Skip to content

build(deps): bump tornado from 6.5.2 to 6.5.7#1

Open
dependabot[bot] wants to merge 4 commits into
parity-deployfrom
dependabot/pip/tornado-6.5.7
Open

build(deps): bump tornado from 6.5.2 to 6.5.7#1
dependabot[bot] wants to merge 4 commits into
parity-deployfrom
dependabot/pip/tornado-6.5.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps tornado from 6.5.2 to 6.5.7.

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.5.7 releases/v6.5.6 releases/v6.5.5 releases/v6.5.4 releases/v6.5.3 releases/v6.5.2 releases/v6.5.1 releases/v6.5.0 releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1

... (truncated)

Commits
  • 48fc2d4 Merge pull request #3633 from bdarnell/curl-reset-65
  • 4ae1ddd Release notes and version bump for 6.5.7
  • 3154caa curl_httpclient: Reset the curl object before putting it on the freelist
  • 7d869c0 Merge pull request #3631 from bdarnell/cve-links
  • 288241f docs: Use the correct link syntax
  • 8da981c docs: Add CVE links to 6.5.6 release notes
  • aba2569 Merge pull request #3626 from bdarnell/fixes-656
  • a24b260 httpclient_test: Accept an additional error message variant
  • a74240a Release notes and version bump for 6.5.6.
  • e8fc7ed simple_httpclient: Strip auth headers on cross-origin redirects
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 30, 2026
@socket-security

socket-security Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​tornado@​6.5.2 ⏵ 6.5.772 +1100 +40100100100

View full report

ReinhardHatko and others added 4 commits June 30, 2026 14:36
Deploy config + fork-specific changes for the docs.polkadot.com deployment:
- deploy-pages.yml (GitHub Actions Pages build/deploy; custom domain opt-in via
  the CUSTOM_DOMAIN repo variable, triggers on master + parity-deploy); remove
  the old gh-deploy deploy-docs.yml
- scripts/gen_redirects.py (client-side redirect stubs)
- install papermoon-mkdocs-plugins from the paritytech fork
- self-hosted fonts, vendored Vale styleguide, dropped unused config + dead
  analytics code/CSS
- site policy pages (Terms of Use, AI Chatbot Policy)

The general (non-deploy) changes here are also proposed upstream (PR polkadot-developers#1722);
once that lands they arrive via sync and the duplicates here can be trimmed.
Daily (and on-demand) sync of upstream polkadot-developers/polkadot-docs into
the deployment branch via a PR, so upstream content reaches the deployed site
while conflicts with the deploy-specific changes get reviewed. The human merge
into parity-deploy is what triggers a deploy.
Make deploy-pages.yml reusable (workflow_call) and have the upstream sync
deploy automatically on a clean merge instead of always opening a PR. Clean
syncs now publish hands-free; a PR is opened only when upstream conflicts with
the deploy-specific changes. (A GITHUB_TOKEN push does not trigger workflows,
so the sync calls the reusable deploy directly.)
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.2 to 6.5.7.
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.2...v6.5.7)

---
updated-dependencies:
- dependency-name: tornado
  dependency-version: 6.5.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the base branch from master to parity-deploy June 30, 2026 13:48
@dependabot dependabot Bot force-pushed the dependabot/pip/tornado-6.5.7 branch from e33c60c to 557f9bd Compare June 30, 2026 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant