Skip to content

Bump the pip group across 6 directories with 6 updates#2019

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/mpcontribs-api/requirements/pip-7fc90c80cb
Closed

Bump the pip group across 6 directories with 6 updates#2019
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/mpcontribs-api/requirements/pip-7fc90c80cb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps the pip group with 5 updates in the /mpcontribs-api/requirements directory:

Package From To
flask 2.2.5 3.1.3
orjson 3.11.5 3.11.6
pyopenssl 25.3.0 26.0.0
tornado 6.5.4 6.5.5
werkzeug 3.1.5 3.1.6

Bumps the pip group with 2 updates in the /mpcontribs-client/requirements directory: orjson and ujson.
Bumps the pip group with 3 updates in the /mpcontribs-kernel-gateway/requirements directory: orjson, tornado and ujson.
Bumps the pip group with 1 update in the /mpcontribs-lux/requirements directory: orjson.
Bumps the pip group with 3 updates in the /mpcontribs-portal/requirements directory: orjson, tornado and ujson.
Bumps the pip group with 1 update in the /mpcontribs-serverless/dependencies directory: ujson.

Updates flask from 2.2.5 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726

3.1.2

This is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.2/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-2 Milestone: https://github.com/pallets/flask/milestone/38?closed=1

  • stream_with_context does not fail inside async views. #5774
  • When using follow_redirects in the test client, the final state of session is correct. #5786
  • Relax type hint for passing bytes IO to send_file. #5776

3.1.1

This is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.1/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone https://github.com/pallets/flask/milestone/36?closed=1

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. GHSA-4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. #5645
  • flask --help loads the app and plugins first to make sure all commands are shown. #5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. #5659

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

  • Drop support for Python 3.8. #5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
  • Provide a configuration option to control automatic option responses. #5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636

3.0.3

... (truncated)

Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726

Version 3.1.2

Released 2025-08-19

  • stream_with_context does not fail inside async views. :issue:5774
  • When using follow_redirects in the test client, the final state of session is correct. :issue:5786
  • Relax type hint for passing bytes IO to send_file. :issue:5776

Version 3.1.1

Released 2025-05-13

  • Fix signing key selection order when key rotation is enabled via SECRET_KEY_FALLBACKS. :ghsa:4grg-w6v8-c28g
  • Fix type hint for cli_runner.invoke. :issue:5645
  • flask --help loads the app and plugins first to make sure all commands are shown. :issue:5673
  • Mark sans-io base class as being able to handle views that return AsyncIterable. This is not accurate for Flask, but makes typing easier for Quart. :pr:5659

Version 3.1.0

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option responses. :pr:5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added

... (truncated)

Commits
  • 22d9247 release version 3.1.3
  • 089cb86 Merge commit from fork
  • c17f379 request context tracks session access
  • 27be933 start version 3.1.3
  • 4e652d3 Abort if the instance folder cannot be created (#5903)
  • 3d03098 Abort if the instance folder cannot be created
  • 407eb76 document using gevent for async (#5900)
  • ac5664d document using gevent for async
  • 4f79d5b Increase required flit_core version to 3.11 (#5865)
  • fe3b215 Increase required flit_core version to 3.11
  • Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates pyopenssl from 25.3.0 to 26.0.0

Changelog

Sourced from pyopenssl's changelog.

26.0.0 (2026-03-15)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Dropped support for Python 3.7.
  • The minimum cryptography version is now 46.0.0.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Added support for using aws-lc instead of OpenSSL.
  • Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
  • Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated.
  • Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448
Commits
  • 358cbf2 Prepare for 26.0.0 release (#1487)
  • a8d28e7 Bump actions/cache from 4 to 5 (#1486)
  • 6fefff0 Add aws-lc compatibility to tests and CI (#1476)
  • a739f96 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#1485)
  • 8b4c66b Bump actions/upload-artifact in /.github/actions/upload-coverage (#1484)
  • 02a5c78 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#1483)
  • d973387 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#1482)
  • 57f09bb Fix buffer overflow in DTLS cookie generation callback (#1479)
  • d41a814 Handle exceptions in set_tlsext_servername_callback callbacks (#1478)
  • 7b29beb Fix not using a cryptography wheel on uv (#1475)
  • Additional commits viewable in compare view

