meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-27 12:01:38 +01:00

Author	SHA1	Message	Date
Wang Mingyu	1b8c883667	python3-nocaselist: upgrade 2.1.0 -> 2.2.0 Changelog: https://nocaselist.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-12 08:53:44 -08:00
Wang Mingyu	6a9c1e9114	python3-nocasedict: upgrade 2.1.0 -> 2.2.0 Changelog: https://nocasedict.readthedocs.io/en/2.2.0/changes.html Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-12 08:53:44 -08:00
Wang Mingyu	9206e31273	python3-moteus: upgrade 0.3.96 -> 0.3.97 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-12 08:53:44 -08:00
Wang Mingyu	86cabd1603	python3-marshmallow: upgrade 4.1.2 -> 4.2.0 Changelog: many argument of Nested properly overrides schema instance value. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-12 08:53:44 -08:00
Gyorgy Sarvari	38eaab2241	python3-waitress: add ptest support It takes <10s to execute. Some (54) tests are not compatible with musl[1] - due to this the tests are on the problem-list. Sample output snippet: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-01-07T09:57 BEGIN: /usr/lib/python3-waitress/ptest PASS: tests.test_adjustments.TestAdjustments.test_bad_port PASS: tests.test_adjustments.TestAdjustments.test_badvar PASS: tests.test_adjustments.TestAdjustments.test_default_listen [...many lines...] PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_in_disconnected PASS: tests.test_wasyncore.Test_readwrite.test_socketerror_not_in_disconnected PASS: tests.test_wasyncore.Test_write.test_gardenpath PASS: tests.test_wasyncore.Test_write.test_non_reraised PASS: tests.test_wasyncore.Test_write.test_reraised ============================================================================ Testsuite summary \# TOTAL: 783 \# PASS: 775 \# SKIP: 8 \# XFAIL: 0 \# FAIL: 0 \# XPASS: 0 \# ERROR: 0 DURATION: 7 END: /usr/lib/python3-waitress/ptest 2026-01-07T09:57 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-12 08:53:42 -08:00
Leon Anavi	b6ddf00e8c	python3-termcolor: Upgrade 3.2.0 -> 3.3.0 Upgrade to release 3.3.0: - Add support for italic - can_colorize: Expect fileno() to raise OSError, as documented Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-07 09:09:29 -08:00
Leon Anavi	312155a7d6	python3-behave: Upgrade 1.3.2 -> 1.3.3 Upgrade to release 1.3.3: - FIXED: Broke Python 2.7 support Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-07 09:09:29 -08:00
Leon Anavi	d2501971b2	python3-astroid: Upgrade 4.0.2 -> 4.0.3 Upgrade to release 4.0.3: - Fix inference of IfExp (ternary expression) nodes to avoid prematurely narrowing results in the face of inference ambiguity. - Fix base class inference for dataclasses using the PEP 695 typing syntax. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-07 08:18:57 -08:00
Leon Anavi	5ff2ec190a	python3-anyio: Upgrade 4.12.0 -> 4.12.1 Upgrade to release 4.12.1: - Changed all functions currently raising the private NoCurrentAsyncBackend exception (since v4.12.0) to instead raise the public NoEventLoopError exception - Fixed anyio.functools.lru_cache not working with instance methods Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-07 08:18:56 -08:00
Leon Anavi	7721e7a6fc	python3-bumble: Upgrade 0.0.220.bb -> 0.0.221 Upgrade to release 0.0.221: - Cancel l2cap connection result future on abort - Implement extended advertising emulation - Rust: Fix cargo-all-features to 1.11.0 - L2CAP Enhanced Retransmission mode - Add some docs about Android and Hardware - bump pdl dependencies versions - android-netsim transport enhancements - Upgrade GitHub Actions for Node 24 compatibility - Upgrade GitHub Actions to latest versions - GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC - Remove unused imports - Fix missing type hints on Device.notify_subscribers() - L2CAP: Enhanced Credit-based Flow Control Mode - use ruff for linting and import sorting - hot fix: remove unused import - Ruff: Add and fix UP rules - add support for multiple concurrent broadcasts - Add EATT Support - Fix some typos and annotations Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-07 08:18:56 -08:00
Leon Anavi	bc8066fd7f	python3-fastapi: Upgrade 0.124.4 -> 0.128.0 Upgrade to release 0.128.0: - Drop support for pydantic.v1 - Run performance tests only on Pydantic v2 Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-06 07:36:35 -08:00
Leon Anavi	656bbf2c70	python3-networkx: Upgrade 3.6 -> 3.6.1 Upgrade to release 3.6.1: API Changes - Add spectral bipartition community finding and greedy bipartition using node swaps Enhancements - Nodelists for from_biadjacency_matrix - Add spectral bipartition community finding and greedy bipartition using node swaps - Fix draw_networkx_nodes with list node_shape and add regression test Bug Fixes - Fix: allow graph subclasses to have additional arguments Documentation - DOC: Improve benchmarking readme - DOC: More details re: RC releases in the release process devdocs - DOC: clarify difference between G.nodes/G.nodes() and G.edges/G.edges() in tutorial - DOC: Add blurb to contributor guide about drawing tests - DOC: Fix underline lens in docstrings - Rolling back shortest paths links Maintenance - MAINT: Replace string literal with comment - Bump actions/checkout from 5 to 6 in the actions group - pin python 3.14 to be version 3.14.0 until dataclasses are fixed - Blocklist Python 3.14.1 Other - TST: add tests for unsupported graph types in MST algorithms - TST: clean up isomorphism tests Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-06 07:36:35 -08:00
