The relevant CVEs are tracked with sqlparse_project:sqlparse CPE,
and the default python:sqlparse CPE doesn't match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%sqlparse%';
CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|<
CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using flask-restx_project:flask-restx CPE,
which makes the default python:flask-restx CPE to not match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%flask-restx%';
CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT - the default (python:fastapi) is not the one
that is used to track CVEs.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'fastapi';
CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0
CVE-2025-55526|n8n|fastapi|0.115.14|=|||0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The correct CVE_PRODUCT is "lief" for this recipe instead of the default
${PN}, that doesn't match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like 'lief';
CVE-2021-32297|lief-project|lief|||0.11.4|<=
CVE-2022-38306|lief-project|lief|||0.12.1|<
CVE-2022-38307|lief-project|lief|||0.12.1|<
CVE-2022-38495|lief-project|lief|||0.12.1|<=
CVE-2022-38496|lief-project|lief|||0.12.1|<=
CVE-2022-38497|lief-project|lief|||0.12.1|<=
CVE-2022-40922|lief-project|lief|0.12.1|=||
CVE-2022-40923|lief-project|lief|0.12.1|=||
CVE-2022-43171|lief-project|lief|0.12.1|=||
CVE-2024-31636|lief-project|lief|0.14.1|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant
CVEs.
See CVE query (n8n vendor is not relevant):
sqlite> select * from products where product like '%pydantic%';
CVE-2021-29510|pydantic|pydantic|||1.6.2|<
CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|<
CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|<
CVE-2024-3772|pydantic|pydantic|||1.10.13|<
CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|<
CVE-2025-55526|n8n|pydantic|2.11.7|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with pikepdf_project:pikepdf CPE,
and the default python:pikepdf doesn't match CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'pikepdf';
CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVE database tracks relevant CVEs with mpmath:mpmath CPE.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'mpmath';
CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVE is tracked using flask-user_project:flask-user CPE,
so the default python:flask-user value doesn't match it.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'flask-user';
CVE-2021-23401|flask-user_project|flask-user|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using eventlet:eventlet CPE, and the default
python:eventlet CPE doesn't match relevant CVEs.
Set the correct CVE_PRODUCT.
See CVE db query:
sqlite> select * from products where product like 'eventlet';
CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|<
CVE-2023-29483|eventlet|eventlet|||0.35.2|<
CVE-2025-58068|eventlet|eventlet|||0.40.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using aiohttp:aiohttp CPE, so the default
python:aiohttp CPE doesn't match relevant CVEs.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'aiohttp';
CVE-2021-21330|aiohttp|aiohttp|||3.7.4|<
CVE-2022-33124|aiohttp|aiohttp|3.8.1|=||
CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<=
CVE-2023-47627|aiohttp|aiohttp|||3.8.6|<
CVE-2023-47641|aiohttp|aiohttp|||3.8.0|<
CVE-2023-49081|aiohttp|aiohttp|||3.9.0|<
CVE-2023-49082|aiohttp|aiohttp|||3.9.0|<
CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|<
CVE-2024-23829|aiohttp|aiohttp|||3.9.2|<
CVE-2024-27306|aiohttp|aiohttp|||3.9.4|<
CVE-2024-30251|aiohttp|aiohttp|||3.9.4|<
CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|<
CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|<
CVE-2024-52304|aiohttp|aiohttp|||3.10.11|<
CVE-2025-53643|aiohttp|aiohttp|||3.12.14|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one brotli repository for all language bindings, and the same
CPE is used for all: google:brotli (instead of the expected default
of python:brotli, in case of the Python package).
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'brotli';
CVE-2020-8927|google|brotli|||1.0.8|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:uvicorn CPE is not correct, the CVEs are tracked
under encode:uvicorn.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'uvicorn';
CVE-2020-7694|encode|uvicorn|-|||
CVE-2020-7695|encode|uvicorn|||0.11.7|<
CVE-2025-55526|n8n|uvicorn|0.35.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The only CVE stored in the CVE db is tracked with "crossbar" vendor,
which makes the default python:autobahn CPE to not match.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'autobahn';
CVE-2020-35678|crossbar|autobahn|||20.12.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT
accordingly instead of the default python:py.
See CVE db query:
sqlite> select * from products where product like 'py';
CVE-2020-29651|pytest|py|||1.9.0|<=
CVE-2022-42969|pytest|py|||1.11.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked under multiple vendor IDs (but none
of them are associated with the default "python" vendor).
