meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-03-01 22:48:00 +01:00

Author	SHA1	Message	Date
Gyorgy Sarvari	df18617f6a	python3-reportlab: set CVE_PRODUCT The relevant CVEs to this recipe are tracked using reportlab:reportlab CPE, which doesn't match the default python:reportlab CPE, so the cve-checker misses CVEs. See CVE db query: sqlite> select * from products where product like '%reportlab%'; CVE-2019-17626\|reportlab\|reportlab\|\|\|3.5.26\|<=\|0 CVE-2019-19450\|reportlab\|reportlab\|\|\|3.5.31\|<\|0 CVE-2020-28463\|reportlab\|reportlab\|-\|\|\|\|0 CVE-2023-33733\|reportlab\|reportlab\|\|\|3.6.12\|<=\|0 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	16c2efd07b	python3-waitress: set CVE_PRODUCT The CVEs for this recipes are tracked using the agendaless:waitress CPE, which doesn't match the default python:waitress CPE, making the cve-checker miss relevant CVEs. See CVE db query: sqlite> select * from products where PRODUCT like 'waitress'; CVE-2019-16785\|agendaless\|waitress\|\|\|1.3.1\|<= CVE-2019-16786\|agendaless\|waitress\|\|\|1.3.1\|< CVE-2019-16789\|agendaless\|waitress\|\|\|1.4.0\|<= CVE-2019-16792\|agendaless\|waitress\|\|\|1.3.1\|<= CVE-2020-5236\|agendaless\|waitress\|1.4.2\|=\|\| CVE-2022-24761\|agendaless\|waitress\|\|\|2.1.1\|< CVE-2022-31015\|agendaless\|waitress\|2.1.0\|>=\|2.1.2\|< CVE-2024-49768\|agendaless\|waitress\|2.0.0\|>=\|3.0.1\|< CVE-2024-49769\|agendaless\|waitress\|\|\|3.0.1\|< Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Gyorgy Sarvari	82255f0af3	python3-parso: set CVE_PRODUCT There is one related CVE tracked by nist, using the parso_project:parso CPE, which doesn't match the default python:parso CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'parso'; CVE-2019-12760\|parso_project\|parso\|\|\|0.4.0\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	97363a7b77	python3-marshmallow: set CVE_PRODUCT The default python:marshmallow CPE doesn't match the CVEs related to this product, as they are tracked with marshmallow_project:marshmallow CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'marshmallow'; CVE-2018-17175\|marshmallow_project\|marshmallow\|\|\|2.15.1\|< CVE-2018-17175\|marshmallow_project\|marshmallow\|3.0\|>=\|3.0.0b9\|< Set the CVE_PRODUCT so it matches related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	039970deb2	python3-flask: set CVE_PRODUCT The default python:flask CPE doesn't match relevant CVE entries which are tracked under palletsprojects:flask CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'flask'; CVE-2018-1000656\|palletsprojects\|flask\|\|\|0.12.3\|< CVE-2019-1010083\|palletsprojects\|flask\|\|\|1.0\|< CVE-2023-30861\|palletsprojects\|flask\|\|\|2.2.5\|< CVE-2023-30861\|palletsprojects\|flask\|2.3.0\|>=\|2.3.2\|< Set the CVE_PRODUCT to "flask" so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	f121c925e8	python-gunicorn: set CVE_PRODUCT There is only one relevant CVE associated with this recipe in the CVE db, but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn (which is the default CPE from pypi.bbclass) See CVE db query: sqlite> select * from products where PRODUCT like '%gunicorn%'; CVE-2018-1000164\|gunicorn\|gunicorn\|19.4.5\|=\|\| Set CVE_PRODUCT so that it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:55 -08:00
Gyorgy Sarvari	77ba5f31e2	python3-supervisor: set CVE_PRODUCT This recipe's CVEs are tracked using supervisord:supervisor CPE by nist, so the default python:supervisor CPE doesn't match relevant CVEs. See CVE db query (home-assisstant vendor is not relevant): sqlite> select * from products where PRODUCT like 'supervisor'; CVE-2017-11610\|supervisord\|supervisor\|\|\|3.0\|<= CVE-2017-11610\|supervisord\|supervisor\|3.1.0\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.1.1\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.1.2\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.1.3\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.0\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.1\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.2\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.2.3\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.3.0\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.3.1\|=\|\| CVE-2017-11610\|supervisord\|supervisor\|3.3.2\|=\|\| CVE-2019-12105\|supervisord\|supervisor\|\|\|4.0.2\|<= CVE-2023-27482\|home-assistant\|supervisor\|\|\|2023.03.1\|< Set the CVE_PRODUCT explicitly to match relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	5ec4458878	python3-pyjwt: set CVE_PRODUCT