Arseniy Zaostrovnykh
5c3437e99d
Update Pipfile.lock to latest package versions
...
To address Dependabot reports
2023-10-16 12:28:49 +00:00
dependabot[bot]
1430fad659
Bump gitpython from 3.1.32 to 3.1.34 in /rspec-tools ( #3020 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython )
from 3.1.32 to 3.1.34.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gitpython-developers/GitPython/releases ">gitpython's
releases</a>.</em></p>
<blockquote>
<h2>3.1.34 - fix resource leaking</h2>
<h2>What's Changed</h2>
<ul>
<li>util: close lockfile after opening successfully by <a
href="https://github.com/skshetry "><code>@skshetry</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1639 ">gitpython-developers/GitPython#1639</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/skshetry "><code>@skshetry</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1639 ">gitpython-developers/GitPython#1639</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34 ">https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34 </a></p>
<h2>v3.1.33 - with security fix</h2>
<h2>What's Changed</h2>
<ul>
<li>WIP Quick doc by <a
href="https://github.com/LeoDaCoda "><code>@LeoDaCoda</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1608 ">gitpython-developers/GitPython#1608</a></li>
<li>Partial clean up wrt mypy and black by <a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1617 ">gitpython-developers/GitPython#1617</a></li>
<li>Disable merge_includes in config writers by <a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1618 ">gitpython-developers/GitPython#1618</a></li>
<li>feat: full typing for "progress" parameter in Repo class
by <a
href="https://github.com/madebylydia "><code>@madebylydia</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1634 ">gitpython-developers/GitPython#1634</a></li>
<li>Fix CVE-2023-40590 by <a
href="https://github.com/EliahKagan "><code>@EliahKagan</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1636 ">gitpython-developers/GitPython#1636</a></li>
<li><a
href="https://redirect.github.com/gitpython-developers/GitPython/issues/1566 ">#1566</a>
Creating a lock now uses python built-in "open()" method to
work arou… by <a
href="https://github.com/HageMaster3108 "><code>@HageMaster3108</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1619 ">gitpython-developers/GitPython#1619</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/LeoDaCoda "><code>@LeoDaCoda</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1608 ">gitpython-developers/GitPython#1608</a></li>
<li><a
href="https://github.com/bodograumann "><code>@bodograumann</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1617 ">gitpython-developers/GitPython#1617</a></li>
<li><a
href="https://github.com/EliahKagan "><code>@EliahKagan</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1636 ">gitpython-developers/GitPython#1636</a></li>
<li><a
href="https://github.com/HageMaster3108 "><code>@HageMaster3108</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1619 ">gitpython-developers/GitPython#1619</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.33 ">https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.33 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a2ae7768247147406a5https://redirect.github.com/gitpython-developers/GitPython/issues/1639 ">#1639</a>
from skshetry/close-lockfile</li>
<li><a
href="3e829eb516f882cd8422993f04588aa1c472bd31https://redirect.github.com/gitpython-developers/GitPython/issues/1619 ">#1619</a>
from HageMaster3108/bugfix/use-python-builtin-open-m...</li>
<li><a
href="70924c42658b75434e2chttps://redirect.github.com/gitpython-developers/GitPython/issues/1636 ">#1636</a>
from EliahKagan/cve-2023-40590</li>
<li><a
href="7611cd909b94e0fb0794https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.34 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-22 19:31:23 +02:00
Fred Tingaud
e261bd4b21
Fix Sonar warnings
...
Fix a bunch of Sonar warnings that somehow appear as "New warnings"
although they are a few years old.
