#20220 closed enhancement (fixed)
Python Dependency Updates for BLFS 12.2 ( alabaster attrs babel certifi chardet charset-normalizer idna markdown msgpack sphinxcontrib-devhelp sphinxcontrib-qthelp sphinxcontrib-serializinghtml urllib3 )
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
This ticket is for the python module dependency updates prior to BLFS 12.2. The current state of the book is:
PYTHON MODULE DEPENDENCIES Package Book Version Current Version alabaster 0.7.16 1.0.0 attrs 23.2.0 24.2.0 babel 2.15.0 2.16.0 certifi 2024.2.2 2024.7.4 chardet 5.1.0 5.2.0 Charset-normalizer 3.0.1 3.3.2 commonmark 0.9.1 0.9.1 editables 0.5 0.5 hatchling 1.25.0 1.25.0 Hatch-fancy-pypi-readme 24.1.0 24.1.0 hatch_vcs 0.4.0 0.4.0 Idna 3.4 3.7 imagesize 1.4.1 1.4.1 iniconfig 2.0.0 2.0.0 markdown 3.4.1 3.6 meson_python 0.16.0 0.16.0 msgpack 1.0.4 1.0.8 pathspec 0.12.1 0.12.1 pluggy 1.5.0 1.5.0 Pyproject-metadata 0.8.0 0.8.0 pytz 2024.1 2024.1 setuptools_scm 8.1.0 8.1.0 smartypants 2.0.1 2.0.1 snowballstemmer 2.2.0 2.2.0 Sphinxcontrib-applehelp 2.0.0 2.0.0 Sphinxcontrib-devhelp 1.0.2 2.0.0 Sphinxcontrib-jquery 4.1 4.1 Sphinxcontrib-jsmath 1.0.1 1.0.1 Sphinxcontrib-qthelp 1.0.3 2.0.0 Sphinxcontrib-serializinghtml 1.1.9 2.0.0 Trove-classifiers 2024.7.2 2024.7.2 typogrify 2.0.7 2.0.7 urllib3 2.0.2 2.2.2 webencodings 0.5.1 0.5.1
This brings the following updates to the table:
Package Book Version Current Version alabaster 0.7.16 1.0.0 attrs 23.2.0 24.2.0 babel 2.15.0 2.16.0 certifi 2024.2.2 2024.7.4 chardet 5.1.0 5.2.0 Charset-normalizer 3.0.1 3.3.2 markdown 3.4.1 3.6 msgpack 1.0.4 1.0.8 Sphinxcontrib-devhelp 1.0.2 2.0.0 Sphinxcontrib-qthelp 1.0.3 2.0.0 Sphinxcontrib-serializinghtml 1.1.9 2.0.0 urllib3 2.0.2 2.2.2
Change History (17)
comment:1 by , 5 weeks ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 weeks ago
comment:3 by , 5 weeks ago
attrs
24.2.0 - 2024-08-06
Deprecations
Given the amount of warnings raised in the broader ecosystem, we’ve decided to only
soft-deprecate the hash argument to @define / @attr.s. Please don’t use it in new code,
but we don’t intend to remove it anymore. #1330
Changes
attrs.converters.pipe() (and its syntactic sugar of passing a list for
attrs.field()’s / attr.ib()’s converter argument) works again when passing
attrs.setters.convert to on_setattr (which is default for attrs.define). #1328
Restored support for PEP 649 / 749-implementing Pythons – currently 3.14-dev. #1329
24.1.0 - 2024-08-03
Backwards-incompatible Changes
attrs.evolve() doesn’t accept the inst argument as a keyword argument anymore. Pass
it as the first positional argument instead. #1264
attrs.validators.provides() has been removed. The removed code is available as a
gist for convenient copy and pasting. #1265
All packaging metadata except from __version__ and __version_info__ has been removed
from the attr and attrs modules (for example, attrs.__url__).
