flyte-org #flyte-github

GitHub

10/02/2023, 11:58 PM

#1043 Bump aiohttp from 3.8.4 to 3.8.5 in /examples/image_spec Pull request opened by dependabot[bot] Bumps aiohttp from 3.8.4 to 3.8.5. Release notes Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

(#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

(#7366)

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

(#3355)

* * *

Changelog Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`[#7346](https://github.com/aio-libs/aiohttp/issues/7346) https://github.com/aio-libs/aiohttp/issues/7346`_

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

`[#7366](https://github.com/aio-libs/aiohttp/issues/7366) https://github.com/aio-libs/aiohttp/issues/7366`_

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

`[#3355](https://github.com/aio-libs/aiohttp/issues/3355) https://github.com/aio-libs/aiohttp/issues/3355`_

* * *

Commits • `9c13a52` Bump aiohttp to v3.8.5 a security release • `7c02129`  Bump pypa/cibuildwheel to v2.14.1 • `135a45e` Improve error messages from C parser (#7366) (#7380) • `9337fb3` Fix bump llhttp to v8.1.1 (#7367) (#7377) • `f07e9b4` [PR #7373/66e261a5 backport][3.8] Drop azure mention (#7374) • `01d9b70` [PR #7370/22c264ce backport][3.8] fix: Spelling error fixed (#7371) • `3577b1e` [PR #7359/7911f1e9 backport][3.8]  Set up secretless publishing to PyPI (#7360) • `8d45f9c` [PR #7333/3a54d378 backport][3.8] Fix TLS transport is

None

error (#7357) • `dd8e24e` [PR #7343/18057581 backport][3.8] Mention encoding in

yarl.URL

(#7355) • `4087410` [PR #7346/346fd202 backport][3.8]  Bump vendored llhttp to v8.1.1 (#7352) • Additional commits viewable in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page. Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days. flyteorg/flytesnacks GitHub Actions: Mark github pre-release as Release GitHub Actions: Publish artifacts to github release GitHub Actions: Create Prerelease GitHub Actions: Bump Version ✅ 26 other checks have passed 26/30 successful checks

GitHub

10/02/2023, 11:58 PM

#1044 Bump aiohttp from 3.8.4 to 3.8.5 in /examples/type_system Pull request opened by dependabot[bot] Bumps aiohttp from 3.8.4 to 3.8.5. Release notes Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

(#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

(#7366)

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

(#3355)

* * *

Changelog Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`[#7346](https://github.com/aio-libs/aiohttp/issues/7346) https://github.com/aio-libs/aiohttp/issues/7346`_

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

`[#7366](https://github.com/aio-libs/aiohttp/issues/7366) https://github.com/aio-libs/aiohttp/issues/7366`_

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

`[#3355](https://github.com/aio-libs/aiohttp/issues/3355) https://github.com/aio-libs/aiohttp/issues/3355`_

* * *

None

error (#7357) • `dd8e24e` [PR #7343/18057581 backport][3.8] Mention encoding in

yarl.URL

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1045 Bump aiohttp from 3.8.4 to 3.8.5 in /_example_template Pull request opened by dependabot[bot] Bumps aiohttp from 3.8.4 to 3.8.5. Release notes Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

(#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

(#7366)

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

(#3355)

* * *

Changelog Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`[#7346](https://github.com/aio-libs/aiohttp/issues/7346) https://github.com/aio-libs/aiohttp/issues/7346`_

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

`[#7366](https://github.com/aio-libs/aiohttp/issues/7366) https://github.com/aio-libs/aiohttp/issues/7366`_

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

`[#3355](https://github.com/aio-libs/aiohttp/issues/3355) https://github.com/aio-libs/aiohttp/issues/3355`_

* * *

None

error (#7357) • `dd8e24e` [PR #7343/18057581 backport][3.8] Mention encoding in

yarl.URL

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1046 Bump aiohttp from 3.8.4 to 3.8.5 in /examples/containerization Pull request opened by dependabot[bot] Bumps aiohttp from 3.8.4 to 3.8.5. Release notes Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

(#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

(#7366)

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

(#3355)

* * *

Changelog Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`[#7346](https://github.com/aio-libs/aiohttp/issues/7346) https://github.com/aio-libs/aiohttp/issues/7346`_

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

`[#7366](https://github.com/aio-libs/aiohttp/issues/7366) https://github.com/aio-libs/aiohttp/issues/7366`_