The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them. See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424\|pyjwt_project\|pyjwt\|\|\|1.5.0\|<= CVE-2022-29217\|pyjwt_project\|pyjwt\|1.5.0\|>=\|2.4.0\|< CVE-2024-53861\|pyjwt_project\|pyjwt\|2.10.0\|=\|\| CVE-2025-45768\|pyjwt_project\|pyjwt\|2.10.1\|=\|\| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	851e449d54	python3-html5lib: set CVE_PRODUCT There are currently 2 related CVEs in the NIST db, both of them are tracked with html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match. See CVE db query: sqlite> select * from products where PRODUCT like '%html5lib%'; CVE-2016-9909\|html5lib\|html5lib\|\|\|0.99999999\|<= CVE-2016-9910\|html5lib\|html5lib\|\|\|0.99999999\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	6f2ce3843e	python3-werkzeug: set CVE_PRODUCT The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes the the default python:werkzeug CPE to not match anything. See CVE db query: sqlite> select * from products where PRODUCT like 'werkzeug'; CVE-2016-10516\|palletsprojects\|werkzeug\|\|\|0.11.11\|< CVE-2019-14322\|palletsprojects\|werkzeug\|\|\|0.15.5\|< CVE-2019-14806\|palletsprojects\|werkzeug\|\|\|0.15.3\|< CVE-2020-28724\|palletsprojects\|werkzeug\|\|\|0.11.6\|< CVE-2022-29361\|palletsprojects\|werkzeug\|\|\|2.1.0\|<= CVE-2023-23934\|palletsprojects\|werkzeug\|\|\|2.2.3\|< CVE-2023-25577\|palletsprojects\|werkzeug\|\|\|2.2.3\|< CVE-2023-46136\|palletsprojects\|werkzeug\|\|\|2.3.8\|< CVE-2023-46136\|palletsprojects\|werkzeug\|3.0.0\|=\|\| CVE-2024-34069\|palletsprojects\|werkzeug\|\|\|3.0.3\|< CVE-2024-49766\|palletsprojects\|werkzeug\|\|\|3.0.6\|< CVE-2024-49767\|palletsprojects\|werkzeug\|\|\|3.0.6\|< CVE-2025-66221\|palletsprojects\|werkzeug\|\|\|3.1.4\|< Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	5dd59b03f8	python3-tqdm: set CVE_PRODUCT The only related CVE to this recipe is tracked using tqdm_project:tqdm CPE, so the default python:tqdm CPE doesn't match it. See relevant CVE db query: sqlite> select * from products where PRODUCT like 'tqdm'; CVE-2016-10075\|tqdm_project\|tqdm\|4.4.1\|=\|\| CVE-2016-10075\|tqdm_project\|tqdm\|4.10\|=\|\| Set the CVE_PRODUCT so it can match related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	4675c9ddb7	python3-ipython: set CVE_PRODUCT ipython CVEs are tracked using ipython:ipython CPE, so the default python:ipython CVE_PRODUCT doesn't match relevant CPEs. See CVE db query: sqlite> select * from products where PRODUCT like 'ipython'; CVE-2015-4706\|ipython\|ipython\|3.0.0\|=\|\| CVE-2015-4706\|ipython\|ipython\|3.1.0\|=\|\| CVE-2015-4707\|ipython\|ipython\|\|\|3.2.0\|< CVE-2015-5607\|ipython\|ipython\|2.0.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.1.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.2.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.3.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.3.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.4.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.4.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.0.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.1.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.2\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.3\|=\|\| CVE-2022-21699\|ipython\|ipython\|\|\|5.10.0\|<= CVE-2022-21699\|ipython\|ipython\|6.0.0\|>=\|7.16.3\|< CVE-2022-21699\|ipython\|ipython\|7.17.0\|>=\|7.31.1\|< CVE-2022-21699\|ipython\|ipython\|8.0.0\|>=\|8.0.1\|< CVE-2023-24816\|ipython\|ipython\|\|\|8.10.0\|< Set the CVE_PRODUCT accordingly to match the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	25b9ae3902	python3-m2crypto: set CVE_PRODUCT NIST currently tracks CVEs under at least 2 different CPEs for this recipe, but neither of them is python:m2crypto (the default CVE_PRODUCT). See CVE db query: sqlite> select * from products where PRODUCT like '%m2crypto%'; CVE-2009-0127\|heikkitoivonen\|m2crypto\|-\|\|\| CVE-2020-25657\|m2crypto_project\|m2crypto\|-\|\|\| CVE-2023-50781\|m2crypto_project\|m2crypto\|-\|\|\| Set the CVE_PRODUCT to match the relevant CPEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	a89ab32230	python3-twisted: set CVE_PRODUCT The related CVEs are tracked with twisted:twisted CPE, so the default python:twisted CPE doesn't match any entries. See CVE db query: sqlite> select * from products where PRODUCT = 