License-Update: Copyright year updated to 2024.
Changelog:
Updated to Unicode 16.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Bump changelog.
- Bump deps, version.
- Only include the changelog in the sdist package.
- [data] describeTypes.json updated.
- Openioc.py is not a script, but had exec bit.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fix readme download target
- Split build and publish for release
- Use upstream setup-uv with uv python
- Bump astral-sh/setup-uv from 2 to 3
- [pre-commit.ci] pre-commit autoupdate
- don't include outdated changelog in docs
- Fix multi-path returned from _path methods on MacOS
- Use uv as installer
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Add support for AES-GCM encryption ciphers (128 and 256 bit variants).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Adds support for Python 3.13.
- Greatly reduce the chances for crashes during interpreter shutdown.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
* [fix] os.read/write waits until file descriptor is ready.
* [fix] Upgrade RLocks as last thing we do
* [security] drop header keys with underscores
* [doc] Various doc updates
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fix and clean node trees iteration methods
- Fix missing raw string for '[^rn]'
- Full and more specific type annotations
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Drop the patch to disable strip instead set the env variable.
set UJSON_BUILD_NO_STRIP=1 and get rid of one pending patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.
CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.
CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.
CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.
CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize()
urlize and urlizetrunc were subject to a potential denial-of-service attack
via very large inputs with a specific sequence of characters.
CVE-2024-45231: Potential user email enumeration via response status on
password reset
Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to
enumerate user emails by issuing password reset requests and observing the
outcomes.
To mitigate this risk, exceptions occurring during password reset email
sending are now handled and logged using the django.contrib.auth logger.
CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
The floatformat template filter is subject to significant memory consumption
when given a string representation of a number in scientific notation with
a large exponent.
CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget
The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with
a very large number of Unicode characters.
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key as
a passed *arg.
CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize()
urlize() and urlizetrunc() were subject to a potential denial-of-service
attack via certain inputs with a very large number of brackets.
CVE-2024-39329: Username enumeration through timing difference for users with
unusable passwords
The django.contrib.auth.backends.ModelBackend.authenticate() method allowed
remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
CVE-2024-39330: Potential directory-traversal in
django.core.files.storage.Storage.save()
Derived classes of the django.core.files.storage.Storage base class which
override generate_filename() without replicating the file path validations
existing in the parent class, allowed for potential directory-traversal via
certain inputs when calling save().
Built-in Storage sub-classes were not affected by this vulnerability.
CVE-2024-39614: Potential denial-of-service in
django.utils.translation.get_supported_language_variant()
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
To mitigate this vulnerability, the language code provided to
get_supported_language_variant() is now parsed up to a maximum length of
500 characters.
Fixed a crash in Django 4.2 when validating email max line lengths with content
decoded using the surrogateescape error handling scheme (#35361)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Improve performance when IP addresses change frequently
- Improve helpfulness of ServiceInfo.request assertions
- Improve performance of ip address caching
- Enable building of arm64 macOS builds
- Add classifier for python 3.13
- Python 3.13 support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fixed joining a path when the existing path was empty
- Added :meth:URL.without_query_params() <yarl.URL.without_query_params> method,
to drop some parameters from query string
- The previously protected types _SimpleQuery, _QueryVariable, and _Query are
now available for use externally as SimpleQuery, QueryVariable, and Query
- Replaced all :class:~typing.Optional with :class:~typing.Union
- Significantly improved performance of parsing the network location
- Added internal types to the cache to prevent future refactoring errors
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Enable OS specific Mypy checks
- [watchmedo] Fix tricks argument type of schedule_tricks()
- [kqueue] Fix TypeError: kqueue.control() only accepts positional parameters
- Drop support for Python 3.8
- [core] Enforced usage of proper keyword-arguments
- [core] Renamed the BaseObserverSubclassCallable class to ObserverType
- [inotify] Renamed the inotify_event_struct class to InotifyEventStruct
- [inotify] Renamed the UnsupportedLibc exception to UnsupportedLibcError
- [inotify] Removed the InotifyConstants.IN_CLOSE constant
- [watchmedo] Renamed the LogLevelException exception to LogLevelError
- [watchmedo] Renamed the WatchdogShutdown exception to WatchdogShutdownError
- [windows] Renamed the FILE_NOTIFY_INFORMATION class to FileNotifyInformation
- [windows] Removed the unused WATCHDOG_TRAVERSE_MOVED_DIR_DELAY constant
- [core] Enable disallow_untyped_calls Mypy rule
- [core] Enable disallow_untyped_defs Mypy rule
- [core] Improve typing references for events
- [inotify] Add support for IN_CLOSE_NOWRITE events.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Support for setuptools 74
- iOS and Android support
- Fix for distutils change
- Remove test directives
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
- Speed up Hatch installation
- Test with Python 3.13
- Test with latest PyPy
- Use include-hidden-files: true to upload coverage artifacts
- Ensure PlatformDirs is valid superclass type for mypy AND not an abstract class for other checkers
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- UPDATE: parse_type/parse.py
- Copy structured test suite to "tests/parse_tests/"
- Copy structured test suite to "tests/parse_tests_with_parse_type"
- REMOVE: tests/test_parse.py
- README: Fix compact display of BADGES (was using multi-line)
- CI: Add support for Python 3.12
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- fix the build infrastructure
- drop support for Python 3.7
- add support for Python 3.13
- update linking strategy on Windows when building wheels
License-Update: Copyright year updated to 1.4.7
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- autocall was beeing call getitem
- Only copy files in startup dir if we just created it.