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

`[#3355](https://github.com/aio-libs/aiohttp/issues/3355) https://github.com/aio-libs/aiohttp/issues/3355`_

* * *

None

error (#7357) • `dd8e24e` [PR #7343/18057581 backport][3.8] Mention encoding in

yarl.URL

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1047 Bump aiohttp from 3.8.4 to 3.8.5 in /examples/snowflake_plugin Pull request opened by dependabot[bot] Bumps aiohttp from 3.8.4 to 3.8.5. Release notes Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

(#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

(#7366)

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

(#3355)

* * *

Changelog Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`[#7346](https://github.com/aio-libs/aiohttp/issues/7346) https://github.com/aio-libs/aiohttp/issues/7346`_

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

`[#7366](https://github.com/aio-libs/aiohttp/issues/7366) https://github.com/aio-libs/aiohttp/issues/7366`_

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

`[#3355](https://github.com/aio-libs/aiohttp/issues/3355) https://github.com/aio-libs/aiohttp/issues/3355`_

* * *

None

error (#7357) • `dd8e24e` [PR #7343/18057581 backport][3.8] Mention encoding in

yarl.URL

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1048 Bump aiohttp from 3.8.4 to 3.8.5 Pull request opened by dependabot[bot] Bumps aiohttp from 3.8.4 to 3.8.5. Release notes Sourced from aiohttp's releases.

3.8.5

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

(#7346)

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

(#7366)

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

(#3355)

* * *

Changelog Sourced from aiohttp's changelog.

3.8.5 (2023-07-19)

Security bugfixes

• Upgraded the vendored copy of llhttp_ to v8.1.1 -- by user`webknjaz` and user`Dreamsorcerer`.

Thanks to user`sethmlarson` for reporting this and providing us with comprehensive reproducer, workarounds and fixing details! For more information, see GHSA-45c4-8wx5-qw6w.

.. _llhttp: https://llhttp.org

`[#7346](https://github.com/aio-libs/aiohttp/issues/7346) https://github.com/aio-libs/aiohttp/issues/7346`_

Features

• Added information to C parser exceptions to show which character caused the error. -- by user`Dreamsorcerer`

`[#7366](https://github.com/aio-libs/aiohttp/issues/7366) https://github.com/aio-libs/aiohttp/issues/7366`_

Bugfixes

• Fixed a transport is data`None` error -- by user`Dreamsorcerer`.

`[#3355](https://github.com/aio-libs/aiohttp/issues/3355) https://github.com/aio-libs/aiohttp/issues/3355`_

* * *

None

error (#7357) • `dd8e24e` [PR #7343/18057581 backport][3.8] Mention encoding in

yarl.URL

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1053 Bump certifi from 2023.5.7 to 2023.7.22 in /examples/containerization Pull request opened by dependabot[bot] Bumps certifi from 2023.5.7 to 2023.7.22. Commits • `8fb96ed` 2023.07.22 • `afe7722` Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) • `2038739` Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) • `44df761` Hash pin Actions and enable dependabot (#228) • See full diff in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1054 Bump certifi from 2023.5.7 to 2023.7.22 in /examples/basics Pull request opened by dependabot[bot] on <!date^1690328125^{date_short}|2023-07-25T23:35:25Z> Bumps certifi from 2023.5.7 to 2023.7.22. Commits • `8fb96ed` 2023.07.22 • `afe7722` Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) • `2038739` Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) • `44df761` Hash pin Actions and enable dependabot (#228) • See full diff in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1055 Bump certifi from 2023.5.7 to 2023.7.22 in /examples/control_flow Pull request opened by dependabot[bot] Bumps certifi from 2023.5.7 to 2023.7.22. Commits • `8fb96ed` 2023.07.22 • `afe7722` Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) • `2038739` Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) • `44df761` Hash pin Actions and enable dependabot (#228) • See full diff in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1057 Bump certifi from 2023.5.7 to 2023.7.22 in /examples/type_system Pull request opened by dependabot[bot] Bumps certifi from 2023.5.7 to 2023.7.22. Commits • `8fb96ed` 2023.07.22 • `afe7722` Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) • `2038739` Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) • `44df761` Hash pin Actions and enable dependabot (#228) • See full diff in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1056 Bump certifi from 2023.5.7 to 2023.7.22 in /_example_template Pull request opened by dependabot[bot] Bumps certifi from 2023.5.7 to 2023.7.22. Commits • `8fb96ed` 2023.07.22 • `afe7722` Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) • `2038739` Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) • `44df761` Hash pin Actions and enable dependabot (#228) • See full diff in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/02/2023, 11:58 PM