2023-09-22 14:41:56 +00:00
dependabot[bot]
a905672e30
[dependabot] Bump gitpython from 3.1.30 to 3.1.32 in /rspec-tools ( #2870 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython )
from 3.1.30 to 3.1.32.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gitpython-developers/GitPython/releases ">gitpython's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.32 - with another security update</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump cygwin/cygwin-install-action from 3 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1572 ">gitpython-developers/GitPython#1572</a></li>
<li>Fix up the commit trailers functionality by <a
href="https://github.com/itsluketwist "><code>@itsluketwist</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1576 ">gitpython-developers/GitPython#1576</a></li>
<li>Name top-level exceptions as private variables by <a
href="https://github.com/Hawk777 "><code>@Hawk777</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1590 ">gitpython-developers/GitPython#1590</a></li>
<li>fix pypi long description by <a
href="https://github.com/eUgEntOptIc44 "><code>@eUgEntOptIc44</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1603 ">gitpython-developers/GitPython#1603</a></li>
<li>Don't rely on <strong>del</strong> by <a
href="https://github.com/r-darwish "><code>@r-darwish</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1606 ">gitpython-developers/GitPython#1606</a></li>
<li>Block insecure non-multi options in clone/clone_from by <a
href="https://github.com/Beuc "><code>@Beuc</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1609 ">gitpython-developers/GitPython#1609</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Hawk777 "><code>@Hawk777</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1590 ">gitpython-developers/GitPython#1590</a></li>
<li><a
href="https://github.com/eUgEntOptIc44 "><code>@eUgEntOptIc44</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1603 ">gitpython-developers/GitPython#1603</a></li>
<li><a href="https://github.com/r-darwish "><code>@r-darwish</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1606 ">gitpython-developers/GitPython#1606</a></li>
<li><a href="https://github.com/Beuc "><code>@Beuc</code></a> made their
first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1609 ">gitpython-developers/GitPython#1609</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32 ">https://github.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32 </a></p>
<h2>3.1.31</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix Sphinx rendering errors by <a
href="https://github.com/stephan-cr "><code>@stephan-cr</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1524 ">gitpython-developers/GitPython#1524</a></li>
<li>tests: Use <code>command -v</code> instead of third-party
<code>which</code> program by <a
href="https://github.com/mgorny "><code>@mgorny</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1525 ">gitpython-developers/GitPython#1525</a></li>
<li>fix/add allow_unsafe_* params in docstrings + fix typo by <a
href="https://github.com/obfusk "><code>@obfusk</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1530 ">gitpython-developers/GitPython#1530</a></li>
<li>use tempfile.TemporaryDirectory & fix clone_from_unsafe_protocol
tests by <a href="https://github.com/obfusk "><code>@obfusk</code></a>
in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1531 ">gitpython-developers/GitPython#1531</a></li>
<li>Fix some resource leaks by open file handles by <a
href="https://github.com/marlamb "><code>@marlamb</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1532 ">gitpython-developers/GitPython#1532</a></li>
<li>fix files list on file rename by <a
href="https://github.com/teknoraver "><code>@teknoraver</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1537 ">gitpython-developers/GitPython#1537</a></li>
<li>Declare support for Python 3.11 by <a
href="https://github.com/hugovk "><code>@hugovk</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1541 ">gitpython-developers/GitPython#1541</a></li>
<li>Fix ignored by <a
href="https://github.com/Lightborne "><code>@Lightborne</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1545 ">gitpython-developers/GitPython#1545</a></li>
<li>Fix timezone parsing functions for non-hour timezones by <a
href="https://github.com/jcowgill "><code>@jcowgill</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1547 ">gitpython-developers/GitPython#1547</a></li>
<li>Enable user to override default diff -M arg by <a
