liberapay.com
liberapay.com copied to clipboard
Bump cbor2 from 5.3.0 to 5.6.4
Bumps cbor2 from 5.3.0 to 5.6.4.
Release notes
Sourced from cbor2's releases.
5.6.4
- Fixed compilation of C extension failing on GCC 14
- Fixed compiler warnings when building C extension
5.6.3
- Fixed decoding of epoch-based dates being affected by the local time zone in the C extension
5.6.2
- Fixed
__hash__()
of the C version of theCBORTag
type crashing when there's a recursive reference cycle- Fixed type annotation for the file object in
cbor2.dump()
,cbor2.load()
,CBOREncoder
andCBORDecoder
to beIO[bytes]
instead ofBytesIO
- Worked around a CPython bug that caused a
SystemError
to be raised, or even a buffer overflow to occur when decoding a long text string that contained only ASCII characters- Changed the return type annotations of
cbor2.load()
andcbor2.load()
to returnAny
instead ofobject
so as not to force users to make type casts5.6.1
- Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
- Fixed the C version of the decoder improperly raising
CBORDecodeEOF
when decoding a text string longer than 65536 bytes5.6.0
- Added the
cbor2
command line tool (forpipx run cbor2
)- Added support for native date encoding (bschoenmaeckers)
- Made the C extension mandatory when the environment variable
CBOR2_BUILD_C_EXTENSION
is set to1
.- Fixed
SystemError
in the C extension when decoding aFractional
with a bad number of arguments or a non-tuple value- Fixed
SystemError
in the C extension when the decoder object hook raises an exception- Fixed a segmentation fault when decoding invalid unicode data
- Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
- Fixed
MemoryError
when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded- Fixed
UnicodeDecodeError
from failed parsing of a UTF-8 text string not being wrapped asCBORDecodeValueError
- Fixed
TypeError
orZeroDivisionError
from a failed decoding ofFraction
not being wrapped asCBORDecodeValueError
- Fixed
TypeError
orValueError
from a failed decoding ofUUID
not being wrapped asCBORDecodeValueError
- Fixed
TypeError
from a failed decoding ofMIMEMessage
not being wrapped asCBORDecodeValueError
- Fixed
OverflowError
,OSError
orValueError
from a failed decoding of epoch-baseddatetime
not being wrapped asCBORDecodeValueError
5.5.1
- Fixed
CBORSimpleValue
allowing the use of reserved values (24 to 31) which resulted in invalid byte sequences- Fixed encoding of simple values from 20 to 23 producing the wrong byte sequences
5.5.0
- The
cbor2.encoder
,cbor2.decoder
orcbor2.types
modules were deprecated – import their contents directly fromcbor2
from now on. The old modules will be removed in the next major release.- Added support for Python 3.12
- Added type annotations
- Dropped support for Python 3.7
- Fixed bug in the
fp
attribute of the built-in version ofCBORDecoder
andCBOREncoder
where the getter returns an invalid pointer if theread
method of the file was a built-in methodversion 5.4.6
- Fix a tag decoding error
version 5.4.5
Fix potential memory leak.
version 5.4.4
... (truncated)
Changelog
Sourced from cbor2's changelog.
Version history
.. currentmodule:: cbor2
This library adheres to
Semantic Versioning <http://semver.org/>
_.5.6.4 (2024-06-06)
- Fixed compilation of C extension failing on GCC 14
- Fixed compiler warnings when building C extension
5.6.3 (2024-04-11)
- Fixed decoding of epoch-based dates being affected by the local time zone in the C extension
5.6.2 (2024-02-19)
- Fixed
__hash__()
of the C version of theCBORTag
type crashing when there's a recursive reference cycle- Fixed type annotation for the file object in
cbor2.dump()
,cbor2.load()
,CBOREncoder
andCBORDecoder
to beIO[bytes]
instead ofBytesIO
- Worked around a
CPython bug <https://github.com/python/cpython/issues/99612>
_ that caused aSystemError
to be raised, or even a buffer overflow to occur when decoding a long text string that contained only ASCII characters- Changed the return type annotations of
cbor2.load()
andcbor2.load()
to returnAny
instead ofobject
so as not to force users to make type casts5.6.1 (2024-02-01)
- Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
- Fixed the C version of the decoder improperly raising
CBORDecodeEOF
when decoding a text string longer than 65536 bytes5.6.0 (2024-01-17)
- Added the
cbor2
command line tool (forpipx run cbor2
)- Added support for native date encoding (bschoenmaeckers)
- Made the C extension mandatory when the environment variable
CBOR2_BUILD_C_EXTENSION
is set to1
.- Fixed
SystemError
in the C extension when decoding aFractional
with a bad number of arguments or a non-tuple value- Fixed
SystemError
in the C extension when the decoder object hook raises an exception- Fixed a segmentation fault when decoding invalid unicode data
- Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
- Fixed
MemoryError
when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded- Fixed
UnicodeDecodeError
from failed parsing of a UTF-8 text string not being wrapped as
... (truncated)
Commits
13b7541
Bumped up the versiondba7265
Updated pre-commit modules and applied fixes13681d5
Fixed a number of compiler warnings (#239)573d520
Added the pull request templatea4ebd57
Fixed incorrect return type of raise_from() (#238)8794b37
[pre-commit.ci] pre-commit autoupdate (#233)e1b65f2
[pre-commit.ci] pre-commit autoupdate (#230)ed73868
Fixed conflict when uploading binary wheel artifacts34d39ef
Updated the release date of v5.6.3c440117
Fixed compiler error in CBORDecoder_decode_epoch_date()- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)