Leon Anavi	382e4de7d8	python3-brotli: Upgrade 1.1.0 -> 1.2.0 Upgrade to release 1.2.0: SECURITY - python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan) Added - decoder/encoder: added static initialization to reduce binary size - python: allow limiting decoder output (see SECURITY section) - CLI: brcat alias; allow decoding concatenated brotli streams - kt: pure Kotlin decoder - cgo: support "raw" dictionaries - build: Bazel modules Removed - java: dropped finalize() for native entities Fixed - java: in compress pass correct length to native encoder Improved - build: install man pages - build: updated / fixed / refined Bazel buildfiles - encoder: faster encoding - cgo: link via pkg-config - python: modernize extension / allow multi-phase module initialization Changed - decoder / encoder: static tables use "small" model (allows 2GiB+ binaries) Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-06 07:36:35 -08:00
Leon Anavi	768a039171	python3-parse-type: Upgrade 0.6.3 -> 0.6.6 Upgrade to release 0.6.6: - Disable setuptools-scm: Too many side-effects Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-06 07:36:35 -08:00
Gyorgy Sarvari	c6ac2c467d	python3-flask-cors: upgrade 4.0.0 -> 5.0.0 Contains fix for CVE-2024-6221 and CVE-2024-1681 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-05 18:16:19 -08:00
Gyorgy Sarvari	cbb4f9d4e0	python3-configobj: ignore CVE-2023-26112 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 The fix[1] is already included in the recipe version (5.0.9), the CVE can be marked as patched. [1]: `7c618b0bba` Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-05 18:16:19 -08:00
Gyorgy Sarvari	1d7c7549b3	python3-cbor2: upgrade 5.7.1 -> 5.8.0 Contains fix for CVE-2025-68131 Changelog: - Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. - Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects - Reset shared reference state at the start of each top-level encode/decode operation Ptests passed: ... PASS: tests/test_tool.py:test_dtypes_from_file PASS: tests/test_tool.py:test_ignore_tag PASS: tests/test_types.py:test_frozendict ============================================================================ Testsuite summary DURATION: 4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-05 18:16:18 -08:00
Leon Anavi	7722db14ce	python3-autobahn: Upgrade 25.11.1 -> 25.12.2 Upgrade to release 25.12.2: Build & CI/CD: - Synchronize CI/CD, FlatBuffers vendoring, and wamp-ai/wamp-cicd submodules between autobahn-python and zlmdb - Switch manylinux container from 2_34 to 2_28 for x86_64 ISA compatibility (fixes auditwheel flatc bundling) - Increase ARM64 build timeout to 60 minutes for QEMU emulation - Add .github/workflows/README.md documenting CI/CD architecture - Consolidate download-github-release and download-release-artifacts recipes - Add checksum verification to artifact download workflow FlatBufers: - Simplify vendored FlatBuffers - use upstream as-is - Track vendored FlatBuffers in git (like zlmdb approach) - Add version() function to vendored FlatBuffers runtime - Add check_zlmdb_flatbuffers_version_in_sync() for cross-project compatibility - Generate .bfbs files for WAMP schemas during wheel build Other: - Rename install-flatc to install-flatc-system with prominent warning - Remove legacy readthedocs.yml to activate .readthedocs.yaml - Remove dev-latest optional dependency (PyPI rejects direct URLs) License-Update: Standardize LICENSE with SPDX header Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-05 18:16:18 -08:00
Leon Anavi	8b5e1f5dbf	python3-filelock: Upgrade 3.20.1 -> 3.20.2 Upgrade to release 3.20.2: - Support Unix systems without O_NOFOLLOW - [pre-commit.ci] pre-commit autoupdate Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-05 18:16:18 -08:00
Khem Raj	cef23383bf	python3-wrapt: Upgrade to 2.0.1 Switch to Pypi fetcher Switch to PEP-517 build backend Fixes WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-05 18:15:25 -08:00
Liu Yiding	48b2cea528	python3-cmd2: upgrade 3.0.0 -> 3.1.0 Changelog: https://github.com/python-cmd2/cmd2/releases/tag/3.1.0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-03 20:29:17 -08:00
Liu Yiding	b54eae734d	python3-py7zr: upgrade 1.0.0 -> 1.1.0 Changelog: https://py7zr.readthedocs.io/en/latest/Changelog.html Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-03 20:29:17 -08:00
Tom Geelen	7d0234ae64	python3-pytest-aiohttp: add missing DEPENDS Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-02 22:30:12 -08:00
Khem Raj	dd76a02235	python3-propcache: Update Cython to version 3.2.3 Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-01-02 22:28:23 -08:00
Khem Raj	1b3e5162d3	python3-bumble: Add recipe Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:05 -08:00
Khem Raj	802ef55a7e	python3-pyee: Add recipe Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:05 -08:00
Gyorgy Sarvari	389d1a4b3e	python3-pymongo: set CVE_PRODUCT The default python:pymongo CPE fails to match related CVE entries, because they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%pymongo%'; CVE-2024-5629\|mongodb\|pymongo\|\|\|4.6.3\|<\|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:04 -08:00
Gyorgy Sarvari	966292e770	python3-orjson: set CVE_PRODUCT The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454\|ijl\|orjson\|\|\|3.9.15\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:04 -08:00
Gyorgy Sarvari	b03642e20e	python3-python-multipart: set CVE_PRODUCT The default python:python_multipart CPE doesn't match relevant CVE entries, because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE, and Mitre uses kludex:python-multipart for others. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%python%multipart%'; CVE-2024-24762\|fastapiexpert\|python-multipart\|\|\|0.0.7\|< CVE-2024-24762\|fastapiexpert\|python-multipart\|\|\|0.0.7\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:04 -08:00