'twisted'; CVE-2014-7143\|twisted\|twisted\|14.0.0\|=\|\| CVE-2016-1000111\|twisted\|twisted\|\|\|16.3.1\|< CVE-2019-12387\|twisted\|twisted\|\|\|19.2.1\|< CVE-2019-12855\|twisted\|twisted\|\|\|19.2.1\|<= CVE-2020-10108\|twisted\|twisted\|\|\|19.10.0\|<= CVE-2020-10109\|twisted\|twisted\|\|\|19.10.0\|<= CVE-2022-21712\|twisted\|twisted\|11.1.0\|>=\|22.1.0\|< CVE-2022-21716\|twisted\|twisted\|21.7.0\|>=\|22.2.0\|< CVE-2022-24801\|twisted\|twisted\|\|\|22.4.0\|< CVE-2022-39348\|twisted\|twisted\|0.9.4\|>=\|22.10.0\|< CVE-2023-46137\|twisted\|twisted\|\|\|22.8.0\|<= CVE-2024-41810\|twisted\|twisted\|\|\|24.3.0\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	b96b616553	python3-simplejson: set CVE_PRODUCT There is one relevant CVE tracked using the simplejson_prject:simplejson CPE, and no entries tracked with python:simplejson. See CVE db query: sqlite> select * from products where PRODUCT like '%simplejson%'; CVE-2014-4616\|simplejson_project\|simplejson\|\|\|2.6.1\|< Set the CVE_PRODUCT accordingly Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	0aa5b9d824	python3-virtualenv: set CVE_PRODUCT There are relevant CVEs tracked under two different CPEs: python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed). See CVE db query: sqlite> select * from products where PRODUCT = 'virtualenv'; CVE-2011-4617\|python\|virtualenv\|\|\|1.4.9\|<= CVE-2011-4617\|python\|virtualenv\|0.8\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.0\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.1.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.5\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.6\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.7\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.8\|=\|\| CVE-2013-5123\|virtualenv\|virtualenv\|12.0.7\|=\|\| CVE-2024-53899\|virtualenv\|virtualenv\|\|\|20.26.6\|< Set the CVE_PRODUCT so both are matched. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	c5a7d5765e	python3-httplib2: set CVE_PRODUCT There are no CVEs tracked with python:httplib2 CPE, but there are multiple ones tracked under httplib2_project:hgttplib2 CPE (and they are related to this recipe). See CVE db query: sqlite> select * from products where PRODUCT = 'httplib2'; CVE-2013-2037\|httplib2_project\|httplib2\|\|\|0.7.2\|<= CVE-2013-2037\|httplib2_project\|httplib2\|0.8\|=\|\| CVE-2020-11078\|httplib2_project\|httplib2\|\|\|0.18.0\|< CVE-2021-21240\|httplib2_project\|httplib2\|\|\|0.19.0\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	a9a8c80550	python3-matplotlib: set CVE_PRODUCT At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are tracked by the defaul python:matplotlib CPE). See CVE db query: sqlite> select * from products where PRODUCT = 'matplotlib'; CVE-2013-1424\|debian\|matplotlib\|0.99.3-1\|>=\|1.4.2-3.1\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	fc90f2b514	python3-pyrad: set CVE_PRODUCT NIST tracks related CVEs with pyrad_project CPE vendor instead of "python". Set the CVE_PRODUCT to pyrad, so both can be matched. See CVE db query: sqlite> select * from products where PRODUCT = 'pyrad'; CVE-2013-0294\|pyrad_project\|pyrad\|\|\|2.1\|< CVE-2013-0342\|pyrad_project\|pyrad\|\|\|2.1\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	febab38136	python3-redis: set CVE_PRODUCT Set the correct CVE_PRODUCT for the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	34f5d84f85	python3-twitter: set CVE_PRODUCT The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where PRODUCT = 'tweepy'; CVE-2012-5825\|tweepy\|tweepy\|-\|\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	49ced80122	python3-sqlalchemy: set CVE_PRODUCT The default python:sqlalchemy CPE fails to match CVEs, because the CVEs are associated with sqlalchemy:sqlalchemy CPE. See CVE db query: sqlite> select * from products where PRODUCT = 'sqlalchemy'; CVE-2012-0805\|sqlalchemy\|sqlalchemy\|\|\|0.7.0\|<= CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta2\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta3\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.2\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.3\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.4\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.5\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.6\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.7\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.7.0_b1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.7.0_b2\|=\|\| CVE-2019-7164\|sqlalchemy\|sqlalchemy\|\|\|1.2.17\|<= CVE-2019-7164\|sqlalchemy\|sqlalchemy\|1.3.0_beta1\|=\|\| CVE-2019-7164\|sqlalchemy\|sqlalchemy\|1.3.0_beta2\|=\|\| CVE-2019-7548\|sqlalchemy\|sqlalchemy\|1.2.17\|=\|\| Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	e22d2a7ba6	python3-paramiko: set CVE_PRODUCT Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs. See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299\|python_software_foundation\|paramiko\|1.7.1\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.17.6\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.18.