#1058 Bump certifi from 2023.5.7 to 2023.7.22 in /examples/image_spec Pull request opened by dependabot[bot] Bumps certifi from 2023.5.7 to 2023.7.22. Commits • `8fb96ed` 2023.07.22 • `afe7722` Bump actions/setup-python from 4.6.1 to 4.7.0 (#230) • `2038739` Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229) • `44df761` Hash pin Actions and enable dependabot (#228) • See full diff in compare view Dependabot compatibility score You can trigger a rebase of this PR by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

GitHub

10/03/2023, 12:17 AM

#4124 [Monorepo] Bump flyteplugins to v1.1.32 Pull request opened by eapolinario Describe your changes This PR brings flyteorg/flyteplugins#403 to the monorepo. Notice that flytepropeller unit tests are failing with (and possibly other failures):

Copy code

go test ./... -race -coverprofile=coverage.txt -covermode=atomic
# <http://github.com/flyteorg/flyte/flytepropeller/pkg/controller/nodes/task|github.com/flyteorg/flyte/flytepropeller/pkg/controller/nodes/task>
Error: pkg/controller/nodes/task/taskexec_context.go:134:9: cannot use t.tm (variable of type taskExecutionMetadata) as type "<http://github.com/flyteorg/flyte/flyteplugins/go/tasks/pluginmachinery/core|github.com/flyteorg/flyte/flyteplugins/go/tasks/pluginmachinery/core>".TaskExecutionMetadata in return statement:
	taskExecutionMetadata does not implement "<http://github.com/flyteorg/flyte/flyteplugins/go/tasks/pluginmachinery/core|github.com/flyteorg/flyte/flyteplugins/go/tasks/pluginmachinery/core>".TaskExecutionMetadata (wrong type for GetInterruptibleFailureThreshold method)
		have GetInterruptibleFailureThreshold() uint32
		want GetInterruptibleFailureThreshold() int32

flyteorg/flyte GitHub Actions: Build & Push Image GitHub Actions: Bump git tags GitHub Actions: Integration Test GitHub Actions: Unit Tests (flytepropeller) / Run Unit Test GitHub Actions: Lint (flytepropeller) / Run Lint GitHub Actions: Docker Build Images (flytepropeller) / build_docker ✅ 24 other checks have passed 24/30 successful checks

GitHub

10/03/2023, 12:23 AM

7 new commits pushed to

<https://github.com/flyteorg/flyte/tree/master|master>

by eapolinario

<https://github.com/flyteorg/flyte/commit/a156f9f0202ee6cc505914883f54c36e0a5b4d94|a156f9f0>

- Ray log links (#620)

<https://github.com/flyteorg/flyte/commit/d84d1c837d4aeed67f03ff16f4085adc528177a5|d84d1c83>

- Add k8s events to task phase updates (#600)

<https://github.com/flyteorg/flyte/commit/bb053a708d4e11eaf99fc08e85c3107ac03e1bf5|bb053a70>

- reverting to parallelism increases only on non-terminal phase updates (#624)

<https://github.com/flyteorg/flyte/commit/57c0c4b17c1e2b9524c06455119bf5c011a282e3|57c0c4b1>

- Merge remote-tracking branch 'monorepo-flytepropeller/master' into monorepo--bump-flytepropeller-to-v1.1.129

<https://github.com/flyteorg/flyte/commit/b0c15b4bd1f2b6ad1b6f65e464f4f3b8674d2630|b0c15b4b>

- make lint

<https://github.com/flyteorg/flyte/commit/d317e1fa03445c3a553101641b41e63d37a3bd92|d317e1fa>

- s/sesnor/sensor

<https://github.com/flyteorg/flyte/commit/d9586b0ea493d13683d4dd191d552bf675aa57da|d9586b0e>

- Merge pull request #4123 from flyteorg/monorepo--bump-flytepropeller-to-v1.1.129 flyteorg/flyte

GitHub

10/03/2023, 1:09 AM

#307 Bump lxml from 4.7.1 to 4.9.1 Pull request opened by dependabot[bot] Bumps lxml from 4.7.1 to 4.9.1. Changelog Sourced from lxml's changelog.