Gyorgy Sarvari	7f962ef155	python3-ecdsa: set CVE_PRODUCT Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't match relevant entries. The correct values were taken from the CVE db, by checking which CVEs are relevant. See CVE db query: sqlite> select * from products where product like '%ecdsa%'; CVE-2019-14853\|python-ecdsa_project\|python-ecdsa\|\|\|0.13.3\|< CVE-2019-14859\|python-ecdsa_project\|python-ecdsa\|\|\|0.13.3\|< CVE-2020-12607\|antonkueltz\|fastecdsa\|\|\|2.1.2\|< CVE-2021-43568\|starkbank\|elixir_ecdsa\|1.0.0\|=\|\| CVE-2021-43569\|starkbank\|ecdsa-dotnet\|1.3.2\|=\|\| CVE-2021-43570\|starkbank\|ecdsa-java\|1.0.0\|=\|\| CVE-2021-43571\|starkbank\|ecdsa-node\|1.1.2\|=\|\| CVE-2021-43572\|starkbank\|ecdsa-python\|\|\|2.0.1\|< CVE-2022-24884\|ecdsautils_project\|ecdsautils\|\|\|0.4.1\|< CVE-2024-21502\|antonkueltz\|fastecdsa\|\|\|2.3.2\|< CVE-2024-23342\|tlsfuzzer\|ecdsa\|\|\|0.18.0\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:04 -08:00
Gyorgy Sarvari	f62530b04e	python3-gevent: set CVE_PRODUCT Relevant CVEs are tracked with gevent:gevent CPE, and the default python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%gevent%'; CVE-2023-41419\|gevent\|gevent\|\|\|23.9.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:04 -08:00
Gyorgy Sarvari	0620851d87	python3-dnspython: set CVE_PRODUCT The related CVEs are tracked using dnspython:dnspython CPE, and the default python:dnspython CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%dnspython%'; CVE-2023-29483\|dnspython\|dnspython\|\|\|2.6.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:03 -08:00
Gyorgy Sarvari	8fc9b69798	python3-starlette: set CVE_PRODUCT The relevant CVE entries are tracked with encode:starlette CPE, and the default python:starlette CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%starlette%'; CVE-2023-29159\|encode\|starlette\|0.13.5\|>=\|0.27.0\|< CVE-2023-30798\|encode\|starlette\|\|\|0.25.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:03 -08:00
Gyorgy Sarvari	638b08966b	python3-markdown-it-py: set CVE_PRODUCT The related CVE entries are tracked with executablebooks:markdown-it-py CPE value, and the default python:markdown-it-py CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%markdown-it-py%'; CVE-2023-26302\|executablebooks\|markdown-it-py\|\|\|2.2.0\|< CVE-2023-26303\|executablebooks\|markdown-it-py\|\|\|2.2.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:03 -08:00
Gyorgy Sarvari	d4785556af	python3-configobj: set CVE_PRODUCT The related CVEs are tracked with configobj_peroject:configobj CPE in the database, and the default python:configobj CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%configobj%'; CVE-2023-26112\|configobj_project\|configobj\|-\|\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:03 -08:00
Gyorgy Sarvari	7adae7e63b	python3-py7zr: set CVE_PRODUCT The related CVEs are tracked with py7zr_project:py7zr CPE in the database, and the default python:py7zr CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%py7zr%'; CVE-2022-44900\|py7zr_project\|py7zr\|\|\|0.20.1\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:03 -08:00
Gyorgy Sarvari	ad0df74828	python3-oauthlib: set CVE_PRODUCT The relevant CVEs are tracked using oathlib_project:oathlib CPE, and the default python:oauthlib CPE doesn't match relevant entries. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'oauthlib'; CVE-2022-36087\|oauthlib_project\|oauthlib\|3.1.1\|>=\|3.2.1\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:02 -08:00
Gyorgy Sarvari	6ab68968c2	python3-joblib: set CVE_PRODUCT The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797\|joblib_project\|joblib\|\|\|1.1.1\|< CVE-2024-34997\|joblib_project\|joblib\|1.4.2\|=\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:02 -08:00
Gyorgy Sarvari	50925849c0	python3-eth-account: set CVE_PRODUCT The relevant CVEs are tracked with ethereum:eth-account CPE, and the default python:eth-account one doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%eth-account%'; CVE-2022-1930\|ethereum\|eth-account\|\|\|0.5.9\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:02 -08:00
Gyorgy Sarvari	dd2edff531	python3-binwalk: set CVE_PRODUCT Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like '%binwalk%'; CVE-2021-4287\|microsoft\|binwalk\|\|\|2.3.3\|<\|0 CVE-2022-4510\|microsoft\|binwalk\|2.2.0\|>=\|2.3.3\|<\|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:02 -08:00
Gyorgy Sarvari	8627277b50	python3-httpx: set CVE_PRODUCT The relevant CVEs are tracked in the CVE db with encode:httpx CPE instead of the default python:httpx. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%httpx%'; CVE-2021-41945\|encode\|httpx\|\|\|0.23.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:02 -08:00
Gyorgy Sarvari	5d8e8ebcab	python3-cvxopt: set CVE_PRODUCT Set correct CVE_PRODUCT to be used instead of ${PN}. See CVE db query: sqlite> select * from products where product like '%cvxopt%'; CVE-2021-41500\|cvxopt_project\|cvxopt\|\|\|1.2.6\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:01 -08:00
Gyorgy Sarvari	a8bc7739b5	python3-sqlparse: set CVE_PRODUCT The relevant CVEs are tracked with sqlparse_project:sqlparse CPE, and the default python:sqlparse CPE doesn't match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%sqlparse%'; CVE-2021-32839\|sqlparse_project\|sqlparse\|0.4.0\|>=\|0.4.2\|< CVE-2023-30608\|sqlparse_project\|sqlparse\|0.1.15\|>=\|0.4.4\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:01 -08:00
Gyorgy Sarvari	eb20735d09	python3-flask-restx: set CVE_PRODUCT The relevant CVEs are tracked using flask-restx_project:flask-restx CPE, which makes the default python:flask-restx CPE to not match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%flask-restx%'; CVE-2021-32838\|flask-restx_project\|flask-restx\|\|\|0.5.1\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:01 -08:00