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.0.8\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.1.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.2.3\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.3.2\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.4.1\|=\|\| CVE-2018-7750\|paramiko\|paramiko\|\|\|1.17.6\|< CVE-2018-7750\|paramiko\|paramiko\|1.18.0\|>=\|1.18.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.0.0\|>=\|2.0.8\|< CVE-2018-7750\|paramiko\|paramiko\|2.1.0\|>=\|2.1.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.2.0\|>=\|2.2.3\|< CVE-2018-7750\|paramiko\|paramiko\|2.3.0\|>=\|2.3.2\|< CVE-2018-7750\|paramiko\|paramiko\|2.4.0\|=\|\| CVE-2022-24302\|paramiko\|paramiko\|\|\|2.10.1\|< CVE-2023-48795\|paramiko\|paramiko\|\|\|3.4.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	139cc15de3	python3-tornado: set CVE_PRODUCT The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because the project's CPE is "tornadoweb:tornado". See cve db query (docmosis is an irrelevant vendor): sqlite> select * from products where PRODUCT = 'tornado'; CVE-2012-2374\|tornadoweb\|tornado\|\|\|2.2\|<= CVE-2012-2374\|tornadoweb\|tornado\|1.0\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.0.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.1.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.2\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.2.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.0\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.1.1\|=\|\| CVE-2014-9720\|tornadoweb\|tornado\|\|\|3.2.2\|< CVE-2023-25264\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-25265\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-25266\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-28370\|tornadoweb\|tornado\|\|\|6.3.2\|< CVE-2024-42733\|docmosis\|tornado\|\|\|2.9.7\|<= CVE-2024-52804\|tornadoweb\|tornado\|\|\|6.4.2\|< CVE-2025-47287\|tornadoweb\|tornado\|\|\|6.5.0\|< CVE-2025-67724\|tornadoweb\|tornado\|\|\|6.5.3\|< CVE-2025-67725\|tornadoweb\|tornado\|\|\|6.5.3\|< CVE-2025-67726\|tornadoweb\|tornado\|\|\|6.5.3\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	96a2496b65	python3-cbor2: set CVE_PRODUCT The default, "python:cbor2" CVE_PRODUCT is not appropriate for this recipe, because most associated CVEs use "agronholm:cbor2" CPE. Set the CVE_PRODUCT to cbor2, so it will match the currently used CPE, and in case there will be future python:cbor2 CPEs also, they will be matched too. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Khem Raj	f06f03200d	python3-backports-zstd: Upgrade to 1.3.0 Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Liu Yiding	e15758ad1a	python3-fastapi-cli: upgrade 0.0.16 -> 0.0.20 Changelog: https://github.com/fastapi/fastapi-cli/releases/tag/0.0.20 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Wang Mingyu	90ab1ee642	python3-typer: upgrade 0.20.1 -> 0.21.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:49 -08:00
Wang Mingyu	3be4495590	python3-pikepdf: upgrade 10.0.3 -> 10.1.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	54691ea40a	python3-marshmallow: upgrade 4.1.1 -> 4.1.2 Changelog: Merge error store messages without rebuilding collections. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	b7a2d1f770	python3-elementpath: upgrade 5.0.4 -> 5.1.0 License-Update: Copyright year updated to 2025. Changelog: =========== - Drop Python 3.9 compatibility and add Pyton 3.15 support - Improve XPath sequence internal processing with a list derived type xlist - Extensions and fixes for XSD datatypes - Add XSequence datatype for external representation of XPath sequences Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	c5196a2282	python3-coverage: upgrade 7.13.0 -> 7.13.1 Changelog: ============ - Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. - Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable. - Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105. - Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. - Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step. - Docs: added a section explaining more about what is considered a missing branch and how it is reported: Examples of missing branches, as requested in issue 1597. - Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	9c5e7e5c29	python3-typer: upgrade 0.20.0 -> 0.20.