Fix a security issue CVE-2020-36242 where certain sequences of
``update()`` calls when symmetrically encrypting very large
payloads (>2GB) could result in an integer overflow, leading to
buffer overflows.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 2.1.6:
- from_stringraises a ValueError if given string cannot be parsed
to an interval
- Drop official support for Python 3.5
- Use black as official code formatting
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
License-Update: Use info in setup.py for license as dedicated LICENSE
file has disappeared. License still is MIT
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658
Upstream patches:
4036d62bda
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.3.9:
- Added option to set row heights and column widths in pixels via
the :func:`set_row_pixels` and :func:`set_column_pixels` methods
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 2.0.0:
- require more specific objects, int (0 or 1) or bool
- items are always returned as int 0 or 1
- remove `.length()` method (deprecated since 1.5.1 - use `len()`)
- in `.unpack()` the `one` argument now defaults to 0x01
(was 0xff)
- `.tolist()` now always returns a list of integers (0 or 1)
- fix frozenbitarray hash function, see #121
- fix frozenbitarray being mutable by `<<=` and `>>=`
- support sequence protocol in `.extend()` (and bitarray creation)
- improve OverflowError messages from `util.int2ba()`
- add examples/hexadecimal.py
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.0.12:
- Add support for hashed/random/keyword expressions
- Review support support for hashed/random/keyword expression and
add expanders reactor
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 2.2.0:
- Adds support for errors.py to also use 'errors' for error_details
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 5.0.7:
- The decorator module was not passing correctly the defaults
inside the *args tuple
- Fixed some mispellings in the documentation
- Integrated codespell in the CI
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.2.4:
- Fixed regression in DataFrame.sum() when min_count greater than
the DataFrame shape was passed resulted in a ValueError
- Fixed regression in DataFrame.to_json() raising AttributeError
when run on PyPy
- Fixed regression in (in)equality comparison of pd.NaT with a
non-datetimelike numpy array returning a scalar instead of an
array
- Fixed regression in DataFrame.where() not returning a copy in
the case of an all True condition
- Fixed regression in DataFrame.replace() raising IndexError when
regex was a multi-key dictionary
- Fixed regression in repr of floats in an object column not
respecting float_format when printed in the console or outputted
through DataFrame.to_string(), DataFrame.to_html(), and
DataFrame.to_latex()
- Fixed regression in NumPy ufuncs such as np.add not passing
through all arguments for DataFrame
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.8:
assumptions:
- Q.infinite now correctly evaluates to True for oo, -oo, and zoo
- Assumption predicates now correctly evaluates to None for S.NaN
- Relational objects do not need to be wrapped by Q.is_true to be
asked or refined anymore
- Q.is_true wrapping over AppliedPredicate now just return the
argument
- refine arg(x) when x is real and nonzero
- assumptions/relation module is introduced. This module
implements binary relation as predicate
- AskHandler(), register_handler() and remove_handler() are
deprecated. Handler now must be multipledispatch instance
- Predicate now uses a single handler which is multipledispatch
instance
- Predicate can now take multiple arguments
- Predicate("...") now returns UndefinedPredicate instance. To
define a predicate, you must make a subclass of Predicate
calculus:
- Using maximum with a piecewise expression over a domain no
longer fails due to a bug fix in Piecewise.as_expr_set_pairs
codegen:
- allowing for multi-dimensional arrays as arguments/locals in c
code generation
- create_expand_pow_optimization is now customizable with respect
to requirement on base
- Support flattening of elementwise additions of array expressions
- Fixes to array-expressions in order to properly work with
ZeroArray and ZeroMatrix
- Fixing matrix expression recognition from array-expressions
- Minor fixes to the way the AST of array expressions is built
- Add normalization of CodegenArrayDiagonal when it's nested with
CodegenArrayPermuteDims and CodegenArrayContraction
- Increased support for the normalization of array expressions and
permutations of indices
- parse_matrix_expression( ) is now able to parse traces of
matrices
combinatorics:
- Added a section to the permutation docs about containment in
permutation groups
geometry:
- Fix AssertError for vertical tangent
- Geometric entities with symbolic coordinates will not be printed
in SVG
simplify:
- Fix simplify calls sympify without rational parameter
- TRmorrie now takes powers of cos terms into account
tensor:
- Introduced objects ArraySymbol and ArrayElement for array
expressions equivalent to MatrixSymbol and MatrixElement in the
matrix expression module
- Add class ZeroArray for array expressions of zero-valued
elements
- Make Array differentiation(derive_by_array) work with non sympy
expressions
- Added tensordiagonal( ) function to perform diagonalization of
array expressions
- Adding an array with any other type now consistently gives
NotImplemented
utilities:
- Added official support for using CuPy to GPU accelerate lambdify
functions
- Added Replacer class to simplify the creation of replacement
expressions with MatchPy
- Added tests for optional parameter in MatchPy patterns
- Added string printers for MatchPy-compatible wildcards in
sympy.utilities.matchpy_connector
- minlex no longer accepts is_set or small arguments
- minlex and least_rotation now accept key= arguments similar to
sorted
vector:
- Fixed a bug with integral over ImplicitRegion objects
other:
- Expanding documentation to include all class members with
docstrings
License-Update: Update year
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.6.1:
- Add multi-source initialization and add_schema() to schema class
- Add bytes strings to accepted XML sources
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.6.4:
- For test dependencies, when indicating Python 3, use >=3 instead
of >3
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.4.7:
orm:
- Fixed regression where the subqueryload() loader strategy would
fail to correctly accommodate sub-options, such as a defer()
option on a column, if the “path” of the subqueryload were more
than one level deep.
