github_nonpublic_api icon indicating copy to clipboard operation
github_nonpublic_api copied to clipboard
verified publisher icon google

Bump configobj from 5.0.8 to 5.0.9

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps configobj from 5.0.8 to 5.0.9.

Release notes

Sourced from configobj's releases.

5.0.9

What's Changed

New Contributors

Full Changelog: https://github.com/DiffSK/configobj/compare/v5.0.8...v5.0.9

Changelog

Sourced from configobj's changelog.

Changelog

Release 5.0.9 """""""""""""

  • drop support for Python 2 and <3.7
  • fix CVE-2023-26112, ReDoS attack

Release 5.0.8 """""""""""""

  • fixing/test for a regression introduced in 5.0.7 that prevented import validate from working

Release 5.0.7 """""""""""""

  • update testing to validate against python version 2.7 and 3.5-3.11
  • update broken links / non-existent services and references

Older Releases """"""""""""""

  • Release 5.0.6 improves error messages in certain edge cases
  • Release 5.0.5 corrects a unicode-bug that still existed in writing files
  • Release 5.0.4 corrects a unicode-bug that still existed in reading files after fixing lists of string in 5.0.3
  • Release 5.0.3 corrects errors related to the incorrectly handling unicode encoding and writing out files
  • Release 5.0.2 adds a specific error message when trying to install on Python versions older than 2.5
  • Release 5.0.1 fixes a regression with unicode conversion not happening in certain cases PY2
  • Release 5.0.0 updates the supported Python versions to 2.6, 2.7, 3.2, 3.3 and is otherwise unchanged
  • Release 4.7.2 fixes several bugs in 4.7.1
  • Release 4.7.1 fixes a bug with the deprecated options keyword in 4.7.0.
  • Release 4.7.0 improves performance adds features for validation and fixes some bugs.
Commits
  • 242dfd0 release 5.0.9
  • 8857b08 Merge pull request #246 from DiffSK/python-version
  • d6f7597 Update minimum python to 3.7 everywhere, and add 3.12
  • 8ffcf0c Merge pull request #241 from yegorich/license
  • 5e2f143 Merge pull request #245 from jelmer/extra-2014
  • fdf3634 Drop extra '2014' in LICENSE file. Fixes #233
  • 3480a6e Merge pull request #237 from jelmer/drop-python2
  • 008165c Drop python 3.5 from GitHub action, since it now fails to download
  • 861383c Drop support for Python < 3.5
  • 7c618b0 Merge pull request #236 from cdcadman/cve_2023_26112
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Sep 23 '24 20:09 dependabot[bot]