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	ebca0ae79d	python3-tornado: upgrade 6.5.3 -> 6.5.4 Bug fixes ~~~~~~~~~ - The "in" operator for "HTTPHeaders" was incorrectly case-sensitive, causing lookups to fail for headers with different casing than the original header name. This was a regression in version 6.5.3 and has been fixed to restore the intended case-insensitive behavior from version 6.5.2 and earlier. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	f1bdb4e99b	python3-soupsieve: upgrade 2.8 -> 2.8.1 FIX: Changes in tests to accommodate latest Python HTML parser changes. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	aba3856c1e	python3-smbus2: upgrade 0.5.0 -> 0.6.0 Changelog: ========== - Python 3.14 added. - Fix SystemError: buffer overflow on Python 3.14+ on 64-bit systems by using c_ulong instead of c_uint32 for I2C_FUNCS ioctl. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	8db029f9a5	python3-sdbus: upgrade 0.14.1 -> 0.14.2 Changelog: =========== - Fix segmentation fault if export handle outlives the exported object. - Fix some tests failing on slow systems. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	dc39281af5	python3-python-multipart: upgrade 0.0.20 -> 0.0.21 Changelog: Add support for Python 3.14 and drop EOL 3.8 and 3.9 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	4389519b6b	python3-pikepdf: upgrade 10.0.2 -> 10.0.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	602a336ae3	python3-nodeenv: upgrade 1.9.1 -> 1.10.0 Changelog: ========== - Use lowercase lookup for archmap - Add support for Python 3.13 - Add UV Virtual Environment support - Use sh instead of bash - Replace additional use of which(1) with shutil.which() - Support leading v in .node-version - Check host platform when finding node version Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	b92546dea2	python3-joblib: upgrade 1.5.2 -> 1.5.3 Changelog: =========== - The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. - Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. - Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	049f50eef4	python3-imgtool: upgrade 2.2.0 -> 2.3.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	310009aad6	python3-humanize: upgrade 4.14.0 -> 4.15.0 Added ------ - Add locale support for decimal separator in intword - Add support for Python 3.15 Changed -------- - Replace pre-commit with prek Fixed ------ - naturaldelta: round the value to nearest unit that makes sense - Fix plural form for intword and improve performance - Replace Exception with more specific FileNotFoundError Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	3f09bcaf54	python3-google-auth: upgrade 2.43.0 -> 2.45.0 Changelog: ============= Features --------- - Adding Agent Identity bound token support and handling certificate mismatches with retries - support Python 3.14 - add ecdsa p-384 support - MDS connections use mTLS - Implement token revocation in STS client and add revoke() method to ExternalAccountAuthorizedUser credentials - Add shlex to correctly parse executable commands with spaces Bug Fixes --------- - Use public refresh method for source credentials in ImpersonatedCredentials - Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration - Delegate workload cert and key default lookup to helper function Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	c2710a2df9	python3-filelock: upgrade 3.20.0 -> 3.20.1 Changelog: CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	44c27a5915	python3-cmake: upgrade 4.2.0 -> 4.2.1 Changelog: ========== - fix: add missing f-string prefix for --parallel bootstrap arg - fix: workaround issue in lastversion with OpenSSL - chore(deps): update clang to 21.1.8.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:27 -08:00
Wang Mingyu	0cc847b8f7	python3-cachetools: upgrade 6.2.3 -> 6.2.4 Changelog: Fix license information displayed on PyPI be using an updated version of twine for uploading. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:27 -08:00
Khem Raj	dbc5ef5e12	python3-pyzstd: Delete recipe It has been moved to core layer Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Koen Kooi <koen.kooi@oss.qualcomm.com>	2025-12-24 13:18:25 -08:00
Liu Yiding	cf1b6485d1	python3-uvicorn: upgrade 0.38.0 -> 0.40.0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-23 12:22:42 -08:00