Updates tornado from 6.5.4 to 6.5.5

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1

... (truncated)

Commits
  • 7d64650 Merge pull request #3586 from bdarnell/update-cibw
  • d05d59b build: Bump cibuildwheel to 3.4.0
  • c2f4673 Merge pull request #3585 from bdarnell/release-655
  • e5f1aa4 Release notes and version bump for v6.5.5
  • 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
  • 24a2d96 web: Validate characters in all cookie attributes.
  • 119a195 httputil: Add limits on multipart form data parsing
  • See full diff in compare view

Updates werkzeug from 3.1.5 to 3.1.6

Release notes

Sourced from werkzeug's releases.

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

  • safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x
Changelog

Sourced from werkzeug's changelog.

Version 3.1.6

Released 2026-02-19

  • safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x
Commits

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates ujson from 5.11.0 to 5.12.0

Release notes

Sourced from ujson's releases.

5.12.0

Added

Changed

Fixed

Commits
  • 4baeb95 Fix memory leak parsing large integers
  • 486bd45 Fix buffer overflow/infinite loop from indent handling
  • a465ed7 Add leak detection to tests
  • 32ebf66 Remove upper bound of setuptools for PyPy (#704)
  • 6bf41bd Remove upper bound of setuptools for PyPy
  • 4a4fd73 chore(deps): update github-actions
  • d708b05 Add security policy (#699)
  • 3d66f4d Add security policy
  • 8f23cce [pre-commit.ci] pre-commit autoupdate (#698)
  • 2696fc3 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates tornado from 6.5.4 to 6.5.5

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1

... (truncated)

Commits
  • 7d64650 Merge pull request #3586 from bdarnell/update-cibw
  • d05d59b build: Bump cibuildwheel to 3.4.0
  • c2f4673 Merge pull request #3585 from bdarnell/release-655
  • e5f1aa4 Release notes and version bump for v6.5.5
  • 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
  • 24a2d96 web: Validate characters in all cookie attributes.
  • 119a195 httputil: Add limits on multipart form data parsing
  • See full diff in compare view

Updates ujson from 5.11.0 to 5.12.0

Release notes

Sourced from ujson's releases.

5.12.0

Added

Changed

Fixed

Commits
  • 4baeb95 Fix memory leak parsing large integers
  • 486bd45 Fix buffer overflow/infinite loop from indent handling
  • a465ed7 Add leak detection to tests
  • 32ebf66 Remove upper bound of setuptools for PyPy (#704)
  • 6bf41bd Remove upper bound of setuptools for PyPy
  • 4a4fd73 chore(deps): update github-actions
  • d708b05 Add security policy (#699)
  • 3d66f4d Add security policy
  • 8f23cce [pre-commit.ci] pre-commit autoupdate (#698)
  • 2696fc3 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates orjson from 3.11.5 to 3.11.6

Release notes

Sourced from orjson's releases.

3.11.6

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Changelog

Sourced from orjson's changelog.

3.11.6 - 2026-01-29

Changed

  • orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
  • Drop support for Python 3.9.
  • ABI compatibility with CPython 3.15 alpha 5.
  • Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

  • Fix sporadic crash serializing deeply nested list of dict.
Commits

Updates tornado from 6.5.4 to 6.5.5

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1

... (truncated)

Commits
  • 7d64650 Merge pull request #3586 from bdarnell/update-cibw
  • d05d59b build: Bump cibuildwheel to 3.4.0
  • c2f4673 Merge pull request #3585 from bdarnell/release-655
  • e5f1aa4 Release notes and version bump for v6.5.5
  • 78a046f httputil: Add CRLF to _FORBIDDEN_HEADER_CHARS_RE
  • 24a2d96 web: Validate characters in all cookie attributes.
  • 119a195 httputil: Add limits on multipart form data parsing
  • See full diff in compare view

Updates ujson from 5.11.0 to 5.12.0

Release notes

Sourced from ujson's releases.

