Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump requests from 2.25.1 to 2.31.0 in /scripts #173

Open
wants to merge 100 commits into
base: master
Choose a base branch
from
Open

Bump requests from 2.25.1 to 2.31.0 in /scripts #173

wants to merge 100 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 23, 2023
edited
Loading

Bumps requests from 2.25.1 to 2.31.0.

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot bot and others added 30 commits May 19, 2022 03:35
@dependabot
Bump nokogiri from 1.13.3 to 1.13.6 in /docs
7d1f069 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.3 to 1.13.6.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.3...v1.13.6)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@alexiacrumpton
Delete implementations directory
d928619 
Added bzar as a submodule
@alexiacrumpton
Create updates.md
006e043
@alexiacrumpton
Update index.md
7de7b1e
@alexiacrumpton
Rename updates.md to index.md
47e3fbb
@alexiacrumpton
Update and rename docs/resources/index.md to docs/resources/updates/i…
7ba4d38 
…ndex.md
@alexiacrumpton
Rename docs/Glossary.md to docs/resources/glossary/index.md
f8f54cf
@alexiacrumpton
Create index.md
1c02e6b
@alexiacrumpton
Update header.html
21a1861
@Ptylu
Update CAR-2016-04-002.yaml
257fc5c 
Update to merge CAR-2021-01-003.yaml in CAR-2016-04-002.yaml.
New attack and detection added
@Ptylu
Update CAR-2016-04-002.yaml
1d17ce0 
yaml typo corrected
@dependabot
Bump tzinfo from 1.2.5 to 1.2.10 in /docs
3457780 
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.5 to 1.2.10.
- [Release notes](https://github.com/tzinfo/tzinfo/releases)
- [Changelog](https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md)
- [Commits](tzinfo/tzinfo@v1.2.5...v1.2.10)

---
updated-dependencies:
- dependency-name: tzinfo
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@InfiniteInsight
Update file.md
b48c969 
fixing coverage map table formatting for autoruns and sysmon line breaks
@InfiniteInsight
Merge pull request #1 from InfiniteInsight/InfiniteInsight-file-md-fo…
0882ed9 
…rmat-fix-1

fixing coverage map table formatting for autoruns and sysmon line breaks
@InfiniteInsight
Create http.md
2f2c58a 
Initial commit of planned file that is missing from current production repo
@InfiniteInsight
Merge pull request #2 from InfiniteInsight/InfiniteInsight-docs-data_…
707eb02 
…model-http-md-creation-01

Create http.md
@InfiniteInsight
Beginning to format document based on car/data_model/ http.yml
0ae783c
@InfiniteInsight
adding headings and the coverage map table
04f7456
@InfiniteInsight
adjusting table format for coverage map
2049ec3
@InfiniteInsight
Merge pull request #3 from InfiniteInsight/http-md-writing
06f0d71 
Http md writing
@InfiniteInsight
fixing like breaks in the coverage map table
34959d9
@InfiniteInsight
Merge pull request #4 from InfiniteInsight/http-md-writing
a749871 
fixing like breaks in the coverage map table
@InfiniteInsight
Update process.md
0abab47 
Changing line 41 example from `FooCorp` to `True` since it is a boolean.
@InfiniteInsight
Merge pull request #5 from InfiniteInsight/InfiniteInsight-process.md…
c16920e 
…-fix-1

Update process.md
@dependabot
Bump pillow from 9.0.1 to 9.3.0 in /scripts
246813d 
Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.0.1 to 9.3.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.0.1...9.3.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@alexiacrumpton
Merge pull request #160 from InfiniteInsight/master
d2824f1 
Create missing car/docs/data_model/http.md file
@dependabot
Bump certifi from 2020.12.5 to 2022.12.7 in /scripts
54be062 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2020.12.5 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](certifi/python-certifi@2020.12.05...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@alexiacrumpton
Merge pull request #156 from mitre-attack/dependabot/bundler/docs/nok…
302b402 
…ogiri-1.13.6

Bump nokogiri from 1.13.3 to 1.13.6 in /docs
@alexiacrumpton
Merge pull request #157 from Ptylu/Ptylu-update-CAR-2016-04-002
e6a9a7f 
Ptylu update car 2016 04 002
@alexiacrumpton
Merge pull request #158 from mitre-attack/dependabot/bundler/docs/tzi…
3fa6f5b 
…nfo-1.2.10

Bump tzinfo from 1.2.5 to 1.2.10 in /docs
Amndeep7 and others added 26 commits February 23, 2023 23:42
@Amndeep7
changed whitespace again and simplified table structure
a51838f 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
trying with th again
ffac373 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
wrapped examples with code tags
6937482 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
fixed tables to actually show the sensors
6649d58 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
markdown links don't work in html table
5d01e40 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
update references to the glossary's location and also run the redirec…
e7ac755 
…ts script

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
made the key of the dict the filename instead of the path since i nev…
a951c30 
…er use that path anyways

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
generate index file from template
e4b4a89 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
generate index with sensors
0912ea8 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
formatting change to fix tables
01ff21d 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
use the more modern pathlib instead of path and glob
5b9c3a8 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@alexiacrumpton
Merge pull request #166 from Amndeep7/generate_improvements
01c9588 
Generate script improvements and runs
@alexiacrumpton
Merge pull request #167 from Amndeep7/generate_workflow
fbb3cfc 
Workflow to automatically regenerate /docs on every push to master and pr
@alexiacrumpton
Merge pull request #168 from Amndeep7/yaml
9a02481 
Yaml
@alexiacrumpton
Automated commit to rebuild the static site
5684c73 
Signed-off-by: Build and Push Automation Script <>
@Amndeep7
resolved conflicts
c8c2314 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
added generate_datamodels to the workflow
581658f 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
added coverage field to datamodel schema
2e5f456 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
reran generate analytics - just seem to hae changed the order for som…
7abef66 
…e of them

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
reran generate sensors - seems to put the data model coverage section…
292d191 
… in a different order than live

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
reran generate nav layer - seems to be a reordering
1ac88dc 
Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
handle case where data_model directory is removed entirely before reg…
d720756 
…enerating files

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
reran generate_datamodels - changes to file permissions to not be exe…
9f06a95 
…cutable

Signed-off-by: Amndeep Singh Mann <amann@mitre.org>
@Amndeep7
Automated commit to rebuild the static site
6a882ac 
Signed-off-by: Build and Push Automation Script <>
@alexiacrumpton
Merge pull request #170 from Amndeep7/generate_datamodel
50bae40 
Create generate_datamodels script
@dependabot
Bump requests from 2.25.1 to 2.31.0 in /scripts
cbc94bd 
Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 23, 2023
@dependabot
Automated commit to rebuild the static site
5f903fa 
Signed-off-by: Build and Push Automation Script <>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@wzy19830823 @alexiacrumpton @Ptylu @InfiniteInsight @Amndeep7