Liu Yiding	a33d278d08	python3-importlib-metadata: upgrade 8.7.0 -> 8.7.1 LIC_FILES_CHKSUM changed as LICENSE file format has been changed in 8.7.1 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-23 12:22:41 -08:00
Khem Raj	c0fb020740	python3-pytest-metadata: Upgrade to 3.1.1 pytest-metadata version 2.0.2 has a bug where it tries to access py.__version__, but the py library version 1.11.0 removed the __version__ attribute. This is a known incompatibility. Switch to hatching build backend Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-22 07:29:42 -08:00
Khem Raj	ab4e9f7009	python3-pytest-html: Add missing ptest rdep on pytest html Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 12:58:57 -08:00
Wang Mingyu	2c0a4edb58	python3-tzdata: upgrade 2025.2 -> 2025.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:04 -08:00
Wang Mingyu	8ba97b6646	python3-tornado: upgrade 6.5.2 -> 6.5.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:04 -08:00
Wang Mingyu	f95039cd4b	python3-sqlalchemy: upgrade 2.0.44 -> 2.0.45 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:04 -08:00
Wang Mingyu	50f6252da9	python3-nanobind: upgrade 2.9.2 -> 2.10.2 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	335d2486ed	python3-matplotlib: upgrade 3.10.7 -> 3.10.8 Changelog: =========== - Properly allow freethreaded mode in the MacOS backend - Better error handling for MacOS backend Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	ac2879c276	python3-fastapi: upgrade 0.124.0 -> 0.124.4 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	ff6283e627	python3-coverage: upgrade 7.12.0 -> 7.13.0 Changelog: ============ - Feature: coverage.py now supports .coveragerc.toml - Fix: we now include a permanent .pth file which is installed with the code - Deprecated: when coverage.py is installed, it creates three command entry points: coverage, coverage3, and coverage-3.10 (if installed for Python 3.10). The second and third of these are not needed and will eventually be removed. They still work for now, but print a message about their deprecation. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	99022c28b7	python3-cachetools: upgrade 6.2.2 -> 6.2.3 Changelog: ========== - Improve documentation regarding @cachedmethod with condition parameter. - Minor style and readability improvements. - Modernize build environment. - Update CI environment. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	5e3cbe73ed	python3-black: upgrade 25.11.0 -> 25.12.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	8f50eabb81	python3-aiodns: upgrade 3.6.0 -> 3.6.1 Changelog: Pin pycares to < 5 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:02 -08:00
Liu Yiding	d39a37da7d	python3-txaio: upgrade 25.12.1 -> 25.12.2 LICENSE CHKSUM has been changed as title was added in new LICENSE file. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:01 -08:00
Gyorgy Sarvari	fae6fe9b41	python3-django: upgrade 4.2.26 -> 4.2.27 Contains fix for CVE-2025-13372 and CVE-2025-64460 Changelog: https://github.com/django/django/blob/4.2.27/docs/releases/4.2.27.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-20 11:41:01 -08:00
Gyorgy Sarvari	2538918df1	python3-django: upgrade 5.2.8 -> 5.2.9 Includes fix for CVE-2025-13372 and CVE-2025-64460 Changelog: https://github.com/django/django/blob/5.2.9/docs/releases/5.2.9.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-20 11:41:01 -08:00
Tom Geelen	b91e86f73a	python3-chromecast: upgrade 14.0.7 -> 14.0.9 Changelog: https://github.com/home-assistant-libs/pychromecast/releases/tag/14.0.9 Drop obsolete patches. Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-16 19:57:34 -08:00
Tom Geelen	063ae95c56	python3-aiohttp: add optional PACKAGECONFIG for the extras mentioned in the build requirements Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-16 19:57:34 -08:00
Tom Geelen	120f908fa0	python3-aiohttp: add BBCLASSEXTEND: native and nativesdk to the recipe Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-16 19:57:34 -08:00
Tom Geelen	f11695a304	python3-aiohttp: upgrade 3.12.15 -> 3.12.2 Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-16 19:57:33 -08:00
Tom Geelen	1b8afacbda	python3-async-timeout: add BBCLASSEXTEND for native and nativesdk Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com> Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-16 19:57:33 -08:00
Khem Raj	ec4c278bc9	python3-betamax: Skip ptests accessing network cassette fixtures are not installed in ptests so skip test_requests_with_json_body Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:15 -08:00
