From 3e223f04cdaf6e6bd0982645b22a8cdec70c1243 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 14:06:02 +0200
Subject: [PATCH] Bump requests from 2.25.1 to 2.31.0 (#395)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Bump requests from 2.25.1 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.25.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixed vulnerability analysis (excluded new/different vulns)

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>

* disabled another vuln

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>

* adjust the right pipeline

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>

* fixed proper pipeline

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jürgen Eckel <juergen@riddleandcode.com>
---
 .github/workflows/CI.yml    |  2 +-
 .github/workflows/audit.yml |  2 +-
 poetry.lock                 | 22 +++++++++++-----------
 pyproject.toml              |  2 +-
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index a3a8164..1321b31 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -56,7 +56,7 @@ jobs:
         run: poetry run pip freeze > requirements.txt
 
       - name: Audit dependencies
-        run: poetry run pip-audit --ignore-vuln PYSEC-2022-42969 --ignore-vuln PYSEC-2022-203 --ignore-vuln GHSA-r9hx-vwmv-q579
+        run: poetry run pip-audit --ignore-vuln PYSEC-2022-203  --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57  --ignore-vuln GHSA-m2qf-hxjv-5gpq --ignore-vuln PYSEC-2022-4301 --ignore-vuln PYSEC-2022-43012 
 
   test:
     needs: lint
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index b09f49c..3e0e924 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -34,4 +34,4 @@ jobs:
         run: poetry run pip freeze > requirements.txt
 
       - name: Audit dependencies
-        run: poetry run pip-audit --ignore-vuln PYSEC-2022-42969 --ignore-vuln PYSEC-2022-203 --ignore-vuln GHSA-r9hx-vwmv-q579
+        run: poetry run pip-audit --ignore-vuln PYSEC-2022-203  --ignore-vuln PYSEC-2023-58 --ignore-vuln PYSEC-2023-57  --ignore-vuln GHSA-m2qf-hxjv-5gpq --ignore-vuln PYSEC-2022-4301
diff --git a/poetry.lock b/poetry.lock
index 17b8630..b7c1ad1 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry and should not be changed by hand.
 
 [[package]]
 name = "aafigure"
@@ -2631,25 +2631,25 @@ md = ["cmarkgfm (>=0.8.0)"]
 
 [[package]]
 name = "requests"
-version = "2.25.1"
+version = "2.31.0"
 description = "Python HTTP for Humans."
 category = "main"
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+python-versions = ">=3.7"
 files = [
-    {file = "requests-2.25.1-py2.py3-none-any.whl", hash = "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e"},
-    {file = "requests-2.25.1.tar.gz", hash = "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804"},
+    {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"},
+    {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"},
 ]
 
 [package.dependencies]
 certifi = ">=2017.4.17"
-chardet = ">=3.0.2,<5"
-idna = ">=2.5,<3"
-urllib3 = ">=1.21.1,<1.27"
+charset-normalizer = ">=2,<4"
+idna = ">=2.5,<4"
+urllib3 = ">=1.21.1,<3"
 
 [package.extras]
-security = ["cryptography (>=1.3.4)", "pyOpenSSL (>=0.14)"]
-socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
+socks = ["PySocks (>=1.5.6,!=1.5.7)"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
 
 [[package]]
 name = "requests-toolbelt"
@@ -3395,4 +3395,4 @@ testing = ["func-timeout", "jaraco.itertools", "pytest (>=6)", "pytest-black (>=
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "fd2d68ab80c881889e69ef05f682ba0659d183f95bd135ebb1e4939cd8ca7b3d"
+content-hash = "7bbc4f46a465a2586505b3cf89d87ff3106d81824aef18670b154d71721b53a4"
diff --git a/pyproject.toml b/pyproject.toml
index 8333268..619f1bb 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -37,7 +37,7 @@ pymongo = "3.11.4"
 tarantool = ">=0.12.1"
 python-rapidjson = ">=1.0"
 pyyaml = "6.0.0"
-requests = "2.25.1"
+requests = "2.31.0"
 setproctitle = "1.2.2"
 werkzeug = "2.0.3"
 nest-asyncio = "1.5.5"