Upgrade to release 17.1.1:
- Feed the hobgoblins (delint)
- Supply the types, irrespective of platform
- Ignore the arg type
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.1.0:
- Fix concurrency issue with cache
- Added support for Python 3.12-3.14
- Removed support for Python 3.7-3.8
License-Update: Use file LICENSE
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.0.0:
- Dedicated string data type by default
- Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a.
getting rid of the SettingWithCopyWarning)
- New default resolution for datetime-like data
- Initial support for the new pd.col syntax
License-Update: Update license year to 2026
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.12.5:
- Fix pickle error when using model_construct() on a model with
MISSING as a default value
- Several updates to the documentation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.3.2:
- Fix type hints to allow BytesMessage to accept bytes again, as
well as bytearray.
Release 1.3.1:
- Add additional license identifier to pyproject.toml.
- Use Python 3.13 to build the docs to match ReadTheDocs build
environment.
Release 1.3.0:
- Require h11>=0.16 dependency.
- Fix "Upgrade" header value to match RFC.
- Add reason "Switching Protocols" to handshake response.
- Add docs for wsproto.Connection
- Add support for Python 3.12, 3.13, and 3.14.
- Drop support for Python 3.7, 3.8, and 3.9.
- Improve Python typing, specifically bytes vs. bytearray.
- Various linting, styling, and packaging improvements.
Fixes:
WARNING: python3-wsproto-1.3.2-r0 do_check_backend: QA Issue:
inherits setuptools3 but has pyproject.toml with
setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.0.223:
- Add annotation for Heart Rate and Battery Service
- Add test for Heart Rate and Battery Service
- Add support for RTL8761CU
- feat: Add filtering options for usb probe
- Fix GATT TemplateSerivce annotations
- Improve Address type annotations
- Replace send_pdu() with write()
- GATT: Support Multiple Requests
- Correct ATT_MTU in enhanced bearers
- Add HCI Packets annotations and send_sco_sdu
- Return 'invalid handle' for malformed read by type request
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.1.9:
- Removed support for Python 3.8.
- Fixed issues to improve lists output.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.14.0:
- fix: Add DottedKey to a super table gives wrong output
- feat: enhance custom encoders to accept _parent and _sort_keys
parameters
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.6.2:
- Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve
CVE-2025-69277.
From 1.6.1:
- The MAKE environment variable can now be used to specify the make
binary that should be used in the build process.
From 1.6.0:
- BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
- Added support for the low level AEAD AES bindings.
- Added support for crypto_core_ed25519_from_uniform.
- Update libsodium to 1.0.20-stable (2025-08-27 build).
- Added support for free-threaded Python 3.14.
- Added support for Windows on ARM wheels.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15504
The vulnerability is patched in v0.17.2, however NVD is currently tracking
the CVE without any version info (or more like with out any CPE info)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-42969
Upstream could not reproduce the issue.
The vulnerability has currently the "disputed" flag in the NVD database,
and Github has revoked their related advisory[1].
Ignore this CVE due to this.
[1]: https://github.com/advisories/GHSA-w596-4wvx-j9j6
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2026-21860
Changelog:
- safe_join on Windows does not allow more special device names,
regardless of extension or surrounding spaces.
- The multipart form parser handles a \r\n sequence at a chunk boundary.
This fixes the previous attempt, which caused incorrect content lengths.
- Fix AttributeError when initializing DebuggedApplication with pin_security=False.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Python watchdog has removed all dependencies except optional `pyyaml`
dependency for `watchmedo` utility, like follows [1]:
* pathtools dependency was removed in 1.0.0
* python-argh dependency removed in 2.1.6
* requests was never a dependency
* pyyaml only needed for extras (`watchmedo`) and may not be strictly necessary
[1] https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst
Signed-off-by: Tero Kinnunen <tero.kinnunen@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 26.1.0:
Introduces the 2026 stable style, stabilizing the following changes:
- always_one_newline_after_import: Always force one blank line after
import statements, except when the line after the import is a
comment or an import statement
- fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner
declarations, such as def foo(): return "mock" # fmt: skip, where
previously the declaration would have been incorrectly collapsed
- fix_module_docstring_detection: Fix module docstrings being
treated as normal strings if preceded by comments
- fix_type_expansion_split: Fix type expansions split in generic
functions
- multiline_string_handling: Make expressions involving multiline
strings more compact
- normalize_cr_newlines: Add \r style newlines to the potential
newlines to normalize file newlines both from and to
- remove_parens_around_except_types: Remove parentheses around
multiple exception types in except and except* without as
- remove_parens_from_assignment_lhs: Remove unnecessary parentheses
from the left-hand side of assignments while preserving magic
trailing commas and intentional multiline formatting
- standardize_type_comments: Format type comments which have zero
or more spaces between # and type: or between type: and value to
# type: (value)
The following change was not in any previous stable release:
- Regenerated the _width_table.py and added tests for the Khmer
language
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add pytokens release 0.4.0:
- Various packaging and dev improvements
- Just avoid using uv
- Move setup.cfg to pyproject.toml
- Use mypyc for compilation
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New, non-LTS version.
Release notes: https://github.com/django/django/blob/main/docs/releases/6.0.txt
New features in a nutshell:
- Content Security Policy support
- Template Partials
- Background Tasks
- Adoption of Python's modern email API
Ptest summary:
Ran 18643 tests in 164.287s
OK (skipped=1404, expected failures=5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Django 4.2.x recipe has been deleted, the dependencies that were specific
to version 5.x can be moved to the common .inc file.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Execute the standard, non-selenium tests. The execution is
on the slower side: on my idle machine, KVM enabled it takes
a bit more than 2.5 minutes to execute it (executing tests with
4 threads parallel, 1/core, the default configuration). If the machine is
under load, it easily grows to over 10 minutes.
Added two backported patches for Django 5.2 to fix some tests that
would otherwise fail:
0001-Fix-test_strip_tags-test.patch: tag stripping tests failed due to
changed Python behavior
0001-fix-test_msgfmt_error_including_non_ascii-test.patch: tests were
updated to work with msgfmt 0.25
Most of the skipped tests require some specific database backend
(Postgres, MySQL, Oracle...) or are Selenium tests.
The output is very long (the suite contains way over 15k tests),
so I omit the example output here.
The current summary (for v5.2.9):
Ran 18121 tests in 140.891s
OK (skipped=1394, expected failures=5)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Though the version is not EOL yet, it doesn't support the Python
that comes with oe-core. The last version is supports is 3.12[1],
however oe-core comes with Python 3.13.
[1]: https://docs.djangoproject.com/en/6.0/faq/install/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
- fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation
- fix: Prevent NameError when accessing _DISTUTILS_PATCH during file overwrite
- Upgrade pip and fix 3.15 picking old wheel
- fix: wrong path on migrated venv
- test_too_many_open_files: assert on errno.EMFILE instead of strerror
- fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146
- fix: resolve EncodingWarning in tox upgrade environment
- Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1
- Add support for PEP 440 version specifiers in the --python flag.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add wait_for_activation parameter to pystemd.run to wait only for service activation without blocking until completion
- Document cwd and wait_for_activation parameters in pystemd.run
- Drop support for Python 3.6-3.10, now requires Python 3.11+
- Add unit property and unit_name to TransientUnitProcess for easy access to the running unit
- Change development tooling to use uv for package management
- Change lint/format stack from black/mypy to ruff/pyrefly
- Add a lot of typing
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Make sure tests/__init__.py is included in sdist
- Fix compatibility with pytest
- Explicitly tag Python 3.14 compatibility
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
AISTracker.update now accepts raw sentences as well as decoded messages
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add ptest and upgrade to release 0.13.1:
- pyproject.toml: add pytest as dev dependency
- Import Self from type_checking if needed to be compat with 3.9
- CI: run pytest via uv
- CI: test against multiple python versions
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.6.0:
- "Modernize" build system to use pyproject.toml and github actions.
Fixes:
WARNING: python3-huey-2.6.0-r0 do_check_backend: QA Issue: inherits
setuptools3 but has pyproject.toml with setuptools.build_meta, use
the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.0.4:
- Fixed false positive for ``invalid-name`` where module-level
constants were incorrectly classified as variables when a
class-level attribute with the same name exists.