Khem Raj	a145ddffde	python3-traitlets: Fix ptests fails Python 3.13 changed how argparse handles % in help strings, now treating them all as format placeholders Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:15 -08:00
Khem Raj	ea2e124c95	python3-multidict: Add missing dependency on psutils modules for ptests Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:15 -08:00
Khem Raj	d8e7190fd3	python3-pyzstd: Remove setup.py tweak for lto/clang This tweak was specific to clang-16, its no longer needed moreover, setup.py is no longer there in latest 0.19.x release Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:15 -08:00
Khem Raj	0b5f2ba62c	python3-pyzstd: Add ptest dependency on backports.zstd This module is needed by ptests in 0.19+ Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:14 -08:00
Khem Raj	332072205f	python3-backports-zstd: Add recipe This is required by python3-pyzstd >= 0.19.0 tests Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:14 -08:00
Liu Yiding	e26c6f86c8	python3-pyzstd: upgrade 0.18.0 -> 0.19.0 1. Changelog - The project has been completely refactored to use the Zstandard implementation from the standard library ([PEP-784](https://peps.python.org/pep-0784/)) - The refactor has some minor impact on public APIs, such as changing the exception raised on invalid input 2. Drop 0001-Bump-setuptools-dependency-from-74-to-89.patch as setuptools in requires was removed in pyproject.toml 3. HOMEPAGE has been changed to https://github.com/Rogdham/pyzstd. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-10 08:56:14 -08:00
Wang Mingyu	632523b914	python3-txaio: upgrade 25.9.2 -> 25.12.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	fd9bab33e2	python3-pytest-httpx: upgrade 0.35.0 -> 0.36.0 License-Update: Copyright year updated to 2025 Changelog: =========== - pytest required version is now 9. - Explicit support for python 3.14. - match_params parameter is now available on responses and callbacks registration, as well as request(s) retrieval. Allowing to provide query parameters as a dict instead of being part of the matched URL. - This parameter allows to perform partial query params matching (refer to documentation for more information). - URL with more than one value for the same parameter were not matched properly (matching was performed on the first value). - httpx_mock.add_exception is now properly documented (accepts BaseException instead of Exception). - pytest 8 is not supported anymore. - python 3.9 is not supported anymore. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	3f13fbc5c2	python3-pymongo: upgrade 4.15.4 -> 4.15.5 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	7ea6be4b5a	python3-pybase64: upgrade 1.4.2 -> 1.4.3 Changelog: ========== - Publish Android Python 3.14 wheels - Publish GraalPy v25 wheels Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	f0f0092cbd	python3-pyais: upgrade 2.13.3 -> 2.14.0 Changelog: ============ * Fix: Message Type 24 Part B: Detecting MMSI as auxiliary * add support for AIS Message Type 24 Part B auxiliary craft variant * auxiliary craft now decode mothership MMSI instead of vessel dimensions Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	4ae28f24fd	python3-platformdirs: upgrade 4.5.0 -> 4.5.1 Changelog: Fix no-ctypes fallback on windows Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	3933501591	python3-marshmallow: upgrade 4.1.0 -> 4.1.1 Bug fix: Ensure URL validator is case-insensitive when using custom schemes Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	95f21ffa95	python3-ipython: upgrade 9.7.0 -> 9.8.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	3af05cab17	python3-greenlet: upgrade 3.2.4 -> 3.3.0 Changelog: ========== - Drop support for Python 3.9. - Switch to distributing manylinux_2_28 wheels instead of manylinux2014 wheels. Likewise, switch from musllinux_1_1 to 1_2. - Add initial support for free-threaded builds of CPython 3.14. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	8de88b0308	python3-fastapi: upgrade 0.122.0 -> 0.124.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	078c62af8c	python3-cmd2: upgrade 2.7.0 -> 3.0.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	e00835c994	python3-cantools: upgrade 41.0.0 -> 41.0.2 Changelog: ========== - Add support for INT VFrameFormat - Check ./tests directory with ruff Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:01 -08:00
Wang Mingyu	4006ec486b	python3-argcomplete: upgrade 3.6.2 -> 3.6.3 Changelog: ============ - Make RE PCRE compatible. - Only execute Python interpreters - fish: set variable scope to local to avoid clobbering global or universal variables - Documentation and help improvements Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:00 -08:00