href="https://github.com/mellowed100 "><code>@mellowed100</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1551 ">gitpython-developers/GitPython#1551</a></li>
<li>Remove optional from two member variables by <a
href="https://github.com/Sineaggi "><code>@Sineaggi</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1550 ">gitpython-developers/GitPython#1550</a></li>
<li>Fix RecursionError when iterating streams by <a
href="https://github.com/eric-wieser "><code>@eric-wieser</code></a> in
<a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1554 ">gitpython-developers/GitPython#1554</a></li>
<li>Fix get_values() so it correctly loads section names by <a
href="https://github.com/Codym48 "><code>@Codym48</code></a> in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1555 ">gitpython-developers/GitPython#1555</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/stephan-cr "><code>@stephan-cr</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1524 ">gitpython-developers/GitPython#1524</a></li>
<li><a href="https://github.com/obfusk "><code>@obfusk</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1530 ">gitpython-developers/GitPython#1530</a></li>
<li><a href="https://github.com/marlamb "><code>@marlamb</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1532 ">gitpython-developers/GitPython#1532</a></li>
<li><a
href="https://github.com/teknoraver "><code>@teknoraver</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1537 ">gitpython-developers/GitPython#1537</a></li>
<li><a
href="https://github.com/Lightborne "><code>@Lightborne</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1545 ">gitpython-developers/GitPython#1545</a></li>
<li><a href="https://github.com/jcowgill "><code>@jcowgill</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1547 ">gitpython-developers/GitPython#1547</a></li>
<li><a
href="https://github.com/mellowed100 "><code>@mellowed100</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1551 ">gitpython-developers/GitPython#1551</a></li>
<li><a href="https://github.com/Sineaggi "><code>@Sineaggi</code></a>
made their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1550 ">gitpython-developers/GitPython#1550</a></li>
<li><a href="https://github.com/Codym48 "><code>@Codym48</code></a> made
their first contribution in <a
href="https://redirect.github.com/gitpython-developers/GitPython/pull/1555 ">gitpython-developers/GitPython#1555</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.31 ">https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.31 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5d45ce243aca965ecc81https://redirect.github.com/gitpython-developers/GitPython/issues/1609 ">#1609</a>
from Beuc/block-insecure-options-clone-non-multi</li>
<li><a
href="5c59e0d63dc09a71e2cahttps://redirect.github.com/gitpython-developers/GitPython/issues/1606 ">#1606</a>
from r-darwish/no-del</li>
<li><a
href="a3859ee6f78186159af1741edb5430https://redirect.github.com/gitpython-developers/GitPython/issues/1603 ">#1603</a>
from eUgEntOptIc44/eugenoptic44-fix-pypi-long-descri...</li>
<li><a
href="0c543cd0dd9cd7ddb9606fc11e6e36https://github.com/gitpython-developers/GitPython/compare/3.1.30...3.1.32 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 11:07:47 +02:00
dependabot[bot]
c841e81ad5
[dependabot] Bump certifi from 2023.5.7 to 2023.7.22 in /rspec-tools ( #2646 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.5.7
to 2023.7.22.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8fb96ed81fafe77220e0https://redirect.github.com/certifi/python-certifi/issues/230 ">#230</a>)</li>
<li><a
href="2038739ad5https://redirect.github.com/certifi/python-certifi/issues/229 ">#229</a>)</li>
<li><a
href="44df761f4chttps://redirect.github.com/certifi/python-certifi/issues/228 ">#228</a>)</li>
<li>See full diff in <a
href="https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 10:00:59 +02:00
dependabot[bot]
b17cbdd8d3
[dependabot] Bump aiohttp from 3.8.4 to 3.8.5 in /rspec-tools ( #2593 )
...
Bumps [aiohttp](https://github.com/aio-libs/aiohttp ) from 3.8.4 to
3.8.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/aiohttp/releases ">aiohttp's
releases</a>.</em></p>
<blockquote>
<h2>3.8.5</h2>
<h2>Security bugfixes</h2>
<ul>
<li>
<p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by
:user:<code>webknjaz</code>
and :user:<code>Dreamsorcerer</code>.</p>
<p>Thanks to :user:<code>sethmlarson</code> for reporting this and
providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
<a
href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w ">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w </a>.</p>