- Fix a false positive for ``invalid-name`` on an UPPER_CASED
name inside an ``if`` branch that assigns an object.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 5.0.1:
- Use Literal for type
- Use CMake for compiling c-ares
- Move project metadata to pyproject.toml
- Remove gethostbyname
- Remove getsock
- Replace ares_{get,set}servers with ares_{get,set}_servers_csv
- Remove ares_init and ares_mkquery, they are unused
- Make c-ares thread-safety mandatory
- Migrate API to c-ares' dnsrec variants
- Build wheels in parallel
- Update bundled c-ares to v1.34.6
- Make callback a mandatory kwarg-only argument
- Return bytes data for TXT records
- Add support for TLSA, HTTP and URI queries
- Remove event_thread option, make it implicit
- Fix IDNA 2008 test
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.0.69:
- Add Georgian console fonts
- Add Adlm script to SN
- Add dra, Tutg, ath, cmc, Cham, tai
- Remove License classifier (license tag with SPDX license
expression is already there)
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 8.5:
Breaking changes:
- The option --lcov-test-name doesn't accept values with spaces
anymore.
- The option --lcov-format-1.x is deprecated and mapped to
--lcov-format-version=1.x.
- Changes to HTML templates.
New features and notable changes:
- Due to added support for LLVM source based code coverage format
some configuration file keys got changed. The old gcov named
options are still supported but they also affect the LLVM
toolchain.
Bug fixes and small improvements:
- Fix coveralls report if there are several coverage elements per
line.
- Fix not excluded conditions if branches are excluded by comments.
- Fix reported excluded branches in LCOV report.
- Fix exclusion filter --gcov-exclude.
- Add --json-trace-data-source to include the trace data source in
the JSON report independent from --verbose.
- Remove generated gcov files on error and catch additional gcov
error message.
- Change default HTML theme excluded line color.
- Move theme colors to a separate CSS file so they can be overridden
with a simple --html-template-dir directory with only the
style.colors.css file.
- Fix regular expression for detecting a version mismatch between
gcc and gcov.
- Improve logging messages for GCOV execution errors to not print
information twice and add trace messages for gcov execution.
- Fix handling of lines after function specialization.
- Improve performance by changing logging messages (level and lazy
interpolation).
- Fix text report for covered decisions.
- Fix runtime problem introduced with 8.4.
- Fix wrong entries in data source attribute of JSON report.
- Fix nested HTML report without coverage data.
- Add warning if coverage data is empty.
- Add warning if function lines are missing in external generated
GCOV files.
- Extend support for zipped reports. If last suffix is .xz then
LZMA is used to compress the report.
- Fix function exclusion in report generation.
- Do not ignore lines without functions, e.g. from inlined code.
- Ignore all whitespaces instead of only spaces for detection of
noncode lines.
- Add support for temporary merging line coverage objects without
modifying the data model.
- Change internal behavior of --exclude-function-lines to exclude
the line of function definition instead of removing it completely.
- Ensure that all functions have a line coverage element in LCOV
report.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.3.0:
- Add arguments validation for schemas and validation methods (by
validation contexts)
- Add custom XPath parser for find/findall/iterfind APIs on schemas
for match singleton sequence also if position is a number greater
than 1 in predicate expression
- Improve build of XSD elements and groups, using a three-state
built flag for components
- Extend and fix memory tests (Python 3.14+ seems to consume more
memory)
- Drop support for Python 3.9 and add development support for
Python 3.15
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2025.12.0:
- fsspec.parquet to support filters and multiple files
- passing withdirs in aync _glob()
- fix _rm_file/_rm redirection in async
- allow arrowFile to be seekable
- add size attribute to arrowFile
- support py3.14 and drop 3.9
- avoid ruff warning
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.21.1:
- Fix escaping in help text when rich is installed but not used.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825
The Debian bugtracker[1] indicated that the issue is tracked by
upstream in github[2] (with a difference CVE ID, but same issue),
where the vulnerability was confirmed. Later in the same github issue
the solution is confirmed: the project switched to use the requests
library, which doesn't suffer from this vulnerability.
Due to this mark the CVE as patched.
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444
[2]: https://github.com/tweepy/tweepy/issues/279
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694
The vulnerability was reported to the project[1], and the commit[2] that
resolved the issue has been part of the project since version 0.11.7.
Mark the CVE as patched due to this.
[1]: https://github.com/Kludex/uvicorn/issues/723
[2]: 895807f94e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0
[1]: 84c53958de
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.3.0:
- Add support for italic
- can_colorize: Expect fileno() to raise OSError, as documented
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.0.3:
- Fix inference of IfExp (ternary expression) nodes to avoid
prematurely narrowing results in the face of inference ambiguity.
- Fix base class inference for dataclasses using the PEP 695
typing syntax.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 4.12.1:
- Changed all functions currently raising the private
NoCurrentAsyncBackend exception (since v4.12.0) to instead raise
the public NoEventLoopError exception
- Fixed anyio.functools.lru_cache not working with instance methods
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.0.221:
- Cancel l2cap connection result future on abort
- Implement extended advertising emulation
- Rust: Fix cargo-all-features to 1.11.0
- L2CAP Enhanced Retransmission mode
- Add some docs about Android and Hardware
- bump pdl dependencies versions
- android-netsim transport enhancements
- Upgrade GitHub Actions for Node 24 compatibility
- Upgrade GitHub Actions to latest versions
- GATT: fix redefinition of GATT_CONTENT_CONTROL_ID_CHARACTERISTIC
- Remove unused imports
- Fix missing type hints on Device.notify_subscribers()
- L2CAP: Enhanced Credit-based Flow Control Mode
- use ruff for linting and import sorting
- hot fix: remove unused import
- Ruff: Add and fix UP rules
- add support for multiple concurrent broadcasts
- Add EATT Support
- Fix some typos and annotations
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.128.0:
- Drop support for pydantic.v1
- Run performance tests only on Pydantic v2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.6.1:
API Changes
- Add spectral bipartition community finding and greedy bipartition
using node swaps
Enhancements
- Nodelists for from_biadjacency_matrix
- Add spectral bipartition community finding and greedy bipartition
using node swaps
- Fix draw_networkx_nodes with list node_shape and add regression
test
Bug Fixes
- Fix: allow graph subclasses to have additional arguments
Documentation
- DOC: Improve benchmarking readme
- DOC: More details re: RC releases in the release process devdocs
- DOC: clarify difference between G.nodes/G.nodes() and
G.edges/G.edges() in tutorial
- DOC: Add blurb to contributor guide about drawing tests
- DOC: Fix underline lens in docstrings
- Rolling back shortest paths links
Maintenance
- MAINT: Replace string literal with comment
- Bump actions/checkout from 5 to 6 in the actions group
- pin python 3.14 to be version 3.14.0 until dataclasses are fixed
- Blocklist Python 3.14.1
Other
- TST: add tests for unsupported graph types in MST algorithms
- TST: clean up isomorphism tests
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.6.6:
- Disable setuptools-scm: Too many side-effects
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112
The fix[1] is already included in the recipe version (5.0.9),
the CVE can be marked as patched.
[1]: 7c618b0bba
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Contains fix for CVE-2025-68131
Changelog:
- Added readahead buffering to C decoder for improved performance.
The decoder now uses a 4 KB buffer by default to reduce the number
of read calls. Benchmarks show 20-140% performance improvements for
decoding operations.
- Fixed Python decoder not preserving share index when decoding array
items containing nested shareable tags, causing shared references to
resolve to wrong objects
- Reset shared reference state at the start of each top-level encode/decode
operation
Ptests passed:
...
PASS: tests/test_tool.py:test_dtypes_from_file
PASS: tests/test_tool.py:test_ignore_tag
PASS: tests/test_types.py:test_frozendict
============================================================================
Testsuite summary
DURATION: 4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.20.2:
- Support Unix systems without O_NOFOLLOW
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Switch to Pypi fetcher
Switch to PEP-517 build backend
Fixes
WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:pymongo CPE fails to match related CVE entries, because
they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%pymongo%';
CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:orjson CPE fails to match related CVEs, because NVD
tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%orjson%';
CVE-2024-27454|ijl|orjson|||3.9.15|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:python_multipart CPE doesn't match relevant CVE entries,
because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE,
and Mitre uses kludex:python-multipart for others.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%python%multipart%';
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.