Wang Mingyu	22dc38bdcc	python3-aiodns: upgrade 3.5.0 -> 3.6.0 Changelog: ============= - Fix resolver garbage collection during pending queries (#211) - Prevents resolver from being garbage collected while queries are in progress - Socket callback optimizations (#172) - Improved performance for socket state handling - Fixed RTD links (#176) - Added Python 3.14 to the CI (#212) - Updated dependencies- Fix resolver garbage collection during pending queries (#211) - Prevents resolver from being garbage collected while queries are in progress - Socket callback optimizations (#172) - Improved performance for socket state handling - Fixed RTD links (#176) - Added Python 3.14 to the CI (#212) - Updated dependencies Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-09 15:11:00 -08:00
Liu Yiding	668902b774	python3-protobuf: upgrade 6.33.1 -> 6.33.2 Change log: https://github.com/protocolbuffers/protobuf/releases/tag/v33.2 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-08 23:22:19 -08:00
Leon Anavi	7954f37b3c	python3-huey: Upgrade 2.5.4 -> 2.5.5 Upgrade to release 2.5.5: - Fix for pypi Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-05 10:14:17 -08:00
Leon Anavi	588b327f0f	python3-multidict: Upgrade 6.6.3 -> 6.7.0 Upgrade to release 6.7.0: - Updated tests and added CI for CPython 3.14 From 6.6.4: - Fixed MutliDict & CIMultiDict memory leak when deleting values or clearing them - The type preciseness coverage report generated by MyPy is now uploaded to Coveralls and will not be included in the Codecov views going forward - Added memory leak test for popping or deleting attributes from a multidict to prevent future issues or bogus claims Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-05 10:14:17 -08:00
Leon Anavi	135b3a82fb	python3-autobahn: Upgrade 24.4.2 -> 25.11.1 Upgrade to release 25.11.1: - WAMP Flatbuffers serialization test coverage; WAMP message classes refactoring - Add WAMP serdes functional and benchmark testing; WAMP-Flatbuffers; WAMP Serializer Composition (transport/payload) - Add vendored Flatbuffers Fixes: WARNING: python3-autobahn-25.11.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-05 10:14:16 -08:00
Leon Anavi	b428f67575	python3-cloudpickle: Upgrade 3.1.1 -> 3.1.2 Upgrade to release 3.1.2: - Fix pickling of abstract base classes containing type annotations for Python 3.14. License-Update: Use file LICENSE Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-05 10:13:23 -08:00
Leon Anavi	71055538b5	python3-polyline: Upgrade 2.0.3 -> 2.0.4 Upgrade to release 2.0.4: - Add py.typed marker Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-04 06:06:46 -08:00
Wang Mingyu	74aa2bdac6	python3-werkzeug: upgrade 3.1.3 -> 3.1.4 Changelog: ============== - safe_join on Windows does not allow special device names. This prevents reading from these when using send_from_directory. secure_filename already prevented writing to these. - The debugger pin fails after 10 attempts instead of 11. - The multipart form parser handles a \r\n sequence at a chunk boundary. - Improve CPU usage during Watchdog reloader. - Request.json annotation is more accurate. - Traceback rendering handles when the line number is beyond the available source lines. - HTTPException.get_response annotation and doc better conveys the distinction between WSGI and sans-IO responses. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-02 09:22:52 -08:00
Wang Mingyu	674cd4fde5	python3-types-psutil: upgrade 7.1.1.20251122 -> 7.1.3.20251130 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-02 09:22:52 -08:00
Wang Mingyu	705abb20c1	python3-sqlparse: upgrade 0.5.3 -> 0.5.4 Changelog: ============= Enhancements --------------- * Add support for Python 3.14. * Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools * Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an '--in-place' flag for in-place editing * Add 'ATTACH' and 'DETACH' to PostgreSQL keywords * Add 'INTERSECT' to close keywords in WHERE clause * Support 'REGEXP BINARY' comparison operator Bug Fixes ---------- * Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements. * Remove shebang from cli.py and remove executable flag * Fix strip_comments not removing all comments when input contains only comments * Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks * Fix splitting on semicolons inside BEGIN...END blocks Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-02 09:22:51 -08:00

1 2 3 4 5 ...

8858 Commits