Please use importlib.metadata or importlib-metadata instead. #1268
The generated __eq__ methods have been sped up significantly by generating a chain
of attribute comparisons instead of constructing and comparing tuples. This change
arguably makes the behavior more correct, but changes it if an attribute compares equal
by identity but not value, like float('nan'). #1310
Deprecations
The repr_ns argument to attr.s is now deprecated. It was a workaround for nested
classes in Python 2 and is pointless in Python 3. #1263
The hash argument to @attr.s, @attrs.define, and make_class() is now deprecated in
favor of unsafe_hash, as defined by PEP 681. #1323
Changes
Allow original slotted functools.cached_property classes to be cleaned by garbage
collection. Allow super() calls in slotted cached properties. #1221
Our type stubs now use modern type notation and are organized such that VS Code’s
quick-fix prefers the attrs namespace. #1234
Preserve AttributeError raised by properties of slotted classes with
functools.cached_properties. #1253
It is now possible to wrap a converter into an attrs.Converter and get the current
instance and/or the current field definition passed into the converter callable.
Note that this is not supported by any type checker, yet. #1267
attrs.make_class() now populates the __annotations__ dict of the generated class, so
that attrs.resolve_types() can resolve them. #1285
Added the attrs.validators.or_() validator. #1303
The combination of a __attrs_pre_init__ that takes arguments, a kw-only field, and a
default on that field does not crash anymore. #1319
attrs.validators.in_() now transforms certain unhashable options to tuples to keep
the field hashable.
This allows fields that use this validator to be used with, for example,
attrs.filters.include(). #1320
If a class has an inherited method called __attrs_init_subclass__, it is now called
once the class is done assembling.
This is a replacement for Python’s __init_subclass__ and useful for registering
classes, and similar. #1321
comment:4 by , 5 weeks ago
babel
What's Changed
Upgrade GitHub Actions versions to avoid deprecation warnings by @akx in #1080
Replace deprecated ast.Str with ast.Constant by @tomasr8 in #1083
Fix #1094 by @john-psina in #1095
CI fixes by @akx in #1097
Upgrade to CLDR 45 by @tomasr8 in #1077
Make pgettext search plurals when translation is not found by @tomasr8 in #1085
Fix for #832 by @Edwin18 in #1052
Support list format fallbacks by @akx in #1099
Improve Codecov configuration by @akx in #1103
Avoid crashing on importing localtime when TZ is malformed by @akx in #1100
Allow parsing .po files that have an extant but empty Language header by @akx in
#1101
Add a mention to the docs that format_skeleton(..., fuzzy=True) may raise by
@tomasr8 in #1106
Allow falling back to modifier-less locale data by @akx in #1104
Allow use of importlib.metadata for finding entrypoints by @akx in #1102
Test on Python 3.13 beta releases by @akx in #1107
Normalize package name to lower-case in setup.py by @akx in #1110
Do not allow substituting alternates or drafts in derived locales by @akx in #1113
Two hyperlinks (to CLDR) and some typos by @buhtz in #1115
Initial support for reading mapping configuration as TOML by @akx in #1108
Prepare for 2.16.0 release by @akx in #1116
comment:6 by , 5 weeks ago
chardet
Adds support for running chardet CLI via python -m chardet (0e9b7bc, @dan-blanchard)
comment:7 by , 5 weeks ago
charset-normalizer
3.3.2 (2023-10-31)
Fixed
Unintentional memory usage regression when using large payload that match several
encoding (#376)
Regression on some detection case showcased in the documentation (#371)
Added
Noise (md) probe that identify malformed arabic representation due to the presence
of letters in isolated form (credit to my wife)
3.3.1 (2023-10-22)
Changed
Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
Improved the general detection reliability based on reports from the community
3.3.0 (2023-09-30)
Added
Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli
or python -m charset_normalizer
Support for 9 forgotten encoding that are supported by Python but unlisted in
encoding.aliases as they have no alias (#323)
Removed
(internal) Redundant utils.is_ascii function and unused function is_private_use_only
(internal) charset_normalizer.assets is moved inside charset_normalizer.constant
Changed
(internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8
Fixed
Unable to properly sort CharsetMatch when both chaos/noise and coherence were close
due to an unreachable condition in __lt__ (#350)
3.2.0 (2023-06-07)
Changed
Typehint for function from_path no longer enforce PathLike as its first argument
Minor improvement over the global detection reliability
Added
Introduce function is_binary that relies on main capabilities, and optimized to
detect binaries
Propagate enable_fallback argument throughout from_bytes, from_path, and from_fp
that allow a deeper control over the detection (default True)
Explicit support for Python 3.12
Fixed
Edge case detection failure where a file would contain 'very-long' camel cased word
(Issue #289)
3.1.0 (2023-03-06)
Added
Argument should_rename_legacy for legacy function detect and disregard any new
arguments without errors (PR #262)
Removed
Support for Python 3.6 (PR #260)
Changed
Optional speedup provided by mypy/c 1.0.1
comment:8 by , 5 weeks ago
| Priority: | normal → elevated |
|---|
idna
3.7 (2024-04-11)
Fix issue where specially crafted inputs to encode() could take exceptionally long
amount of time to process. [CVE-2024-3651]
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
Fix regression to include tests in source distribution.