The correct values were taken from the CVE db, by checking which CVEs
are relevant.
See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant CVEs are tracked with gevent:gevent CPE, and the default
python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%gevent%';
CVE-2023-41419|gevent|gevent|||23.9.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using dnspython:dnspython CPE, and the
default python:dnspython CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%dnspython%';
CVE-2023-29483|dnspython|dnspython|||2.6.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVE entries are tracked with encode:starlette CPE, and
the default python:starlette CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%starlette%';
CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|<
CVE-2023-30798|encode|starlette|||0.25.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVE entries are tracked with executablebooks:markdown-it-py CPE
value, and the default python:markdown-it-py CPE doesn't match relevant
entries. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%markdown-it-py%';
CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|<
CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with configobj_peroject:configobj CPE in the
database, and the default python:configobj CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%configobj%';
CVE-2023-26112|configobj_project|configobj|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with py7zr_project:py7zr CPE in the database,
and the default python:py7zr CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%py7zr%';
CVE-2022-44900|py7zr_project|py7zr|||0.20.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using oathlib_project:oathlib CPE,
and the default python:oauthlib CPE doesn't match relevant entries.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'oauthlib';
CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with joblib_project:joblib CPE, and the
default python:joblib CPE doesn't match this. Set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%joblib%';
CVE-2022-21797|joblib_project|joblib|||1.1.1|<
CVE-2024-34997|joblib_project|joblib|1.4.2|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with ethereum:eth-account CPE, and
the default python:eth-account one doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%eth-account%';
CVE-2022-1930|ethereum|eth-account|||0.5.9|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't
match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like '%binwalk%';
CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0
CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked in the CVE db with encode:httpx CPE
instead of the default python:httpx. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%httpx%';
CVE-2021-41945|encode|httpx|||0.23.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT to be used instead of ${PN}.
See CVE db query:
sqlite> select * from products where product like '%cvxopt%';
CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with sqlparse_project:sqlparse CPE,
and the default python:sqlparse CPE doesn't match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%sqlparse%';
CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|<
CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using flask-restx_project:flask-restx CPE,
which makes the default python:flask-restx CPE to not match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%flask-restx%';
CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT - the default (python:fastapi) is not the one
that is used to track CVEs.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'fastapi';
CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0
CVE-2025-55526|n8n|fastapi|0.115.14|=|||0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The correct CVE_PRODUCT is "lief" for this recipe instead of the default
${PN}, that doesn't match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like 'lief';
CVE-2021-32297|lief-project|lief|||0.11.4|<=
CVE-2022-38306|lief-project|lief|||0.12.1|<
CVE-2022-38307|lief-project|lief|||0.12.1|<
CVE-2022-38495|lief-project|lief|||0.12.1|<=
CVE-2022-38496|lief-project|lief|||0.12.1|<=
CVE-2022-38497|lief-project|lief|||0.12.1|<=
CVE-2022-40922|lief-project|lief|0.12.1|=||
CVE-2022-40923|lief-project|lief|0.12.1|=||
CVE-2022-43171|lief-project|lief|0.12.1|=||
CVE-2024-31636|lief-project|lief|0.14.1|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant
CVEs.
See CVE query (n8n vendor is not relevant):
sqlite> select * from products where product like '%pydantic%';
CVE-2021-29510|pydantic|pydantic|||1.6.2|<
CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|<
CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|<
CVE-2024-3772|pydantic|pydantic|||1.10.13|<
CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|<
CVE-2025-55526|n8n|pydantic|2.11.7|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with pikepdf_project:pikepdf CPE,
and the default python:pikepdf doesn't match CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'pikepdf';
CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVE database tracks relevant CVEs with mpmath:mpmath CPE.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'mpmath';
CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVE is tracked using flask-user_project:flask-user CPE,
so the default python:flask-user value doesn't match it.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'flask-user';
CVE-2021-23401|flask-user_project|flask-user|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using eventlet:eventlet CPE, and the default
python:eventlet CPE doesn't match relevant CVEs.
Set the correct CVE_PRODUCT.
See CVE db query:
sqlite> select * from products where product like 'eventlet';
CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|<
CVE-2023-29483|eventlet|eventlet|||0.35.2|<
CVE-2025-58068|eventlet|eventlet|||0.40.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using aiohttp:aiohttp CPE, so the default
python:aiohttp CPE doesn't match relevant CVEs.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'aiohttp';
CVE-2021-21330|aiohttp|aiohttp|||3.7.4|<
CVE-2022-33124|aiohttp|aiohttp|3.8.1|=||
CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<=
CVE-2023-47627|aiohttp|aiohttp|||3.8.6|<
CVE-2023-47641|aiohttp|aiohttp|||3.8.0|<
CVE-2023-49081|aiohttp|aiohttp|||3.9.0|<
CVE-2023-49082|aiohttp|aiohttp|||3.9.0|<
CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|<
CVE-2024-23829|aiohttp|aiohttp|||3.9.2|<
CVE-2024-27306|aiohttp|aiohttp|||3.9.4|<
CVE-2024-30251|aiohttp|aiohttp|||3.9.4|<
CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|<
CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|<
CVE-2024-52304|aiohttp|aiohttp|||3.10.11|<
CVE-2025-53643|aiohttp|aiohttp|||3.12.14|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one brotli repository for all language bindings, and the same
CPE is used for all: google:brotli (instead of the expected default
of python:brotli, in case of the Python package).
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'brotli';
CVE-2020-8927|google|brotli|||1.0.8|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:uvicorn CPE is not correct, the CVEs are tracked
under encode:uvicorn.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'uvicorn';
CVE-2020-7694|encode|uvicorn|-|||
CVE-2020-7695|encode|uvicorn|||0.11.7|<
CVE-2025-55526|n8n|uvicorn|0.35.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The only CVE stored in the CVE db is tracked with "crossbar" vendor,
which makes the default python:autobahn CPE to not match.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'autobahn';
CVE-2020-35678|crossbar|autobahn|||20.12.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT
accordingly instead of the default python:py.
See CVE db query:
sqlite> select * from products where product like 'py';
CVE-2020-29651|pytest|py|||1.9.0|<=
CVE-2022-42969|pytest|py|||1.11.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked under multiple vendor IDs (but none
of them are associated with the default "python" vendor).
Query from CVE db:
sqlite> select * from products where product like 'flask-cors';
CVE-2020-25032|flask-cors_project|flask-cors|||3.0.9|<
CVE-2024-1681|corydolphin|flask-cors|4.0.0|=||
CVE-2024-6221|corydolphin|flask-cors|4.0.1|=||
CVE-2024-6839|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6844|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6866|flask-cors_project|flask-cors|4.0.1|=||
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Currently there is only one CVE associated with pandas, and it is tracked
using numfocus:pandas CPE by NIST instead of the default python:pandas from
pypi.bbclass.
See CVE db query:
sqlite> select * from products where product like 'pandas';
CVE-2020-13091|numfocus|pandas|||1.0.3|<=
Set the CVE_PRODUCT accodingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is only one relevant CVE in the database, but it is tracked using
svglib_project:svglib CPE, not the expected python:svglib CPE, making the
cve-checker miss it.
See CVE db query:
sqlite> select * from products where product like '%svglib%';
CVE-2020-10799|svglib_project|svglib|||0.9.3|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs for this recipe are tracked using webargs_project:webargs
CPE, which makes the default python:webargs CPE to miss CVEs.
See CVE db query:
sqlite> select * from products where product like '%webargs%';
CVE-2019-9710|webargs_project|webargs|||5.1.3|<
CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs related to this project are tracked using the validators_project:validators
CPE, which doesn't match the default python:validators CPE.
See CVE db query:
sqlite> select * from products where product like 'validators';
CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<=
CVE-2023-45813|validators_project|validators|0.11.0|=||
CVE-2023-45813|validators_project|validators|0.20.0|=||
Set the CVE_PRODUCT so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs to this recipe are tracked using reportlab:reportlab
CPE, which doesn't match the default python:reportlab CPE, so the cve-checker
misses CVEs.
