases.

dbt-core v1.7.13

dbt-core 1.7.13 - April 18, 2024

Security

• Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg (#9951)

Contributors

• @​emmoop (#9951)

dbt-core v1.7.12

dbt-core 1.7.12 - April 16, 2024

Fixes

• Fix assorted source freshness edgecases so check is run or actionable information is given (#9078)
• Exclude password-like fields for considering reparse (#9795)

dbt-core v1.7.11

dbt-core 1.7.11 - March 28, 2024

Fixes

• Tighten exception handling to avoid worker thread hangs. (#9583)
• Add field wrapper to BaseRelation members that were missing it. (#9681)

dbt-core v1.7.10

dbt-core 1.7.10 - March 14, 2024

Fixes

• Do not add duplicate input_measures (#9360)
• Fix partial parsing KeyError on deleted schema files (#8860)
• Support saved queries in dbt list (#9532)

Dependencies

• Restrict protobuf to 4.* versions (#9566)

dbt-core v1.7.9

dbt-core 1.7.9 - February 28, 2024

Fixes

• Fix node_info contextvar handling so incorrect node_info doesn't persist (#8866)
• Add target-path to retry (#8948)

Under the Hood

• Make dbt-core compatible with Python 3.12 (#9007)

... (truncated)

Changelog

Sourced from dbt-core's changelog.

dbt-core 1.7.13 - April 18, 2024

Security

• Bump sqlparse to >=0.5.0, <0.6.0 to address GHSA-2m57-hf25-phgg (#9951)

Contributors

• @​emmoop (#9951)

dbt-core 1.7.12 - April 16, 2024

Fixes

• Fix assorted source freshness edgecases so check is run or actionable information is given (#9078)
• Exclude password-like fields for considering reparse (#9795)

dbt-core 1.7.11 - March 28, 2024

Fixes

• Tighten exception handling to avoid worker thread hangs. (#9583)
• Add field wrapper to BaseRelation members that were missing it. (#9681)

dbt-core 1.7.10 - March 14, 2024

Fixes

• Do not add duplicate input_measures (#9360)
• Fix partial parsing KeyError on deleted schema files (#8860)
• Support saved queries in dbt list (#9532)

Dependencies

• Restrict protobuf to 4.* versions (#9566)

dbt-core 1.7.9 - February 28, 2024

Fixes

• Fix node_info contextvar handling so incorrect node_info doesn't persist (#8866)
• Add target-path to retry (#8948)

Under the Hood

• Make dbt-core compatible with Python 3.12 (#9007)
• Restrict protobuf to major version 4. (#9566)

Security

... (truncated)

Commits

• 6095b02 Bumping version to 1.7.13 and generate changelog
• 483a4e8 [BACKPORT 1.7] bump sqlparse (#9965)
• f9cff92 [Automated] Merged prep-release/1.7.12_8708637173 into target 1.7.latest duri...
• ef37e62 Bumping version to 1.7.12 and generate changelog
• 227877e be less explicit (#9936) (#9937)
• ffa1a38 update to wrk for all versions (#9916) (#9919)
• 2c24aa7 [1.7] Fix Workflow Deprecations (#9799)
• 947f397 [BACKPORT 1.7] Exclude password-like fields for considering reparse (#9844) ...
• b8681a3 [Backport to 1.7.latest] Fix assorted source freshness edgecases so check is ...
• dd070b9 [Automated] Merged prep-release/1.7.11_8461692987 into target 1.7.latest duri...
• Additional commits viewable in compare view

Updates pymongo from 4.3.3 to 4.6.3

Release notes

Sourced from pymongo's releases.

PyMongo 4.6.2

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404

PyMongo 4.6.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752

PyMongo 4.6.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866

PyMongo 4.5.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662

PyMongo 4.4.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045

PyMongo 4.4.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211

PyMongo 4.4.0b0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.6.3

PyMongo 4.6.3 fixes the following bug:

• Fixed a potential memory access violation when decoding invalid bson.

Issues Resolved ...............

See the PyMongo 4.6.3 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=38360

Changes in Version 4.6.2

PyMongo 4.6.2 fixes the following bug:

• Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown" could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.

Issues Resolved ...............

See the PyMongo 4.6.2 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.2 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37906

Changes in Version 4.6.1

PyMongo 4.6.1 fixes the following bug:

• Ensure retryable read OperationFailure errors re-raise exception when 0 or NoneType error code is provided.

Issues Resolved ...............

See the PyMongo 4.6.1 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.1 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37138

Changes in Version 4.6

PyMongo 4.6 brings a number of improvements including:

... (truncated)

Commits

• 8da192f BUMP 4.6.3
• 56b6b6d PYTHON-4305 Fix bson size check (#1564)
• 449d0f3 BUMP to 4.6.3.dev0
• e04576d DEVPROD-3871 Use teardown_task when there is one function/command (#1533)
• cf1c6a1 PYTHON-4219 Prep for 4.6.2 Release (#1530)
• d29b2b7 PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (#1...
• 0477b9b PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (#1527)
• ecad17d BUMP 4.6.2.dev0
• 485e0a5 BUMP 4.6.1
• 995365c PYTHON-4038 [v4.6]: Ensure retryable read OperationFailures re-raise except...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	2 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request primarily focus on updating the versions of various Python dependencies used in the project. These updates include libraries such as dbt-core, pymongo, Jinja2, cryptography, jupyter-server, tornado, and several Azure-related and data processing/streaming dependencies.

From an application security perspective, these updates are generally positive as they likely address known security vulnerabilities and improve the overall security of the dependencies used in the application. Keeping dependencies up-to-date is an important practice for maintaining a secure application.

However, it's crucial to thoroughly test the application after these updates to ensure that no regressions or unexpected behavior have been introduced. Additionally, it's recommended to review the changelogs for the updated dependencies to understand any significant changes or security-related fixes that have been made.

The addition of Azure-related and data processing/streaming dependencies suggests that the application may be integrating with or utilizing these services and technologies. It's important to ensure that the integration and usage of these components are implemented securely, following best practices and recommendations from the respective vendors or industry standards.

Files Changed:

1. setup.py: This file has been updated to include newer versions of the dbt-core and pymongo dependencies.

2. mage_integrations/requirements.txt: This file has been updated to include a newer version of the pymongo library.

3. poetry.lock: This file has been updated to include newer versions of various dependencies, such as Black, Pytest, Flake8, Isort, and Mypy.

4. requirements.txt: This file has been updated to include newer versions of several dependencies, including Jinja2, cryptography, jupyter-server, tornado, and pymongo. It also includes new dependencies related to Azure services and data processing/streaming technologies.

Powered by DryRun Security