- Fixed regression where the merge_frozen_result() function relied
upon by the dogpile.caching example was not included in tests
and began failing due to incorrect internal arguments.
- Fixed critical regression where the Session could fail to
"autobegin" a new transaction when a flush occurred without an
existing transaction in place, implicitly placing the Session
into legacy autocommit mode which commit the transaction. The
Session now has a check that will prevent this condition from
occurring, in addition to repairing the flush issue.
- Fixed regression where the ORM compilation scheme would assume
the function name of a hybrid property would be the same as the
attribute name in such a way that an AttributeError would be
raised, when it would attempt to determine the correct name for
each element in a result tuple.
- Fixed critical regression caused by the new feature added as
part of #1763, eager loaders are invoked on unexpire operations.
The new feature makes use of the "immediateload" eager loader
strategy as a substitute for a collection loading strategy,
which unlike the other “post-load” strategies was not
accommodating for recursive invocations between
mutually-dependent relationships, leading to recursion overflow
errors.
engine:
- Fixed up the behavior of the Row object when dictionary access
is used upon it, meaning converting to a dict via dict(row) or
accessing members using strings or other objects i.e.
row["some_key"] works as it would with a dictionary, rather than
raising TypeError as would be the case with a tuple, whether or
not the C extensions are in place
sql:
- Enhanced the "expanding" feature used for ColumnOperators.in_()
operations to infer the type of expression from the right hand
list of elements, if the left hand side does not have any
explicit type set up. This allows the expression to support
stringification among other things. In 1.3, "expanding" was not
automatically used for ColumnOperators.in_() expressions, so in
that sense this change fixes a behavioral regression.
- Fixed the "stringify" compiler to support a basic
stringification of a "multirow" INSERT statement, i.e. one with
multiple tuples following the VALUES keyword.
schema:
- Fixed regression where usage of a token in the
Connection.execution_options.schema_translate_map dictionary
which contained special characters such as braces would fail to
be substituted properly. Use of square bracket characters [] is
now explicitly disallowed as these are used as a delimiter
character in the current implementation.
mypy:
- Fixed issue in Mypy plugin where the plugin wasn't inferring the
correct type for columns of subclasses that don’t directly
descend from TypeEngine, in particular that of TypeDecorator and
UserDefinedType.
misc:
- Added a new flag to DefaultDialect called supports_schema; third
party dialects may set this flag to True to enable SQLAlchemy's
schema-level tests when running the test suite for a third party
dialect.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.6:
- Fix order for converting mach absolute time
Get the source code from the git repository because an archive
is not available in PyPI for this release.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Minor code refactoring of the recipe and upgrade to release 1.3.3:
- Classes can be used as constraint for the type rule
- The abstract base classes of the standard library's
collections.abc module are available as named types for the
type rule
- Generic type aliases from the :mod:`typing` module can be used
as constraints for the type rule, including parametrized ones
a.k.a. compound types
- Support for Python 3.5 is removed.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
What's New in astroid 2.5.3?
============================
Release Date: 2021-04-10
* Takes into account the fact that subscript inferring for a ClassDef may involve __class_getitem__ method
* Reworks the `collections` and `typing` brain so that `pylint`s acceptance tests are fine.