4.9.1 (2022-07-01)

Bugs fixed

• A crash was resolved when using
iterwalk()
(or
canonicalize()
) after parsing certain incorrect input. Note that
iterwalk()
can crash on valid input parsed with the same parser after failing to parse the incorrect input.

4.9.0 (2022-06-01)

Bugs fixed

• GH#341: The mixin inheritance order in
lxml.html
was corrected. Patch by xmo-odoo.

Other changes

• Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.

• Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35 (libxml2 2.9.12+ and libxslt 1.1.34 on Windows).

• GH#343: Windows-AArch64 build support in Visual Studio. Patch by Steve Dower.

4.8.0 (2022-02-17)

Features added

• GH#337: Path-like objects are now supported throughout the API instead of just strings. Patch by Henning Janssen.

• The
ElementMaker
now supports
QName
values as tags, which always override the default namespace of the factory.

Bugs fixed

• GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.

... (truncated) Commits • `d01872c` Prevent parse failure in new test from leaking into later test runs. • `d65e632` Prepare release of lxml 4.9.1. • `86368e9` Fix a crash when incorrect parser input occurs together with usages of iterwa... • `50c2764` Delete unused Travis CI config and reference in docs (GH-345) • `8f0bf2d` Try to speed up the musllinux AArch64 build by splitting the different CPytho... • `b9f7074` Remove debug print from test. • `b224e0f` Try to install 'xz' in wheel builds, if available, since it's now needed to e... • `897ebfa` Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts... • `853c9e9` Prepare release of 4.9.0. • `d3f77e6` Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a... • Additional commits viewable in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the Security Alerts page. flyteorg/flyteidl ✅ All checks have passed 13/13 successful checks

GitHub

10/03/2023, 1:09 AM

#352 Bump certifi from 2021.10.8 to 2022.12.7 Pull request opened by dependabot[bot] Bumps certifi from 2021.10.8 to 2022.12.7. Commits • `9e9e840` 2022.12.07 • `b81bdb2` 2022.09.24 • `939a28f` 2022.09.14 • `aca828a` 2022.06.15.2 • `de0eae1` Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ... • `b8eb5e9` 2022.06.15.1 • `47fb7ab` Fix deprecation warning on Python 3.11 (#199) • `b0b48e0` fixes #198 -- update link in license • `9d514b4` 2022.06.15 • `4151e88` Add py.typed to MANIFEST.in to package in sdist (#196) • Additional commits viewable in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#365 Bump github.com/prometheus/client_golang from 1.9.0 to 1.11.1 in /boilerplate/flyte/golang_support_tools Pull request opened by dependabot[bot] Bumps github.com/prometheus/client_golang from 1.9.0 to 1.11.1. Release notes _Sourced from github.com/prometheus/client_golang's releases._

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed `CVE-2022-21698`)

What's Changed

• promhttp: Check validity of method and code label values by `@bwplotka` and `@kakkoyun` in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

v1.11.0 / 2021-06-07

• [CHANGE] Add new collectors package. #862

• [CHANGE]
prometheus.NewExpvarCollector
is deprecated, use
collectors.NewExpvarCollector
instead. #862

• [CHANGE]
prometheus.NewGoCollector
is deprecated, use
collectors.NewGoCollector
instead. #862

• [CHANGE]
prometheus.NewBuildInfoCollector
is deprecated, use
collectors.NewBuildInfoCollector
instead. #862

• [FEATURE] Add new collector for database/sql#DBStats. #866

• [FEATURE] API client: Add exemplars API support. #861

• [ENHANCEMENT] API client: Add newer fields to Rules API. #855

• [ENHANCEMENT] API client: Add missing fields to Targets API. #856

What's Changed

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#846

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#849

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#853

• Add newer fields to Rules API by `@gouthamve` in prometheus/client_golang#855

• Add missing fields to targets API by `@yeya24` in prometheus/client_golang#856

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#857

• Add exemplars API support by `@yeya24` in prometheus/client_golang#861

• Improve description of MaxAge in summary docs by `@Dean-Coakley` in prometheus/client_golang#864

• Add new collectors package by `@johejo` in prometheus/client_golang#862

• Add collector for database/sql#DBStats by `@johejo` in prometheus/client_golang#866

• Make dbStatsCollector more DRY by `@beorn7` in prometheus/client_golang#867

• Change maintainers from `@beorn7` to @bwplotka/`@kakkoyun` by `@beorn7` in prometheus/client_golang#873

• Document implications of negative observations by `@beorn7` in prometheus/client_golang#871

• Update Go modules by `@SuperQ` in prometheus/client_golang#875

New Contributors

• `@gouthamve` made their first contribution in prometheus/client_golang#855

Full Changelog: prometheus/client_golang@v1.10.0...v1.11.0

1.10.0 / 2021-03-18

• [CHANGE] Minimum required Go version is now 1.13.

