resume merge requestshttps://gitlab.libreon.fr/xgaia/resume/-/merge_requests2022-01-21T19:19:19Zhttps://gitlab.libreon.fr/xgaia/resume/-/merge_requests/15Bump ipython from 7.20.0 to 7.31.12022-01-21T19:19:19ZXavierBump ipython from 7.20.0 to 7.31.1*Created by: dependabot[bot]*
Bumps [ipython](https://github.com/ipython/ipython) from 7.20.0 to 7.31.1.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ipython/ipython/commit/e321e760a4aefbe872e1703b24a19a28f8...*Created by: dependabot[bot]*
Bumps [ipython](https://github.com/ipython/ipython) from 7.20.0 to 7.31.1.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ipython/ipython/commit/e321e760a4aefbe872e1703b24a19a28f87619c9"><code>e321e76</code></a> release 7.31.1</li>
<li><a href="https://github.com/ipython/ipython/commit/67ca2b3aa9039438e6f80e3fccca556f26100b4d"><code>67ca2b3</code></a> Merge pull request from GHSA-pq7m-3gw7-gq5x</li>
<li><a href="https://github.com/ipython/ipython/commit/27943302db129464b33bae8cb6cfa552b52b46c2"><code>2794330</code></a> back to dev</li>
<li><a href="https://github.com/ipython/ipython/commit/be343e755af76193909f13027d87561b1765b5ae"><code>be343e7</code></a> release 7.31.0</li>
<li><a href="https://github.com/ipython/ipython/commit/0fcf2c43facb7ba5144cdcc47118aa1e55085c20"><code>0fcf2c4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ipython/ipython/issues/13428">#13428</a> from meeseeksmachine/auto-backport-of-pr-13427-on-7.x</li>
<li><a href="https://github.com/ipython/ipython/commit/b8db9b1371fff1b89d0f058e19a48a4ca7b93c51"><code>b8db9b1</code></a> Backport PR <a href="https://github-redirect.dependabot.com/ipython/ipython/issues/13427">#13427</a>: wn 731</li>
<li><a href="https://github.com/ipython/ipython/commit/7f253dcf7b1c3a791a98d44b0dfc848d62bd27df"><code>7f253dc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ipython/ipython/issues/13412">#13412</a> from bnavigator/backport-inspect</li>
<li><a href="https://github.com/ipython/ipython/commit/4f26796cf368d24edadbb3d62e052e6aa4ddc820"><code>4f26796</code></a> fix xxlimited_35 import name</li>
<li><a href="https://github.com/ipython/ipython/commit/77ca4a6312374f0659fb6973925e5b696d5dc74e"><code>77ca4a6</code></a> don't run nose-based iptest on py310, only pytest</li>
<li><a href="https://github.com/ipython/ipython/commit/533e5094aa36b51549cf6a316fc439c6404643c9"><code>533e509</code></a> back to decorator skip</li>
<li>Additional commits viewable in <a href="https://github.com/ipython/ipython/compare/7.20.0...7.31.1">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ipython&package-manager=pip&previous-version=7.20.0&new-version=7.31.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>https://gitlab.libreon.fr/xgaia/resume/-/merge_requests/14Bump pillow from 8.1.0 to 9.0.02022-01-13T02:51:52ZXavierBump pillow from 8.1.0 to 9.0.0*Created by: dependabot[bot]*
Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.1.0 to 9.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow'...*Created by: dependabot[bot]*
Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.1.0 to 9.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p>
<blockquote>
<h2>9.0.0</h2>
<p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html</a></p>
<h2>Changes</h2>
<ul>
<li>Restrict builtins for ImageMath.eval() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5923">#5923</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Ensure JpegImagePlugin stops at the end of a truncated file <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5921">#5921</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fixed ImagePath.Path array handling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5920">#5920</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Remove consecutive duplicate tiles that only differ by their offset <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5919">#5919</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Removed redundant part of condition <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5915">#5915</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Explicitly enable strip chopping for large uncompressed TIFFs <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5517">#5517</a> [<a href="https://github.com/kmilos"><code>@kmilos</code></a>]</li>
<li>Use the Windows method to get TCL functions on Cygwin <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5807">#5807</a> [<a href="https://github.com/DWesl"><code>@DWesl</code></a>]</li>
