liberapay.com
liberapay.com copied to clipboard
Bump cbor2 from 5.3.0 to 5.6.3
Bumps cbor2 from 5.3.0 to 5.6.3.
Release notes
Sourced from cbor2's releases.
5.6.3
- Fixed decoding of epoch-based dates being affected by the local time zone in the C extension
5.6.2
- Fixed
__hash__()
of the C version of theCBORTag
type crashing when there's a recursive reference cycle- Fixed type annotation for the file object in
cbor2.dump()
,cbor2.load()
,CBOREncoder
andCBORDecoder
to beIO[bytes]
instead ofBytesIO
- Worked around a CPython bug that caused a
SystemError
to be raised, or even a buffer overflow to occur when decoding a long text string that contained only ASCII characters- Changed the return type annotations of
cbor2.load()
andcbor2.load()
to returnAny
instead ofobject
so as not to force users to make type casts5.6.1
- Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
- Fixed the C version of the decoder improperly raising
CBORDecodeEOF
when decoding a text string longer than 65536 bytes5.6.0
- Added the
cbor2
command line tool (forpipx run cbor2
)- Added support for native date encoding (bschoenmaeckers)
- Made the C extension mandatory when the environment variable
CBOR2_BUILD_C_EXTENSION
is set to1
.- Fixed
SystemError
in the C extension when decoding aFractional
with a bad number of arguments or a non-tuple value- Fixed
SystemError
in the C extension when the decoder object hook raises an exception- Fixed a segmentation fault when decoding invalid unicode data
- Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
- Fixed
MemoryError
when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded- Fixed
UnicodeDecodeError
from failed parsing of a UTF-8 text string not being wrapped asCBORDecodeValueError
- Fixed
TypeError
orZeroDivisionError
from a failed decoding ofFraction
not being wrapped asCBORDecodeValueError
- Fixed
TypeError
orValueError
from a failed decoding ofUUID
not being wrapped asCBORDecodeValueError
- Fixed
TypeError
from a failed decoding ofMIMEMessage
not being wrapped asCBORDecodeValueError
- Fixed
OverflowError
,OSError
orValueError
from a failed decoding of epoch-baseddatetime
not being wrapped asCBORDecodeValueError
5.5.1
- Fixed
CBORSimpleValue
allowing the use of reserved values (24 to 31) which resulted in invalid byte sequences- Fixed encoding of simple values from 20 to 23 producing the wrong byte sequences
5.5.0
- The
cbor2.encoder
,cbor2.decoder
orcbor2.types
modules were deprecated – import their contents directly fromcbor2
from now on. The old modules will be removed in the next major release.- Added support for Python 3.12
- Added type annotations
- Dropped support for Python 3.7
- Fixed bug in the
fp
attribute of the built-in version ofCBORDecoder
andCBOREncoder
where the getter returns an invalid pointer if theread
method of the file was a built-in methodversion 5.4.6
- Fix a tag decoding error
version 5.4.5
Fix potential memory leak.
version 5.4.4
No release notes provided.
5.4.3
No release notes provided.
... (truncated)
Changelog
Sourced from cbor2's changelog.
Version history
.. currentmodule:: cbor2
This library adheres to
Semantic Versioning <http://semver.org/>
_.5.6.3 (2024-04-11)
- Fixed decoding of epoch-based dates being affected by the local time zone in the C extension
5.6.2 (2024-02-19)
- Fixed
__hash__()
of the C version of theCBORTag
type crashing when there's a recursive reference cycle- Fixed type annotation for the file object in
cbor2.dump()
,cbor2.load()
,CBOREncoder
andCBORDecoder
to beIO[bytes]
instead ofBytesIO
- Worked around a
CPython bug <https://github.com/python/cpython/issues/99612>
_ that caused aSystemError
to be raised, or even a buffer overflow to occur when decoding a long text string that contained only ASCII characters- Changed the return type annotations of
cbor2.load()
andcbor2.load()
to returnAny
instead ofobject
so as not to force users to make type casts5.6.1 (2024-02-01)
- Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
- Fixed the C version of the decoder improperly raising
CBORDecodeEOF
when decoding a text string longer than 65536 bytes5.6.0 (2024-01-17)
- Added the
cbor2
command line tool (forpipx run cbor2
)- Added support for native date encoding (bschoenmaeckers)
- Made the C extension mandatory when the environment variable
CBOR2_BUILD_C_EXTENSION
is set to1
.- Fixed
SystemError
in the C extension when decoding aFractional
with a bad number of arguments or a non-tuple value- Fixed
SystemError
in the C extension when the decoder object hook raises an exception- Fixed a segmentation fault when decoding invalid unicode data
- Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
- Fixed
MemoryError
when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded- Fixed
UnicodeDecodeError
from failed parsing of a UTF-8 text string not being wrapped asCBORDecodeValueError
- Fixed
TypeError
orZeroDivisionError
from a failed decoding ofFraction
not being wrapped asCBORDecodeValueError
- Fixed
TypeError
orValueError
from a failed decoding ofUUID
not being wrapped asCBORDecodeValueError
... (truncated)
Commits
ed73868
Fixed conflict when uploading binary wheel artifacts34d39ef
Updated the release date of v5.6.3c440117
Fixed compiler error in CBORDecoder_decode_epoch_date()8a21ab0
Force the C extension to be built unless on pypy7666c46
Committed missing _CBOR2_date_ordinal_offset symbolb95e395
[pre-commit.ci] pre-commit autoupdate (#229)00898eb
[pre-commit.ci] pre-commit autoupdate (#223)9d96226
Bumped up the version6fb8469
Fixed epoch date decoding being affected by the local time zone (#218)33f732c
Updated the upload/download artifact actions- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)