Query from CVE db:
sqlite> select * from products where product like 'flask-cors';
CVE-2020-25032|flask-cors_project|flask-cors|||3.0.9|<
CVE-2024-1681|corydolphin|flask-cors|4.0.0|=||
CVE-2024-6221|corydolphin|flask-cors|4.0.1|=||
CVE-2024-6839|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6844|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6866|flask-cors_project|flask-cors|4.0.1|=||
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently there is only one CVE associated with pandas, and it is tracked
using numfocus:pandas CPE by NIST instead of the default python:pandas from
pypi.bbclass.
See CVE db query:
sqlite> select * from products where product like 'pandas';
CVE-2020-13091|numfocus|pandas|||1.0.3|<=
Set the CVE_PRODUCT accodingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is only one relevant CVE in the database, but it is tracked using
svglib_project:svglib CPE, not the expected python:svglib CPE, making the
cve-checker miss it.
See CVE db query:
sqlite> select * from products where product like '%svglib%';
CVE-2020-10799|svglib_project|svglib|||0.9.3|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs for this recipe are tracked using webargs_project:webargs
CPE, which makes the default python:webargs CPE to miss CVEs.
See CVE db query:
sqlite> select * from products where product like '%webargs%';
CVE-2019-9710|webargs_project|webargs|||5.1.3|<
CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs related to this project are tracked using the validators_project:validators
CPE, which doesn't match the default python:validators CPE.
See CVE db query:
sqlite> select * from products where product like 'validators';
CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<=
CVE-2023-45813|validators_project|validators|0.11.0|=||
CVE-2023-45813|validators_project|validators|0.20.0|=||
Set the CVE_PRODUCT so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs to this recipe are tracked using reportlab:reportlab
CPE, which doesn't match the default python:reportlab CPE, so the cve-checker
misses CVEs.
See CVE db query:
sqlite> select * from products where product like '%reportlab%';
CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0
CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0
CVE-2020-28463|reportlab|reportlab|-||||0
CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs for this recipes are tracked using the agendaless:waitress CPE,
which doesn't match the default python:waitress CPE, making the cve-checker
miss relevant CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'waitress';
CVE-2019-16785|agendaless|waitress|||1.3.1|<=
CVE-2019-16786|agendaless|waitress|||1.3.1|<
CVE-2019-16789|agendaless|waitress|||1.4.0|<=
CVE-2019-16792|agendaless|waitress|||1.3.1|<=
CVE-2020-5236|agendaless|waitress|1.4.2|=||
CVE-2022-24761|agendaless|waitress|||2.1.1|<
CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|<
CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|<
CVE-2024-49769|agendaless|waitress|||3.0.1|<
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs for this project are tracked under nltk:nltk CPE, which doesn't
match the default python:nltk CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'nltk';
CVE-2019-14751|nltk|nltk|||3.4.5|<
CVE-2021-3828|nltk|nltk|||3.6.3|<=
CVE-2021-3842|nltk|nltk|||3.6.6|<
CVE-2021-43854|nltk|nltk|||3.6.5|<
Set the CVE_PRODUCT so it can be used to match CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one related CVE tracked by nist, using the parso_project:parso CPE,
which doesn't match the default python:parso CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'parso';
CVE-2019-12760|parso_project|parso|||0.4.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:marshmallow CPE doesn't match the CVEs related to this
product, as they are tracked with marshmallow_project:marshmallow CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'marshmallow';
CVE-2018-17175|marshmallow_project|marshmallow|||2.15.1|<
CVE-2018-17175|marshmallow_project|marshmallow|3.0|>=|3.0.0b9|<
Set the CVE_PRODUCT so it matches related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:flask CPE doesn't match relevant CVE entries which are
tracked under palletsprojects:flask CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'flask';
CVE-2018-1000656|palletsprojects|flask|||0.12.3|<
CVE-2019-1010083|palletsprojects|flask|||1.0|<
CVE-2023-30861|palletsprojects|flask|||2.2.5|<
CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|<
Set the CVE_PRODUCT to "flask" so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is only one relevant CVE associated with this recipe in the CVE db,
but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn
(which is the default CPE from pypi.bbclass)
See CVE db query:
sqlite> select * from products where PRODUCT like '%gunicorn%';
CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=||
Set CVE_PRODUCT so that it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe's CVEs are tracked using supervisord:supervisor CPE by nist,
so the default python:supervisor CPE doesn't match relevant CVEs.