ClosesPyCQA/pylint#4206
* Use ``inference_tip`` for ``typing.TypedDict`` brain.
* Fix mro for classes that inherit from typing.Generic
* Add inference tip for typing.Generic and typing.Annotated with ``__class_getitem__``
ClosesPyCQA/pylint#2822
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 4.0.1. It is the first bug fix release in the
Robot Framework 4.0.x series. It fixes several severe and not so
severe issues reported since Robot Framework 4.0 was released.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 2.1.3:
- Address issue where a test server may return an HTTP error
during upload or download
- Address issue where ignore_ids may be empty or have empty values
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 5.0.6:
- The decorator module was not copying the module attribute anymore
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.0.11:
- fix bug: bad case:0 6 30 3 *
- Add support for L in the day_of_week component. This enable
expressions like * * * * L4, which means last Thursday of the
month.
- Create CroniterUnsupportedSyntaxError exception for situations
where CRON syntax may be valid but some combinations of features
is not supported. Currently, this is used when the day_of_week
component has a combination of literal values and nth/last
syntax at the same time.
For example, 0 0 * * 1,L6 or 0 0 * * 15,sat#1 will both raise
this exception because of mixing literal days of the week with
nth-weekday or last-weekday syntax. This may impact existing
cron expressions in prior releases, because 0 0 * * 15,sat#1
was previously allowed but incorrectly handled.
- Update croniter_range() to allow an alternate croniter class to
be used. Helpful when using a custom class derived from croniter.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 0.17.4:
- prevent (empty) comments from throwing assertion error
- fix for issue 382 caused by an error in a format string
- allow expansion of aliases by setting
``yaml.composer.return_alias = lambda s: copy.deepcopy(s)``
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.6.0:
- XML data bindings and code generators are now considered stable
- Add arguments 'max_depth' and 'extra_validator' to validation
methods
- Enhance decoding with 'value_hook' argument
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 4.60.0:
- add contrib.logging helpers for redirecting to tqdm.write()
- support delay in notebook
- fix contrib.tmap, tzip not using tqdm_class
- add notebook tests
- updates & misc minor fixes for documentation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 3.2:
- Automatic AppConfig discovery
- Customizing type of auto-created primary keys
- Functional indexes
- pymemcache support
- New decorators for the admin site
- Other minor new features
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.4.6:
orm:
- Fixed regression where a deprecated form of Query.join() were
used, passing a series of entities to join from without any ON
clause in a single Query.join() call, would fail to function
correctly.
- Fixed critical regression where the Query.yield_per() method in
the ORM would set up the internal Result to yield chunks at a
time, however made use of the new Result.unique() method which
uniques across the entire result.
sql:
- Fixed further regressions in the same area as that of #6173
released in 1.4.5, where a “postcompile” parameter, again most
typically those used for LIMIT/OFFSET rendering in Oracle and
SQL Server, would fail to be processed correctly if the same
parameter rendered in multiple places in the statement.
- Executing a Subquery using Connection.execute() is deprecated
and will emit a deprecation warning; this use case was an
oversight that should have been removed from 1.4.
schema:
- The Table object now raises an informative error message if it
is instantiated without passing at least the Table.name and
Table.metadata arguments positionally. Previously, if these were
passed as keyword arguments, the object would silently fail to
initialize correctly.
mypy:
- Applied a series of refactorings and fixes to accommodate for
Mypy "incremental" mode across multiple files, which previously
was not taken into account. In this mode the Mypy plugin has to
accommodate Python datatypes expressed in other files coming in
with less information than they have on a direct run.
- Fixed issue where the Mypy plugin would fail to interpret the
"collection_class" of a relationship if it were a callable and
not a class. Also improved type matching and error reporting for
collection-oriented relationships.
asyncio:
- Added accessors .sqlstate and synonym .pgcode to the .orig
attribute of the SQLAlchemy exception class raised by the
asyncpg DBAPI adapter, that is, the intermediary exception
object that wraps on top of that raised by the asyncpg
library itself, but below the level of the SQLAlchemy dialect.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 0.8.8:
- AsyncMachine does not remove models when remove_models is called
- Introduce try/except for finalize callbacks in Machine and
HierachicalMachine. Thus, errors occurring in finalize callbacks
will be suppressed and only the original error will be raised.