<li>Changed error type to allow for incremental WebP parsing <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5404">#5404</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Improved I;16 operations on big endian <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5901">#5901</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Ensure that BMP pixel data offset does not ignore palette <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5899">#5899</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Limit quantized palette to number of colors <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5879">#5879</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Use latin1 encoding to decode bytes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5870">#5870</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fixed palette index for zeroed color in FASTOCTREE quantize <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5869">#5869</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>When saving RGBA to GIF, make use of first transparent palette entry <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5859">#5859</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Pass SAMPLEFORMAT to libtiff <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5848">#5848</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Added rounding when converting P and PA <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5824">#5824</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Improved putdata() documentation and data handling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5910">#5910</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Exclude carriage return in PDF regex to help prevent ReDoS <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5912">#5912</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Image.NONE is only used for resampling and dithers <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5908">#5908</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fixed freeing pointer in ImageDraw.Outline.transform <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5909">#5909</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Add Tidelift alignment action and badge <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5763">#5763</a> [<a href="https://github.com/aclark4life"><code>@aclark4life</code></a>]</li>
<li>Replaced further direct invocations of setup.py <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5906">#5906</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Added ImageShow support for xdg-open <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5897">#5897</a> [<a href="https://github.com/m-shinder"><code>@m-shinder</code></a>]</li>
<li>Fixed typo <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5902">#5902</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Switched from deprecated "setup.py install" to "pip install ." <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5896">#5896</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Support 16-bit grayscale ImageQt conversion <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5856">#5856</a> [<a href="https://github.com/cmbruns"><code>@cmbruns</code></a>]</li>
<li>Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5872">#5872</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Convert subsequent GIF frames to RGB or RGBA <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5857">#5857</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>WebP: Fix memory leak during decoding on failure <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5798">#5798</a> [<a href="https://github.com/ilai-deutel"><code>@ilai-deutel</code></a>]</li>
<li>Do not prematurely return in ImageFile when saving to stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5665">#5665</a> [<a href="https://github.com/infmagic2047"><code>@infmagic2047</code></a>]</li>
<li>Added support for top right and bottom right TGA orientations <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5829">#5829</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Corrected ICNS file length in header <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5845">#5845</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Block tile TIFF tags when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5839">#5839</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Added line width argument to ImageDraw polygon <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5694">#5694</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Do not redeclare class each time when converting to NumPy <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5844">#5844</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Only prevent repeated polygon pixels when drawing with transparency <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5835">#5835</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fix pushes_fd method signature <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5833">#5833</a> [<a href="https://github.com/hoodmane"><code>@hoodmane</code></a>]</li>
<li>Add support for pickling TrueType fonts <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5826">#5826</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