See CVE db query:
sqlite> select * from products where product like '%reportlab%';
CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0
CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0
CVE-2020-28463|reportlab|reportlab|-||||0
CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs for this recipes are tracked using the agendaless:waitress CPE,
which doesn't match the default python:waitress CPE, making the cve-checker
miss relevant CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'waitress';
CVE-2019-16785|agendaless|waitress|||1.3.1|<=
CVE-2019-16786|agendaless|waitress|||1.3.1|<
CVE-2019-16789|agendaless|waitress|||1.4.0|<=
CVE-2019-16792|agendaless|waitress|||1.3.1|<=
CVE-2020-5236|agendaless|waitress|1.4.2|=||
CVE-2022-24761|agendaless|waitress|||2.1.1|<
CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|<
CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|<
CVE-2024-49769|agendaless|waitress|||3.0.1|<
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one related CVE tracked by nist, using the parso_project:parso CPE,
which doesn't match the default python:parso CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'parso';
CVE-2019-12760|parso_project|parso|||0.4.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:marshmallow CPE doesn't match the CVEs related to this
product, as they are tracked with marshmallow_project:marshmallow CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'marshmallow';
CVE-2018-17175|marshmallow_project|marshmallow|||2.15.1|<
CVE-2018-17175|marshmallow_project|marshmallow|3.0|>=|3.0.0b9|<
Set the CVE_PRODUCT so it matches related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:flask CPE doesn't match relevant CVE entries which are
tracked under palletsprojects:flask CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'flask';
CVE-2018-1000656|palletsprojects|flask|||0.12.3|<
CVE-2019-1010083|palletsprojects|flask|||1.0|<
CVE-2023-30861|palletsprojects|flask|||2.2.5|<
CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|<
Set the CVE_PRODUCT to "flask" so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is only one relevant CVE associated with this recipe in the CVE db,
but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn
(which is the default CPE from pypi.bbclass)
See CVE db query:
sqlite> select * from products where PRODUCT like '%gunicorn%';
CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=||
Set CVE_PRODUCT so that it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe's CVEs are tracked using supervisord:supervisor CPE by nist,
so the default python:supervisor CPE doesn't match relevant CVEs.
See CVE db query (home-assisstant vendor is not relevant):
sqlite> select * from products where PRODUCT like 'supervisor';
CVE-2017-11610|supervisord|supervisor|||3.0|<=
CVE-2017-11610|supervisord|supervisor|3.1.0|=||
CVE-2017-11610|supervisord|supervisor|3.1.1|=||
CVE-2017-11610|supervisord|supervisor|3.1.2|=||
CVE-2017-11610|supervisord|supervisor|3.1.3|=||
CVE-2017-11610|supervisord|supervisor|3.2.0|=||
CVE-2017-11610|supervisord|supervisor|3.2.1|=||
CVE-2017-11610|supervisord|supervisor|3.2.2|=||
CVE-2017-11610|supervisord|supervisor|3.2.3|=||
CVE-2017-11610|supervisord|supervisor|3.3.0|=||
CVE-2017-11610|supervisord|supervisor|3.3.1|=||
CVE-2017-11610|supervisord|supervisor|3.3.2|=||
CVE-2019-12105|supervisord|supervisor|||4.0.2|<=
CVE-2023-27482|home-assistant|supervisor|||2023.03.1|<
Set the CVE_PRODUCT explicitly to match relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the
defauly python:pyjwt CPE doesn't match them.
See CVE db query:
sqlite> select * from products where PRODUCT like '%pyjwt%';
CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<=
CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|<
CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=||
CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=||
Set the CVE_PRODUCT so it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are currently 2 related CVEs in the NIST db, both of them are tracked with
html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match.
See CVE db query:
sqlite> select * from products where PRODUCT like '%html5lib%';
CVE-2016-9909|html5lib|html5lib|||0.99999999|<=
CVE-2016-9910|html5lib|html5lib|||0.99999999|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes
the the default python:werkzeug CPE to not match anything.
See CVE db query:
sqlite> select * from products where PRODUCT like 'werkzeug';
CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|<
CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|<
CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|<
CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|<
CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<=
CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|<
CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=||
CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|<
CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|<
CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|<
CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|<
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The only related CVE to this recipe is tracked using tqdm_project:tqdm
CPE, so the default python:tqdm CPE doesn't match it.
See relevant CVE db query:
sqlite> select * from products where PRODUCT like 'tqdm';
CVE-2016-10075|tqdm_project|tqdm|4.4.1|=||
CVE-2016-10075|tqdm_project|tqdm|4.10|=||
Set the CVE_PRODUCT so it can match related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ipython CVEs are tracked using ipython:ipython CPE, so the default
python:ipython CVE_PRODUCT doesn't match relevant CPEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'ipython';
CVE-2015-4706|ipython|ipython|3.0.0|=||
CVE-2015-4706|ipython|ipython|3.1.0|=||
CVE-2015-4707|ipython|ipython|||3.2.0|<
CVE-2015-5607|ipython|ipython|2.0.0|=||
CVE-2015-5607|ipython|ipython|2.1.0|=||
CVE-2015-5607|ipython|ipython|2.2.0|=||
CVE-2015-5607|ipython|ipython|2.3.0|=||
CVE-2015-5607|ipython|ipython|2.3.1|=||
CVE-2015-5607|ipython|ipython|2.4.0|=||
CVE-2015-5607|ipython|ipython|2.4.1|=||
CVE-2015-5607|ipython|ipython|3.0.0|=||
CVE-2015-5607|ipython|ipython|3.1.0|=||
CVE-2015-5607|ipython|ipython|3.2.0|=||
CVE-2015-5607|ipython|ipython|3.2.1|=||
CVE-2015-5607|ipython|ipython|3.2.2|=||
CVE-2015-5607|ipython|ipython|3.2.3|=||
CVE-2022-21699|ipython|ipython|||5.10.0|<=
CVE-2022-21699|ipython|ipython|6.0.0|>=|7.16.3|<
CVE-2022-21699|ipython|ipython|7.17.0|>=|7.31.1|<
CVE-2022-21699|ipython|ipython|8.0.0|>=|8.0.1|<
CVE-2023-24816|ipython|ipython|||8.10.0|<
Set the CVE_PRODUCT accordingly to match the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NIST currently tracks CVEs under at least 2 different CPEs for this recipe,
but neither of them is python:m2crypto (the default CVE_PRODUCT).
See CVE db query:
sqlite> select * from products where PRODUCT like '%m2crypto%';
CVE-2009-0127|heikkitoivonen|m2crypto|-|||
CVE-2020-25657|m2crypto_project|m2crypto|-|||
CVE-2023-50781|m2crypto_project|m2crypto|-|||
Set the CVE_PRODUCT to match the relevant CPEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with twisted:twisted CPE, so the
default python:twisted CPE doesn't match any entries.
See CVE db query:
sqlite> select * from products where PRODUCT = 'twisted';
CVE-2014-7143|twisted|twisted|14.0.0|=||
CVE-2016-1000111|twisted|twisted|||16.3.1|<
CVE-2019-12387|twisted|twisted|||19.2.1|<
CVE-2019-12855|twisted|twisted|||19.2.1|<=
CVE-2020-10108|twisted|twisted|||19.10.0|<=
CVE-2020-10109|twisted|twisted|||19.10.0|<=
CVE-2022-21712|twisted|twisted|11.1.0|>=|22.1.0|<
CVE-2022-21716|twisted|twisted|21.7.0|>=|22.2.0|<
CVE-2022-24801|twisted|twisted|||22.4.0|<
CVE-2022-39348|twisted|twisted|0.9.4|>=|22.10.0|<
CVE-2023-46137|twisted|twisted|||22.8.0|<=
CVE-2024-41810|twisted|twisted|||24.3.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one relevant CVE tracked using the simplejson_prject:simplejson
CPE, and no entries tracked with python:simplejson.
See CVE db query:
sqlite> select * from products where PRODUCT like '%simplejson%';
CVE-2014-4616|simplejson_project|simplejson|||2.6.1|<
Set the CVE_PRODUCT accordingly
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are relevant CVEs tracked under two different CPEs:
python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed).
