From 85a82ecb3cad8b89f26648706b1dade7600d0217 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 17:05:23 +0000
Subject: [PATCH 1/3] Bump certifi from 2024.2.2 to 2024.7.4

Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.2.2 to 2024.7.4.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 poetry.lock    | 10 +++++-----
 pyproject.toml |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 4fefc57a6b2..70204f736b8 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.8.0 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
 
 [[package]]
 name = "aiohttp"
@@ -499,13 +499,13 @@ zstd = ["zstandard (==0.22.0)"]
 
 [[package]]
 name = "certifi"
-version = "2024.2.2"
+version = "2024.7.4"
 description = "Python package for providing Mozilla's CA Bundle."
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "certifi-2024.2.2-py3-none-any.whl", hash = "sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1"},
-    {file = "certifi-2024.2.2.tar.gz", hash = "sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f"},
+    {file = "certifi-2024.7.4-py3-none-any.whl", hash = "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90"},
+    {file = "certifi-2024.7.4.tar.gz", hash = "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b"},
 ]
 
 [[package]]
@@ -5013,4 +5013,4 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.12"
-content-hash = "78f529cdfdc2cbc64c62d3acb53e096f6a7090ade7e3ee70a232b059061ec13d"
+content-hash = "94dbd37ea3b7d8a581f6d7af6679cc4cf5a0f02550f0a7806fbe49ffd8045fe4"
diff --git a/pyproject.toml b/pyproject.toml
index b78ec011364..39e03d98ab2 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -47,7 +47,7 @@ tqdm = "4.66.2"
 email-validator = "2.1.1"
 #" Python markdown extensions for comment emails
 markdown-del-ins = "1.0.0"
-certifi = "2024.2.2"
+certifi = "2024.7.4"
 sendgrid = "6.11.0"
 requests = "2.31.0"
 urllib3 = "1.26.18" # still <2.0 because elasticseach2 lib doesn't supprort urllib3>=2.0

From 586e8d8b1d546f874d71030bf62e9bf2582ec511 Mon Sep 17 00:00:00 2001
From: John Tordoff <>
Date: Thu, 1 Aug 2024 13:08:28 -0400
Subject: [PATCH 2/3] security fixes

---
 requirements.txt | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 7fb762e01b0..759e40b3c66 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@
 # To install release requirements: inv requirements --release
 wheel==0.42.0
 invoke==2.2.0
-Werkzeug==3.0.1
+Werkzeug==3.0.3
 Flask==3.0.2
 Mako==1.3.2
 Markdown==3.5.2
@@ -22,7 +22,7 @@ python-dateutil==2.9.0
 pytz==2024.1
 bleach==6.1.0
 bleach[css]==6.1.0
-pillow==10.2.0
+pillow==10.3.0
 Markupsafe==2.1.5
 blinker==1.7.0
 furl==2.1.3
@@ -38,24 +38,24 @@ boto3==1.34.60
 django-waffle==4.1.0
 pymongo[ocsp]==3.13.0 # install to get bson module
 PyYAML==6.0.1
-tqdm==4.66.2
+tqdm==4.66.3
 email-validator==2.1.1
 # Python markdown extensions for comment emails
 markdown-del-ins==1.0.0
 
-certifi==2024.2.2
+certifi==2024.07.04
 sendgrid==6.11.0
 
-requests==2.31.0
-urllib3==1.26.18 # still <2.0 because elasticseach2 lib doesn't supprort urllib3>=2.0
+requests==2.32.0
+urllib3==1.26.19 # still <2.0 because elasticseach2 lib doesn't supprort urllib3>=2.0
 oauthlib==3.2.2
 requests-oauthlib==1.3.1
-sentry-sdk[django, flask, celery]==2.2.0
+sentry-sdk[django, flask, celery]==2.8.0
 django-redis==5.4.0
 
 # API requirements
-Django==4.2.13
-djangorestframework==3.15.1
+Django==4.2.14
+djangorestframework==3.15.2
 django-cors-headers==4.3.1
 djangorestframework-bulk==0.2.1
 django-bulk-update==2.2.0