See CVE db query (home-assisstant vendor is not relevant):
sqlite> select * from products where PRODUCT like 'supervisor';
CVE-2017-11610|supervisord|supervisor|||3.0|<=
CVE-2017-11610|supervisord|supervisor|3.1.0|=||
CVE-2017-11610|supervisord|supervisor|3.1.1|=||
CVE-2017-11610|supervisord|supervisor|3.1.2|=||
CVE-2017-11610|supervisord|supervisor|3.1.3|=||
CVE-2017-11610|supervisord|supervisor|3.2.0|=||
CVE-2017-11610|supervisord|supervisor|3.2.1|=||
CVE-2017-11610|supervisord|supervisor|3.2.2|=||
CVE-2017-11610|supervisord|supervisor|3.2.3|=||
CVE-2017-11610|supervisord|supervisor|3.3.0|=||
CVE-2017-11610|supervisord|supervisor|3.3.1|=||
CVE-2017-11610|supervisord|supervisor|3.3.2|=||
CVE-2019-12105|supervisord|supervisor|||4.0.2|<=
CVE-2023-27482|home-assistant|supervisor|||2023.03.1|<
Set the CVE_PRODUCT explicitly to match relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the
defauly python:pyjwt CPE doesn't match them.
See CVE db query:
sqlite> select * from products where PRODUCT like '%pyjwt%';
CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<=
CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|<
CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=||
CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=||
Set the CVE_PRODUCT so it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are currently 2 related CVEs in the NIST db, both of them are tracked with
html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match.
See CVE db query:
sqlite> select * from products where PRODUCT like '%html5lib%';
CVE-2016-9909|html5lib|html5lib|||0.99999999|<=
CVE-2016-9910|html5lib|html5lib|||0.99999999|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes
the the default python:werkzeug CPE to not match anything.
See CVE db query:
sqlite> select * from products where PRODUCT like 'werkzeug';
CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|<
CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|<
CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|<
CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|<
CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<=
CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|<
CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=||
CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|<
CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|<
CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|<
CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|<
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The only related CVE to this recipe is tracked using tqdm_project:tqdm
CPE, so the default python:tqdm CPE doesn't match it.
See relevant CVE db query:
sqlite> select * from products where PRODUCT like 'tqdm';
CVE-2016-10075|tqdm_project|tqdm|4.4.1|=||
CVE-2016-10075|tqdm_project|tqdm|4.10|=||
Set the CVE_PRODUCT so it can match related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ipython CVEs are tracked using ipython:ipython CPE, so the default
python:ipython CVE_PRODUCT doesn't match relevant CPEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'ipython';
CVE-2015-4706|ipython|ipython|3.0.0|=||
CVE-2015-4706|ipython|ipython|3.1.0|=||
CVE-2015-4707|ipython|ipython|||3.2.0|<
CVE-2015-5607|ipython|ipython|2.0.0|=||
CVE-2015-5607|ipython|ipython|2.1.0|=||
CVE-2015-5607|ipython|ipython|2.2.0|=||
CVE-2015-5607|ipython|ipython|2.3.0|=||
CVE-2015-5607|ipython|ipython|2.3.1|=||
CVE-2015-5607|ipython|ipython|2.4.0|=||
CVE-2015-5607|ipython|ipython|2.4.1|=||
CVE-2015-5607|ipython|ipython|3.0.0|=||
CVE-2015-5607|ipython|ipython|3.1.0|=||
CVE-2015-5607|ipython|ipython|3.2.0|=||
CVE-2015-5607|ipython|ipython|3.2.1|=||
CVE-2015-5607|ipython|ipython|3.2.2|=||
CVE-2015-5607|ipython|ipython|3.2.3|=||
CVE-2022-21699|ipython|ipython|||5.10.0|<=
CVE-2022-21699|ipython|ipython|6.0.0|>=|7.16.3|<
CVE-2022-21699|ipython|ipython|7.17.0|>=|7.31.1|<
CVE-2022-21699|ipython|ipython|8.0.0|>=|8.0.1|<
CVE-2023-24816|ipython|ipython|||8.10.0|<
Set the CVE_PRODUCT accordingly to match the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NIST currently tracks CVEs under at least 2 different CPEs for this recipe,
but neither of them is python:m2crypto (the default CVE_PRODUCT).
See CVE db query:
sqlite> select * from products where PRODUCT like '%m2crypto%';
CVE-2009-0127|heikkitoivonen|m2crypto|-|||
CVE-2020-25657|m2crypto_project|m2crypto|-|||
CVE-2023-50781|m2crypto_project|m2crypto|-|||
Set the CVE_PRODUCT to match the relevant CPEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with twisted:twisted CPE, so the
default python:twisted CPE doesn't match any entries.