<li>Only prefer command line tools SDK on macOS over default MacOSX SDK <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5828">#5828</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fix compilation on 64-bit Termux <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5793">#5793</a> [<a href="https://github.com/landfillbaby"><code>@landfillbaby</code></a>]</li>
<li>Replace 'setup.py sdist' with '-m build --sdist' <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5785">#5785</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
<li>Use declarative package configuration <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5784">#5784</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
<li>Use title for display in ImageShow <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5788">#5788</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li>
<li>Fix for PyQt6 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5775">#5775</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst">pillow's changelog</a>.</em></p>
<blockquote>
<h2>9.0.0 (2022-01-02)</h2>
<ul>
<li>
<p>Restrict builtins for ImageMath.eval(). CVE-2022-22817 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5923">#5923</a>
[radarhere]</p>
</li>
<li>
<p>Ensure JpegImagePlugin stops at the end of a truncated file <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5921">#5921</a>
[radarhere]</p>
</li>
<li>
<p>Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5920">#5920</a>
[radarhere]</p>
</li>
<li>
<p>Remove consecutive duplicate tiles that only differ by their offset <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5919">#5919</a>
[radarhere]</p>
</li>
<li>
<p>Improved I;16 operations on big endian <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5901">#5901</a>
[radarhere]</p>
</li>
<li>
<p>Limit quantized palette to number of colors <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5879">#5879</a>
[radarhere]</p>
</li>
<li>
<p>Fixed palette index for zeroed color in FASTOCTREE quantize <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5869">#5869</a>
[radarhere]</p>
</li>
<li>
<p>When saving RGBA to GIF, make use of first transparent palette entry <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5859">#5859</a>
[radarhere]</p>
</li>
<li>
<p>Pass SAMPLEFORMAT to libtiff <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5848">#5848</a>
[radarhere]</p>
</li>
<li>
<p>Added rounding when converting P and PA <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5824">#5824</a>
[radarhere]</p>
</li>
<li>
<p>Improved putdata() documentation and data handling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5910">#5910</a>
[radarhere]</p>
</li>
<li>
<p>Exclude carriage return in PDF regex to help prevent ReDoS <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5912">#5912</a>
[hugovk]</p>
</li>
<li>
<p>Fixed freeing pointer in ImageDraw.Outline.transform <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5909">#5909</a>
[radarhere]</p>
</li>
<li>
<p>Added ImageShow support for xdg-open <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5897">#5897</a>
[m-shinder, radarhere]</p>
</li>
<li>
<p>Support 16-bit grayscale ImageQt conversion <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5856">#5856</a>
[cmbruns, radarhere]</p>
</li>
<li>
<p>Convert subsequent GIF frames to RGB or RGBA <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5857">#5857</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/python-pillow/Pillow/commit/82541b6dec8452cb612067fcebba1c5a1a2bfdc8"><code>82541b6</code></a> 9.0.0 version bump</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/cae5ac495badd7c7ecfad8223a08f55f5d2eaacb"><code>cae5ac4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5924">#5924</a> from radarhere/cves</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/ed4cf7813777ad8478cac46f448bc45416a2a99e"><code>ed4cf78</code></a> CVEs TBD</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/d7f60d1d5a746eb01d4cb3c7fb05b6593f46b0f5"><code>d7f60d1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5923">#5923</a> from radarhere/imagemath_eval</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11"><code>8531b01</code></a> Restrict builtins for ImageMath.eval</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/1efb1d9fabd1dfdbf7982035eca0dae7306abef1"><code>1efb1d9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5922">#5922</a> from radarhere/releasenotes</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/f6c78713a491764dfac576f6c42127755f2c62b3"><code>f6c7871</code></a> Added release notes for <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5919">#5919</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5920">#5920</a> and <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5921">#5921</a></li>