Gyorgy Sarvari	a307398b7b	python3-fastapi: set CVE_PRODUCT Set correct CVE_PRODUCT - the default (python:fastapi) is not the one that is used to track CVEs. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'fastapi'; CVE-2021-32677\|tiangolo\|fastapi\|\|\|0.65.2\|<\|0 CVE-2025-55526\|n8n\|fastapi\|0.115.14\|=\|\|\|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:01 -08:00
Gyorgy Sarvari	30b0c458bb	python3-lief: set CVE_PRODUCT The correct CVE_PRODUCT is "lief" for this recipe instead of the default ${PN}, that doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like 'lief'; CVE-2021-32297\|lief-project\|lief\|\|\|0.11.4\|<= CVE-2022-38306\|lief-project\|lief\|\|\|0.12.1\|< CVE-2022-38307\|lief-project\|lief\|\|\|0.12.1\|< CVE-2022-38495\|lief-project\|lief\|\|\|0.12.1\|<= CVE-2022-38496\|lief-project\|lief\|\|\|0.12.1\|<= CVE-2022-38497\|lief-project\|lief\|\|\|0.12.1\|<= CVE-2022-40922\|lief-project\|lief\|0.12.1\|=\|\| CVE-2022-40923\|lief-project\|lief\|0.12.1\|=\|\| CVE-2022-43171\|lief-project\|lief\|0.12.1\|=\|\| CVE-2024-31636\|lief-project\|lief\|0.14.1\|=\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:01 -08:00
Gyorgy Sarvari	b4fd4a6217	python3-pydantic: set CVE_PRODUCT Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant CVEs. See CVE query (n8n vendor is not relevant): sqlite> select * from products where product like '%pydantic%'; CVE-2021-29510\|pydantic\|pydantic\|\|\|1.6.2\|< CVE-2021-29510\|pydantic\|pydantic\|1.7\|>=\|1.7.4\|< CVE-2021-29510\|pydantic\|pydantic\|1.8\|>=\|1.8.2\|< CVE-2024-3772\|pydantic\|pydantic\|\|\|1.10.13\|< CVE-2024-3772\|pydantic\|pydantic\|2.0\|>=\|2.4.0\|< CVE-2025-55526\|n8n\|pydantic\|2.11.7\|=\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:01 -08:00
Gyorgy Sarvari	d3a4074663	python3-pikepdf: set CVE_PRODUCT The relevant CVEs are tracked with pikepdf_project:pikepdf CPE, and the default python:pikepdf doesn't match CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'pikepdf'; CVE-2021-29421\|pikepdf_project\|pikepdf\|1.3.0\|>=\|2.9.2\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:00 -08:00
Gyorgy Sarvari	a2aa92f554	python3-mpmath: set CVE_PRODUCT The CVE database tracks relevant CVEs with mpmath:mpmath CPE. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'mpmath'; CVE-2021-29063\|mpmath\|mpmath\|1.0.0\|>=\|1.2.1\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:00 -08:00
Gyorgy Sarvari	3536ca6a36	python3-flask-user: set CVE_PRODUCT The relevant CVE is tracked using flask-user_project:flask-user CPE, so the default python:flask-user value doesn't match it. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'flask-user'; CVE-2021-23401\|flask-user_project\|flask-user\|-\|\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:00 -08:00
Gyorgy Sarvari	b578877722	python3-eventlet: set CVE_PRODUCT The relevant CVEs are tracked using eventlet:eventlet CPE, and the default python:eventlet CPE doesn't match relevant CVEs. Set the correct CVE_PRODUCT. See CVE db query: sqlite> select * from products where product like 'eventlet'; CVE-2021-21419\|eventlet\|eventlet\|0.10\|>=\|0.31.0\|< CVE-2023-29483\|eventlet\|eventlet\|\|\|0.35.2\|< CVE-2025-58068\|eventlet\|eventlet\|\|\|0.40.3\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:00 -08:00
Gyorgy Sarvari	f04728af28	python3-aiohttp: set CVE_PRODUCT The related CVEs are tracked using aiohttp:aiohttp CPE, so the default python:aiohttp CPE doesn't match relevant CVEs. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'aiohttp'; CVE-2021-21330\|aiohttp\|aiohttp\|\|\|3.7.4\|< CVE-2022-33124\|aiohttp\|aiohttp\|3.8.1\|=\|\| CVE-2023-37276\|aiohttp\|aiohttp\|\|\|3.8.4\|<= CVE-2023-47627\|aiohttp\|aiohttp\|\|\|3.8.6\|< CVE-2023-47641\|aiohttp\|aiohttp\|\|\|3.8.0\|< CVE-2023-49081\|aiohttp\|aiohttp\|\|\|3.9.0\|< CVE-2023-49082\|aiohttp\|aiohttp\|\|\|3.9.0\|< CVE-2024-23334\|aiohttp\|aiohttp\|1.0.5\|>=\|3.9.2\|< CVE-2024-23829\|aiohttp\|aiohttp\|\|\|3.9.2\|< CVE-2024-27306\|aiohttp\|aiohttp\|\|\|3.9.4\|< CVE-2024-30251\|aiohttp\|aiohttp\|\|\|3.9.4\|< CVE-2024-42367\|aiohttp\|aiohttp\|3.10.0\|>=\|3.10.2\|< CVE-2024-52303\|aiohttp\|aiohttp\|3.10.6\|>=\|3.10.11\|< CVE-2024-52304\|aiohttp\|aiohttp\|\|\|3.10.11\|< CVE-2025-53643\|aiohttp\|aiohttp\|\|\|3.12.14\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:34:00 -08:00
Gyorgy Sarvari	6cc3c31ed6	python3-brotli: set CVE_PRODUCT There is one brotli repository for all language bindings, and the same CPE is used for all: google:brotli (instead of the expected default of python:brotli, in case of the Python package). Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'brotli'; CVE-2020-8927\|google\|brotli\|\|\|1.0.8\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:33:59 -08:00
Gyorgy Sarvari	93fd9b0db0	python3-uvicorn: set CVE_PRODUCT The default python:uvicorn CPE is not correct, the CVEs are tracked under encode:uvicorn. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'uvicorn'; CVE-2020-7694\|encode\|uvicorn\|-\|\|\| CVE-2020-7695\|encode\|uvicorn\|\|\|0.11.7\|< CVE-2025-55526\|n8n\|uvicorn\|0.35.0\|=\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:33:59 -08:00
Gyorgy Sarvari	cc9af72f13	python3-autobahn: set CVE_PRODUCT The only CVE stored in the CVE db is tracked with "crossbar" vendor, which makes the default python:autobahn CPE to not match. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'autobahn'; CVE-2020-35678\|crossbar\|autobahn\|\|\|20.12.3\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:33:59 -08:00