- Show references in graphs and markup. Introduce
MarkupMachine.format_references to tweak reference formatting
- Introduce Machine.on_exception to handle raised exceptions in
callbacks
- Machine.get_triggers now supports State and Enum as arguments
- NestedState and HierachicalMachine.add_states now accept (lists
of) states and enums as initial parameter
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 5.0.5:
- Dropped support for Python < 3.5 with a substantial
simplification of the code base (now building a decorator does
not require calling "exec").
- Added a way to mimic functools.wraps-generated decorators.
- Ported the Continuous Integration from Travis to GitHub.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 1.4.5:
orm:
- Fixed regression where the joinedload() loader strategy would
not successfully joinedload to a mapper that is mapper against
a CTE construct.
- Scaled back the warning message added in #5171 to not warn for
overlapping columns in an inheritance scenario where a
particular relationship is local to a subclass and therefore
does not represent an overlap.
sql:
- Fixed bug in new FunctionElement.render_derived() feature where
column names rendered out explicitly in the alias SQL would not
have proper quoting applied for case sensitive names and other
non-alphanumeric names.
- Fixed regression where use of the Operators.in_() method with a
Select object against a non-table-bound column would produce an
AttributeError, or more generally using a ScalarSelect that has
no datatype in a binary expression would produce invalid state.
- Added a new flag to the Dialect class called
Dialect.supports_statement_cache. This flag now needs to be
present directly on a dialect class in order for SQLAlchemy's
query cache to take effect for that dialect. The rationale is
based on discovered issues such as #6173 revealing that dialects
which hardcode literal values from the compiled statement, often
the numerical parameters used for LIMIT / OFFSET, will not be
compatible with caching until these dialects are revised to use
the parameters present in the statement only. For third party
dialects where this flag is not applied, the SQL logging will
show the message "dialect does not support caching", indicating
the dialect should seek to apply this flag once they have
verified that no per-statement literal values are being rendered
iwithin the compilation phase.
schema:
- Introduce a new parameter Enum.omit_aliases in Enum type allow
filtering aliases when using a pep435 Enum. Previous versions of
SQLAlchemy kept aliases in all cases, creating database enum
type with additional states, meaning that they were treated as
different values in the db. For backward compatibility this flag
defaults to False in the 1.4 series, but will be switched to
True in a future version. A deprecation warning is raise if this
iflag is not specified and the passed enum contains aliases.
mypy:
- Fixed issue in mypy plugin where newly added support for
as_declarative() needed to more fully add the DeclarativeMeta
class to the mypy interpreter’s state so that it does not
result in a name not found error; additionally improves how
global names are setup for the plugin including the Mapped name.
asyncio:
- Fixed issue where the asyncio extension could not be loaded if
running Python 3.6 with the backport library of contextvars
installed.
postgresql:
- Fixed regression where the PostgreSQL cast operator applied to
elements within an ARRAY when using psycopg2 would fail to use
the correct type in the case that the datatype were also
embedded within an instance of the Variant adapter.
- Fixed typo in the fix released in 1.4.4 that completely
prevented this change from working correctly, i.e. the error
message did not match what was actually emitted by pg8000.
- Fixed issue where the PostgreSQL PGInspector, when generated
against an Engine, would fail for .get_enums(),
.get_view_names(), .get_foreign_table_names() and
.get_table_oid() when used against a "future" style engine
and not the connection directly.
mysql:
- Fixed regression in the MySQL dialect where the reflection query
used to detect if a table exists would fail on very old MySQL
5.0 and 5.1 versions.
mssql:
- Fixed a regression in MSSQL 2012+ that prevented the order by
clause to be rendered when offset=0 is used in a subquery.
oracle:
- Fixed critical regression where the Oracle compiler would not
maintain the correct parameter values in the LIMIT/OFFSET for a
select due to a caching issue.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 2021.4.4 with the following bug fixes:
- regex fails with a quantified backreference but succeeds with
repeated backref
- API is not a drop-in replacement for python's re when it comes
to typing
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Upgrade to release 0.17:
- Installing with setup.py now requires setuptools. Alternatively,
install with pip.
- The generic command line front end tool docutils-cli.py allows
the free selection of reader, parser, and writer components.
- New, experimental wrapper to integrate the recommonmark Markdown
parser for use with Docutils.
- pseudoxml-writer got a --detailled option for pretty printing
text nodes.
- odf/odt-writer improved metadata handling.
- HTML5 writer improvements.
- LaTeX writer improvements.
- Fixes in Arabic mappings and Korean translations.
- directives: Prevent infinte inclusion loops.
License-Update: Fix link to 2-Clause BSD license in COPYING.txt.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