From 8066208182ef726eb2dc98732e2f5991992b58d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 17:13:41 +0000
Subject: [PATCH 3/3] Bump sentry-sdk from 2.2.0 to 2.8.0

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.2.0 to 2.8.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.2.0...2.8.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 poetry.lock    | 14 +++++++-------
 pyproject.toml |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 70204f736b8..7367d5f0aa9 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -4356,13 +4356,13 @@ starkbank-ecdsa = ">=2.0.1"
 
 [[package]]
 name = "sentry-sdk"
-version = "2.2.0"
+version = "2.8.0"
 description = "Python client for Sentry (https://sentry.io)"
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "sentry_sdk-2.2.0-py2.py3-none-any.whl", hash = "sha256:674f58da37835ea7447fe0e34c57b4a4277fad558b0a7cb4a6c83bcb263086be"},
-    {file = "sentry_sdk-2.2.0.tar.gz", hash = "sha256:70eca103cf4c6302365a9d7cf522e7ed7720828910eb23d43ada8e50d1ecda9d"},
+    {file = "sentry_sdk-2.8.0-py2.py3-none-any.whl", hash = "sha256:6051562d2cfa8087bb8b4b8b79dc44690f8a054762a29c07e22588b1f619bfb5"},
+    {file = "sentry_sdk-2.8.0.tar.gz", hash = "sha256:aa4314f877d9cd9add5a0c9ba18e3f27f99f7de835ce36bd150e48a41c7c646f"},
 ]
 