• [CHANGE] API client: Add matchers to
LabelNames
and
LabesValues
. #828

• [FEATURE] API client: Add buildinfo call. #841

• [BUGFIX] Fix build on riscv64. #833

What's Changed

• Add SECURITY.md by `@roidelapluie` in prometheus/client_golang#831

• Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by `@zhsj` in prometheus/client_golang#833

• Fix typo in comments in prometheus/client_golang#835

... (truncated) Changelog _Sourced from github.com/prometheus/client_golang's changelog._

Unreleased

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150

• [CHANGE] Extend
prometheus.Registry
to implement
prometheus.Collector
interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146

• [BUGFIX] Fix
CumulativeCount
value of
+Inf
bucket created from exemplar. #1148

• [BUGFIX] Fix double-counting bug in
promhttp.InstrumentRoundTripperCounter
. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).

• [ENHANCEMENT] Added
prometheus.TransactionalGatherer
interface for
promhttp.Handler
use which allows using low allocation update techniques for custom colle…

flyteorg/flyteidl GitHub Actions: Check Generate / Go Generate ✅ 12 other checks have passed 12/13 successful checks

GitHub

10/03/2023, 1:09 AM

#366 Bump github.com/prometheus/client_golang from 1.9.0 to 1.11.1 Pull request opened by dependabot[bot] Bumps github.com/prometheus/client_golang from 1.9.0 to 1.11.1. Release notes _Sourced from github.com/prometheus/client_golang's releases._

1.11.1 / 2022-02-15

• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed `CVE-2022-21698`)

What's Changed

• promhttp: Check validity of method and code label values by `@bwplotka` and `@kakkoyun` in prometheus/client_golang#987

Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1

v1.11.0 / 2021-06-07

• [CHANGE] Add new collectors package. #862

• [CHANGE]
prometheus.NewExpvarCollector
is deprecated, use
collectors.NewExpvarCollector
instead. #862

• [CHANGE]
prometheus.NewGoCollector
is deprecated, use
collectors.NewGoCollector
instead. #862

• [CHANGE]
prometheus.NewBuildInfoCollector
is deprecated, use
collectors.NewBuildInfoCollector
instead. #862

• [FEATURE] Add new collector for database/sql#DBStats. #866

• [FEATURE] API client: Add exemplars API support. #861

• [ENHANCEMENT] API client: Add newer fields to Rules API. #855

• [ENHANCEMENT] API client: Add missing fields to Targets API. #856

What's Changed

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#846

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#849

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#853

• Add newer fields to Rules API by `@gouthamve` in prometheus/client_golang#855

• Add missing fields to targets API by `@yeya24` in prometheus/client_golang#856

• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#857

• Add exemplars API support by `@yeya24` in prometheus/client_golang#861

• Improve description of MaxAge in summary docs by `@Dean-Coakley` in prometheus/client_golang#864

• Add new collectors package by `@johejo` in prometheus/client_golang#862

• Add collector for database/sql#DBStats by `@johejo` in prometheus/client_golang#866

• Make dbStatsCollector more DRY by `@beorn7` in prometheus/client_golang#867

• Change maintainers from `@beorn7` to @bwplotka/`@kakkoyun` by `@beorn7` in prometheus/client_golang#873

• Document implications of negative observations by `@beorn7` in prometheus/client_golang#871

• Update Go modules by `@SuperQ` in prometheus/client_golang#875

New Contributors

• `@gouthamve` made their first contribution in prometheus/client_golang#855

Full Changelog: prometheus/client_golang@v1.10.0...v1.11.0

1.10.0 / 2021-03-18

• [CHANGE] Minimum required Go version is now 1.13.

