Bump vcrpy from 6.0.2 to 7.0.0

[dependabot]

Bumps vcrpy from 6.0.2 to 7.0.0.

Release notes

Sourced from vcrpy's releases.

v7.0.0

What's Changed

- Drop support for python 3.8 (major version bump) - thanks @jairhenrique
- Various linting and test fixes - thanks @jairhenrique
- Bugfix for urllib2>=2.3.0 - missing version_string ([#888](https://github.com/kevin1024/vcrpy/issues/888))
- Bugfix for asyncio.run - thanks @alekeik1

New Contributors

• @​exslim made their first contribution in kevin1024/vcrpy#889
• @​alekseik1 made their first contribution in kevin1024/vcrpy#886

Changelog

Sourced from vcrpy's changelog.

Changelog

For a full list of triaged issues, bugs and PRs and what release they are targeted for please see the following link.

ROADMAP MILESTONES <https://github.com/kevin1024/vcrpy/milestones>_

All help in providing PRs to close out bug issues is appreciated. Even if that is providing a repo that fully replicates issues. We have very generous contributors that have added these to bug issues which meant another contributor picked up the bug and closed it out.

• 7.0.0

  • Drop support for python 3.8 (major version bump) - thanks @​jairhenrique
  • Various linting and test fixes - thanks @​jairhenrique
  • Bugfix for urllib2>=2.3.0 - missing version_string (#888)
  • Bugfix for asyncio.run - thanks @​alekeik1

• 6.0.2

  • Ensure body is consumed only once (#846) - thanks @​sathieu
  • Permit urllib3 2.x for non-PyPy Python >=3.10
  • Fix typos in test commands - thanks @​chuckwondo
  • Several test and workflow improvements - thanks @​hartwork and @​graingert

• 6.0.1

  • Bugfix with to Tornado cassette generator (thanks @​graingert)

• 6.0.0

  • BREAKING: Fix issue with httpx support (thanks @​parkerhancock) in #784. NOTE: You may have to recreate some of your cassettes produced in previous releases due to the binary format being saved incorrectly in previous releases
  • BREAKING: Drop support for boto (vcrpy still supports boto3, but is dropping the deprecated boto support in this release. (thanks @​jairhenrique)
  • Fix compatibility issue with Python 3.12 (thanks @​hartwork)
  • Drop simplejson (fixes some compatibility issues) (thanks @​jairhenrique)
  • Run CI on Python 3.12 and PyPy 3.9-3.10 (thanks @​mgorny)
  • Various linting and docs improvements (thanks @​jairhenrique)
  • Tornado fixes (thanks @​graingert)

• 5.1.0

  • Use ruff for linting (instead of current flake8/isort/pyflakes) - thanks @​jairhenrique
  • Enable rule B (flake8-bugbear) on ruff - thanks @​jairhenrique
  • Configure read the docs V2 - thanks @​jairhenrique
  • Fix typo in docs - thanks @​quasimik
  • Make json.loads of Python >=3.6 decode bytes by itself - thanks @​hartwork
  • Fix body matcher for chunked requests (fixes #734) - thanks @​hartwork
  • Fix query param filter for aiohttp (fixes #517) - thanks @​hartwork and @​salomvary
  • Remove unnecessary dependency on six. - thanks @​charettes
  • build(deps): update sphinx requirement from <7 to <8 - thanks @​jairhenrique
  • Add action to validate docs - thanks @​jairhenrique
  • Add editorconfig file - thanks @​jairhenrique
  • Drop iscoroutinefunction fallback function for unsupported python thanks @​jairhenrique

• 5.0.0

  • BREAKING CHANGE: Drop support for Python 3.7. 3.7 is EOL as of 6/27/23 Thanks @​jairhenrique
  • BREAKING CHANGE: Custom Cassette persisters no longer catch ValueError. If you have implemented a custom persister (has anyone implemented a custom persister? Let us know!) then you will need to throw a CassetteNotFoundError when unable to find a cassette. See #681 for discussion and reason for this change. Thanks @​amosjyng for the PR and the review from @​hartwork

• 4.4.0

  • HUGE thanks to @​hartwork for all the work done on this release!
  • Bring vcr/unittest in to vcrpy as a full feature of vcr instead of a separate library. Big thanks to @​hartwork for doing this and to @​agriffis for originally creating the library
  • Make decompression robust towards already decompressed input (thanks @​hartwork)

... (truncated)

Commits

• 3278619 Release v7.0.0
• 3fb62e0 fix: correctly handle asyncio.run when loop exists
• 8197865 build(deps): update sphinx requirement from <8 to <9
• be651bd pre-commit: Autoupdate
• a6698ed Fix aiohttp tests
• 48d0a2e Fixed missing version_string attribute when used with urllib3>=2.3.0
• 5b858b1 Fix lint
• c8d99a9 Fix ruff configuration
• ce27c63 Merge pull request #736 from kevin1024/drop-python38
• ab8944d Drop python 3.8 support
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The code change updates the vcrpy library to version 7.0.0 in the requirements.txt file, potentially improving security and functionality while necessitating thorough testing to ensure application stability.

Expand for full summary

Summary:

The provided code change updates the version of the vcrpy library from 6.0.2 to 7.0.0 in the requirements.txt file, which is used to specify the dependencies for the DefectDojo application. From an application security perspective, this update is noteworthy as it may include security fixes or improvements that address known vulnerabilities in the previous version. Additionally, major version updates can introduce breaking changes that may affect the application's functionality, so it's important to thoroughly test the application after the update to ensure no regressions or unexpected behavior occur. Keeping dependencies up-to-date is a crucial practice for maintaining the application's security and stability, as it helps ensure the application is running on the latest versions with the latest security patches and bug fixes.

Files Changed:

• requirements.txt: The requirements.txt file has been updated to specify the vcrpy library version 7.0.0, which is an upgrade from the previous version 6.0.2. This update may include security fixes or improvements, but it's essential to thoroughly test the application to ensure no regressions or unexpected behavior are introduced due to potential breaking changes.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

[mtesauro]

Approved