Fred Tingaud
d3cfe19d7e
Fix broken or dangerous backquotes
...
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
2023-10-30 10:33:56 +01:00
Arseniy Zaostrovnykh
5c3437e99d
Update Pipfile.lock to latest package versions
...
To address Dependabot reports
2023-10-16 12:28:49 +00:00
dependabot[bot]
1430fad659
Bump gitpython from 3.1.32 to 3.1.34 in /rspec-tools ( #3020 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython )
from 3.1.32 to 3.1.34.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gitpython-developers/GitPython/releases ">gitpython's
releases</a>.</em></p>
<blockquote>
<h2>3.1.34 - fix resource leaking</h2>
<h2>What's Changed</h2>
<ul>
<li>util: close lockfile after opening successfully by <a
href="https://github.com/skshetry "><code>@skshetry</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1639 ">gitpython-developers/GitPython#1639</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/skshetry "><code>@skshetry</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1639 ">gitpython-developers/GitPython#1639</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34 ">https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34 </a></p>
<h2>v3.1.33 - with security fix</h2>
<h2>What's Changed</h2>
<ul>
<li>WIP Quick doc by <a
href="https://github.com/LeoDaCoda "><code>@LeoDaCoda</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1608 ">gitpython-developers/GitPython#1608</a></li>
<li>Partial clean up wrt mypy and black by <a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1617 ">gitpython-developers/GitPython#1617</a></li>
<li>Disable merge_includes in config writers by <a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1618 ">gitpython-developers/GitPython#1618</a></li>
<li>feat: full typing for "progress" parameter in Repo class
by <a
href="https://github.com/madebylydia "><code>@madebylydia</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1634 ">gitpython-developers/GitPython#1634</a></li>
<li>Fix CVE-2023-40590 by <a
href="https://github.com/EliahKagan "><code>@EliahKagan</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1636 ">gitpython-developers/GitPython#1636</a></li>
<li><a
href="https://redirect.github.com/gitpython-developers/GitPython/issues/1566 ">#1566</a>
Creating a lock now uses python built-in "open()" method to
work arou… by <a
href="https://github.com/HageMaster3108 "><code>@HageMaster3108</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1619 ">gitpython-developers/GitPython#1619</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/LeoDaCoda "><code>@LeoDaCoda</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1608 ">gitpython-developers/GitPython#1608</a></li>
<li><a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1617 ">gitpython-developers/GitPython#1617</a></li>
<li><a
href="https://github.com/EliahKagan "><code>@EliahKagan</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1636 ">gitpython-developers/GitPython#1636</a></li>
<li><a
href="https://github.com/HageMaster3108 "><code>@HageMaster3108</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1619 ">gitpython-developers/GitPython#1619</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.33 ">https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.33 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a2ae7768247147406a5https://redirect.github.com/gitpython-developers/GitPython/issues/1639 ">#1639</a>
from skshetry/close-lockfile</li>
<li><a
href="3e829eb516f882cd8422993f04588aa1c472bd31https://redirect.github.com/gitpython-developers/GitPython/issues/1619 ">#1619</a>
from HageMaster3108/bugfix/use-python-builtin-open-m...</li>
<li><a
href="70924c42658b75434e2chttps://redirect.github.com/gitpython-developers/GitPython/issues/1636 ">#1636</a>
from EliahKagan/cve-2023-40590</li>
<li><a
href="7611cd909b94e0fb0794https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.34 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-22 19:31:23 +02:00
dependabot[bot]
a905672e30
[dependabot] Bump gitpython from 3.1.30 to 3.1.32 in /rspec-tools ( #2870 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython )
from 3.1.30 to 3.1.32.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gitpython-developers/GitPython/releases ">gitpython's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.32 - with another security update</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump cygwin/cygwin-install-action from 3 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1572 ">gitpython-developers/GitPython#1572</a></li>
<li>Fix up the commit trailers functionality by <a
href="https://github.com/itsluketwist "><code>@itsluketwist</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1576 ">gitpython-developers/GitPython#1576</a></li>
<li>Name top-level exceptions as private variables by <a