Gyorgy Sarvari	1fac509459	python3-py: set CVE_PRODUCT The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT accordingly instead of the default python:py. See CVE db query: sqlite> select * from products where product like 'py'; CVE-2020-29651\|pytest\|py\|\|\|1.9.0\|<= CVE-2022-42969\|pytest\|py\|\|\|1.11.0\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:33:59 -08:00
Gyorgy Sarvari	15ab75e8fb	python3-flask-cors: set CVE_PRODUCT The related CVEs are tracked under multiple vendor IDs (but none of them are associated with the default "python" vendor). Query from CVE db: sqlite> select * from products where product like 'flask-cors'; CVE-2020-25032\|flask-cors_project\|flask-cors\|\|\|3.0.9\|< CVE-2024-1681\|corydolphin\|flask-cors\|4.0.0\|=\|\| CVE-2024-6221\|corydolphin\|flask-cors\|4.0.1\|=\|\| CVE-2024-6839\|flask-cors_project\|flask-cors\|4.0.1\|=\|\| CVE-2024-6844\|flask-cors_project\|flask-cors\|4.0.1\|=\|\| CVE-2024-6866\|flask-cors_project\|flask-cors\|4.0.1\|=\|\| Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:33:59 -08:00
Gyorgy Sarvari	4fbf11954a	python3-pandas: set CVE_PRODUCT Currently there is only one CVE associated with pandas, and it is tracked using numfocus:pandas CPE by NIST instead of the default python:pandas from pypi.bbclass. See CVE db query: sqlite> select * from products where product like 'pandas'; CVE-2020-13091\|numfocus\|pandas\|\|\|1.0.3\|<= Set the CVE_PRODUCT accodingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:33:59 -08:00
Gyorgy Sarvari	34f5fd45af	python3-svglib: set CVE_PRODUCT There is only one relevant CVE in the database, but it is tracked using svglib_project:svglib CPE, not the expected python:svglib CPE, making the cve-checker miss it. See CVE db query: sqlite> select * from products where product like '%svglib%'; CVE-2020-10799\|svglib_project\|svglib\|\|\|0.9.3\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	07dd23f681	python3-webargs: set CVE_PRODUCT The relevant CVEs for this recipe are tracked using webargs_project:webargs CPE, which makes the default python:webargs CPE to miss CVEs. See CVE db query: sqlite> select * from products where product like '%webargs%'; CVE-2019-9710\|webargs_project\|webargs\|\|\|5.1.3\|< CVE-2020-7965\|webargs_project\|webargs\|5.0.0\|>=\|5.5.2\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	f30b5cd005	python3-validators: set CVE_PRODUCT The CVEs related to this project are tracked using the validators_project:validators CPE, which doesn't match the default python:validators CPE. See CVE db query: sqlite> select * from products where product like 'validators'; CVE-2019-19588\|validators_project\|validators\|0.12.2\|>=\|0.12.5\|<= CVE-2023-45813\|validators_project\|validators\|0.11.0\|=\|\| CVE-2023-45813\|validators_project\|validators\|0.20.0\|=\|\| Set the CVE_PRODUCT so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	df18617f6a	python3-reportlab: set CVE_PRODUCT The relevant CVEs to this recipe are tracked using reportlab:reportlab CPE, which doesn't match the default python:reportlab CPE, so the cve-checker misses CVEs. See CVE db query: sqlite> select * from products where product like '%reportlab%'; CVE-2019-17626\|reportlab\|reportlab\|\|\|3.5.26\|<=\|0 CVE-2019-19450\|reportlab\|reportlab\|\|\|3.5.31\|<\|0 CVE-2020-28463\|reportlab\|reportlab\|-\|\|\|\|0 CVE-2023-33733\|reportlab\|reportlab\|\|\|3.6.12\|<=\|0 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	16c2efd07b	python3-waitress: set CVE_PRODUCT The CVEs for this recipes are tracked using the agendaless:waitress CPE, which doesn't match the default python:waitress CPE, making the cve-checker miss relevant CVEs. See CVE db query: sqlite> select * from products where PRODUCT like 'waitress'; CVE-2019-16785\|agendaless\|waitress\|\|\|1.3.1\|<= CVE-2019-16786\|agendaless\|waitress\|\|\|1.3.1\|< CVE-2019-16789\|agendaless\|waitress\|\|\|1.4.0\|<= CVE-2019-16792\|agendaless\|waitress\|\|\|1.3.1\|<= CVE-2020-5236\|agendaless\|waitress\|1.4.2\|=\|\| CVE-2022-24761\|agendaless\|waitress\|\|\|2.1.1\|< CVE-2022-31015\|agendaless\|waitress\|2.1.0\|>=\|2.1.2\|< CVE-2024-49768\|agendaless\|waitress\|2.0.0\|>=\|3.0.1\|< CVE-2024-49769\|agendaless\|waitress\|\|\|3.0.1\|< Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	1225394e95	python3-nltk: set CVE_PRODUCT The CVEs for this project are tracked under nltk:nltk CPE, which doesn't match the default python:nltk CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'nltk'; CVE-2019-14751\|nltk\|nltk\|\|\|3.4.5\|< CVE-2021-3828\|nltk\|nltk\|\|\|3.6.3\|<= CVE-2021-3842\|nltk\|nltk\|\|\|3.6.6\|< CVE-2021-43854\|nltk\|nltk\|\|\|3.6.5\|< Set the CVE_PRODUCT so it can be used to match CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	82255f0af3	python3-parso: set CVE_PRODUCT There is one related CVE tracked by nist, using the parso_project:parso CPE, which doesn't match the default python:parso CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'parso'; CVE-2019-12760\|parso_project\|parso\|\|\|0.4.0\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	97363a7b77	python3-marshmallow: set CVE_PRODUCT The default python:marshmallow CPE doesn't match the CVEs related to this product, as they are tracked with marshmallow_project:marshmallow CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'marshmallow'; CVE-2018-17175\|marshmallow_project\|marshmallow\|\|\|2.15.1\|< CVE-2018-17175\|marshmallow_project\|marshmallow\|3.0\|>=\|3.0.0b9\|< Set the CVE_PRODUCT so it matches related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	039970deb2	python3-flask: set CVE_PRODUCT The default python:flask CPE doesn't match relevant CVE entries which are tracked under palletsprojects:flask CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'flask'; CVE-2018-1000656\|palletsprojects\|flask\|\|\|0.12.3\|< CVE-2019-1010083\|palletsprojects\|flask\|\|\|1.0\|< CVE-2023-30861\|palletsprojects\|flask\|\|\|2.2.5\|< CVE-2023-30861\|palletsprojects\|flask\|2.3.0\|>=\|2.3.2\|< Set the CVE_PRODUCT to "flask" so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	f121c925e8	python-gunicorn: set CVE_PRODUCT There is only one relevant CVE associated with this recipe in the CVE db, but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn (which is the default CPE from pypi.bbclass) See CVE db query: sqlite> select * from products where PRODUCT like '%gunicorn%'; CVE-2018-1000164\|gunicorn\|gunicorn\|19.4.5\|=\|\| Set CVE_PRODUCT so that it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	77ba5f31e2	python3-supervisor: set CVE_PRODUCT This recipe's CVEs are tracked using supervisord:supervisor CPE by nist, so the default python:supervisor CPE doesn't match relevant CVEs. See CVE db query (home-assisstant vendor is not relevant): sqlite> select * from products where PRODUCT like 'supervisor'; CVE-2017-11610\|supervisord\|supervisor\|\|\|3.0\|<= CVE-2017-11610\|supervisord\|supervisor\|3.1.0\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.1.1\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.1.2\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.1.3\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.0\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.1\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.2\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.3\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.3.0\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.3.1\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.3.2\|=\|\| CVE-2019-12105\|supervisord\|supervisor\|\|\|4.0.2\|<= CVE-2023-27482\|home-assistant\|supervisor\|\|\|2023.03.1\|< Set the CVE_PRODUCT explicitly to match relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	5ec4458878	python3-pyjwt: set CVE_PRODUCT The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them. See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424\|pyjwt_project\|pyjwt\|\|\|1.5.0\|<= CVE-2022-29217\|pyjwt_project\|pyjwt\|1.5.0\|>=\|2.4.0\|< CVE-2024-53861\|pyjwt_project\|pyjwt\|2.10.0\|=\|\| CVE-2025-45768\|pyjwt_project\|pyjwt\|2.10.1\|=\|\| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	851e449d54	python3-html5lib: set CVE_PRODUCT There are currently 2 related CVEs in the NIST db, both of them are tracked with html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match. See CVE db query: sqlite> select * from products where PRODUCT like '%html5lib%'; CVE-2016-9909\|html5lib\|html5lib\|\|\|0.99999999\|<= CVE-2016-9910\|html5lib\|html5lib\|\|\|0.99999999\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	6f2ce3843e	python3-werkzeug: set CVE_PRODUCT The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes the the default python:werkzeug CPE to not match anything. See CVE db query: sqlite> select * from products where PRODUCT like 'werkzeug'; CVE-2016-10516\|palletsprojects\|werkzeug\|\|\|0.11.11\|< CVE-2019-14322\|palletsprojects\|werkzeug\|\|\|0.15.5\|< CVE-2019-14806\|palletsprojects\|werkzeug\|\|\|0.15.3\|< CVE-2020-28724\|palletsprojects\|werkzeug\|\|\|0.11.6\|< CVE-2022-29361\|palletsprojects\|werkzeug\|\|\|2.1.0\|<= CVE-2023-23934\|palletsprojects\|werkzeug\|\|\|2.2.3\|< CVE-2023-25577\|palletsprojects\|werkzeug\|\|\|2.2.3\|< CVE-2023-46136\|palletsprojects\|werkzeug\|\|\|2.3.8\|< CVE-2023-46136\|palletsprojects\|werkzeug\|3.0.0\|=\|\| CVE-2024-34069\|palletsprojects\|werkzeug\|\|\|3.0.3\|< CVE-2024-49766\|palletsprojects\|werkzeug\|\|\|3.0.6\|< CVE-2024-49767\|palletsprojects\|werkzeug\|\|\|3.0.6\|< CVE-2025-66221\|palletsprojects\|werkzeug\|\|\|3.1.4\|< Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	5dd59b03f8	python3-tqdm: set CVE_PRODUCT The only related CVE to this recipe is tracked using tqdm_project:tqdm CPE, so the default python:tqdm CPE doesn't match it. See relevant CVE db query: sqlite> select * from products where PRODUCT like 'tqdm'; CVE-2016-10075\|tqdm_project\|tqdm\|4.4.1\|=\|\| CVE-2016-10075\|tqdm_project\|tqdm\|4.10\|=\|\| Set the CVE_PRODUCT so it can match related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	4675c9ddb7	python3-ipython: set CVE_PRODUCT ipython CVEs are tracked using ipython:ipython CPE, so the default python:ipython CVE_PRODUCT doesn't match relevant CPEs. See CVE db query: sqlite> select * from products where PRODUCT like 'ipython'; CVE-2015-4706\|ipython\|ipython\|3.0.0\|=\|\| CVE-2015-4706\|ipython\|ipython\|3.1.0\|=\|\| CVE-2015-4707\|ipython\|ipython\|\|\|3.2.0\|< CVE-2015-5607\|ipython\|ipython\|2.0.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.1.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.2.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.3.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.3.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.4.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.4.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.0.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.1.