<li><a href="https://github.com/python-pillow/Pillow/commit/032d2dc3658f94718109068ac70799313e440754"><code>032d2dc</code></a> Update CHANGES.rst [ci skip]</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd"><code>baae9ec</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5921">#5921</a> from radarhere/jpeg_eoi</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/1059eb537639925c96d3245dcd73c106d4266c83"><code>1059eb5</code></a> If appended EOI did not work, do not keep trying</li>
<li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/8.1.0...9.0.0">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=pip&previous-version=8.1.0&new-version=9.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>https://gitlab.libreon.fr/xgaia/resume/-/merge_requests/13Bump babel from 2.9.0 to 2.9.12021-10-21T18:51:05ZXavierBump babel from 2.9.0 to 2.9.1*Created by: dependabot[bot]*
Bumps [babel](https://github.com/python-babel/babel) from 2.9.0 to 2.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-babel/babel/releases">babel's rele...*Created by: dependabot[bot]*
Bumps [babel](https://github.com/python-babel/babel) from 2.9.0 to 2.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-babel/babel/releases">babel's releases</a>.</em></p>
<blockquote>
<h2>Version 2.9.1</h2>
<h1>Bugfixes</h1>
<ul>
<li>The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/python-babel/babel/blob/master/CHANGES">babel's changelog</a>.</em></p>
<blockquote>
<h2>Version 2.9.1</h2>
<p>Bugfixes</p>
<pre><code>
* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
allow files within Babel's data directory. Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/python-babel/babel/commit/a99fa2474c808b51ebdabea18db871e389751559"><code>a99fa24</code></a> Use 2.9.0's setup.py for 2.9.1</li>
<li><a href="https://github.com/python-babel/babel/commit/60b33e083801109277cb068105251e76d0b7c14e"><code>60b33e0</code></a> Become 2.9.1</li>
<li><a href="https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3"><code>412015e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-babel/babel/issues/782">#782</a> from python-babel/locale-basename</li>
<li><a href="https://github.com/python-babel/babel/commit/5caf717ceca4bd235552362b4fbff88983c75d8c"><code>5caf717</code></a> Disallow special filenames on Windows</li>
<li><a href="https://github.com/python-babel/babel/commit/3a700b5b8b53606fd98ef8294a56f9510f7290f8"><code>3a700b5</code></a> Run locale identifiers through <code>os.path.basename()</code></li>
<li><a href="https://github.com/python-babel/babel/commit/5afe2b2f11dcdd6090c00231d342c2e9cd1bdaab"><code>5afe2b2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-babel/babel/issues/754">#754</a> from python-babel/github-ci</li>
<li><a href="https://github.com/python-babel/babel/commit/58de8342f865df88697a4a166191e880e3c84d82"><code>58de834</code></a> Replace Travis + Appveyor with GitHub Actions (WIP)</li>
<li><a href="https://github.com/python-babel/babel/commit/d1bbc08e845d03d8e1f0dfa0e04983d755f39cb5"><code>d1bbc08</code></a> import_cldr: use logging; add -q option</li>
<li><a href="https://github.com/python-babel/babel/commit/156b7fb9f377ccf58c71cf01dc69fb10c7b69314"><code>156b7fb</code></a> Quiesce CLDR download progress bar if requested (or not a TTY)</li>
<li><a href="https://github.com/python-babel/babel/commit/613dc1700f91c3d40b081948c0dd6023d8ece057"><code>613dc17</code></a> Make the import warnings about unsupported number systems less verbose</li>
<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.9.0...v2.9.1">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=babel&package-manager=pip&previous-version=2.9.0&new-version=2.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>https://gitlab.libreon.fr/xgaia/resume/-/merge_requests/11Bump notebook from 6.2.0 to 6.4.12021-08-23T20:48:55ZXavierBump notebook from 6.2.0 to 6.4.1*Created by: dependabot[bot]*
Bumps [notebook](https://github.com/jupyter/jupyterhub) from 6.2.0 to 6.4.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jupyter/jupyterhub/commits">compare vi...*Created by: dependabot[bot]*
Bumps [notebook](https://github.com/jupyter/jupyterhub) from 6.2.0 to 6.4.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jupyter/jupyterhub/commits">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=notebook&package-manager=pip&previous-version=6.2.0&new-version=6.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>https://gitlab.libreon.fr/xgaia/resume/-/merge_requests/9Bump urllib3 from 1.26.3 to 1.26.52021-06-02T02:06:09ZXavierBump urllib3 from 1.26.3 to 1.26.5*Created by: dependabot[bot]*
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's rele...*Created by: dependabot[bot]*
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p>
<blockquote>
<h2>1.26.5</h2>
<p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed deprecation warnings emitted in Python 3.10.</li>
<li>Updated vendored <code>six</code> library to 1.16.0.</li>
<li>Improved performance of URL parser when splitting the authority component.</li>
</ul>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a></strong></p>
<h2>1.26.4</h2>
