Skip to content

chore(deps): bump nc-py-api from 0.24.2 to 0.30.2#251

Merged
edward-ly merged 1 commit into
mainfrom
dependabot/pip/nc-py-api-0.30.2
Jun 7, 2026
Merged

chore(deps): bump nc-py-api from 0.24.2 to 0.30.2#251
edward-ly merged 1 commit into
mainfrom
dependabot/pip/nc-py-api-0.30.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps nc-py-api from 0.24.2 to 0.30.2.

Release notes

Sourced from nc-py-api's releases.

v0.30.2

Changed

  • download_directory_as_zip: the order of entries inside the returned archive is no longer guaranteed; it now depends on the Nextcloud server's database backend, after Nextcloud server #60225 removed the implicit ORDER BY name ASC. #429

Security

  • Pinned starlette>=1.0.1 to address BadHost (CVE-2026-48710): a crafted Host header could desync request.url.path from the routed path in Starlette ≤ 1.0.0, bypassing path-based authorization. FastAPI does not constrain Starlette's upper bound, so an explicit floor is required to guarantee the fix. The fastapi floor was also raised to >=0.133 (the first release compatible with Starlette 1.0+).

v0.30.1

Added

  • Share.token property to expose the share token (e.g. for passing to external applications that access Nextcloud shares via WebDAV). #427 Thanks to @​meck-gd

v0.30.0

No release notes provided.

Changelog

Sourced from nc-py-api's changelog.

[0.30.2 - 2026-06-02]

Changed

  • download_directory_as_zip: the order of entries inside the returned archive is no longer guaranteed; it now depends on the Nextcloud server's database backend, after Nextcloud server #60225 removed the implicit ORDER BY name ASC. #429

Security

  • Pinned starlette>=1.0.1 to address BadHost (CVE-2026-48710): a crafted Host header could desync request.url.path from the routed path in Starlette ≤ 1.0.0, bypassing path-based authorization. FastAPI does not constrain Starlette's upper bound, so an explicit floor is required to guarantee the fix. The fastapi floor was also raised to >=0.133 (the first release compatible with Starlette 1.0+).

[0.30.1 - 2026-04-26]

Added

  • Share.token property to expose the share token (e.g. for passing to external applications that access Nextcloud shares via WebDAV). #427 Thanks to @​meck-gd

[0.30.0 - 2026-03-29]

Added

  • Teams (Circles) async API on AsyncNextcloud/AsyncNextcloudApp: full CRUD, member management, and join/leave flows. #403
  • FsNodeInfo.download_url and FsNodeInfo.download_url_expiration properties exposing S3 presigned download URLs (when the storage backend is S3 with use_presigned_url enabled). #419

Changed

  • Sync API for Activity, Notes, UserStatus, and WeatherStatus removed; use the async counterparts on AsyncNextcloud/AsyncNextcloudApp. #405
  • All remaining sync entry points (Nextcloud, NextcloudApp, TalkBot, nc_app, talk_bot_msg, sync enabled_handler/trigger_handler in set_handlers) now emit DeprecationWarning; they will be removed in v0.31.0. #422
  • README and examples/as_client/ scripts converted to AsyncNextcloud/AsyncNextcloudApp. #422
  • caldav dependency upgraded to >=3.1,<4. #416
Commits
  • 9058723 v0.30.2 [publish]
  • d2acdc7 fix(deps): pin starlette>=1.0.1 to fix BadHost (CVE-2026-48710) (#438)
  • 0b35fe0 [pre-commit.ci] pre-commit autoupdate (#437)
  • 5dfe496 chore(deps): update anthropics/claude-code-action digest to 787c5a0 (#431)
  • e655287 ci: keep Notes app compatible across the stable31/32/33 matrix (#436)
  • 9d15e79 [pre-commit.ci] pre-commit autoupdate (#434)
  • 36b42d8 [pre-commit.ci] pre-commit autoupdate (#430)
  • 69e0406 [pre-commit.ci] pre-commit autoupdate (#424)
  • 84b7cb4 chore(deps): update anthropics/claude-code-action digest to 51ea8ea (#425)
  • 2307c4c fix(tests): make zip-download assertions order-tolerant (#429)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies python Pull requests that update python code labels Jun 6, 2026
@dependabot dependabot Bot mentioned this pull request Jun 6, 2026
Closed
@edward-ly

edward-ly commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
chore(deps): bump nc-py-api from 0.24.2 to 0.30.2
e0e48c1 
Bumps [nc-py-api](https://github.com/cloud-py-api/nc_py_api) from 0.24.2 to 0.30.2.
- [Release notes](https://github.com/cloud-py-api/nc_py_api/releases)
- [Changelog](https://github.com/cloud-py-api/nc_py_api/blob/main/CHANGELOG.md)
- [Commits](cloud-py-api/nc_py_api@v0.24.2...v0.30.2)

---
updated-dependencies:
- dependency-name: nc-py-api
  dependency-version: 0.30.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/nc-py-api-0.30.2 branch from ed5ad6c to e0e48c1 Compare June 7, 2026 17:16
@edward-ly edward-ly merged commit f4f6fe0 into main Jun 7, 2026
11 of 12 checks passed
@edward-ly edward-ly deleted the dependabot/pip/nc-py-api-0.30.2 branch June 7, 2026 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@edward-ly