3.5 (2023-11-24)
Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec "idna" was not
working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream lack of adherence
to PEP 517. Should be removed in a future release so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and
the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this
release.
Note: this brings a security update to the table. Time to file an SA later... :)
comment:9 by , 5 weeks ago
Markdown
[3.6] – 2024-03-14
Changed
Refactor TOC Sanitation
All postprocessors are now run on heading content.
Footnote references are now stripped from heading content. Fixes #660.
A more robust striptags is provided to convert headings to plain text. Unlike, the
markupsafe implementation, HTML entities are not unescaped.
The plain text name, rich html, and unescaped raw data-toc-label are saved to
toc_tokens, allowing users to access the full rich text content of the headings directly
from toc_tokens.
The value of data-toc-label is sanitized separate from heading content before being
written to name. This fixes a bug which allowed markup through in certain circumstances.
To access the raw unsanitized data, retrieve the value from token['data-toc-label']
directly.
An html.unescape call is made just prior to calling slugify so that slugify only
operates on Unicode characters. Note that html.unescape is not run on name, html, or
data-toc-label.
The functions get_name and stashedHTML2text defined in the toc extension are both
deprecated. Instead, third party extensions should use some combination of the new
functions run_postprocessors, render_inner_html and striptags.
Fixed
Include scripts/*.py in the generated source tarballs (#1430).
Ensure lines after heading in loose list are properly detabbed (#1443).
Give smarty tree processor higher priority than toc (#1440).
Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\)
from abbreviations (#1444).
In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed
to contain curly braces (}) (#1414).
[3.5.2] – 2024-01-10
Fixed
Fix type annotations for convertFile - it accepts only bytes-based buffers. Also
remove legacy checks from Python 2 (#1400)
Remove legacy import needed only in Python 2 (#1403)
Fix typo that left the attribute AdmonitionProcessor.content_indent unset (#1404)
Fix edge-case crash in InlineProcessor with AtomicString (#1406).
Fix edge-case crash in codehilite with an empty code tag (#1405).
Improve and expand type annotations in the code base (#1401).
Fix handling of bogus comments (#1425).
[3.5.1] – 2023-10-31
Fixed
Fix a performance problem with HTML extraction where large HTML input could trigger
quadratic line counting behavior (#1392).
Improve and expand type annotations in the code base (#1394).
[3.5] – 2023-10-06
Added
Add permalink_leading configuration option to the toc extension (#1339)
A new boolean option permalink_leading controls the position of the permanent link anchors
generated with permalink. Setting permalink_leading to True will cause the links to be
inserted at the start of the header, before any other header content. The default behavior
for permalink is to append permanent links to the header, placing them after all other
header content.
Changed
Add support for cPython version 3.12 (and PyPy 3.10) and drop support for Python
version 3.7 (#1357).
Refactor changelog to use the format defined at https://keepachangelog.com/.
Update the list of empty HTML tags (#1353).
Add customizable TOC title class to TOC extension (#1293).
Add API documentation of the code base which is generated by mkdocstrings (#1220).
Fixed
Fix a corner case in admonitions where if an indented code block was provided as the
first block, the output would be malformed (#1329).
[3.4.4] – 2023-07-25
Fixed
Add a special case for initial 's to smarty extension (#1305).
Unescape any backslash escaped inline raw HTML (#1358).
Unescape backslash escaped TOC token names (#1360).
[3.4.3] – 2023-03-23
Fixed
Restore console script (#1327).
[3.4.2] – 2023-03-22
Fixed
Officially support Python 3.11.
Improve standalone * and _ parsing (#1300).
Consider <html> HTML tag a block-level element (#1309).
Switch from setup.py to pyproject.toml.
comment:10 by , 5 weeks ago
msgpack
v1.0.8
What's Changed
exclude C/Cython files from wheel by @methane in #577
Build pure Python wheel for minor architectures.
update Cython to 3.0.8 by @methane in #581
This fixes memory leak when iterating over Unpacker on Python 3.12.
v1.0.7
What's Changed
remove inline macro for msvc by @methane in #567
do not fallback on build error by @methane in #568
v1.0.6
What's Changed
fix: build status badge by @Laerte in #538
Drop python2 support by @sblondon in #519
Drop Python 3.6 support by @evgenymarkov in #543
try Cython 3.0 by @methane in #548
CI: update cibuildwheel to v2.15.0 by @methane in #551
sphinx-related work by @ThomasWaldmann in #554
move project metadata to pyproject.toml by @ThomasWaldmann in #555
add a basic .readthedocs.yaml file by @ThomasWaldmann in #558
fix .readthedocs.yaml, fixes #559 by @ThomasWaldmann in #560
prepare for 1.0.6rc1 by @methane in #557
update actions by @methane in #563
release v1.0.6 by @methane in #564
v1.0.5
What's Changed
Fallback to compiler defines when __BYTE_ORDER is not available by @kulikjak in #513
Fix build error caused by ntohs, ntohl by @methane in #514
Add python 3.11 wheels by @mayeut in #517
fallback: Fix packing multidim memoryview by @methane in #527
minor type in exception message by @AvdN in #533
comment:11 by , 5 weeks ago
sphinxcontrib-devhelp
Release 2.0.0 (2024-07-28)
Adopt Ruff
Tighten MyPy settings
Update GitHub actions versions
Avoid storing build time in gzip headers
Release 1.0.6 (2024-01-13)
Remove Sphinx as a required dependency, as circular dependencies may cause failure
with package managers that expect a directed acyclic graph (DAG) of dependencies.
Release 1.0.5 (2023-08-14)
Use os.PathLike over pathlib.Path
Release 1.0.4 (2023-08-09)
Fix tests for Sphinx 7.1 and below
Release 1.0.3 (2023-08-07)
Drop support for Python 3.5, 3.6, 3.7, and 3.8
Raise minimum required Sphinx version to 5.0
comment:12 by , 5 weeks ago
sphinxcontrib-qthelp
Release 2.0.0 (2024-07-28)
Adopt Ruff
Tighten MyPy settings
Update GitHub actions versions
Release 1.0.8 (2024-07-20)
Fix tests for Sphinx 7.4 and later.
Release 1.0.7 (2024-01-13)
Remove Sphinx as a required dependency, as circular dependencies may cause failure
with package managers that expect a directed acyclic graph (DAG) of dependencies.
Release 1.0.6 (2023-08-14)
Use os.PathLike over pathlib.Path
Release 1.0.5 (2023-08-09)
Fix tests for Sphinx 7.1 and below
Release 1.0.4 (2023-08-07)
Drop support for Python 3.5, 3.6, 3.7, and 3.8
Raise minimum required Sphinx version to 5.0
comment:13 by , 5 weeks ago
sphinxcontrib-serializinghtml
Release 2.0.0 (2024-07-28)
Adopt Ruff
Tighten MyPy settings
Update GitHub actions versions
Release 1.1.10 (2024-01-13)
Remove Sphinx as a required dependency, as circular dependencies may cause failure
with package managers that expect a directed acyclic graph (DAG) of dependencies.
comment:14 by , 5 weeks ago
urllib3
2.2.2
Changes
Added the Proxy-Authorization header to the list of headers to strip from requests
when redirecting to a different host. As before, different headers can be set via
Retry.remove_headers_on_redirect.
Allowed passing negative integers as amt to read methods of http.client.HTTPResponse
as an alternative to None. (#3122)
Fixed return types representing copying actions to use typing.Self. (#3363)
2.2.1
Changes
Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when
using Emscripten. (#3331)
Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to
HTTPHeaderDict. This change was premature as it did not apply to proxy headers and
HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
Changed ProtocolError to InvalidChunkLength when response terminates before the
chunk length is sent. (#2860)
Changed ProtocolError to be more verbose on incomplete reads with excess content.
(#3261)
2.2.0
Changes
Added support for Emscripten and Pyodide, including streaming support in cross-
origin isolated browser environments where threading is enabled. (#2951)
Added support for HTTPResponse.read1() method. (#3186)
Added rudimentary support for HTTP/2. (#3284)
Fixed issue where requests against urls with trailing dots were failing due to SSL
errors
when using proxy. (#2244)
Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be
always set to a boolean after connecting to a proxy. It could be None in some cases
previously. (#3130)
Fixed an issue where headers passed in a request with json= would be mutated (#3203)
Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS
proxy to an HTTP target. It was set to True previously. (#3267)
Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP
proxy as HTTPS (#3268)
Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled
(#3325)
Note for downstream distributors: To run integration tests, you now need to run the
tests a second time with the --integration pytest flag. (#3181)
2.1.0
Read the v2 migration guide for help upgrading to the latest version of urllib3.
Removals
Removed support for the deprecated urllib3[secure] extra. (#2680)
Removed support for the deprecated SecureTransport TLS implementation. (#2681)
Removed support for the end-of-life Python 3.7. (#3143)
Bugfixes
Allowed loading CA certificates from memory for proxies. (#3065)
Fixed decoding Gzip-encoded responses which specified x-gzip content-encoding.
(#3174)
2.0.7
Made body stripped from HTTP requests changing the request method to GET after HTTP
303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)
2.0.6
Added the Cookie header to the list of headers to strip from requests when
redirecting to a different host. As before, different headers can be set via
Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)
2.0.5
Allowed pyOpenSSL third-party module without any deprecation warning. #3126
Fixed default blocksize of HTTPConnection classes to match high-level classes.
Previously was 8KiB, now 16KiB. #3066
2.0.4
Added support for union operators to HTTPHeaderDict (#2254)
Added BaseHTTPResponse to urllib3.__all__ (#3078)
Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event
to have the same behavior as the standard library HTTP client (#2757)
Relied on the standard library for checking hostnames in supported PyPy releases
(#3087)
2.0.3
Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as
we cannot help users facing issues with implementations other than OpenSSL. #3020
Deprecated URLs which don't have an explicit scheme #2950
Fixed response decoding with Zstandard when compressed data is made of several
frames. #3008
Fixed assert_hostname=False to correctly skip hostname check. #3051
... and time for the two security fixes:
https://github.com/advisories/GHSA-v845-jxx5-vc9f - Cookie HTTP header isn't stripped on cross-origin redirects (CVE-2023-43804)
https://github.com/advisories/GHSA-g4mx-q9vg-27p4 - urllib3's request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
comment:15 by , 5 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
alabaster
1.0.0 – 2024-07-26 Dropped support for Python 3.9 and earlier. Dropped support for Sphinx 6.1 and earlier. Use a new SVG image for the GitHub banner. #217 Use the new searchfield component for the search box. Patch by Tim Hoffmann. #104 Allow translating strings in relations.html. #125 Do not underline linked images. Patch by Joshua Bronson. #169 Do not ignore the Pygments background colour. Patch by Matthias Geier. #174 Fix clipping caused by incorrect CSS breakpoints.