See CVE db query:
sqlite> select * from products where PRODUCT = 'virtualenv';
CVE-2011-4617|python|virtualenv|||1.4.9|<=
CVE-2011-4617|python|virtualenv|0.8|=||
CVE-2011-4617|python|virtualenv|0.8.1|=||
CVE-2011-4617|python|virtualenv|0.8.2|=||
CVE-2011-4617|python|virtualenv|0.8.3|=||
CVE-2011-4617|python|virtualenv|0.8.4|=||
CVE-2011-4617|python|virtualenv|0.9|=||
CVE-2011-4617|python|virtualenv|0.9.1|=||
CVE-2011-4617|python|virtualenv|0.9.2|=||
CVE-2011-4617|python|virtualenv|1.0|=||
CVE-2011-4617|python|virtualenv|1.1|=||
CVE-2011-4617|python|virtualenv|1.1.1|=||
CVE-2011-4617|python|virtualenv|1.2|=||
CVE-2011-4617|python|virtualenv|1.3|=||
CVE-2011-4617|python|virtualenv|1.3.1|=||
CVE-2011-4617|python|virtualenv|1.3.2|=||
CVE-2011-4617|python|virtualenv|1.3.3|=||
CVE-2011-4617|python|virtualenv|1.3.4|=||
CVE-2011-4617|python|virtualenv|1.4|=||
CVE-2011-4617|python|virtualenv|1.4.1|=||
CVE-2011-4617|python|virtualenv|1.4.2|=||
CVE-2011-4617|python|virtualenv|1.4.3|=||
CVE-2011-4617|python|virtualenv|1.4.4|=||
CVE-2011-4617|python|virtualenv|1.4.5|=||
CVE-2011-4617|python|virtualenv|1.4.6|=||
CVE-2011-4617|python|virtualenv|1.4.7|=||
CVE-2011-4617|python|virtualenv|1.4.8|=||
CVE-2013-5123|virtualenv|virtualenv|12.0.7|=||
CVE-2024-53899|virtualenv|virtualenv|||20.26.6|<
Set the CVE_PRODUCT so both are matched.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are no CVEs tracked with python:httplib2 CPE, but there
are multiple ones tracked under httplib2_project:hgttplib2 CPE
(and they are related to this recipe).
See CVE db query:
sqlite> select * from products where PRODUCT = 'httplib2';
CVE-2013-2037|httplib2_project|httplib2|||0.7.2|<=
CVE-2013-2037|httplib2_project|httplib2|0.8|=||
CVE-2020-11078|httplib2_project|httplib2|||0.18.0|<
CVE-2021-21240|httplib2_project|httplib2|||0.19.0|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are
tracked by the defaul python:matplotlib CPE).
See CVE db query:
sqlite> select * from products where PRODUCT = 'matplotlib';
CVE-2013-1424|debian|matplotlib|0.99.3-1|>=|1.4.2-3.1|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NIST tracks related CVEs with pyrad_project CPE vendor instead of "python".
Set the CVE_PRODUCT to pyrad, so both can be matched.
See CVE db query:
sqlite> select * from products where PRODUCT = 'pyrad';
CVE-2013-0294|pyrad_project|pyrad|||2.1|<
CVE-2013-0342|pyrad_project|pyrad|||2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where PRODUCT = 'tweepy';
CVE-2012-5825|tweepy|tweepy|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:sqlalchemy CPE fails to match CVEs, because the CVEs
are associated with sqlalchemy:sqlalchemy CPE.
See CVE db query:
sqlite> select * from products where PRODUCT = 'sqlalchemy';
CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<=
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<=
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=||
CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=||
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT for paramiko. The default python:paramiko value
doesn't match CVEs, because the product has its own set of CPEs associated
with CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT = 'paramiko';
CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=||
CVE-2018-1000805|paramiko|paramiko|1.17.6|=||
CVE-2018-1000805|paramiko|paramiko|1.18.5|=||
CVE-2018-1000805|paramiko|paramiko|2.0.8|=||
CVE-2018-1000805|paramiko|paramiko|2.1.5|=||
CVE-2018-1000805|paramiko|paramiko|2.2.3|=||
CVE-2018-1000805|paramiko|paramiko|2.3.2|=||
CVE-2018-1000805|paramiko|paramiko|2.4.1|=||
CVE-2018-7750|paramiko|paramiko|||1.17.6|<
CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|<
CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|<
CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|<
CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|<
CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|<
CVE-2018-7750|paramiko|paramiko|2.4.0|=||
CVE-2022-24302|paramiko|paramiko|||2.10.1|<
CVE-2023-48795|paramiko|paramiko|||3.4.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because
the project's CPE is "tornadoweb:tornado".
See cve db query (docmosis is an irrelevant vendor):
sqlite> select * from products where PRODUCT = 'tornado';
CVE-2012-2374|tornadoweb|tornado|||2.2|<=
CVE-2012-2374|tornadoweb|tornado|1.0|=||
CVE-2012-2374|tornadoweb|tornado|1.0.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.2|=||
CVE-2012-2374|tornadoweb|tornado|1.2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.0|=||
CVE-2012-2374|tornadoweb|tornado|2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.1.1|=||
CVE-2014-9720|tornadoweb|tornado|||3.2.2|<
CVE-2023-25264|docmosis|tornado|||2.9.5|<
CVE-2023-25265|docmosis|tornado|||2.9.5|<
CVE-2023-25266|docmosis|tornado|||2.9.5|<
CVE-2023-28370|tornadoweb|tornado|||6.3.2|<
CVE-2024-42733|docmosis|tornado|||2.9.7|<=
CVE-2024-52804|tornadoweb|tornado|||6.4.2|<
CVE-2025-47287|tornadoweb|tornado|||6.5.0|<
CVE-2025-67724|tornadoweb|tornado|||6.5.3|<
CVE-2025-67725|tornadoweb|tornado|||6.5.3|<
CVE-2025-67726|tornadoweb|tornado|||6.5.3|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default, "python:cbor2" CVE_PRODUCT is not appropriate for this
recipe, because most associated CVEs use "agronholm:cbor2" CPE.
Set the CVE_PRODUCT to cbor2, so it will match the currently used
CPE, and in case there will be future python:cbor2 CPEs also, they
will be matched too.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2025.
Changelog:
===========
- Drop Python 3.9 compatibility and add Pyton 3.15 support
- Improve XPath sequence internal processing with a list derived type xlist
- Extensions and fixes for XSD datatypes
- Add XSequence datatype for external representation of XPath sequences
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Added: the JSON report now includes a "start_line" key for function and class
regions, indicating the first line of the region in the source.
- Added: The debug data command now takes file names as arguments on the
command line, so you can inspect specific data files without needing to set
the COVERAGE_FILE environment variable.
- Fix: the JSON report used to report module docstrings as executed lines,
which no other report did, as described in issue 2105.
- Fix: coverage.py uses a more disciplined approach to detecting where
third-party code is installed, and avoids measuring it.
- Performance: data files that will be combined now record their hash as part
of the file name. This lets us skip duplicate data more quickly, speeding the
combining step.
- Docs: added a section explaining more about what is considered a missing
branch and how it is reported: Examples of missing branches, as requested in
issue 1597.
- Tests: the test suite misunderstood what core was being tested if
COVERAGE_CORE wasn't set on 3.14+.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bug fixes
~~~~~~~~~
- The "in" operator for "HTTPHeaders" was incorrectly case-sensitive, causing
lookups to fail for headers with different casing than the original header name.
This was a regression in version 6.5.3 and has been fixed to restore the intended
case-insensitive behavior from version 6.5.2 and earlier.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
FIX: Changes in tests to accommodate latest Python HTML parser changes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Python 3.14 added.
- Fix SystemError: buffer overflow on Python 3.14+ on 64-bit systems by using
c_ulong instead of c_uint32 for I2C_FUNCS ioctl.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Add support for Python 3.14 and drop EOL 3.8 and 3.9
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Use lowercase lookup for archmap
- Add support for Python 3.13
- Add UV Virtual Environment support
- Use sh instead of bash
- Replace additional use of which(1) with shutil.which()
- Support leading v in .node-version
- Check host platform when finding node version
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- The Memory object won't overwrite an already existing .gitignore file in its
cache directory anymore.
- Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive
memory allocation and potential crashes by limiting the allowed length of the
expression and the maximum numeric value of sub-expressions and not evaluating
expressions with non-numeric literals.
- Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined
abstract base classes and type annotations in Python 3.14+.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added
------
- Add locale support for decimal separator in intword
- Add support for Python 3.15
Changed
--------
- Replace pre-commit with prek
Fixed
------
- naturaldelta: round the value to nearest unit that makes sense
- Fix plural form for intword and improve performance
- Replace Exception with more specific FileNotFoundError
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
Features
---------
- Adding Agent Identity bound token support and handling certificate mismatches
with retries
- support Python 3.14
- add ecdsa p-384 support
- MDS connections use mTLS
- Implement token revocation in STS client and add revoke() method to
ExternalAccountAuthorizedUser credentials
- Add shlex to correctly parse executable commands with spaces
Bug Fixes
---------
- Use public refresh method for source credentials in ImpersonatedCredentials
- Add temporary patch to workload cert logic to accomodate Cloud Run
mis-configuration
- Delegate workload cert and key default lookup to helper function
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Fix license information displayed on PyPI be using an updated version of twine for uploading.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
LIC_FILES_CHKSUM changed as LICENSE file format has been changed in 8.7.1
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
pytest-metadata version 2.0.2 has a bug where it tries to access
py.__version__, but the py library version 1.11.0
removed the __version__ attribute. This is a known incompatibility.
Switch to hatching build backend
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Feature: coverage.py now supports .coveragerc.toml
- Fix: we now include a permanent .pth file which is installed with the code
- Deprecated: when coverage.py is installed, it creates three command entry
points: coverage, coverage3, and coverage-3.10 (if installed for Python
3.10). The second and third of these are not needed and will eventually be
removed. They still work for now, but print a message about their deprecation.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
LICENSE CHKSUM has been changed as title was added in new LICENSE file.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This tweak was specific to clang-16, its no longer needed
moreover, setup.py is no longer there in latest 0.19.x
release
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog
- The project has been completely refactored to use the Zstandard implementation from the standard library ([PEP-784](https://peps.python.org/pep-0784/))
- The refactor has some minor impact on public APIs, such as changing the exception raised on invalid input
2. Drop 0001-Bump-setuptools-dependency-from-74-to-89.patch as setuptools in requires was removed in pyproject.toml
3. HOMEPAGE has been changed to https://github.com/Rogdham/pyzstd.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2025
Changelog:
===========
- pytest required version is now 9.
- Explicit support for python 3.14.
- match_params parameter is now available on responses and callbacks
registration, as well as request(s) retrieval. Allowing to provide query
parameters as a dict instead of being part of the matched URL.
- This parameter allows to perform partial query params matching (refer to
documentation for more information).
- URL with more than one value for the same parameter were not matched properly
(matching was performed on the first value).
- httpx_mock.add_exception is now properly documented (accepts BaseException
instead of Exception).
- pytest 8 is not supported anymore.
- python 3.9 is not supported anymore.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
* Fix: Message Type 24 Part B: Detecting MMSI as auxiliary
* add support for AIS Message Type 24 Part B auxiliary craft variant
* auxiliary craft now decode mothership MMSI instead of vessel dimensions
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bug fix:
Ensure URL validator is case-insensitive when using custom schemes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Drop support for Python 3.9.
- Switch to distributing manylinux_2_28 wheels instead of manylinux2014
wheels. Likewise, switch from musllinux_1_1 to 1_2.
- Add initial support for free-threaded builds of CPython 3.14.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add support for INT VFrameFormat
- Check ./tests directory with ruff
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Make RE PCRE compatible.
- Only execute Python interpreters
- fish: set variable scope to local to avoid clobbering global or universal variables
- Documentation and help improvements
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- Fix resolver garbage collection during pending queries (#211)
- Prevents resolver from being garbage collected while queries are in progress
- Socket callback optimizations (#172)
- Improved performance for socket state handling
- Fixed RTD links (#176)
- Added Python 3.14 to the CI (#212)
- Updated dependencies- Fix resolver garbage collection during pending queries (#211)
- Prevents resolver from being garbage collected while queries are in progress
- Socket callback optimizations (#172)
- Improved performance for socket state handling
- Fixed RTD links (#176)
- Added Python 3.14 to the CI (#212)
- Updated dependencies
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 6.7.0:
- Updated tests and added CI for CPython 3.14
From 6.6.4:
- Fixed MutliDict & CIMultiDict memory leak when deleting values
or clearing them
- The type preciseness coverage report generated by MyPy is now
uploaded to Coveralls and will not be included in the Codecov
views going forward
- Added memory leak test for popping or deleting attributes from
a multidict to prevent future issues or bogus claims
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 3.1.2:
- Fix pickling of abstract base classes containing type annotations
for Python 3.14.
License-Update: Use file LICENSE
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==============
- safe_join on Windows does not allow special device names. This prevents
reading from these when using send_from_directory. secure_filename already
prevented writing to these.
- The debugger pin fails after 10 attempts instead of 11.
- The multipart form parser handles a \r\n sequence at a chunk boundary.
- Improve CPU usage during Watchdog reloader.
- Request.json annotation is more accurate.
- Traceback rendering handles when the line number is beyond the available
source lines.
- HTTPException.get_response annotation and doc better conveys the distinction
between WSGI and sans-IO responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
Enhancements
---------------
* Add support for Python 3.14.
* Add type annotations to top-level API functions and include py.typed marker
for PEP 561 compliance, enabling type checking with mypy and other tools
* Add pre-commit hook support. sqlparse can now be used as a pre-commit hook
to automatically format SQL files. The CLI now supports multiple files and
an '--in-place' flag for in-place editing
* Add 'ATTACH' and 'DETACH' to PostgreSQL keywords
* Add 'INTERSECT' to close keywords in WHERE clause
* Support 'REGEXP BINARY' comparison operator
Bug Fixes
----------
* Add additional protection against denial of service attacks when parsing
very large lists of tuples. This enhances the existing recursion protections
with configurable limits for token processing to prevent DoS through
algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,
MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)
if needed for legitimate large SQL statements.
* Remove shebang from cli.py and remove executable flag
* Fix strip_comments not removing all comments when input contains only
comments
* Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END
blocks
* Fix splitting on semicolons inside BEGIN...END blocks
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Fix several issues in ThreadDecoder.c
- Fix the double call of Ppmd7_Free from both Ppmd7T_Free and Ppmd7Decoder_dealloc
- Fix the double call of Ppmd8_Free from both Ppmd8T_Free and Ppmd8Decoder_dealloc
- Fix the issue in PyPY
- Fix initialization order in ffi_build.py
- Fix eof handling in cffi_ppmd.py
- Add support for Python 3.14
- Add compile and link flag for building C++ with -pthread
- Minimum required python to be 3.10
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
full support for python 3.14 and a number of packages (like mypy) have been updated.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Support for python 3.14
- ci: fix test and release workflows
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
* When using one of the lxml tree builders, you can pass in
huge_tree=True to disable lxml's security restrictions and process
files that include huge text nodes.
* The html.parser tree builder processes numeric character entities
using the algorithm described in the HTML spec.
* Added a general test of the html.parser tree builder's ability to
turn any parsing exception from html.parser into a
ParserRejectedMarkup exception.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Support examples property from field metadata
- Officially support Python 3.14
- Drop support for Python 3.9
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===============
- Added support for asyncio's task call graphs on Python 3.14 and later when
using AnyIO's task groups
- Added an asynchronous implementation of the functools module
- Added support for uvloop=True on Windows via the winloop implementation
- Added support for use as a context manager to anyio.lowlevel.RunVar
- Added __all__ declarations to public submodules (anyio.lowlevel etc.)