 [package.dependencies]
@@ -4389,7 +4389,7 @@ django = ["django (>=1.8)"]
 falcon = ["falcon (>=1.4)"]
 fastapi = ["fastapi (>=0.79.0)"]
 flask = ["blinker (>=1.1)", "flask (>=0.11)", "markupsafe"]
-grpcio = ["grpcio (>=1.21.1)"]
+grpcio = ["grpcio (>=1.21.1)", "protobuf (>=3.8.0)"]
 httpx = ["httpx (>=0.16.0)"]
 huey = ["huey (>=2)"]
 huggingface-hub = ["huggingface-hub (>=0.22)"]
@@ -4397,7 +4397,7 @@ langchain = ["langchain (>=0.0.210)"]
 loguru = ["loguru (>=0.5)"]
 openai = ["openai (>=1.0.0)", "tiktoken (>=0.3.0)"]
 opentelemetry = ["opentelemetry-distro (>=0.35b0)"]
-opentelemetry-experimental = ["opentelemetry-distro (>=0.40b0,<1.0)", "opentelemetry-instrumentation-aiohttp-client (>=0.40b0,<1.0)", "opentelemetry-instrumentation-django (>=0.40b0,<1.0)", "opentelemetry-instrumentation-fastapi (>=0.40b0,<1.0)", "opentelemetry-instrumentation-flask (>=0.40b0,<1.0)", "opentelemetry-instrumentation-requests (>=0.40b0,<1.0)", "opentelemetry-instrumentation-sqlite3 (>=0.40b0,<1.0)", "opentelemetry-instrumentation-urllib (>=0.40b0,<1.0)"]
+opentelemetry-experimental = ["opentelemetry-instrumentation-aio-pika (==0.46b0)", "opentelemetry-instrumentation-aiohttp-client (==0.46b0)", "opentelemetry-instrumentation-aiopg (==0.46b0)", "opentelemetry-instrumentation-asgi (==0.46b0)", "opentelemetry-instrumentation-asyncio (==0.46b0)", "opentelemetry-instrumentation-asyncpg (==0.46b0)", "opentelemetry-instrumentation-aws-lambda (==0.46b0)", "opentelemetry-instrumentation-boto (==0.46b0)", "opentelemetry-instrumentation-boto3sqs (==0.46b0)", "opentelemetry-instrumentation-botocore (==0.46b0)", "opentelemetry-instrumentation-cassandra (==0.46b0)", "opentelemetry-instrumentation-celery (==0.46b0)", "opentelemetry-instrumentation-confluent-kafka (==0.46b0)", "opentelemetry-instrumentation-dbapi (==0.46b0)", "opentelemetry-instrumentation-django (==0.46b0)", "opentelemetry-instrumentation-elasticsearch (==0.46b0)", "opentelemetry-instrumentation-falcon (==0.46b0)", "opentelemetry-instrumentation-fastapi (==0.46b0)", "opentelemetry-instrumentation-flask (==0.46b0)", "opentelemetry-instrumentation-grpc (==0.46b0)", "opentelemetry-instrumentation-httpx (==0.46b0)", "opentelemetry-instrumentation-jinja2 (==0.46b0)", "opentelemetry-instrumentation-kafka-python (==0.46b0)", "opentelemetry-instrumentation-logging (==0.46b0)", "opentelemetry-instrumentation-mysql (==0.46b0)", "opentelemetry-instrumentation-mysqlclient (==0.46b0)", "opentelemetry-instrumentation-pika (==0.46b0)", "opentelemetry-instrumentation-psycopg (==0.46b0)", "opentelemetry-instrumentation-psycopg2 (==0.46b0)", "opentelemetry-instrumentation-pymemcache (==0.46b0)", "opentelemetry-instrumentation-pymongo (==0.46b0)", "opentelemetry-instrumentation-pymysql (==0.46b0)", "opentelemetry-instrumentation-pyramid (==0.46b0)", "opentelemetry-instrumentation-redis (==0.46b0)", "opentelemetry-instrumentation-remoulade (==0.46b0)", "opentelemetry-instrumentation-requests (==0.46b0)", "opentelemetry-instrumentation-sklearn (==0.46b0)", "opentelemetry-instrumentation-sqlalchemy (==0.46b0)", "opentelemetry-instrumentation-sqlite3 (==0.46b0)", "opentelemetry-instrumentation-starlette (==0.46b0)", "opentelemetry-instrumentation-system-metrics (==0.46b0)", "opentelemetry-instrumentation-threading (==0.46b0)", "opentelemetry-instrumentation-tornado (==0.46b0)", "opentelemetry-instrumentation-tortoiseorm (==0.46b0)", "opentelemetry-instrumentation-urllib (==0.46b0)", "opentelemetry-instrumentation-urllib3 (==0.46b0)", "opentelemetry-instrumentation-wsgi (==0.46b0)"]
 pure-eval = ["asttokens", "executing", "pure-eval"]
 pymongo = ["pymongo (>=3.1)"]
 pyspark = ["pyspark (>=2.4.4)"]
@@ -4407,7 +4407,7 @@ sanic = ["sanic (>=0.8)"]
 sqlalchemy = ["sqlalchemy (>=1.2)"]
 starlette = ["starlette (>=0.19.1)"]
 starlite = ["starlite (>=1.48)"]
-tornado = ["tornado (>=5)"]
+tornado = ["tornado (>=6)"]
 
 [[package]]
 name = "service-identity"
@@ -5013,4 +5013,4 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.12"
-content-hash = "94dbd37ea3b7d8a581f6d7af6679cc4cf5a0f02550f0a7806fbe49ffd8045fe4"
+content-hash = "81cedc8c9d7ededdebb6f8835a24295009fb36eced669f478033cf8a577966e6"
diff --git a/pyproject.toml b/pyproject.toml
index 39e03d98ab2..62b74316ad6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -53,7 +53,7 @@ requests = "2.31.0"
 urllib3 = "1.26.18" # still <2.0 because elasticseach2 lib doesn't supprort urllib3>=2.0
 oauthlib = "3.2.2"
 requests-oauthlib = "1.3.1"
-sentry-sdk = {version= "2.2.0", extras = ["django", "flask", "celery"]}
+sentry-sdk = {version= "2.8.0", extras = ["django", "flask", "celery"]}
 django-redis = "5.4.0"
 # API requirements
 Django = "4.2.13"