<p>:warning: <strong>IMPORTANT: urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>
<ul>
<li>Changed behavior of the default <code>SSLContext</code> when connecting to HTTPS proxy during HTTPS requests. The default <code>SSLContext</code> now sets <code>check_hostname=True</code>.</li>
</ul>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a></strong></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p>
<blockquote>
<h2>1.26.5 (2021-05-26)</h2>
<ul>
<li>Fixed deprecation warnings emitted in Python 3.10.</li>
<li>Updated vendored <code>six</code> library to 1.16.0.</li>
<li>Improved performance of URL parser when splitting
the authority component.</li>
</ul>
<h2>1.26.4 (2021-03-15)</h2>
<ul>
<li>Changed behavior of the default <code>SSLContext</code> when connecting to HTTPS proxy
during HTTPS requests. The default <code>SSLContext</code> now sets <code>check_hostname=True</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/urllib3/urllib3/commit/d1616473df94b94f0f5ad19d2a6608cfe93b7cdf"><code>d161647</code></a> Release 1.26.5</li>
<li><a href="https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec"><code>2d4a3fe</code></a> Improve performance of sub-authority splitting in URL</li>
<li><a href="https://github.com/urllib3/urllib3/commit/2698537d52f8ff1f0bbb1d45cf018b118e91f637"><code>2698537</code></a> Update vendored six to 1.16.0</li>
<li><a href="https://github.com/urllib3/urllib3/commit/07bed791e9c391d8bf12950f76537dc3c6f90550"><code>07bed79</code></a> Fix deprecation warnings for Python 3.10 ssl module</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d725a9b56bb8baf87c9e6eee0e9edf010034b63b"><code>d725a9b</code></a> Add Python 3.10 to GitHub Actions</li>
<li><a href="https://github.com/urllib3/urllib3/commit/339ad34c677c98fd9ad008de1d8bbeb9dbf34381"><code>339ad34</code></a> Use pytest==6.2.4 on Python 3.10+</li>
<li><a href="https://github.com/urllib3/urllib3/commit/f271c9c3149e20d7feffb6429b135bbb6c09ddf4"><code>f271c9c</code></a> Apply latest Black formatting</li>
<li><a href="https://github.com/urllib3/urllib3/commit/1884878aac87ef0494b282e940c32c24ee917d52"><code>1884878</code></a> [1.26] Properly proxy EOF on the SSLTransport test suite</li>
<li><a href="https://github.com/urllib3/urllib3/commit/a8913042b676c510e94fc2b097f6b514ae11a537"><code>a891304</code></a> Release 1.26.4</li>
<li><a href="https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0"><code>8d65ea1</code></a> Merge pull request from GHSA-5phf-pp7p-vc2r</li>
<li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.3...1.26.5">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.3&new-version=1.26.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>https://gitlab.libreon.fr/xgaia/resume/-/merge_requests/7Bump lxml from 4.6.2 to 4.6.32021-03-31T19:56:55ZXavierBump lxml from 4.6.2 to 4.6.3*Created by: dependabot[bot]*
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>...*Created by: dependabot[bot]*
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p>
<blockquote>
<h1>4.6.3 (2021-03-21)</h1>
<h2>Bugs fixed</h2>
<ul>
<li>A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung,
which allowed JavaScript to pass through. The cleaner now removes the HTML5
<code>formaction</code> attribute.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999"><code>a5f9cb5</code></a> Prepare release of lxml 4.6.3.</li>
<li><a href="https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d"><code>2d01a1b</code></a> Add HTML-5 "formaction" attribute to "defs.link_attrs" (<a href="https://github-redirect.dependabot.com/lxml/lxml/issues/316">GH-316</a>)</li>
<li><a href="https://github.com/lxml/lxml/commit/e986a9cb5d54827c59aefa8803bc90954d67221e"><code>e986a9c</code></a> Fix reference in docs.</li>
<li>See full diff in <a href="https://github.com/lxml/lxml/compare/lxml-4.6.2...lxml-4.6.3">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml&package-manager=pip&previous-version=4.6.2&new-version=4.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>https://gitlab.libreon.fr/xgaia/resume/-/merge_requests/5Bump aiohttp from 3.7.3 to 3.7.42021-02-26T03:01:10ZXavierBump aiohttp from 3.7.3 to 3.7.4*Created by: dependabot[bot]*
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.3 to 3.7.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aio...*Created by: dependabot[bot]*
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.3 to 3.7.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p>
<blockquote>
<h1>3.7.4 (2021-02-25)</h1>
<h2>Bugfixes</h2>
<ul>
<li>
<p><strong>(SECURITY BUG)</strong> Started preventing open redirects in the
<code>aiohttp.web.normalize_path_middleware</code> middleware. For
more details, see
<a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg</a>.</p>
<p>Thanks to <code>Beast Glatisant <https://github.com/g147></code>__ for
finding the first instance of this issue and <code>Jelmer Vernooij <https://jelmer.uk/></code>__ for reporting and tracking it down
in aiohttp.
