Bump the production-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the production-dependencies group with 4 updates in the / directory: marshmallow-dataclass, aiohttp, pycryptodome and ledgerwallet.

Updates marshmallow-dataclass from 8.7.0 to 8.7.1

Changelog

Sourced from marshmallow-dataclass's changelog.

v8.7.1 (2024-09-12)

• Relax dependency pins for typeguard and typing-inspect. (#273, #272)

#272: lovasoa/marshmallow_dataclass#272 #273: lovasoa/marshmallow_dataclass#273

Commits

• 9812e50 v8.7.1
• f9a65df Loosen dependency versions (#273)
• 4edbfb4 chore: update workflow actions to latest versions (#271)
• See full diff in compare view

Updates aiohttp from 3.10.5 to 3.10.10

Release notes

Sourced from aiohttp's releases.

3.10.10

Bug fixes

• Fixed error messages from :py:class:~aiohttp.resolver.AsyncResolver being swallowed -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9451, #9455.

Features

• Added :exc:aiohttp.ClientConnectorDNSError for differentiating DNS resolution errors from other connector errors -- by :user:mstojcevich.

  Related issues and pull requests on GitHub: #8455.

Miscellaneous internal changes

• Simplified DNS resolution throttling code to reduce chance of race conditions -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9454.

---

3.10.9

Bug fixes

• Fixed proxy headers being used in the ConnectionKey hash when a proxy was not being used -- by :user:bdraco.

  If default headers are used, they are also used for proxy headers. This could have led to creating connections that were not needed when one was already available.

  Related issues and pull requests on GitHub: #9368.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.10 (2024-10-10)

Bug fixes

• Fixed error messages from :py:class:~aiohttp.resolver.AsyncResolver being swallowed -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9451, :issue:9455.

Features

• Added :exc:aiohttp.ClientConnectorDNSError for differentiating DNS resolution errors from other connector errors -- by :user:mstojcevich.

  Related issues and pull requests on GitHub: :issue:8455.

Miscellaneous internal changes

• Simplified DNS resolution throttling code to reduce chance of race conditions -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9454.

---

3.10.9 (2024-10-04)

Bug fixes

• Fixed proxy headers being used in the ConnectionKey hash when a proxy was not being used -- by :user:bdraco.

... (truncated)

Commits

• 47475c5 Release 3.10.10 (#9462)
• 8b424c8 [PR #8456/b09d7cc backport][3.10] Add ClientConnectorDNSError for differentia...
• cdf3dca [PR #9454/b20908e backport][3.10] Simplify DNS throttle implementation (#9457)
• ee87a04 [PR #9455/dfaafac0 backport][3.10] Fix AsyncResolver query fallback swallowin...
• ba9b33e [PR #9451/216e082 backport][3.10] Fix AsyncResolver swallowing the error mess...
• bc9e5d6 [PR #9448/93e87c2e backport][3.10] Improve performance of fetching the conten...
• 3ea557a Increment version to 3.10.10.dev0
• b779432 Release 3.10.9 (#9415)
• 08ada3e [PR #9405/b96b01b backport][3.10] Only create the connection closed exception...
• 978ed74 [PR #9406/24b0e6f backport][3.10] Add slots to timer helpers (#9411)
• Additional commits viewable in compare view

Updates pycryptodome from 3.20.0 to 3.21.0

Release notes

Sourced from pycryptodome's releases.

v3.21.0 - Bourdeaux

New features

• By setting the PYCRYPTODOME_DISABLE_GMP environment variable, the GMP library will not be used even if detected.
• Add support for Curve25519 / X25519.
• Add support for Curve448 / X448.
• Add attribute curve to EccPoint and EccXPoint classes, with the canonical name of the curve.
• GH#781: the label for the SP800_108_Counter KDF may now contain zero bytes. Thanks to Julien Rische.
• GH#814: RSA keys for PSS can be imported.

Resolved issues

• GH#810: fixed negation of Ed25519 points.
• GH#819: accept an RFC5916 ECPrivateKey even if it doesn't contain any of the optional elements (parameters [0] and publicKey[1]).

Other changes

• Remove support for Python 3.5.

Changelog

Sourced from pycryptodome's changelog.

3.21.0 (30 September 2024) ++++++++++++++++++++++++++

New features

• By setting the PYCRYPTODOME_DISABLE_GMP environment variable, the GMP library will not be used even if detected.
• Add support for Curve25519 / X25519.
• Add support for Curve448 / X448.
• Add attribute curve to EccPoint and EccXPoint classes, with the canonical name of the curve.
• GH#781: the label for the SP800_108_Counter KDF may now contain zero bytes. Thanks to Julien Rische.
• GH#814: RSA keys for PSS can be imported.

Resolved issues

• GH#810: fixed negation of Ed25519 points.
• GH#819: accept an RFC5916 ECPrivateKey even if it doesn't contain any of the optional elements (parameters [0] and publicKey[1]).

Other changes

• Remove support for Python 3.5.

Commits

• 5e40a18 Bump version
• cd4cb45 Fix docs and changelog
• d499d27 Decrypt PKCS#8 key even if the password is empty
• 0c86527 Build wheel on Windows 2019
• fdd7892 Bump required version of pycryptodome-test-vectors
• 5040405 Build wheel for Python 3.13
• 19494e0 Bump version for test vectors package
• 66420a7 Fix tests for x448/x25519
• 05bcdff Add tag for Python 3.13
• 2ddda6a Fixed typo in documentation
• Additional commits viewable in compare view

Updates ledgerwallet from 0.5.0 to 0.5.1

Changelog

Sourced from ledgerwallet's changelog.

[0.5.1] - 2024-08-23

Fixed

• For Nano S+ and X, generate NBGL compliant buffer (uncompressed) for app icon (from api_level > 5)

Commits

• e14223b Merge pull request #78 from LedgerHQ/y333/support_nbgl_icon_for_nano
• 6b47bb4 Fix unit tests
• ea67ecc Use api_level to switch between BAGL or NBGL compliant buffers for Nano S+/X
• 4e40be7 Update CHANGELOG
• 1fddb3b Icon shall be transformed into NBGL uncompressed buffer for Nano S+ and X
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #1523.