Search-That-Hash icon indicating copy to clipboard operation
Search-That-Hash copied to clipboard

Published 20 hours ago • verified publisher icon HashPals

Bump loguru from 0.5.3 to 0.6.0

Open dependabot[bot] opened this issue 2 years ago • 1 comments

Bumps loguru from 0.5.3 to 0.6.0.

Release notes

Sourced from loguru's releases.

0.6.0

  • Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 (#563).
  • Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).
  • Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.
  • Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() (#339).
  • Prevent non-ascii characters to be escaped while logging JSON message with serialize=True (#575, thanks @​ponponon).
  • Fix flake8 errors and improve code readability (#353, thanks @​AndrewYakimets).
Changelog

Sourced from loguru's changelog.

0.6.0_ (2022-01-29)

  • Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 <https://nvd.nist.gov/vuln/detail/CVE-2022-0329>_ ([#563](https://github.com/Delgan/loguru/issues/563) <https://github.com/Delgan/loguru/issues/563>_).
  • Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).
  • Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.
  • Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() ([#339](https://github.com/Delgan/loguru/issues/339) <https://github.com/Delgan/loguru/issues/339>_).
  • Prevent non-ascii characters to be escaped while logging JSON message with serialize=True ([#575](https://github.com/Delgan/loguru/issues/575) <https://github.com/Delgan/loguru/pull/575>, thanks @ponponon <https://github.com/ponponon>).
  • Fix flake8 errors and improve code readability ([#353](https://github.com/Delgan/loguru/issues/353) <https://github.com/Delgan/loguru/issues/353>, thanks @AndrewYakimets <https://github.com/AndrewYakimets>).
Commits
  • f40fa31 Bump version to 0.6.0
  • 6a19cb1 Update CHANGELOG.md to reference CVE-2022-0329 vulnerability fix
  • bc1dab4 Add docs about possible log injection attack
  • ea39375 Document several security considerations and best practices
  • 1eeea19 Change default file sink encoding to be "utf8" (#339)
  • b02ef7a Prevent non-ascii characters to be escaped while logging JSON (#575)
  • d38ced7 Modify behavior of coroutine sink when no running event loop
  • ca6dcd0 Fix warnings generated by 'test_exceptions_catch.py' unit tests
  • 2270d2b Fix warning generated by "test_add_option_enqueue.py" unit tests
  • 4b0070a Remove use of "pickle.loads()" to comply with security tools (#563)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jan 31 '22 12:01 dependabot[bot]

Codecov Report

Merging #163 (1ac377a) into main (a502b9e) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##              main      #163   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          127       127           
=========================================
  Hits           127       127

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a502b9e...1ac377a. Read the comment docs.

codecov[bot] avatar Jan 31 '22 12:01 codecov[bot]