See CVE db query:
sqlite> select * from products where PRODUCT = 'twisted';
CVE-2014-7143|twisted|twisted|14.0.0|=||
CVE-2016-1000111|twisted|twisted|||16.3.1|<
CVE-2019-12387|twisted|twisted|||19.2.1|<
CVE-2019-12855|twisted|twisted|||19.2.1|<=
CVE-2020-10108|twisted|twisted|||19.10.0|<=
CVE-2020-10109|twisted|twisted|||19.10.0|<=
CVE-2022-21712|twisted|twisted|11.1.0|>=|22.1.0|<
CVE-2022-21716|twisted|twisted|21.7.0|>=|22.2.0|<
CVE-2022-24801|twisted|twisted|||22.4.0|<
CVE-2022-39348|twisted|twisted|0.9.4|>=|22.10.0|<
CVE-2023-46137|twisted|twisted|||22.8.0|<=
CVE-2024-41810|twisted|twisted|||24.3.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with python-ldap:python-ldap CPE, not
python:python-ldap.
See CVE db query:
sqlite> select * from products where PRODUCT like '%python-ldap%';
CVE-2021-46823|python-ldap|python-ldap|||3.4.0|<
CVE-2025-61911|python-ldap|python-ldap|||3.4.5|<
CVE-2025-61912|python-ldap|python-ldap|||3.4.5|<
Set the CVE_PRODUCT accordingly
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one relevant CVE tracked using the simplejson_prject:simplejson
CPE, and no entries tracked with python:simplejson.
See CVE db query:
sqlite> select * from products where PRODUCT like '%simplejson%';
CVE-2014-4616|simplejson_project|simplejson|||2.6.1|<
Set the CVE_PRODUCT accordingly
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant CVEs are tracked with pywbem_project:pywbem CPE instead of
the (previously) expected python:pywbem.
See CVE db query:
sqlite> select * from products where PRODUCT = 'pywbem';
CVE-2013-6418|pywbem_project|pywbem|||0.7|<=
CVE-2013-6444|pywbem_project|pywbem|||0.7|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are relevant CVEs tracked under two different CPEs:
python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed).
See CVE db query:
sqlite> select * from products where PRODUCT = 'virtualenv';
CVE-2011-4617|python|virtualenv|||1.4.9|<=
CVE-2011-4617|python|virtualenv|0.8|=||
CVE-2011-4617|python|virtualenv|0.8.1|=||
CVE-2011-4617|python|virtualenv|0.8.2|=||
CVE-2011-4617|python|virtualenv|0.8.3|=||
CVE-2011-4617|python|virtualenv|0.8.4|=||
CVE-2011-4617|python|virtualenv|0.9|=||
CVE-2011-4617|python|virtualenv|0.9.1|=||
CVE-2011-4617|python|virtualenv|0.9.2|=||
CVE-2011-4617|python|virtualenv|1.0|=||
CVE-2011-4617|python|virtualenv|1.1|=||
CVE-2011-4617|python|virtualenv|1.1.1|=||
CVE-2011-4617|python|virtualenv|1.2|=||
CVE-2011-4617|python|virtualenv|1.3|=||
CVE-2011-4617|python|virtualenv|1.3.1|=||
CVE-2011-4617|python|virtualenv|1.3.2|=||
CVE-2011-4617|python|virtualenv|1.3.3|=||
CVE-2011-4617|python|virtualenv|1.3.4|=||
CVE-2011-4617|python|virtualenv|1.4|=||
CVE-2011-4617|python|virtualenv|1.4.1|=||
CVE-2011-4617|python|virtualenv|1.4.2|=||
CVE-2011-4617|python|virtualenv|1.4.3|=||
CVE-2011-4617|python|virtualenv|1.4.4|=||
CVE-2011-4617|python|virtualenv|1.4.5|=||
CVE-2011-4617|python|virtualenv|1.4.6|=||
CVE-2011-4617|python|virtualenv|1.4.7|=||
CVE-2011-4617|python|virtualenv|1.4.8|=||
CVE-2013-5123|virtualenv|virtualenv|12.0.7|=||
CVE-2024-53899|virtualenv|virtualenv|||20.26.6|<
Set the CVE_PRODUCT so both are matched.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are no CVEs tracked with python:httplib2 CPE, but there
are multiple ones tracked under httplib2_project:hgttplib2 CPE
(and they are related to this recipe).
