liberapay.com icon indicating copy to clipboard operation
liberapay.com copied to clipboard

Published 20 hours ago verified publisher icon liberapay

Bump cbor2 from 5.3.0 to 5.6.4

Open dependabot[bot] opened this issue 3 weeks ago • 0 comments

Bumps cbor2 from 5.3.0 to 5.6.4.

Release notes

Sourced from cbor2's releases.

5.6.4

  • Fixed compilation of C extension failing on GCC 14
  • Fixed compiler warnings when building C extension

5.6.3

  • Fixed decoding of epoch-based dates being affected by the local time zone in the C extension

5.6.2

  • Fixed __hash__() of the C version of the CBORTag type crashing when there's a recursive reference cycle
  • Fixed type annotation for the file object in cbor2.dump(), cbor2.load(), CBOREncoder and CBORDecoder to be IO[bytes] instead of BytesIO
  • Worked around a CPython bug that caused a SystemError to be raised, or even a buffer overflow to occur when decoding a long text string that contained only ASCII characters
  • Changed the return type annotations of cbor2.load() and cbor2.load() to return Any instead of object so as not to force users to make type casts

5.6.1

  • Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
  • Fixed the C version of the decoder improperly raising CBORDecodeEOF when decoding a text string longer than 65536 bytes

5.6.0

  • Added the cbor2 command line tool (for pipx run cbor2)
  • Added support for native date encoding (bschoenmaeckers)
  • Made the C extension mandatory when the environment variable CBOR2_BUILD_C_EXTENSION is set to 1.
  • Fixed SystemError in the C extension when decoding a Fractional with a bad number of arguments or a non-tuple value
  • Fixed SystemError in the C extension when the decoder object hook raises an exception
  • Fixed a segmentation fault when decoding invalid unicode data
  • Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
  • Fixed MemoryError when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded
  • Fixed UnicodeDecodeError from failed parsing of a UTF-8 text string not being wrapped as CBORDecodeValueError
  • Fixed TypeError or ZeroDivisionError from a failed decoding of Fraction not being wrapped as CBORDecodeValueError
  • Fixed TypeError or ValueError from a failed decoding of UUID not being wrapped as CBORDecodeValueError
  • Fixed TypeError from a failed decoding of MIMEMessage not being wrapped as CBORDecodeValueError
  • Fixed OverflowError, OSError or ValueError from a failed decoding of epoch-based datetime not being wrapped as CBORDecodeValueError

5.5.1

  • Fixed CBORSimpleValue allowing the use of reserved values (24 to 31) which resulted in invalid byte sequences
  • Fixed encoding of simple values from 20 to 23 producing the wrong byte sequences

5.5.0

  • The cbor2.encoder, cbor2.decoder or cbor2.types modules were deprecated – import their contents directly from cbor2 from now on. The old modules will be removed in the next major release.
  • Added support for Python 3.12
  • Added type annotations
  • Dropped support for Python 3.7
  • Fixed bug in the fp attribute of the built-in version of CBORDecoder and CBOREncoder where the getter returns an invalid pointer if the read method of the file was a built-in method

version 5.4.6

  • Fix a tag decoding error

version 5.4.5

Fix potential memory leak.

version 5.4.4

... (truncated)

Changelog

Sourced from cbor2's changelog.

Version history

.. currentmodule:: cbor2

This library adheres to Semantic Versioning <http://semver.org/>_.

5.6.4 (2024-06-06)

  • Fixed compilation of C extension failing on GCC 14
  • Fixed compiler warnings when building C extension

5.6.3 (2024-04-11)

  • Fixed decoding of epoch-based dates being affected by the local time zone in the C extension

5.6.2 (2024-02-19)

  • Fixed __hash__() of the C version of the CBORTag type crashing when there's a recursive reference cycle
  • Fixed type annotation for the file object in cbor2.dump(), cbor2.load(), CBOREncoder and CBORDecoder to be IO[bytes] instead of BytesIO
  • Worked around a CPython bug <https://github.com/python/cpython/issues/99612>_ that caused a SystemError to be raised, or even a buffer overflow to occur when decoding a long text string that contained only ASCII characters
  • Changed the return type annotations of cbor2.load() and cbor2.load() to return Any instead of object so as not to force users to make type casts

5.6.1 (2024-02-01)

  • Fixed use-after-free in the decoder's C version when prematurely encountering the end of stream
  • Fixed the C version of the decoder improperly raising CBORDecodeEOF when decoding a text string longer than 65536 bytes

5.6.0 (2024-01-17)

  • Added the cbor2 command line tool (for pipx run cbor2)
  • Added support for native date encoding (bschoenmaeckers)
  • Made the C extension mandatory when the environment variable CBOR2_BUILD_C_EXTENSION is set to 1.
  • Fixed SystemError in the C extension when decoding a Fractional with a bad number of arguments or a non-tuple value
  • Fixed SystemError in the C extension when the decoder object hook raises an exception
  • Fixed a segmentation fault when decoding invalid unicode data
  • Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
  • Fixed MemoryError when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded
  • Fixed UnicodeDecodeError from failed parsing of a UTF-8 text string not being wrapped as

... (truncated)

Commits
  • 13b7541 Bumped up the version
  • dba7265 Updated pre-commit modules and applied fixes
  • 13681d5 Fixed a number of compiler warnings (#239)
  • 573d520 Added the pull request template
  • a4ebd57 Fixed incorrect return type of raise_from() (#238)
  • 8794b37 [pre-commit.ci] pre-commit autoupdate (#233)
  • e1b65f2 [pre-commit.ci] pre-commit autoupdate (#230)
  • ed73868 Fixed conflict when uploading binary wheel artifacts
  • 34d39ef Updated the release date of v5.6.3
  • c440117 Fixed compiler error in CBORDecoder_decode_epoch_date()
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jun 11 '24 19:06 dependabot[bot]