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.2\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.3\|=\|\| CVE-2022-21699\|ipython\|ipython\|\|\|5.10.0\|<= CVE-2022-21699\|ipython\|ipython\|6.0.0\|>=\|7.16.3\|< CVE-2022-21699\|ipython\|ipython\|7.17.0\|>=\|7.31.1\|< CVE-2022-21699\|ipython\|ipython\|8.0.0\|>=\|8.0.1\|< CVE-2023-24816\|ipython\|ipython\|\|\|8.10.0\|< Set the CVE_PRODUCT accordingly to match the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	25b9ae3902	python3-m2crypto: set CVE_PRODUCT NIST currently tracks CVEs under at least 2 different CPEs for this recipe, but neither of them is python:m2crypto (the default CVE_PRODUCT). See CVE db query: sqlite> select * from products where PRODUCT like '%m2crypto%'; CVE-2009-0127\|heikkitoivonen\|m2crypto\|-\|\|\| CVE-2020-25657\|m2crypto_project\|m2crypto\|-\|\|\| CVE-2023-50781\|m2crypto_project\|m2crypto\|-\|\|\| Set the CVE_PRODUCT to match the relevant CPEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	a89ab32230	python3-twisted: set CVE_PRODUCT The related CVEs are tracked with twisted:twisted CPE, so the default python:twisted CPE doesn't match any entries. See CVE db query: sqlite> select * from products where PRODUCT = 'twisted'; CVE-2014-7143\|twisted\|twisted\|14.0.0\|=\|\| CVE-2016-1000111\|twisted\|twisted\|\|\|16.3.1\|< CVE-2019-12387\|twisted\|twisted\|\|\|19.2.1\|< CVE-2019-12855\|twisted\|twisted\|\|\|19.2.1\|<= CVE-2020-10108\|twisted\|twisted\|\|\|19.10.0\|<= CVE-2020-10109\|twisted\|twisted\|\|\|19.10.0\|<= CVE-2022-21712\|twisted\|twisted\|11.1.0\|>=\|22.1.0\|< CVE-2022-21716\|twisted\|twisted\|21.7.0\|>=\|22.2.0\|< CVE-2022-24801\|twisted\|twisted\|\|\|22.4.0\|< CVE-2022-39348\|twisted\|twisted\|0.9.4\|>=\|22.10.0\|< CVE-2023-46137\|twisted\|twisted\|\|\|22.8.0\|<= CVE-2024-41810\|twisted\|twisted\|\|\|24.3.0\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	b96b616553	python3-simplejson: set CVE_PRODUCT There is one relevant CVE tracked using the simplejson_prject:simplejson CPE, and no entries tracked with python:simplejson. See CVE db query: sqlite> select * from products where PRODUCT like '%simplejson%'; CVE-2014-4616\|simplejson_project\|simplejson\|\|\|2.6.1\|< Set the CVE_PRODUCT accordingly Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	0aa5b9d824	python3-virtualenv: set CVE_PRODUCT There are relevant CVEs tracked under two different CPEs: python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed). See CVE db query: sqlite> select * from products where PRODUCT = 'virtualenv'; CVE-2011-4617\|python\|virtualenv\|\|\|1.4.9\|<= CVE-2011-4617\|python\|virtualenv\|0.8\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.0\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.1.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.5\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.6\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.7\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.8\|=\|\| CVE-2013-5123\|virtualenv\|virtualenv\|12.0.7\|=\|\| CVE-2024-53899\|virtualenv\|virtualenv\|\|\|20.26.6\|< Set the CVE_PRODUCT so both are matched. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	c5a7d5765e	python3-httplib2: set CVE_PRODUCT There are no CVEs tracked with python:httplib2 CPE, but there are multiple ones tracked under httplib2_project:hgttplib2 CPE (and they are related to this recipe). See CVE db query: sqlite> select * from products where PRODUCT = 'httplib2'; CVE-2013-2037\|httplib2_project\|httplib2\|\|\|0.7.2\|<= CVE-2013-2037\|httplib2_project\|httplib2\|0.8\|=\|\| CVE-2020-11078\|httplib2_project\|httplib2\|\|\|0.18.0\|< CVE-2021-21240\|httplib2_project\|httplib2\|\|\|0.19.0\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	a9a8c80550	python3-matplotlib: set CVE_PRODUCT At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are tracked by the defaul python:matplotlib CPE). See CVE db query: sqlite> select * from products where PRODUCT = 'matplotlib'; CVE-2013-1424\|debian\|matplotlib\|0.99.3-1\|>=\|1.4.2-3.1\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	fc90f2b514	python3-pyrad: set CVE_PRODUCT NIST tracks related CVEs with pyrad_project CPE vendor instead of "python". Set the CVE_PRODUCT to pyrad, so both can be matched. See CVE db query: sqlite> select * from products where PRODUCT = 'pyrad'; CVE-2013-0294\|pyrad_project\|pyrad\|\|\|2.1\|< CVE-2013-0342\|pyrad_project\|pyrad\|\|\|2.1\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	febab38136	python3-redis: set CVE_PRODUCT Set the correct CVE_PRODUCT for the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	34f5d84f85	python3-twitter: set CVE_PRODUCT The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where PRODUCT = 'tweepy'; CVE-2012-5825\|tweepy\|tweepy\|-\|\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	49ced80122	python3-sqlalchemy: set CVE_PRODUCT The default python:sqlalchemy CPE fails to match CVEs, because the CVEs are associated with sqlalchemy:sqlalchemy CPE. See CVE db query: sqlite> select * from products where PRODUCT = 'sqlalchemy'; CVE-2012-0805\|sqlalchemy\|sqlalchemy\|\|\|0.7.0\|<= CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta2\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta3\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.2\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.3\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.4\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.5\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.6\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.7\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.7.0_b1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.7.0_b2\|=\|\| CVE-2019-7164\|sqlalchemy\|sqlalchemy\|\|\|1.2.17\|<= CVE-2019-7164\|sqlalchemy\|sqlalchemy\|1.3.0_beta1\|=\|\| CVE-2019-7164\|sqlalchemy\|sqlalchemy\|1.3.0_beta2\|=\|\| CVE-2019-7548\|sqlalchemy\|sqlalchemy\|1.2.17\|=\|\| Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	e22d2a7ba6	python3-paramiko: set CVE_PRODUCT Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs. See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299\|python_software_foundation\|paramiko\|1.7.1\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.17.6\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.18.