href="https://github.com/Hawk777 "><code>@Hawk777</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1590 ">gitpython-developers/GitPython#1590</a></li>
<li>fix pypi long description by <a
href="https://github.com/eUgEntOptIc44 "><code>@eUgEntOptIc44</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1603 ">gitpython-developers/GitPython#1603</a></li>
<li>Don't rely on <strong>del</strong> by <a
href="https://github.com/r-darwish "><code>@r-darwish</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1606 ">gitpython-developers/GitPython#1606</a></li>
<li>Block insecure non-multi options in clone/clone_from by <a
href="https://github.com/Beuc "><code>@Beuc</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1609 ">gitpython-developers/GitPython#1609</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Hawk777 "><code>@Hawk777</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1590 ">gitpython-developers/GitPython#1590</a></li>
<li><a
href="https://github.com/eUgEntOptIc44 "><code>@eUgEntOptIc44</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1603 ">gitpython-developers/GitPython#1603</a></li>
<li><a href="https://github.com/r-darwish "><code>@r-darwish</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1606 ">gitpython-developers/GitPython#1606</a></li>
<li><a href="https://github.com/Beuc "><code>@Beuc</code></a> made their
first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1609 ">gitpython-developers/GitPython#1609</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32 ">https://github.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32 </a></p>
<h2>3.1.31</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix Sphinx rendering errors by <a
href="https://github.com/stephan-cr "><code>@stephan-cr</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1524 ">gitpython-developers/GitPython#1524</a></li>
<li>tests: Use <code>command -v</code> instead of third-party
<code>which</code> program by <a
href="https://github.com/mgorny "><code>@mgorny</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1525 ">gitpython-developers/GitPython#1525</a></li>
<li>fix/add allow_unsafe_* params in docstrings + fix typo by <a
href="https://github.com/obfusk "><code>@obfusk</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1530 ">gitpython-developers/GitPython#1530</a></li>
<li>use tempfile.TemporaryDirectory & fix clone_from_unsafe_protocol
tests by <a href="https://github.com/obfusk "><code>@obfusk</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1531 ">gitpython-developers/GitPython#1531</a></li>
<li>Fix some resource leaks by open file handles by <a
href="https://github.com/marlamb "><code>@marlamb</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1532 ">gitpython-developers/GitPython#1532</a></li>
<li>fix files list on file rename by <a
href="https://github.com/teknoraver "><code>@teknoraver</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1537 ">gitpython-developers/GitPython#1537</a></li>
<li>Declare support for Python 3.11 by <a
href="https://github.com/hugovk "><code>@hugovk</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1541 ">gitpython-developers/GitPython#1541</a></li>
<li>Fix ignored by <a
href="https://github.com/Lightborne "><code>@Lightborne</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1545 ">gitpython-developers/GitPython#1545</a></li>
<li>Fix timezone parsing functions for non-hour timezones by <a
href="https://github.com/jcowgill "><code>@jcowgill</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1547 ">gitpython-developers/GitPython#1547</a></li>
<li>Enable user to override default diff -M arg by <a
href="https://github.com/mellowed100 "><code>@mellowed100</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1551 ">gitpython-developers/GitPython#1551</a></li>
<li>Remove optional from two member variables by <a
href="https://github.com/Sineaggi "><code>@Sineaggi</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1550 ">gitpython-developers/GitPython#1550</a></li>
<li>Fix RecursionError when iterating streams by <a
href="https://github.com/eric-wieser "><code>@eric-wieser</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1554 ">gitpython-developers/GitPython#1554</a></li>
<li>Fix get_values() so it correctly loads section names by <a
href="https://github.com/Codym48 "><code>@Codym48</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1555 ">gitpython-developers/GitPython#1555</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/stephan-cr "><code>@stephan-cr</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1524 ">gitpython-developers/GitPython#1524</a></li>
<li><a href="https://github.com/obfusk "><code>@obfusk</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1530 ">gitpython-developers/GitPython#1530</a></li>