See CVE db query:
sqlite> select * from products where PRODUCT = 'httplib2';
CVE-2013-2037|httplib2_project|httplib2|||0.7.2|<=
CVE-2013-2037|httplib2_project|httplib2|0.8|=||
CVE-2020-11078|httplib2_project|httplib2|||0.18.0|<
CVE-2021-21240|httplib2_project|httplib2|||0.19.0|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are
tracked by the defaul python:matplotlib CPE).
See CVE db query:
sqlite> select * from products where PRODUCT = 'matplotlib';
CVE-2013-1424|debian|matplotlib|0.99.3-1|>=|1.4.2-3.1|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NIST tracks related CVEs with pyrad_project CPE vendor instead of "python".
Set the CVE_PRODUCT to pyrad, so both can be matched.
See CVE db query:
sqlite> select * from products where PRODUCT = 'pyrad';
CVE-2013-0294|pyrad_project|pyrad|||2.1|<
CVE-2013-0342|pyrad_project|pyrad|||2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where PRODUCT = 'tweepy';
CVE-2012-5825|tweepy|tweepy|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:sqlalchemy CPE fails to match CVEs, because the CVEs
are associated with sqlalchemy:sqlalchemy CPE.
See CVE db query:
sqlite> select * from products where PRODUCT = 'sqlalchemy';
CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<=
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<=
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=||
CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=||
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT for paramiko. The default python:paramiko value
doesn't match CVEs, because the product has its own set of CPEs associated
with CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT = 'paramiko';
CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=||
CVE-2018-1000805|paramiko|paramiko|1.17.6|=||
CVE-2018-1000805|paramiko|paramiko|1.18.5|=||
CVE-2018-1000805|paramiko|paramiko|2.0.8|=||
CVE-2018-1000805|paramiko|paramiko|2.1.5|=||
CVE-2018-1000805|paramiko|paramiko|2.2.3|=||
CVE-2018-1000805|paramiko|paramiko|2.3.2|=||
CVE-2018-1000805|paramiko|paramiko|2.4.1|=||
CVE-2018-7750|paramiko|paramiko|||1.17.6|<
CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|<
CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|<
CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|<
CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|<
CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|<
CVE-2018-7750|paramiko|paramiko|2.4.0|=||
CVE-2022-24302|paramiko|paramiko|||2.10.1|<
CVE-2023-48795|paramiko|paramiko|||3.4.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because
the project's CPE is "tornadoweb:tornado".
See cve db query (docmosis is an irrelevant vendor):
sqlite> select * from products where PRODUCT = 'tornado';
CVE-2012-2374|tornadoweb|tornado|||2.2|<=
CVE-2012-2374|tornadoweb|tornado|1.0|=||
CVE-2012-2374|tornadoweb|tornado|1.0.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.2|=||
CVE-2012-2374|tornadoweb|tornado|1.2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.0|=||
CVE-2012-2374|tornadoweb|tornado|2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.1.1|=||
CVE-2014-9720|tornadoweb|tornado|||3.2.2|<
CVE-2023-25264|docmosis|tornado|||2.9.5|<
CVE-2023-25265|docmosis|tornado|||2.9.5|<
CVE-2023-25266|docmosis|tornado|||2.9.5|<
CVE-2023-28370|tornadoweb|tornado|||6.3.2|<
CVE-2024-42733|docmosis|tornado|||2.9.7|<=
CVE-2024-52804|tornadoweb|tornado|||6.4.2|<
CVE-2025-47287|tornadoweb|tornado|||6.5.0|<
CVE-2025-67724|tornadoweb|tornado|||6.5.3|<
CVE-2025-67725|tornadoweb|tornado|||6.5.3|<
CVE-2025-67726|tornadoweb|tornado|||6.5.3|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default, "python:cbor2" CVE_PRODUCT is not appropriate for this
recipe, because most associated CVEs use "agronholm:cbor2" CPE.
Set the CVE_PRODUCT to cbor2, so it will match the currently used
CPE, and in case there will be future python:cbor2 CPEs also, they
will be matched too.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2025.
Changelog:
===========
- Drop Python 3.9 compatibility and add Pyton 3.15 support
- Improve XPath sequence internal processing with a list derived type xlist
- Extensions and fixes for XSD datatypes
- Add XSequence datatype for external representation of XPath sequences
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Added: the JSON report now includes a "start_line" key for function and class
regions, indicating the first line of the region in the source.
- Added: The debug data command now takes file names as arguments on the
command line, so you can inspect specific data files without needing to set
the COVERAGE_FILE environment variable.
- Fix: the JSON report used to report module docstrings as executed lines,
which no other report did, as described in issue 2105.
- Fix: coverage.py uses a more disciplined approach to detecting where
third-party code is installed, and avoids measuring it.