<code>[#5497](https://github.com/aio-libs/aiohttp/issues/5497) <https://github.com/aio-libs/aiohttp/issues/5497></code>_</p>
</li>
<li>
<p>Fix interpretation difference of the pure-Python and the Cython-based
HTTP parsers construct a <code>yarl.URL</code> object for HTTP request-target.</p>
<p>Before this fix, the Python parser would turn the URI's absolute-path
for <code>//some-path</code> into <code>/</code> while the Cython code preserved it as
<code>//some-path</code>. Now, both do the latter.
<code>[#5498](https://github.com/aio-libs/aiohttp/issues/5498) <https://github.com/aio-libs/aiohttp/issues/5498></code>_</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aio-libs/aiohttp/commit/0a26acc1de9e1b0244456b7881ec16ba8bb64fc3"><code>0a26acc</code></a> Bump aiohttp to v3.7.4 for a security release</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/021c416c18392a111225bc7326063dc4a99a5138"><code>021c416</code></a> Merge branch 'ghsa-v6wp-4m6f-gcjg' into master</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/4ed7c25b537f71c6245bb74d6b20e5867db243ab"><code>4ed7c25</code></a> Bump chardet from 3.0.4 to 4.0.0 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5333">#5333</a>)</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/b61f0fdffc887df24244ba7bdfe8567c580240ff"><code>b61f0fd</code></a> Fix how pure-Python HTTP parser interprets <code>//</code></li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/5c1efbc32c46820250bd25440bb7ea96cb05abe9"><code>5c1efbc</code></a> Bump pre-commit from 2.9.2 to 2.9.3 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5322">#5322</a>)</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/007507580137efcc0a20391a0792f39b337d9c1a"><code>0075075</code></a> Bump pygments from 2.7.2 to 2.7.3 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5318">#5318</a>)</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/5085173d947e6cc01b6daf1aa48fe7698834c569"><code>5085173</code></a> Bump multidict from 5.0.2 to 5.1.0 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5308">#5308</a>)</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/5d1a75e68d278c641c90021409f4eb5de1810e5e"><code>5d1a75e</code></a> Bump pre-commit from 2.9.0 to 2.9.2 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5290">#5290</a>)</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/6724d0e7a944fd7e3a710dc292d785fa8fe424fd"><code>6724d0e</code></a> Bump pre-commit from 2.8.2 to 2.9.0 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5273">#5273</a>)</li>
<li><a href="https://github.com/aio-libs/aiohttp/commit/c688451ce31b914c71b11d2ac6c326b0c87e6d1f"><code>c688451</code></a> Removed duplicate timeout parameter in ClientSession reference docs. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5262">#5262</a>) ...</li>
<li>See full diff in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.3...v3.7.4">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.7.3&new-version=3.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xgaia/resume/network/alerts).
</details>