- Fix some tests on Python 3.13 RC1
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Reintroduced supposedly-private URLTypes shortcut.
- Support for zstd content decoding using the python zstandard package is added.
Installable using httpx[zstd].
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- Test Python 3.13
- Add 3.13 to CI
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- add 3.13 to setup.cfg classifiers
- test: optimized test preformance by moving deadcode check to the end (#89)
- Catch exception if node is in unexpected statement (#84)
- Merge pull request #80 from alexmojaki/3.13
- doc: review changes
- fix: removed unused verification
- fix: handle __firstlineno__
- refactor: review changes
- test: skip module tests for now
- test(3.13): added sample_results
- fix: skip files with raise an recursion error in 3.13, because the recursion limit has no effect
- fix: allow to LOAD_FAST variables for TypeVars
- test: fixed tests for 3.13.0b1
- test(3.13): handle optimization of not not x
- fix(3.13): a type variable can also have nonlocal variables
- fix(3.13): COMPARE_OP maps always to ast.Compare
- fix(3.13): a async function can also have nonlocal variables
- fix(3.13): a lambda can also have nonlocal variables
- fix(3.13): handle CALL_KW like method calls which are only located by the end position
- fix(3.13): loading of __class__ is mapped to the last element of the class
- fix(3.13): handle STORE_FAST_STORE_FAST and similar instructions as known issues
- fix(3.13): fixed typing errors
- build(3.13): added 3.13 to ci workflow
- fix(3.13): added new rules to the verification
- fix(3.13): show_caches is deprecated
- fix: backward compatibility fix for changed source positions in 3.12.5 (#82) (#83)
- Add many_calls tests to EXECUTING_SLOW_TESTS (#78)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix:
=======
- Ensure build uses cython3
- Add missing cython version pin to the build system
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
`Access-Control-Allow-Private-Network` CORS header to be set to true
by default, without any configuration option. This behavior can expose
private network resources to unauthorized external access, leading to
significant security risks such as data breaches, unauthorized access
to sensitive information, and potential network intrusions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6221
Upsteam-Patch:
7ae310c56a
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Update incorrect or incomplete constants in distutils
- Use Generator instead of Iterator for 3rd-party context managers
- Bump mypy to 1.11.1
License-Update:
License changed from "Apache-2.0 license" to "Apache-2.0"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- An inconsistency in Float/Rational comparisons was fixed. SymPy 1.13 made it
so that Rational(n) != Float(n) but this was inconsistent in the case of
Rational(0) == Float(0) and Float(0) == Rational(0) which gave different
results.
- Fixed a bug that caused LambertW to hang on specific inputs.
- A regression introduced in SymPy 1.13 in the heurisch integration routine was
fixed. The regression prevented some integrals from being evaluated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Updated test & build matrix to include Python 3.13.
- Dropped wheel support for Python 2.7 on macOS.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* Properly preserve escaped '{' and '}' in fstrings in logical lines in 3.12+.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Fix a 64-bit-ism in the test suite so the tests don't encounter a false
negative on 32-bit systems.
- Modify a test-harness skiptest check to work with newer versions of
Cryptography.
- Massage our import of the TripleDES cipher to support Cryptography >=43;
this should prevent CryptographyDeprecationWarning from appearing upon import.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add many Meta option to Schema so it expects a collection by default
- Refactor hooks
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Deferred import of inspect for import performance.
- Disallow passing of 'dist' to EntryPoints.select.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- minor docs fixes
- worker_class parameter accepts a class
- fix deadlock if request terminated during chunked parsing
- permit receiving Transfer-Encodings: compress, deflate, gzip
- permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still
- sdist generation now explicitly excludes sphinx build folder
- decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError
- raise correct Exception when encounting invalid chunked requests
- the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore
- include IPv6 loopback address [::1] in default for forwarded_allow_ips and proxy_allow_ips
- refuse requests where the uri field is empty
- refuse requests with invalid CR/LR/NUL in heade field values
- remove temporary --tolerate-dangerous-framing switch from 22.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Chaneglog:
============
- Run mypy locally via pre-commit hook, bump to mypy==1.10.0
- Updates to the latest eth-typing to use new ABI types for improved type
checking in existing ABI utility functions.
- Contract Application Binary Interface (ABI) utilities to obtain type and
value information for functions and events.
- Merge template to use bump-my-version and update release Make commands.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Use dbus-run-session to drop X11 dependency
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Fixed :meth:aiohttp.ClientResponse.json() not setting status
when :exc:aiohttp.ContentTypeError is raised
- Improved performance of the WebSocket reader
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Add support for python 3.13
- Fix a trivial typo in readme.md
- Correct classifier for license python-2.0.1
- Adjust license to python-2.0.1
- Remove upper bound on python requirement
- Preserve errno if all exceptions have the same errno
- Adjust license classifier to better reflect license terms
- Add link to happy eyeballs explanation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the reference to the MIT license containing COPYING file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the reference to the MIT license containing LICENSE file in the
downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Change the reference to the Apache-2.0 license containing LICENSE file
in the downloaded archive.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Apply some changes to recipe content ordering and indentation style
from oe-stylize.py.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Apply suggestions to recipe content ordering and indentation style from
oe-stylize.py and also remove the duplicate DEPENDS line for
python3-setuptools-scm-native.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