- Performance: data files that will be combined now record their hash as part
of the file name. This lets us skip duplicate data more quickly, speeding the
combining step.
- Docs: added a section explaining more about what is considered a missing
branch and how it is reported: Examples of missing branches, as requested in
issue 1597.
- Tests: the test suite misunderstood what core was being tested if
COVERAGE_CORE wasn't set on 3.14+.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bug fixes
~~~~~~~~~
- The "in" operator for "HTTPHeaders" was incorrectly case-sensitive, causing
lookups to fail for headers with different casing than the original header name.
This was a regression in version 6.5.3 and has been fixed to restore the intended
case-insensitive behavior from version 6.5.2 and earlier.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
FIX: Changes in tests to accommodate latest Python HTML parser changes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Python 3.14 added.
- Fix SystemError: buffer overflow on Python 3.14+ on 64-bit systems by using
c_ulong instead of c_uint32 for I2C_FUNCS ioctl.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Add support for Python 3.14 and drop EOL 3.8 and 3.9
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Use lowercase lookup for archmap
- Add support for Python 3.13
- Add UV Virtual Environment support
- Use sh instead of bash
- Replace additional use of which(1) with shutil.which()
- Support leading v in .node-version
- Check host platform when finding node version
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- The Memory object won't overwrite an already existing .gitignore file in its
cache directory anymore.
- Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive
memory allocation and potential crashes by limiting the allowed length of the
expression and the maximum numeric value of sub-expressions and not evaluating
expressions with non-numeric literals.
- Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined
abstract base classes and type annotations in Python 3.14+.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added
------
- Add locale support for decimal separator in intword
- Add support for Python 3.15
Changed
--------
- Replace pre-commit with prek
Fixed
------
- naturaldelta: round the value to nearest unit that makes sense
- Fix plural form for intword and improve performance
- Replace Exception with more specific FileNotFoundError
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
Features
---------
- Adding Agent Identity bound token support and handling certificate mismatches
with retries
- support Python 3.14
- add ecdsa p-384 support
- MDS connections use mTLS
- Implement token revocation in STS client and add revoke() method to
ExternalAccountAuthorizedUser credentials
- Add shlex to correctly parse executable commands with spaces
Bug Fixes
---------
- Use public refresh method for source credentials in ImpersonatedCredentials
- Add temporary patch to workload cert logic to accomodate Cloud Run
mis-configuration
- Delegate workload cert and key default lookup to helper function
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Fix license information displayed on PyPI be using an updated version of twine for uploading.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
LIC_FILES_CHKSUM changed as LICENSE file format has been changed in 8.7.1
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
pytest-metadata version 2.0.2 has a bug where it tries to access
py.__version__, but the py library version 1.11.0
removed the __version__ attribute. This is a known incompatibility.
Switch to hatching build backend
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Feature: coverage.py now supports .coveragerc.toml
- Fix: we now include a permanent .pth file which is installed with the code
- Deprecated: when coverage.py is installed, it creates three command entry
points: coverage, coverage3, and coverage-3.10 (if installed for Python
3.10). The second and third of these are not needed and will eventually be
removed. They still work for now, but print a message about their deprecation.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
LICENSE CHKSUM has been changed as title was added in new LICENSE file.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Pyro enables you to build applications in which objects can talk to each
other over the network, with minimal programming effort.
Successor to the python3-pyro4 package - but this supports modern Python,
and still maintained (under the same umbrella that developed pyro4 also).
Ptest takes around a minute to execute. Sample output:
root@qemux86-64:~# ptest-runner
START: ptest-runner
2025-12-16T17:48
BEGIN: /usr/lib/python3-pyro5/ptest
PASS: tests/test_api.py:test_api
PASS: tests/test_client.py:TestProxy.testBasics
PASS: tests/test_client.py:TestProxy.testProxyCopy
[...many lines...]
PASS: tests/test_threadpool.py:TestThreadPool.testClose
PASS: tests/test_threadpool.py:TestThreadPool.testScaling
PASS: tests/test_threadpool.py:TestThreadPoolServer.testServerPoolFull
============================================================================
Testsuite summary
# TOTAL: 415
# PASS: 410
# SKIP: 5
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
DURATION: 60
END: /usr/lib/python3-pyro5/ptest
2025-12-16T17:49
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
pyro4 is not maintained anymore, and it doesn't work with Python 3.11
fully either - and sure enough, when I tried to set up ptests with
Python 3.13, I got many failures.
Drop the recipe.