<li><a href="https://github.com/marlamb "><code>@marlamb</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1532 ">gitpython-developers/GitPython#1532</a></li>
<li><a
href="https://github.com/teknoraver "><code>@teknoraver</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1537 ">gitpython-developers/GitPython#1537</a></li>
<li><a
href="https://github.com/Lightborne "><code>@Lightborne</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1545 ">gitpython-developers/GitPython#1545</a></li>
<li><a href="https://github.com/jcowgill "><code>@jcowgill</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1547 ">gitpython-developers/GitPython#1547</a></li>
<li><a
href="https://github.com/mellowed100 "><code>@mellowed100</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1551 ">gitpython-developers/GitPython#1551</a></li>
<li><a href="https://github.com/Sineaggi "><code>@Sineaggi</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1550 ">gitpython-developers/GitPython#1550</a></li>
<li><a href="https://github.com/Codym48 "><code>@Codym48</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1555 ">gitpython-developers/GitPython#1555</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.31 ">https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.31 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5d45ce243aca965ecc81https://redirect.github.com/gitpython-developers/GitPython/issues/1609 ">#1609</a>
from Beuc/block-insecure-options-clone-non-multi</li>
<li><a
href="5c59e0d63dc09a71e2cahttps://redirect.github.com/gitpython-developers/GitPython/issues/1606 ">#1606</a>
from r-darwish/no-del</li>
<li><a
href="a3859ee6f78186159af1741edb5430https://redirect.github.com/gitpython-developers/GitPython/issues/1603 ">#1603</a>
from eUgEntOptIc44/eugenoptic44-fix-pypi-long-descri...</li>
<li><a
href="0c543cd0dd9cd7ddb9606fc11e6e36https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.32 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 11:07:47 +02:00
dependabot[bot]
c841e81ad5
[dependabot] Bump certifi from 2023.5.7 to 2023.7.22 in /rspec-tools ( #2646 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.5.7
to 2023.7.22.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8fb96ed81fafe77220e0https://redirect.github.com/certifi/python-certifi/issues/230 ">#230</a>)</li>
<li><a
href="2038739ad5https://redirect.github.com/certifi/python-certifi/issues/229 ">#229</a>)</li>
<li><a
href="44df761f4chttps://redirect.github.com/certifi/python-certifi/issues/228 ">#228</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 10:00:59 +02:00
dependabot[bot]
b17cbdd8d3
[dependabot] Bump aiohttp from 3.8.4 to 3.8.5 in /rspec-tools ( #2593 )
...
Bumps [aiohttp](https://github.com/aio-libs/aiohttp ) from 3.8.4 to
3.8.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/aiohttp/releases ">aiohttp's
releases</a>.</em></p>
<blockquote>
<h2>3.8.5</h2>
<h2>Security bugfixes</h2>
<ul>
<li>
<p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by
:user:<code>webknjaz</code>
and :user:<code>Dreamsorcerer</code>.</p>
<p>Thanks to :user:<code>sethmlarson</code> for reporting this and
providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
<a
href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w ">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w </a>.</p>
<p>.. _llhttp: <a href="https://llhttp.org ">https://llhttp.org </a></p>
<p>(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7346 ">#7346</a>)</p>
</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Added information to C parser exceptions to show which character
caused the error. -- by :user:<code>Dreamsorcerer</code></p>
<p>(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7366 ">#7366</a>)</p>
</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>
<p>Fixed a transport is :data:<code>None</code> error -- by
:user:<code>Dreamsorcerer</code>.</p>
<p>(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/3355 ">#3355</a>)</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst ">aiohttp's
changelog</a>.</em></p>
<blockquote>
<h1>3.8.5 (2023-07-19)</h1>
<h2>Security bugfixes</h2>
<ul>
<li>
<p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by
:user:<code>webknjaz</code>
and :user:<code>Dreamsorcerer</code>.</p>
<p>Thanks to :user:<code>sethmlarson</code> for reporting this and
providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
<a
href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w ">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w </a>.</p>
<p>.. _llhttp: <a href="https://llhttp.org ">https://llhttp.org </a></p>
<p><code>[#7346 ](https://github.com/aio-libs/aiohttp/issues/7346 )
<https://github.com/aio-libs/aiohttp/issues/7346> ;</code>_</p>
</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Added information to C parser exceptions to show which character