<p>.. _llhttp: <a href="https://llhttp.org ">https://llhttp.org </a></p>
<p>(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7346 ">#7346</a>)</p>
</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Added information to C parser exceptions to show which character
caused the error. -- by :user:<code>Dreamsorcerer</code></p>
<p>(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7366 ">#7366</a>)</p>
</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>
<p>Fixed a transport is :data:<code>None</code> error -- by
:user:<code>Dreamsorcerer</code>.</p>
<p>(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/3355 ">#3355</a>)</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst ">aiohttp's
changelog</a>.</em></p>
<blockquote>
<h1>3.8.5 (2023-07-19)</h1>
<h2>Security bugfixes</h2>
<ul>
<li>
<p>Upgraded the vendored copy of llhttp_ to v8.1.1 -- by
:user:<code>webknjaz</code>
and :user:<code>Dreamsorcerer</code>.</p>
<p>Thanks to :user:<code>sethmlarson</code> for reporting this and
providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
<a
href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w ">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w </a>.</p>
<p>.. _llhttp: <a href="https://llhttp.org ">https://llhttp.org </a></p>
<p><code>[#7346 ](https://github.com/aio-libs/aiohttp/issues/7346 )
<https://github.com/aio-libs/aiohttp/issues/7346> ;</code>_</p>
</li>
</ul>
<h2>Features</h2>
<ul>
<li>
<p>Added information to C parser exceptions to show which character
caused the error. -- by :user:<code>Dreamsorcerer</code></p>
<p><code>[#7366 ](https://github.com/aio-libs/aiohttp/issues/7366 )
<https://github.com/aio-libs/aiohttp/issues/7366> ;</code>_</p>
</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>
<p>Fixed a transport is :data:<code>None</code> error -- by
:user:<code>Dreamsorcerer</code>.</p>
<p><code>[#3355 ](https://github.com/aio-libs/aiohttp/issues/3355 )
<https://github.com/aio-libs/aiohttp/issues/3355> ;</code>_</p>
</li>
</ul>
<hr />
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9c13a52c217c02129567135a45e9d6https://redirect.github.com/aio-libs/aiohttp/issues/7366 ">#7366</a>)
(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7380 ">#7380</a>)</li>
<li><a
href="9337fb3f2ahttps://redirect.github.com/aio-libs/aiohttp/issues/7367 ">#7367</a>)
(<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7377 ">#7377</a>)</li>
<li><a
href="f07e9b44b5https://redirect.github.com/aio-libs/aiohttp/issues/7373 ">#7373</a>/66e261a5
backport][3.8] Drop azure mention (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7374 ">#7374</a>)</li>
<li><a
href="01d9b70e54https://redirect.github.com/aio-libs/aiohttp/issues/7370 ">#7370</a>/22c264ce
backport][3.8] fix: Spelling error fixed (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7371 ">#7371</a>)</li>
<li><a
href="3577b1e371https://redirect.github.com/aio-libs/aiohttp/issues/7359 ">#7359</a>/7911f1e9
backport][3.8] Set up secretless publishing to PyPI (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7360 ">#7360</a>)</li>
<li><a
href="8d45f9c995https://redirect.github.com/aio-libs/aiohttp/issues/7333 ">#7333</a>/3a54d378
backport][3.8] Fix TLS transport is <code>None</code> error (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7357 ">#7357</a>)</li>
<li><a
href="dd8e24e773https://redirect.github.com/aio-libs/aiohttp/issues/7343 ">#7343</a>/18057581
backport][3.8] Mention encoding in <code>yarl.URL</code> (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7355 ">#7355</a>)</li>
<li><a
href="40874103ebhttps://redirect.github.com/aio-libs/aiohttp/issues/7346 ">#7346</a>/346fd202
backport][3.8] Bump vendored llhttp to v8.1.1 (<a
href="https://redirect.github.com/aio-libs/aiohttp/issues/7352 ">#7352</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aio-libs/aiohttp/compare/v3.8.4...v3.8.5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/SonarSource/rspec/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-21 09:49:51 +02:00
Jonas Wielage
b4fa02a24c
Added secrets language to LANG_TO_SOURCE dict ( #2820 )
2023-08-08 09:44:10 +02:00
Michael Jabbour
32232051fd
Add clean code taxonomy properties to metadata schema ( #2792 )
2023-08-04 16:55:03 +02:00
dependabot[bot]
4c40bcdbb2
[dependabot] Bump requests from 2.28.2 to 2.31.0 in /rspec-tools ( #1932 )`
2023-07-17 08:57:11 +02:00
Amélie Renard
b724d1f7c4
RULEAPI-791 LaYC: add "External coding guidelines" subtitle in the "Resources" section ( #2454 )
2023-07-13 18:18:01 +02:00
Fred Tingaud
51369b610e
Make sure that includes are always surrounded by empty lines ( #2270 )
...