• [CHANGE] API client: Add matchers to
LabelNames
and
LabesValues
. #828

• [FEATURE] API client: Add buildinfo call. #841

• [BUGFIX] Fix build on riscv64. #833

What's Changed

• Add SECURITY.md by `@roidelapluie` in prometheus/client_golang#831

• Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by `@zhsj` in prometheus/client_golang#833

• Fix typo in comments in prometheus/client_golang#835

... (truncated) Changelog _Sourced from github.com/prometheus/client_golang's changelog._

Unreleased

1.14.0 / 2022-11-08

• [FEATURE] Add Support for Native Histograms. #1150

• [CHANGE] Extend
prometheus.Registry
to implement
prometheus.Collector
interface. #1103

1.13.1 / 2022-11-01

• [BUGFIX] Fix race condition with Exemplar in Counter. #1146

• [BUGFIX] Fix
CumulativeCount
value of
+Inf
bucket created from exemplar. #1148

• [BUGFIX] Fix double-counting bug in
promhttp.InstrumentRoundTripperCounter
. #1118

1.13.0 / 2022-08-05

• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).

• [ENHANCEMENT] Added
prometheus.TransactionalGatherer
interface for
promhttp.Handler
use which allows using low allocation update techniques for custom colle…

flyteorg/flyteidl ✅ All checks have passed 13/13 successful checks

GitHub

10/03/2023, 1:09 AM

#370 Bump golang.org/x/text from 0.3.7 to 0.3.8 in /boilerplate/flyte/golang_support_tools Pull request opened by dependabot[bot] Bumps golang.org/x/text from 0.3.7 to 0.3.8. Commits • `434eadc` language: reject excessively large Accept-Language strings • `23407e7` go.mod: ignore cyclic dependency for tagging • `b18d3dd` secure/precis: replace bytes.Compare with bytes.Equal • `795e854` all: replace io/ioutil with io and os package • `b0ca10f` internal/language: bump script types to uint16 and update registry • `ba9b0e1` go.mod: update x/tools to HEAD • `d03b418` A+C: delete AUTHORS and CONTRIBUTORS • `b4bca84` language/display: fix Tag method comment • `ea49e3e` go.mod: update x/tools to HEAD • `78819d0` go.mod: update to golang.org/x/text v0.1.10 • Additional commits viewable in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#371 Bump golang.org/x/text from 0.3.7 to 0.3.8 Pull request opened by dependabot[bot] Bumps golang.org/x/text from 0.3.7 to 0.3.8. Commits • `434eadc` language: reject excessively large Accept-Language strings • `23407e7` go.mod: ignore cyclic dependency for tagging • `b18d3dd` secure/precis: replace bytes.Compare with bytes.Equal • `795e854` all: replace io/ioutil with io and os package • `b0ca10f` internal/language: bump script types to uint16 and update registry • `ba9b0e1` go.mod: update x/tools to HEAD • `d03b418` A+C: delete AUTHORS and CONTRIBUTORS • `b4bca84` language/display: fix Tag method comment • `ea49e3e` go.mod: update x/tools to HEAD • `78819d0` go.mod: update to golang.org/x/text v0.1.10 • Additional commits viewable in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#372 Bump k8s.io/client-go from 0.0.0-20210217172142-7279fc64d847 to 0.20.0-alpha.2 Pull request opened by dependabot[bot] Bumps k8s.io/client-go from 0.0.0-20210217172142-7279fc64d847 to 0.20.0-alpha.2. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#373 Bump k8s.io/client-go from 0.0.0-20210217172142-7279fc64d847 to 0.20.0-alpha.2 in /boilerplate/flyte/golang_support_tools Pull request opened by dependabot[bot] Bumps k8s.io/client-go from 0.0.0-20210217172142-7279fc64d847 to 0.20.0-alpha.2. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#374 Bump golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.7.0 in /boilerplate/flyte/golang_support_tools Pull request opened by dependabot[bot] on <!date^1677291513^{date_short}|2023-02-25T02:18:33Z> Bumps golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.7.0. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#375 Bump golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0 in /boilerplate/flyte/golang_support_tools Pull request opened by dependabot[bot] on <!date^1677310257^{date_short}|2023-02-25T07:30:57Z> Bumps golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#376 Bump golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0 Pull request opened by dependabot[bot] Bumps golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#379 Bump golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.7.0 Pull request opened by dependabot[bot] Bumps golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.7.0. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:09 AM

#380 Bump golang.org/x/crypto from 0.0.0-20210921155107-089bfa567519 to 0.1.0 Pull request opened by dependabot[bot] Bumps golang.org/x/crypto from 0.0.0-20210921155107-089bfa567519 to 0.1.0. Commits • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting

@dependabot rebase

. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: •

@dependabot rebase

will rebase this PR •

@dependabot recreate

will recreate this PR, overwriting any edits that have been made to it •

@dependabot merge

will merge this PR after your CI passes on it •

@dependabot squash and merge

will squash and merge this PR after your CI passes on it •

@dependabot cancel merge

will cancel a previously requested merge and block automerging •

@dependabot reopen

will reopen this PR if it is closed •

@dependabot close

will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually •

@dependabot ignore this major version

will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this minor version

will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) •

@dependabot ignore this dependency

will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) •

@dependabot use these labels

will set the current labels as the default for future PRs for this repo and language •

@dependabot use these reviewers

will set the current reviewers as the default for future PRs for this repo and language •

@dependabot use these assignees

will set the current assignees as the default for future PRs for this repo and language •

@dependabot use this milestone

GitHub

10/03/2023, 1:10 AM

#239 [Snyk] Security upgrade lxml from 4.6.3 to 4.6.5 Pull request opened by snyk-bot Snyk has created this PR to fix one or more vulnerable packages in the
pip
dependencies of this project. Changes included in this PR • Changes to the following files to upgrade the vulnerable dependencies to a fixed version: • doc-requirements.txt Vulnerabilities that will be fixed By pinning: (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. * * * Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: https://camo.githubusercontent.com/33a643753ef1497665826d7fd447f640212949a3edc59c29baab65a7e90b68bd/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949304d3251354e3249785979307a4f544d354c54517a4e6a67744f4467795a69316b5a574932596d566c596d497a597a4d694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a517a5a446b33596a466a4c544d354d7a6b744e444d324f4330344f444a6d4c57526c596a5a695a575669596a4e6a4d794a3966513d3d 🧐 View latest project report 🛠️ Adjust project settings 📚 Read more about Snyk's upgrade and patch logic flyteorg/flyteidl

GitHub

10/03/2023, 1:10 AM

#306 [Snyk] Security upgrade lxml from 4.7.1 to 4.9.1 Pull request opened by snyk-bot Snyk has created this PR to fix one or more vulnerable packages in the
pip
dependencies of this project. Changes included in this PR • Changes to the following files to upgrade the vulnerable dependencies to a fixed version: • doc-requirements.txt Vulnerabilities that will be fixed By pinning: (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. * * * Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: https://camo.githubusercontent.com/86c615a5df670614589eb46bdf78b208b61cd70436db5436249b147d0c00c3a5/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949304e544d774d324e6d4d6930344f574d774c54513359544d744f574d325a43316c4d5468684f446c6b4d7a6b354f5467694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a51314d7a417a593259794c546735597a41744e4464684d793035597a5a6b4c5755784f4745344f57517a4f546b354f434a3966513d3d 🧐 View latest project report 🛠️ Adjust project settings 📚 Read more about Snyk's upgrade and patch logic * * * Learn how to fix vulnerabilities with free interactive lessons: 🦉 Learn about vulnerability in an interactive lesson of Snyk Learn. flyteorg/flyteidl DCO: DCO ✅ 11 other checks have passed 11/12 successful checks

GitHub

10/03/2023, 1:10 AM

#323 [Snyk] Security upgrade lxml from 4.7.1 to 4.9.1 Pull request opened by EngHabu This PR was automatically created by Snyk using the credentials of a real user. Snyk has created this PR to fix one or more vulnerable packages in the
pip
dependencies of this project. Changes included in this PR • Changes to the following files to upgrade the vulnerable dependencies to a fixed version: • doc-requirements.txt Vulnerabilities that will be fixed By pinning: (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. * * * Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: https://camo.githubusercontent.com/8fbe538b3dc4b1755ed83cb9f12f52df73e1fae8fe2904f97f9cdf965f468755/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a684f44566a4e44566d5a5330345932497a4c5452684d5459744f4759345a6930305a4441784f44566d4d4442695a5759694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d45344e574d304e575a6c4c54686a596a4d744e4745784e6930345a6a686d4c54526b4d4445344e5759774d474a6c5a694a3966513d3d 🧐 View latest project report 🛠️ Adjust project settings 📚 Read more about Snyk's upgrade and patch logic * * * Learn how to fix vulnerabilities with free interactive lessons: 🦉 Learn about vulnerability in an interactive lesson of Snyk Learn. flyteorg/flyteidl DCO: DCO ✅ 11 other checks have passed 11/12 successful checks