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.0.8\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.1.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.2.3\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.3.2\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.4.1\|=\|\| CVE-2018-7750\|paramiko\|paramiko\|\|\|1.17.6\|< CVE-2018-7750\|paramiko\|paramiko\|1.18.0\|>=\|1.18.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.0.0\|>=\|2.0.8\|< CVE-2018-7750\|paramiko\|paramiko\|2.1.0\|>=\|2.1.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.2.0\|>=\|2.2.3\|< CVE-2018-7750\|paramiko\|paramiko\|2.3.0\|>=\|2.3.2\|< CVE-2018-7750\|paramiko\|paramiko\|2.4.0\|=\|\| CVE-2022-24302\|paramiko\|paramiko\|\|\|2.10.1\|< CVE-2023-48795\|paramiko\|paramiko\|\|\|3.4.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	139cc15de3	python3-tornado: set CVE_PRODUCT The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because the project's CPE is "tornadoweb:tornado". See cve db query (docmosis is an irrelevant vendor): sqlite> select * from products where PRODUCT = 'tornado'; CVE-2012-2374\|tornadoweb\|tornado\|\|\|2.2\|<= CVE-2012-2374\|tornadoweb\|tornado\|1.0\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.0.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.1.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.2\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.2.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.0\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.1.1\|=\|\| CVE-2014-9720\|tornadoweb\|tornado\|\|\|3.2.2\|< CVE-2023-25264\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-25265\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-25266\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-28370\|tornadoweb\|tornado\|\|\|6.3.2\|< CVE-2024-42733\|docmosis\|tornado\|\|\|2.9.7\|<= CVE-2024-52804\|tornadoweb\|tornado\|\|\|6.4.2\|< CVE-2025-47287\|tornadoweb\|tornado\|\|\|6.5.0\|< CVE-2025-67724\|tornadoweb\|tornado\|\|\|6.5.3\|< CVE-2025-67725\|tornadoweb\|tornado\|\|\|6.5.3\|< CVE-2025-67726\|tornadoweb\|tornado\|\|\|6.5.3\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	96a2496b65	python3-cbor2: set CVE_PRODUCT The default, "python:cbor2" CVE_PRODUCT is not appropriate for this recipe, because most associated CVEs use "agronholm:cbor2" CPE. Set the CVE_PRODUCT to cbor2, so it will match the currently used CPE, and in case there will be future python:cbor2 CPEs also, they will be matched too. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Khem Raj	f06f03200d	python3-backports-zstd: Upgrade to 1.3.0 Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Liu Yiding	e15758ad1a	python3-fastapi-cli: upgrade 0.0.16 -> 0.0.20 Changelog: https://github.com/fastapi/fastapi-cli/releases/tag/0.0.20 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Wang Mingyu	90ab1ee642	python3-typer: upgrade 0.20.1 -> 0.21.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:49 -08:00
Wang Mingyu	3be4495590	python3-pikepdf: upgrade 10.0.3 -> 10.1.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	54691ea40a	python3-marshmallow: upgrade 4.1.1 -> 4.1.2 Changelog: Merge error store messages without rebuilding collections. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	b7a2d1f770	python3-elementpath: upgrade 5.0.4 -> 5.1.0 License-Update: Copyright year updated to 2025. Changelog: =========== - Drop Python 3.9 compatibility and add Pyton 3.15 support - Improve XPath sequence internal processing with a list derived type xlist - Extensions and fixes for XSD datatypes - Add XSequence datatype for external representation of XPath sequences Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	c5196a2282	python3-coverage: upgrade 7.13.0 -> 7.13.1 Changelog: ============ - Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. - Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable. - Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105. - Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. - Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step. - Docs: added a section explaining more about what is considered a missing branch and how it is reported: Examples of missing branches, as requested in issue 1597. - Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	9c5e7e5c29	python3-typer: upgrade 0.20.0 -> 0.20.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	ebca0ae79d	python3-tornado: upgrade 6.5.3 -> 6.5.4 Bug fixes ~~~~~~~~~ - The "in" operator for "HTTPHeaders" was incorrectly case-sensitive, causing lookups to fail for headers with different casing than the original header name. This was a regression in version 6.5.3 and has been fixed to restore the intended case-insensitive behavior from version 6.5.2 and earlier. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	f1bdb4e99b	python3-soupsieve: upgrade 2.8 -> 2.8.1 FIX: Changes in tests to accommodate latest Python HTML parser changes. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	aba3856c1e	python3-smbus2: upgrade 0.5.0 -> 0.6.0 Changelog: ========== - Python 3.14 added. - Fix SystemError: buffer overflow on Python 3.14+ on 64-bit systems by using c_ulong instead of c_uint32 for I2C_FUNCS ioctl. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	8db029f9a5	python3-sdbus: upgrade 0.14.1 -> 0.14.2 Changelog: =========== - Fix segmentation fault if export handle outlives the exported object. - Fix some tests failing on slow systems. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	dc39281af5	python3-python-multipart: upgrade 0.0.20 -> 0.0.21 Changelog: Add support for Python 3.14 and drop EOL 3.8 and 3.9 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00

1 2 3 4 5 ...

9003 Commits