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
2023-06-22 10:38:01 +02:00
Fred Tingaud
35036fffff
Add check that each section is used only once
...
There was already a check for section duplication, but only in "How to
fix it". This changes the test to cover all sections.
And fixing the rules that this new validation fails on.
Also making test_modify_rule.py run on Windows.
---------
Co-authored-by: Christophe Zürn <36889251+christophe-zurn-sonarsource@users.noreply.github.com>
2023-06-13 18:03:28 +02:00
hendrik-buchwald-sonarsource
a315e5de4c
Add review checklist
...
This PR adds a small checklist for new PRs that will make it more
visible what parts of the RSPEC were reviewed.
2023-06-06 17:04:39 +02:00
Christophe Zürn
fb4ba0d61d
Update README and validation to reflect new guidelines ( #1951 )
...
Co-authored-by: Elena Vilchik <elena.vilchik@sonarsource.com>
2023-05-30 11:00:48 +02:00
Rudy Regazzoni
2f521d1490
Modify LANG_TO_SOURCE map to have azureresourcemanager to bicep ( #1838 )
2023-05-08 10:53:52 +02:00
Victor
fe961619f9
migrate rule descriptions to new education format
2023-05-05 16:29:04 +02:00
Christophe Zurn
62f01f07fe
Update documentation, disallow standard rule format, add allowed sections in 'Why is it an issue?'
2023-05-05 16:29:04 +02:00
Christophe Zurn
daea3fea27
RULEAPI-785 RSPEC: education format "How to fix it" section should be optional
2023-05-05 16:29:04 +02:00
Rudy Regazzoni
d6a6439e46
Add bicep and json for language support in code example ( #1830 )
2023-05-05 11:12:16 +02:00
Rudy Regazzoni
31f3a23b45
Add language AzureResourceManager as a supported language ( #1827 )
2023-05-04 11:55:34 +02:00
Costin Zaharia
5352da5b03
Add Benchmarks as a supported section on Resources ( #1812 )
2023-04-27 10:07:31 +02:00
Ilia Kebets
bed9ace665
Add diff view properties to new rule templates ( #1721 )
2023-04-04 15:14:28 +02:00
Ilia Kebets
d7103794f2
Update "create new rule" action template to education format ( #1632 )
2023-03-10 16:17:05 +01:00
Ilia Kebets
c80d7f3b4c
Add checks for education format ( #1607 )
2023-03-07 17:16:47 +01:00
Christophe Zürn
47ba59f3b5
RULEAPI-766 Add documentation and integrity checks for new education rule descriptions format ( #1098 )
2023-03-02 18:07:54 +01:00
Roberto Orlandi
dc83422098
SONARSEC-3040 Update checks and documentation to fit new rule format ( #1004 )
2023-03-02 18:07:54 +01:00
dependabot[bot]
6ea89500c1
[dependabot] Bump gitpython from 3.1.24 to 3.1.30 in /rspec-tools ( #1517 )
...
Bumps [gitpython](https://github.com/gitpython-developers/GitPython ) from 3.1.24 to 3.1.30.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases )
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES )
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.24...3.1.30 )
---
updated-dependencies:
- dependency-name: gitpython
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-01 09:13:56 +01:00
dependabot[bot]
2444379036
Bump certifi from 2022.5.18.1 to 2022.12.7 in /rspec-tools ( #1469 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.5.18.1 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.05.18.1...2022.12.07 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-25 11:35:36 +01:00
Nils Werner
8059dc77b1
Modify rule S2260: Add Docker as new language (RULEAPI-773) ( #1391 )
2022-11-14 17:33:51 +01:00
Nils Werner
6aacfef84f
Drop PHP profiles PSR-2 and Drupal ( #1272 )
2022-09-19 14:25:27 +02:00
Martin Strecker
94f637f126
checklinks.py Fix broken Accept header ( #1194 )
2022-08-29 19:17:24 +02:00
Christophe Zürn
db2f440797
SONARSEC-3163 Add education principles to S5131 metadata json file ( #1155 )
2022-08-09 12:06:31 +02:00
Alexandre Gigleux
01bad1b800
Map rules to OWASP ASVS 4 ( #1110 )
...
https://sonarsource.atlassian.net/browse/MMF-2794
2022-07-29 13:35:38 +02:00
Arseniy Zaostrovnykh
84967d6c25
Prohibit non-ASCII characters in rule metadata.json files ( #1119 )
...
