chore(deps): update slowapi requirement from <1,>=0.1.9 to >=0.1.10,<1#108
chore(deps): update slowapi requirement from <1,>=0.1.9 to >=0.1.10,<1#108dependabot[bot] wants to merge 1 commit into
Conversation
Updates the requirements on [slowapi](https://github.com/laurents/slowapi) to permit the latest version. - [Release notes](https://github.com/laurents/slowapi/releases) - [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md) - [Commits](laurentS/slowapi@v0.1.9...v0.1.10) --- updated-dependencies: - dependency-name: slowapi dependency-version: 0.1.10 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
…ut v0.19.5 (#111) Bundles the six open Dependabot PRs (#105–#110). All six were failing the CI `security` gate on the same stale lock pin: pydantic-settings==2.14.1 (GHSA-4xgf-cpjx-pc3j, fixed in 2.14.2). The gate audits requirements.lock, which Dependabot never regenerates, so every PR was blocked by a CVE most of them don't touch. Regenerating the lockfile clears it. - fastapi >=0.136.3 → >=0.138.0 (#107) - slowapi >=0.1.9 → >=0.1.10 (#108) - pydantic-settings >=2.14.1 → >=2.14.2 (#110) - ruff >=0.15.17 → >=0.15.19 (#106, dev) - pytest >=9.1.0 → >=9.1.1 (#109, dev) - actions/checkout v6 → v7 (#105, CI) Lockfile regen also floated anyio, click, fastapi, wrapt transitives. pip-audit -r requirements.lock: no known vulnerabilities. 222 tests pass. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Superseded by #111 (merged as part of the v0.19.5 dependency bundle), which applies this bump along with the regenerated |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Updates the requirements on slowapi to permit the latest version.
Release notes
Sourced from slowapi's releases.
Changelog
Sourced from slowapi's changelog.
... (truncated)
Commits
75799a3Update changelog6f22eabMerge pull request #212 from ecly/release-v0.1.105e2b9c1Merge pull request #238 from laurentS/drop-old-pythona83ec72Update READMEd1a20b6Drop python 3.7 and 3.8 from CI checks8bf8b2eMake exempt_when with request backwards compatibleeaf5ba7Bump version and update changeloga72bcc6Merge pull request #160 from colin99d/master42330fcMerge branch 'laurentS:master' into master91145c0Fixed mypy errorDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)