caused the error. -- by :user:<code>Dreamsorcerer</code></p>
<p><code>[#7366 ](https://github.com/aio-libs/aiohttp/issues/7366 )
<https://github.com/aio-libs/aiohttp/issues/7366> ;</code>_</p>
</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>
<p>Fixed a transport is :data:<code>None</code> error -- by
:user:<code>Dreamsorcerer</code>.</p>
<p><code>[#3355 ](https://github.com/aio-libs/aiohttp/issues/3355 )
<https://github.com/aio-libs/aiohttp/issues/3355> ;</code>_</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9c13a52c217c02129567135a45e9d6https://redirect.github.com/aio-libs/aiohttp/issues/7366 ">#7366</a>)
(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7380 ">#7380</a>)</li>
<li><a
href="9337fb3f2ahttps://redirect.github.com/aio-libs/aiohttp/issues/7367 ">#7367</a>)
(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7377 ">#7377</a>)</li>
<li><a
href="f07e9b44b5https://redirect.github.com/aio-libs/aiohttp/issues/7373 ">#7373</a>/66e261a5
backport][3.8] Drop azure mention (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7374 ">#7374</a>)</li>
<li><a
href="01d9b70e54https://redirect.github.com/aio-libs/aiohttp/issues/7370 ">#7370</a>/22c264ce
backport][3.8] fix: Spelling error fixed (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7371 ">#7371</a>)</li>
<li><a
href="3577b1e371https://redirect.github.com/aio-libs/aiohttp/issues/7359 ">#7359</a>/7911f1e9
backport][3.8] Set up secretless publishing to PyPI (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7360 ">#7360</a>)</li>
<li><a
href="8d45f9c995https://redirect.github.com/aio-libs/aiohttp/issues/7333 ">#7333</a>/3a54d378
backport][3.8] Fix TLS transport is <code>None</code> error (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7357 ">#7357</a>)</li>
<li><a
href="dd8e24e773https://redirect.github.com/aio-libs/aiohttp/issues/7343 ">#7343</a>/18057581
backport][3.8] Mention encoding in <code>yarl.URL</code> (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7355 ">#7355</a>)</li>
<li><a
href="40874103ebhttps://redirect.github.com/aio-libs/aiohttp/issues/7346 ">#7346</a>/346fd202
backport][3.8] Bump vendored llhttp to v8.1.1 (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7352 ">#7352</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aio-libs/aiohttp/compare/v3.8.4...v3.8.5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 09:49:51 +02:00
dependabot[bot]
4c40bcdbb2
[dependabot] Bump requests from 2.28.2 to 2.31.0 in /rspec-tools ( #1932 )`
2023-07-17 08:57:11 +02:00
dependabot[bot]
6ea89500c1
[dependabot] Bump gitpython from 3.1.24 to 3.1.30 in /rspec-tools ( #1517 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython ) from 3.1.24 to 3.1.30.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases )
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES )
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.24...3.1.30 )
---
updated-dependencies:
- dependency-name: gitpython
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 09:13:56 +01:00
dependabot[bot]
2444379036
Bump certifi from 2022.5.18.1 to 2022.12.7 in /rspec-tools ( #1469 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.5.18.1 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.05.18.1...2022.12.07 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 11:35:36 +01:00
dependabot[bot]
c2d50e0bdf
[dependabot] Bump pyjwt from 2.1.0 to 2.4.0 in /rspec-tools
...
Bumps [pyjwt](https://github.com/jpadilla/pyjwt ) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases )
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.1.0...2.4.0 )
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-25 08:18:02 +02:00
Arseniy Zaostrovnykh
0fe8dffe85
RULEAPI-573: Clean and test script generating for each rule the list of plugins covering it ( #429 )
2021-10-01 14:52:12 +02:00
Arseniy Zaostrovnykh
5f8a2e7ec1
RULEAPI-606: github action and underlying script for adding a new language to an existing rule
2021-09-30 15:47:25 +00:00
dependabot[bot]
c67cba3fb2
Bump urllib3 from 1.26.4 to 1.26.5 in /rspec-tools
2021-06-02 16:19:59 +02:00
dependabot[bot]
1bf9a91837
Bump urllib3 from 1.26.3 to 1.26.4 in /rspec-tools ( #53 )
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 1.26.3 to 1.26.4.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.3...1.26.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-27 08:41:18 +02:00
nicolas-harraudeau-sonarsource
763c935b63
Improve rules' metadata.json validation
2021-02-23 20:41:11 +01:00
Nicolas Harraudeau
de024c5f96
Add RuleCreator to rspec-tools
2021-02-18 11:32:08 +01:00
tomverin
e8530167f5
Check links embeded in adocs files ( #32 )
2021-02-12 15:18:24 +01:00
Nicolas Harraudeau
eb4c97ae97
bootstrap rspec-tools project
2021-01-29 16:05:22 +01:00
Fred Tingaud