Search-That-Hash
Search-That-Hash copied to clipboard
Bump loguru from 0.5.3 to 0.6.0
Bumps loguru from 0.5.3 to 0.6.0.
Release notes
Sourced from loguru's releases.
0.6.0
- Remove internal use of
pickle.loads()
considered as a security vulnerability referenced as CVE-2022-0329 (#563).- Modify coroutine sink to make it discard log messages when
loop=None
and no event loop is running (due to internally usingasyncio.get_running_loop()
in place ofasyncio.get_event_loop()
).- Remove the possibility to add a coroutine sink with
enqueue=True
ifloop=None
and no event loop is running.- Change default encoding of file sink to be
utf8
instead oflocale.getpreferredencoding()
(#339).- Prevent non-ascii characters to be escaped while logging JSON message with
serialize=True
(#575, thanks@​ponponon
).- Fix
flake8
errors and improve code readability (#353, thanks@​AndrewYakimets
).
Changelog
Sourced from loguru's changelog.
0.6.0
_ (2022-01-29)
- Remove internal use of
pickle.loads()
considered as a security vulnerability referenced asCVE-2022-0329 <https://nvd.nist.gov/vuln/detail/CVE-2022-0329>
_ ([#563](https://github.com/Delgan/loguru/issues/563) <https://github.com/Delgan/loguru/issues/563>
_).- Modify coroutine sink to make it discard log messages when
loop=None
and no event loop is running (due to internally usingasyncio.get_running_loop()
in place ofasyncio.get_event_loop()
).- Remove the possibility to add a coroutine sink with
enqueue=True
ifloop=None
and no event loop is running.- Change default encoding of file sink to be
utf8
instead oflocale.getpreferredencoding()
([#339](https://github.com/Delgan/loguru/issues/339) <https://github.com/Delgan/loguru/issues/339>
_).- Prevent non-ascii characters to be escaped while logging JSON message with
serialize=True
([#575](https://github.com/Delgan/loguru/issues/575) <https://github.com/Delgan/loguru/pull/575>
, thanks@ponponon <https://github.com/ponponon>
).- Fix
flake8
errors and improve code readability ([#353](https://github.com/Delgan/loguru/issues/353) <https://github.com/Delgan/loguru/issues/353>
, thanks@AndrewYakimets <https://github.com/AndrewYakimets>
).
Commits
f40fa31
Bump version to 0.6.06a19cb1
Update CHANGELOG.md to reference CVE-2022-0329 vulnerability fixbc1dab4
Add docs about possible log injection attackea39375
Document several security considerations and best practices1eeea19
Change default file sink encoding to be "utf8" (#339)b02ef7a
Prevent non-ascii characters to be escaped while logging JSON (#575)d38ced7
Modify behavior of coroutine sink when no running event loopca6dcd0
Fix warnings generated by 'test_exceptions_catch.py' unit tests2270d2b
Fix warning generated by "test_add_option_enqueue.py" unit tests4b0070a
Remove use of "pickle.loads()" to comply with security tools (#563)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Codecov Report
Merging #163 (1ac377a) into main (a502b9e) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## main #163 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 5 5
Lines 127 127
=========================================
Hits 127 127
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update a502b9e...1ac377a. Read the comment docs.