(There is an actively maintained successor, Pyro5 - new recipe should be
somewhere next to this patch.)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This tweak was specific to clang-16, its no longer needed
moreover, setup.py is no longer there in latest 0.19.x
release
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog
- The project has been completely refactored to use the Zstandard implementation from the standard library ([PEP-784](https://peps.python.org/pep-0784/))
- The refactor has some minor impact on public APIs, such as changing the exception raised on invalid input
2. Drop 0001-Bump-setuptools-dependency-from-74-to-89.patch as setuptools in requires was removed in pyproject.toml
3. HOMEPAGE has been changed to https://github.com/Rogdham/pyzstd.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2025
Changelog:
===========
- pytest required version is now 9.
- Explicit support for python 3.14.
- match_params parameter is now available on responses and callbacks
registration, as well as request(s) retrieval. Allowing to provide query
parameters as a dict instead of being part of the matched URL.
- This parameter allows to perform partial query params matching (refer to
documentation for more information).
- URL with more than one value for the same parameter were not matched properly
(matching was performed on the first value).
- httpx_mock.add_exception is now properly documented (accepts BaseException
instead of Exception).
- pytest 8 is not supported anymore.
- python 3.9 is not supported anymore.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix: Message Type 24 Part B: Detecting MMSI as auxiliary
* add support for AIS Message Type 24 Part B auxiliary craft variant
* auxiliary craft now decode mothership MMSI instead of vessel dimensions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bug fix:
Ensure URL validator is case-insensitive when using custom schemes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Drop support for Python 3.9.
- Switch to distributing manylinux_2_28 wheels instead of manylinux2014
wheels. Likewise, switch from musllinux_1_1 to 1_2.
- Add initial support for free-threaded builds of CPython 3.14.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add support for INT VFrameFormat
- Check ./tests directory with ruff
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Make RE PCRE compatible.
- Only execute Python interpreters
- fish: set variable scope to local to avoid clobbering global or universal variables
- Documentation and help improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- Fix resolver garbage collection during pending queries (#211)
- Prevents resolver from being garbage collected while queries are in progress
- Socket callback optimizations (#172)
- Improved performance for socket state handling
- Fixed RTD links (#176)
- Added Python 3.14 to the CI (#212)
- Updated dependencies- Fix resolver garbage collection during pending queries (#211)
- Prevents resolver from being garbage collected while queries are in progress
- Socket callback optimizations (#172)
- Improved performance for socket state handling
- Fixed RTD links (#176)
- Added Python 3.14 to the CI (#212)
- Updated dependencies
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 6.7.0:
- Updated tests and added CI for CPython 3.14
From 6.6.4:
- Fixed MutliDict & CIMultiDict memory leak when deleting values
or clearing them
- The type preciseness coverage report generated by MyPy is now
uploaded to Coveralls and will not be included in the Codecov
views going forward
- Added memory leak test for popping or deleting attributes from
a multidict to prevent future issues or bogus claims
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.1.2:
- Fix pickling of abstract base classes containing type annotations
for Python 3.14.
License-Update: Use file LICENSE
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
- safe_join on Windows does not allow special device names. This prevents
reading from these when using send_from_directory. secure_filename already
prevented writing to these.
- The debugger pin fails after 10 attempts instead of 11.
- The multipart form parser handles a \r\n sequence at a chunk boundary.
- Improve CPU usage during Watchdog reloader.
- Request.json annotation is more accurate.
- Traceback rendering handles when the line number is beyond the available
source lines.
- HTTPException.get_response annotation and doc better conveys the distinction
between WSGI and sans-IO responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
Enhancements
---------------
* Add support for Python 3.14.
* Add type annotations to top-level API functions and include py.typed marker
for PEP 561 compliance, enabling type checking with mypy and other tools
* Add pre-commit hook support. sqlparse can now be used as a pre-commit hook
to automatically format SQL files. The CLI now supports multiple files and
an '--in-place' flag for in-place editing
* Add 'ATTACH' and 'DETACH' to PostgreSQL keywords
* Add 'INTERSECT' to close keywords in WHERE clause
* Support 'REGEXP BINARY' comparison operator
Bug Fixes
----------
* Add additional protection against denial of service attacks when parsing
very large lists of tuples. This enhances the existing recursion protections
with configurable limits for token processing to prevent DoS through
algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,
MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)
if needed for legitimate large SQL statements.