5.12.0

Added

Changed

Fixed

Commits
  • 4baeb95 Fix memory leak parsing large integers
  • 486bd45 Fix buffer overflow/infinite loop from indent handling
  • a465ed7 Add leak detection to tests
  • 32ebf66 Remove upper bound of setuptools for PyPy (#704)
  • 6bf41bd Remove upper bound of setuptools for PyPy
  • 4a4fd73 chore(deps): update github-actions
  • d708b05 Add security policy (#699)
  • 3d66f4d Add security policy
  • 8f23cce [pre-commit.ci] pre-commit autoupdate (#698)
  • 2696fc3 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Updates ujson from 5.5.0 to 5.12.0

Release notes

Sourced from ujson's releases.

5.12.0

Added

Changed

Fixed

Commits
  • 4baeb95 Fix memory leak parsing large integers
  • 486bd45 Fix buffer overflow/infinite loop from indent handling
  • a465ed7 Add leak detection to tests
  • 32ebf66 Remove upper bound of setuptools for PyPy (#704)
  • 6bf41bd Remove upper bound of setuptools for PyPy
  • 4a4fd73 chore(deps): update github-actions
  • d708b05 Add security policy (#699)
  • 3d66f4d Add security policy
  • 8f23cce [pre-commit.ci] pre-commit autoupdate (#698)
  • 2696fc3 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 6 directories with 6 updates
891cd84 
Bumps the pip group with 5 updates in the /mpcontribs-api/requirements directory:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |
| [orjson](https://github.com/ijl/orjson) | `3.11.5` | `3.11.6` |
| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.3.0` | `26.0.0` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.5` | `3.1.6` |

Bumps the pip group with 2 updates in the /mpcontribs-client/requirements directory: [orjson](https://github.com/ijl/orjson) and [ujson](https://github.com/ultrajson/ultrajson).
Bumps the pip group with 3 updates in the /mpcontribs-kernel-gateway/requirements directory: [orjson](https://github.com/ijl/orjson), [tornado](https://github.com/tornadoweb/tornado) and [ujson](https://github.com/ultrajson/ultrajson).
Bumps the pip group with 1 update in the /mpcontribs-lux/requirements directory: [orjson](https://github.com/ijl/orjson).
Bumps the pip group with 3 updates in the /mpcontribs-portal/requirements directory: [orjson](https://github.com/ijl/orjson), [tornado](https://github.com/tornadoweb/tornado) and [ujson](https://github.com/ultrajson/ultrajson).
Bumps the pip group with 1 update in the /mpcontribs-serverless/dependencies directory: [ujson](https://github.com/ultrajson/ultrajson).


Updates `flask` from 2.2.5 to 3.1.3
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.2.5...3.1.3)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `pyopenssl` from 25.3.0 to 26.0.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@25.3.0...26.0.0)

Updates `tornado` from 6.5.4 to 6.5.5
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.4...v6.5.5)

Updates `werkzeug` from 3.1.5 to 3.1.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.5...3.1.6)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `ujson` from 5.11.0 to 5.12.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.11.0...5.12.0)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `tornado` from 6.5.4 to 6.5.5
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.4...v6.5.5)

Updates `ujson` from 5.11.0 to 5.12.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.11.0...5.12.0)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `orjson` from 3.11.5 to 3.11.6
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.5...3.11.6)

Updates `tornado` from 6.5.4 to 6.5.5
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.4...v6.5.5)

Updates `ujson` from 5.11.0 to 5.12.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.11.0...5.12.0)

Updates `ujson` from 5.5.0 to 5.12.0
- [Release notes](https://github.com/ultrajson/ultrajson/releases)
- [Commits](ultrajson/ultrajson@5.11.0...5.12.0)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyopenssl
  dependency-version: 26.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-version: 6.5.5
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-version: 3.1.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ujson
  dependency-version: 5.12.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-version: 6.5.5
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ujson
  dependency-version: 5.12.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-version: 6.5.5
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ujson
  dependency-version: 5.12.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ujson
  dependency-version: 5.12.0
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 18, 2026
@dependabot dependabot bot mentioned this pull request Mar 18, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 19, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@esoteric-ephemera esoteric-ephemera deleted the dependabot/pip/mpcontribs-api/requirements/pip-7fc90c80cb branch March 19, 2026 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@esoteric-ephemera