- Added the ability to set the token count of a CapacityLimiter to zero
- Added parameters case_sensitive and recurse_symlinks along with support for
path-like objects to anyio.Path.glob() and anyio.Path.rglob()
- Dropped sniffio as a direct dependency and added the get_available_backends()
function
- Fixed Process.stdin.send() not raising ClosedResourceError and
BrokenResourceError on asyncio. Previously, a non-AnyIO exception was raised
in such cases
- Fixed Process.stdin.send() not checkpointing before writing data on asyncio
- Fixed a race condition where cancelling a Future from
BlockingPortal.start_task_soon() would sometimes not cancel the async function
- Fixed the presence of the pytest plugin causing breakage with older versions
of pytest (<= 6.1.2)
- Fixed a rarely occurring RuntimeError: Set changed size during iteration while
shutting down the process pool when using the asyncio backend
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.7.0:
- Update unparser to harmonize output across revisions and handle
python 3.12+ features
- Fix support for TypeVar, TypeVarTupe and ParamSpec
- Support t-string from python 3.14
- Adjust test incompatible with py2
- Support _field_types field for every AST class
- Make gast.dump more generic across python version
- Only pass existing attributes as keyword parameters in gast_to_ast
- Initial oss-fuzz integration
- Support [g]ast.get_source_segment
- Fix gast.get_docstring implementation
- Initialize ast node with known fields to avoid deprecation warning
in Python 3.13
- Add missing type_params attribute for ClassDef node before
Python 3.12
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 1.1.0:
- Add support for Python 3.14, PyPy 3.11
- Drop support for Python 3.8, PyPy 3.8
- Add note about project status (alive and maintained, but inactive)
- Use yield from in merge_sorted to improve performance
- Fix bug in partition_all when __len__ is incorrect; now raise
IndexError
- Modernization
Fixes:
WARNING: python3-toolz-1.1.0-r0 do_check_backend: QA Issue:
inherits setuptools3 but has pyproject.toml with
setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It depends on mpv which depends on ffmpeg needing commercial in
LICENSE_FLAGS_ACCEPTED
Fixes
ERROR: Nothing PROVIDES 'ffmpeg' (but /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-multimedia/mplayer/mpv_0.40.0.bb DEPENDS on or otherwise requires it)
ffmpeg was skipped: Has a restricted license 'commercial' which is not listed in your LICENSE_FLAGS_ACCEPTED.
NOTE: Runtime target 'mpv' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['mpv', 'ffmpeg']
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'python3-mpv', 'mpv', 'ffmpeg']
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jan Claußen <jan.claussen10@web.de>
Svglib is a Python library for reading SVG files and converting them (to a
reasonable degree) to other formats using the ReportLab Open Source toolkit.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cssselect2 is a straightforward implementation of CSS4 Selectors
for markup documents (HTML, XML, etc.) that can be read by ElementTree-like
parsers (including cElementTree, lxml, html5lib, etc.)"
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Tinycss2 is a low-level CSS parser and generator written in
and generate CSS strings corresponding to these objects.
Python: it can parse strings, return objects representing tokens and blocks,
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reportlab is an Open Source Python library for generating PDFs and graphics.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-fastapi at version 0.122.0
python3-fastapi-cli at version 0.0.16
Moved and modified from meta-ros (Thanks Rob Woolley)
- added ptest for fastapi (long run)
- python3-fastapi-cli does have tests,
but also a circular dependency on python-fastapi.
So no ptests for python3-fastapi
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
SoundCard is a library for playing and recording audio without resorting to a CPython extension.
Signed-off-by: Jan Claußen <jan.claussen10@web.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-requests broke the http+unix url scheme with version 2.32.
Their position is that it's the responsibility of consuming libraries
to adopt their new interface. requests-unixsocket 0.4 adapts to the
new interface.
Signed-off-by: Dan McGregor <dan.mcgregor@vecima.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add nativesdk to BBCLASSEXTEND because python3-pikepdf requires
nativesdk-python3-pillow.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Python package description: Run the tests related to the unstaged files or the current branch (according to Git)
More information: https://pypi.org/project/pytest-picked/
Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moved the recipe from meta-homeassistant
- all credits to them
Added ptest
- skip one test that fails on qemu
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Fix colors overlapping with Python 3.14.0+ which enabled colors by default in the help formatter.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Changelog:
https://github.com/pytest-dev/pytest-mock/releases/tag/v3.15.1
2. Remove 0001-Add-asyncio-fixture-to-test_instance_async_method_sp.patch as it has been mergerd upstream.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- The HTML report now shows separate coverage totals for statements and
branches, as well as the usual combined coverage percentage.
- The JSON report now includes separate coverage totals for statements and
branches
- Fix: except* clauses were not handled properly under the "sysmon" measurement
core, causing KeyError exceptions
- Fix: we now defend against aggressive mocking of open() that could cause
errors inside coverage.py.
- Fix: in unusual cases where a test suite intentionally exhausts the system's
file descriptors to test handling errors in open(), coverage.py would fail
when trying to open source files
- A small tweak to the HTML report: file paths now use thin spaces around
slashes to make them easier to read.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added
------
- Added bleak.backends.get_default_backend() and BleakBackend enum for a
centralized backend detection.
- Added BleakClient().backend_id and BleakScanner().backend_id properties to
identify the backend in use.
Changed --------
- Use "AcquireNotify" rather than "StartNotify" for Linux backend on supported
characteristics
- Allow multiple calls to disconnect() on Windows to align behavior over all
backends.
- Raise new BleakBluetoothNotAvailableError when Bluetooth is not supported,
turned off or permission is denied.
Fixed ------
- Fixed potential race condition causing timeout while connecting in WinRT
backend.
- Fixed file handle leak in BlueZ backend when D-Bus connection is lost and
re-established.
- Fixed crash in CoreBluetooth backend if an ObjC delegate callback is called
after the asyncio run loop stops.
- Fixed possible deadlock when starting scanning on Windows when Bluetooth is
turned off.
- Fixed "Bluetooth device is turned off" Exception on macOS, when a Bluetooth
permission request popup is shown to the user by the OS.
Removed ---------
- Removed support for Python 3.9.
- Removed support for macOS < 10.15.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add instructions for Maintainers to create/publish a release
- Replace deprecated datetime.datetime.utcnow()
- Fix typos
- Support of Python 3.14
- Drop support of end-of-life Python 3.9
- More Python version related fixes
- Argparse Python 3.14 enhancements
- Check whether Constant value is str
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- "sync_to_async" gains a "context" parameter, similar to those for
"asyncio.create_task", "TaskGroup" &co, that can be used on Python 3.11+ to
control the context used by the underlying task.
The parent context is already propagated by default but the additional
control is useful if multiple "sync_to_async" calls need to share the same
context, e.g. when used with "asyncio.gather()".
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for v10.0.2:
- Fixed presentation of strings using unparse_content_stream -
if the stream can be represented using PdfDocEncoding, it is
rendered in that way for ease of reading.
- Reformatted C++ source.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add recipe for release 1.4.0:
- Drop support for Python <3.7.
- Add replacements for playing card suits and chess pieces
- Add replacements for U+211F "RESPONSE" and 0x2123 "VERSICLE"
- Fix replacement for U+1D6D5 "MATHEMATICAL BOLD SMALL TAU".
- Fix replacements for U+014A "LATIN CAPITAL LETTER ENG" and
U+014B "LATIN SMALL LETTER ENG".
- Add replacements for U+2103 "DEGREE CELSIUS" and U+2109 "DEGREE
FAHRENHEIT".
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nativesdk-python3-pylddwrap is needed for the dependency tree :
`-> nativesdk-python3-checksec-py
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nativesdk-python3-icontract is needed for the dependency tree :
`-> nativesdk-python3-pylddwrap
`-> nativesdk-python3-checksec-py
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nativesdk-python3-asttokens is needed for the dependency tree :
`-> nativesdk-python3-icontract
`-> nativesdk-python3-pylddwrap
`-> nativesdk-python3-checksec-py
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to version 3.0.1:
- Fixed compilation error in `type_caster_enum_type` when casting
pointer-to-enum types. Added pointer overload to handle
dereferencing before enum conversion.
- Implement binary version of `make_index_sequence` to reduce
template depth requirements for functions with many parameters.
- Subinterpreter-specific exception handling code was removed to
resolve segfaults.
- Fixed issue that caused ``PYBIND11_MODULE`` code to run again if
the module was re-imported after being deleted from
``sys.modules``.
- Prevent concurrent creation of sub-interpreters as a workaround
for stdlib concurrency issues in Python 3.12.
- Fixed potential crash when using `cpp_function` objects with
sub-interpreters.
- Fixed non-entrant check in `implicitly_convertible()`.
- Support C++20 on platforms that have older c++ runtimes.
- Fix compilation with clang on msys2.