* Remove shebang from cli.py and remove executable flag
* Fix strip_comments not removing all comments when input contains only
comments
* Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END
blocks
* Fix splitting on semicolons inside BEGIN...END blocks
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Fix several issues in ThreadDecoder.c
- Fix the double call of Ppmd7_Free from both Ppmd7T_Free and Ppmd7Decoder_dealloc
- Fix the double call of Ppmd8_Free from both Ppmd8T_Free and Ppmd8Decoder_dealloc
- Fix the issue in PyPY
- Fix initialization order in ffi_build.py
- Fix eof handling in cffi_ppmd.py
- Add support for Python 3.14
- Add compile and link flag for building C++ with -pthread
- Minimum required python to be 3.10
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
full support for python 3.14 and a number of packages (like mypy) have been updated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Support for python 3.14
- ci: fix test and release workflows
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* When using one of the lxml tree builders, you can pass in
huge_tree=True to disable lxml's security restrictions and process
files that include huge text nodes.
* The html.parser tree builder processes numeric character entities
using the algorithm described in the HTML spec.
* Added a general test of the html.parser tree builder's ability to
turn any parsing exception from html.parser into a
ParserRejectedMarkup exception.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Support examples property from field metadata
- Officially support Python 3.14
- Drop support for Python 3.9
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===============
- Added support for asyncio's task call graphs on Python 3.14 and later when
using AnyIO's task groups
- Added an asynchronous implementation of the functools module
- Added support for uvloop=True on Windows via the winloop implementation
- Added support for use as a context manager to anyio.lowlevel.RunVar
- Added __all__ declarations to public submodules (anyio.lowlevel etc.)
- Added the ability to set the token count of a CapacityLimiter to zero
- Added parameters case_sensitive and recurse_symlinks along with support for
path-like objects to anyio.Path.glob() and anyio.Path.rglob()
- Dropped sniffio as a direct dependency and added the get_available_backends()
function
- Fixed Process.stdin.send() not raising ClosedResourceError and
BrokenResourceError on asyncio. Previously, a non-AnyIO exception was raised
in such cases
- Fixed Process.stdin.send() not checkpointing before writing data on asyncio
- Fixed a race condition where cancelling a Future from
BlockingPortal.start_task_soon() would sometimes not cancel the async function
- Fixed the presence of the pytest plugin causing breakage with older versions
of pytest (<= 6.1.2)
- Fixed a rarely occurring RuntimeError: Set changed size during iteration while
shutting down the process pool when using the asyncio backend
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.7.0:
- Update unparser to harmonize output across revisions and handle
python 3.12+ features
- Fix support for TypeVar, TypeVarTupe and ParamSpec
- Support t-string from python 3.14
- Adjust test incompatible with py2
- Support _field_types field for every AST class
- Make gast.dump more generic across python version
- Only pass existing attributes as keyword parameters in gast_to_ast
- Initial oss-fuzz integration
- Support [g]ast.get_source_segment
- Fix gast.get_docstring implementation
- Initialize ast node with known fields to avoid deprecation warning
in Python 3.13
- Add missing type_params attribute for ClassDef node before
Python 3.12
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.1.0:
- Add support for Python 3.14, PyPy 3.11
- Drop support for Python 3.8, PyPy 3.8
- Add note about project status (alive and maintained, but inactive)
- Use yield from in merge_sorted to improve performance
- Fix bug in partition_all when __len__ is incorrect; now raise
IndexError
- Modernization
Fixes:
WARNING: python3-toolz-1.1.0-r0 do_check_backend: QA Issue:
inherits setuptools3 but has pyproject.toml with
setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It depends on mpv which depends on ffmpeg needing commercial in
LICENSE_FLAGS_ACCEPTED
Fixes
ERROR: Nothing PROVIDES 'ffmpeg' (but /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-multimedia/mplayer/mpv_0.40.0.bb DEPENDS on or otherwise requires it)
ffmpeg was skipped: Has a restricted license 'commercial' which is not listed in your LICENSE_FLAGS_ACCEPTED.
NOTE: Runtime target 'mpv' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['mpv', 'ffmpeg']
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'python3-mpv', 'mpv', 'ffmpeg']
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jan Claußen <jan.claussen10@web.de>
Svglib is a Python library for reading SVG files and converting them (to a
reasonable degree) to other formats using the ReportLab Open Source toolkit.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cssselect2 is a straightforward implementation of CSS4 Selectors
for markup documents (HTML, XML, etc.) that can be read by ElementTree-like
parsers (including cElementTree, lxml, html5lib, etc.)"
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Tinycss2 is a low-level CSS parser and generator written in
and generate CSS strings corresponding to these objects.
Python: it can parse strings, return objects representing tokens and blocks,
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reportlab is an Open Source Python library for generating PDFs and graphics.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