Triggered by the deployment failure that was caused by an invisible Unicode character in a rule's metadata.json.
This PR implements three conceptual changes:
- make the deployment parse error more informative
- prohibit the use of non-ASCII characters in the metadata.json files
- remove the existing non-ASCII characters from the existing rules
2022-07-25 17:19:53 +02:00
Pavel Mikula
bacaac778a
Replace remediation cost time unit 'mn' with 'min' ( #1104 )
2022-07-13 15:02:38 +02:00
Arseniy Zaostrovnykh
ec478edebc
RULEAPI-763 add an exception for medium.com links in probing script
...
The exceptions might be removed once RULEAPI-763 is resolved
2022-06-08 13:54:26 +02:00
Arseniy Zaostrovnykh
6800da7e05
RULEAPI-762: Fix link-probing cache: cache on failure and success
2022-06-08 13:52:21 +02:00
Pierre-Loup
83209561fe
[RULEAPI-761] JSON schema fails to restrict the format of security-standard items ( #1013 )
2022-05-25 16:36:49 +02:00
Loris S
33aaca1316
RULEAPI-760: Add a new language identifier for kubernetes rules ( #992 )
2022-05-25 10:04:20 +02:00
dependabot[bot]
c2d50e0bdf
[dependabot] Bump pyjwt from 2.1.0 to 2.4.0 in /rspec-tools
...
Bumps [pyjwt](https://github.com/jpadilla/pyjwt ) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases )
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.1.0...2.4.0 )
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-25 08:18:02 +02:00
pedro-oliveira-sonarsource
b04b29019c
[APPSEC-3] Security rules are mapped to PCI DSS 4.0 ( #1007 )
2022-05-24 16:19:27 +02:00
Arseniy Zaostrovnykh
bb042389fa
Mock temporary rspec repo
2022-04-13 00:28:19 -07:00
Arseniy Zaostrovnykh
c475f0d6de
RULEAPI-753: Use modern ids and coalesce the coverage for legacy ids
2022-04-13 00:28:19 -07:00
Alexandre Gigleux
9cb2845112
Support of PCI DSS v3.2 ( #925 )
...
* Rename "PCI DSS" to "PCI DSS 3.2" because the security standard is versioned
* Update metadata.json of one rule using the wrong "PCI DSS"
2022-04-12 21:58:21 +02:00
Arseniy Zaostrovnykh
1911fca994
Mock analyzer repos for the coverage test
...
This removes the dependency on online repositories (on GitHub)
and speeds up the test by stripping the number of versions and files to a minimum.
Prepare the ground for RULEAPI-753.
2022-04-05 09:44:09 +02:00
Arseniy Zaostrovnykh
f7353489fc
Enable rules removal: do not validate deleted rules
2022-03-08 12:26:53 +00:00
Arseniy Zaostrovnykh
89c7e09b35
Fix source history information shadowing for rspec-tools project
2022-03-07 09:47:57 +01:00
Marco Antognini
26e3ebc7ec
Refactor rspec-tools and other cleanups
...
The main changes are:
* Split RuleCreator: move some of its content to RspecRepo and to
RuleEditor in new modules.
* Refactor tests accordingly.
Other less important changes:
* Sort and remove unnecessary imports
* Remove unimplemented functions and unnecessary classes
* Make some functions private
* Move pushd from utils to tests where it is only used
* Reduce code duplication here and there
* Remove unnecessary Mock in some tests
* Improve coverage for add_language_to_rule
2022-02-28 12:08:21 +01:00
Marco Antognini
dbb8027666
RULEAPI-748: Add new workflow to update quickfix status
2022-02-28 12:08:21 +01:00
Fred Tingaud
9ca204f1c9
RULEAPI-744 automatically fill the template source tags with the current language
2022-02-08 17:34:53 +01:00