- Avoid `nullptr` dereference warning with GCC 13.3.0 and python
3.11.13.
- Fix potential warning about number of threads being too large.
- Fix gcc 11.4+ warning about serial compilation using CMake.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.17.1:
- Fix missing visibility
- Fix incorrect paging computations that occurred when only a
subset of formats was enabled.
- Fix include issue with the COFF format
This work was sponsored by GOVCERT.LU.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
They need a cert infrastructure to execute.
Mutual TLS authentication requires client/server certificates
and a proper PKI setup that doesn't exist in the minimal qemu ptest
environment. These are integration tests that need real
certificate infrastructure.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 12.0.0:
- Fix issue with forward references in parent TypedDict classes
- Exclude fields with exclude_if from JSON Schema required fields
- Revert URL percent-encoding of credentials in the build() method
of the AnyUrl and Dsn types
- Add type inference for IP address types
- Avoid getting default values from defaultdict
- Fix issue with field serializers on nested typed dictionaries
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release python3-pydantic:
- Fix issue with forward references in parent TypedDict classes
- Exclude fields with exclude_if from JSON Schema required fields
- Revert URL percent-encoding of credentials in the build() method
of the AnyUrl and Dsn types
- Add type inference for IP address types
- Avoid getting default values from defaultdict
- Fix issue with field serializers on nested typed dictionaries
- Add more pydantic-core builds for the three-threaded version of
Python 3.14
This work was sponsored by GOVCERT.LU
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.41.5:
- Correct invalid serialization of date/datetime/time/timedelta
by pulling downcast checks up
- Avoid getting default values from defaultdict
- ci: add more 3.14t builds, delete duplicate linux aarch64 build
- JsonValue: Deduplicate keys before populating Dict
- Fix: only percent-encode characters in the userinfo encode set
- Bump jiter from 0.11.0 to 0.11.1
- Bump regex from 1.11.3 to 1.12.2
- Bump percent-encoding from 2.3.1 to 2.3.2
- Fix issue with field_serializers on nested typed dicts
- Clean up GC traversal for some top-level types
- Add type inference for serializing ip address types
- Revert url credential encoding (to be reintroduced as an option
in future)
- optimizations in URL implementation
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It has pyproject.toml asking for setuptools.build.meta backend
Fixes
QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This reverts commit 809cb8f42473ea0ead9074f7d699619f66f13c05.
It causes ptest regression in traitlets as seen here [1]
We will have to fix this regression before we upgrade argcomplete module
[1] https://github.com/ipython/traitlets/issues/925
Signed-off-by: Khem Raj <raj.khem@gmail.com>
pytest 8.4+ is strict about asyncio [1]
however pyzmq is not yet fully ready, and installs its own
pytest.ini, add this to ptests package
Fixes the failures e.g.
async def functions are not natively supported.
You need to install a suitable plugin for your async framework, for example:
- anyio
- pytest-asyncio
- pytest-tornasync
- pytest-trio
- pytest-twisted
FAIL: tests/test_auth.py:TestAsyncioAuthentication.test_deny
[1] https://github.com/pytest-dev/pytest/issues/11372
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- snagrecover:
add support for bcm2711/12 platforms
add support for several AMLogic platforms
add support for AM654x platforms
confirm Allwinner A133 support
- snagfactory:
allow changing target device mid-pipeline
tone down UI colors, increase button sizes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added
---------
Add support for Python 3.15 (and test 3.13t-3.15t)
Set dicts with column-specific config for all column-specific attrs
Add missing type annotations for properties
Use type stubs for wcwidth
Changed
-------
Drop support for Python 3.9
Simplify empty dictionary/None check
Replace pre-commit with prek
Fixed
-------
In add_rows(), check length of array with len()
Fix README for sort_key
Fix filter example
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- Add support for Python 3.14.
- Drop support for Python 3.8 and PyPy 3.10.
- Decouple from marshmallow and add an adapter system to support different
serialization/deserialization libraries
- Add support for Pydantic models as data schemas
- Fix subclassed MethodView resources cannot be added as URL rules
- Add support for API key auth with APIKeyHeaderAuth, APIKeyCookieAuth,
and APIKeyQueryAuth. Add support for runtime selection of authentication
methods with MultiAuth. Deprecate the API key auth with HTTPTokenAuth
- Remove implicit security scheme naming rules
- Remove implicit schema naming change (i.e. 'Schema' suffix stripping)
- Deprecate the EmptySchema class. Use empty dict {} instead
- Remove the deprecated __version__ attribute. Use feature detection or
importlib.metadata.version("apiflask") instead.
- Fix the support for marshmallow DelimitedList field in OpenAPI spec generation
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Added Operations.implementation_for.replace parameter to Operations.
implementation_for(), allowing replacement of existing operation implementations.
- Fixed issue in SQL Server dialect where the DROP that's automatically emitted
for existing default constraints during an ALTER COLUMN needs to take place
before not just the modification of the column's default, but also before the column's type is changed
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.Changelog:
https://github.com/imageio/imageio/releases/tag/v2.37.2
2.The LICENSE_CHECKSUM changed as date of LICENSE Copyright changed.
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
they were sent for meta-security long time ago in 2021:
https://lists.yoctoproject.org/g/yocto/message/54470
but never merged there, now there are lief, docopt, rich, asttokens
already in meta-python and checksec-py depends on lief version, e.g.
976d530867
is needed to fixcompatibility with newer lief currently in meta-python
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The clang does not need option -flax-vector-conversions to
avoid build failure for 32bit arm target
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Moved the recipe from meta-homeassistant to meta-openembedded.
@see: https://github.com/meta-homeassistant/meta-homeassistant/pull/177#issuecomment-3510619876
- version bump from 0.35.0 to 0.38.0 (current latest release)
- added ptests
- patch to skip 5 tests that did not pass the run
- added tests to PTESTS_SLOW_META_PYTHON
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the order of inherited classes, so the nanobuild python module
actually gets built.
Also, put the cmake files into the correct location, i.e.
${libdir}/cmake/nanobind
instead of
${base_libdir}/cmake/python3-nanobind
onnx 1.20.0rc1 uses nanobind and during its build it detects the
presence of the python module, and wants to use the nanobind cmake
module, both of which fail.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Added a patch to remove using CMAKE_BIN_DIR. Instead, use
the fallback to find cmake from PATH.
It's a pre-requisite for building python3-nanobind correctly.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix error:
>>> import grpc
>>> from concurrent import futures
>>> server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
Traceback (most recent call last):
File "<python-input-4>", line 1, in <module>
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
File "/usr/lib64/python3.13/site-packages/grpc/_init_.py", line 2219, in server
from grpc import _server # pylint: disable=cyclic-import
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/site-packages/grpc/_server.py", line 57, in <module>
from typing_extensions import override
ModuleNotFoundError: No module named 'typing_extensions'
>>>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Ignore if-modified-since header if if-none-match is present in StaticFiles
- Relax strictness on Middleware type
- Drop Python 3.9 support
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
Support relative PARNO in recursive subpatterns
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Revert typing change in 'pint.Unit'
- Fix raising exception in 'Quantity.from_tuple' with invalid units
- Several unit definition fixes.
- Add devcontainer.json to add GitHub Codespace support
- Add support for 'numpy.geomspace'
- Add support for 'linalg.diagonal', 'linalg.matrix_transpose', 'diag', 'tril', 'triu', 'linalg.eigvals', 'linalg.eigvalsh', 'linalg.matrix_norm' and 'linalg.vector_norm'
- An example of performing currency conversions that change over time has been added to the docs.
- Add support for 'pint.Quantity' being used as Generic.
- Add a typing and IDE autocomplete page to the documentation.
- Fixed 'nan'/'nan' to return 'nan' rather than 1 in unit conversion
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
- Add __len__ implementation to missing so that it can be used with validate.Length <marshmallow.validate.Length>
- Drop support for Python 3.9
- Test against Python 3.14.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Enable CPython free-threaded wheel builds
- Correct the import of _compression for Python 3.14
- Keep GitHub Actions up to date with GitHub's Dependabot
- Build wheels for Python 3.14
- Fix typos discovered by codespell
- Bump pypa/cibuildwheel from 3.2.0 to 3.2.1 in the github-actions group across 1 directory
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
