Bump vcrpy from 6.0.2 to 7.0.0

[dependabot]

Bumps vcrpy from 6.0.2 to 7.0.0.

Release notes

Sourced from vcrpy's releases.

v7.0.0

What's Changed

- Drop support for python 3.8 (major version bump) - thanks @jairhenrique
- Various linting and test fixes - thanks @jairhenrique
- Bugfix for urllib2>=2.3.0 - missing version_string ([#888](https://github.com/kevin1024/vcrpy/issues/888))
- Bugfix for asyncio.run - thanks @alekeik1

New Contributors

• @​exslim made their first contribution in kevin1024/vcrpy#889
• @​alekseik1 made their first contribution in kevin1024/vcrpy#886

Changelog

Sourced from vcrpy's changelog.

Changelog

For a full list of triaged issues, bugs and PRs and what release they are targeted for please see the following link.

ROADMAP MILESTONES <https://github.com/kevin1024/vcrpy/milestones>_

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

• 7.0.0

  • Drop support for python 3.8 (major version bump) - thanks @​jairhenrique
  • Various linting and test fixes - thanks @​jairhenrique
  • Bugfix for urllib2>=2.3.0 - missing version_string (#888)
  • Bugfix for asyncio.run - thanks @​alekeik1

• 6.0.2

  • Ensure body is consumed only once (#846) - thanks @​sathieu
  • Permit urllib3 2.x for non-PyPy Python >=3.10
  • Fix typos in test commands - thanks @​chuckwondo
  • Several test and workflow improvements - thanks @​hartwork and @​graingert

• 6.0.1

  • Bugfix with to Tornado cassette generator (thanks @​graingert)

• 6.0.0

  • BREAKING: Fix issue with httpx support (thanks @​parkerhancock) in #784. NOTE: You may have to recreate some of your cassettes produced in previous releases due to the binary format being saved incorrectly in previous releases
  • BREAKING: Drop support for boto (vcrpy still supports boto3, but is dropping the deprecated boto support in this release. (thanks @​jairhenrique)
  • Fix compatibility issue with Python 3.12 (thanks @​hartwork)
  • Drop simplejson (fixes some compatibility issues) (thanks @​jairhenrique)
  • Run CI on Python 3.12 and PyPy 3.9-3.10 (thanks @​mgorny)
  • Various linting and docs improvements (thanks @​jairhenrique)
  • Tornado fixes (thanks @​graingert)

• 5.1.0

  • Use ruff for linting (instead of current flake8/isort/pyflakes) - thanks @​jairhenrique
  • Enable rule B (flake8-bugbear) on ruff - thanks @​jairhenrique
  • Configure read the docs V2 - thanks @​jairhenrique
  • Fix typo in docs - thanks @​quasimik
  • Make json.loads of Python >=3.6 decode bytes by itself - thanks @​hartwork
  • Fix body matcher for chunked requests (fixes #734) - thanks @​hartwork
  • Fix query param filter for aiohttp (fixes #517) - thanks @​hartwork and @​salomvary
  • Remove unnecessary dependency on six. - thanks @​charettes
  • build(deps): update sphinx requirement from <7 to <8 - thanks @​jairhenrique
  • Add action to validate docs - thanks @​jairhenrique
  • Add editorconfig file - thanks @​jairhenrique
  • Drop iscoroutinefunction fallback function for unsupported python thanks @​jairhenrique

• 5.0.0

  • BREAKING CHANGE: Drop support for Python 3.7. 3.7 is EOL as of 6/27/23 Thanks @​jairhenrique
  • BREAKING CHANGE: Custom Cassette persisters no longer catch ValueError. If you have implemented a custom persister (has anyone implemented a custom persister? Let us know!) then you will need to throw a CassetteNotFoundError when unable to find a cassette. See #681 for discussion and reason for this change. Thanks @​amosjyng for the PR and the review from @​hartwork

• 4.4.0

  • HUGE thanks to @​hartwork for all the work done on this release!
  • Bring vcr/unittest in to vcrpy as a full feature of vcr instead of a separate library. Big thanks to @​hartwork for doing this and to @​agriffis for originally creating the library
  • Make decompression robust towards already decompressed input (thanks @​hartwork)

... (truncated)

Commits

• 3278619 Release v7.0.0
• 3fb62e0 fix: correctly handle asyncio.run when loop exists
• 8197865 build(deps): update sphinx requirement from <8 to <9
• be651bd pre-commit: Autoupdate
• a6698ed Fix aiohttp tests
• 48d0a2e Fixed missing version_string attribute when used with urllib3>=2.3.0
• 5b858b1 Fix lint
• c8d99a9 Fix ruff configuration
• ce27c63 Merge pull request #736 from kevin1024/drop-python38
• ab8944d Drop python 3.8 support
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the vcrpy library from version 6.0.2 to 7.0.0 in the requirements.txt file, which is likely to include bug fixes and security improvements, and highlights the importance of regularly reviewing and updating dependencies.

Expand for full summary

Summary:

The changes made in this pull request primarily involve updating the vcrpy library from version 6.0.2 to 7.0.0 in the requirements.txt file. This library is used for recording and replaying HTTP interactions, which can be useful for testing and debugging purposes. From an application security perspective, this update is generally a positive change, as it likely includes bug fixes and security improvements. The file also contains a large number of other dependencies, including libraries for various Django-related functionalities, such as logging, database management, and authentication, which are common in Django-based applications and do not appear to raise any immediate security concerns.

However, it's important to regularly review the dependency list and ensure that all libraries are up-to-date and do not have any known security vulnerabilities. This can be done by using tools like pip-audit or snyk to scan the dependencies and identify any potential issues. Additionally, it's a good practice to have a process in place to monitor and update dependencies as new versions are released, especially for security-critical libraries.

Files Changed:

• requirements.txt: The primary change in this file is the update of the vcrpy library from version 6.0.2 to 7.0.0. This library is used for recording and replaying HTTP interactions, which can be useful for testing and debugging purposes. The file also contains a large number of other dependencies, including libraries for various Django-related functionalities, such as logging, database management, and authentication.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[mtesauro]

@dependabot rebase