Release notes (https://github.com/lxml/lxml/blob/master/CHANGES.txt):
4.6.5 (2021-12-12)
==================
Bugs fixed
----------
* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
content through SVG images (CVE-2021-43818).
* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
content through CSS imports and other crafted constructs (CVE-2021-43818).
4.6.4 (2021-11-01)
==================
Features added
--------------
* GH#317: A new property ``system_url`` was added to DTD entities.
Patch by Thirdegree.
* GH#314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars.
Patch by Isaac Jurado.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
From the release notes page
(https://docs.djangoproject.com/en/4.0/releases/3.2.10/):
Django 3.2.10 fixes a security issue with severity “low” and a bug in
3.2.9.
CVE-2021-44420: Potential bypass of an upstream access control based on
URL paths
HTTP requests for URLs with trailing newlines could bypass an upstream
access control based on URL paths.
Bugfixes
Fixed a regression in Django 3.2 that caused a crash of setUpTestData()
with BinaryField on PostgreSQL, which is memoryview-backed (#33333).
Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python
3.10.
Bugfixes
Fixed a bug in Django 3.2 that caused a migration crash on SQLite when
altering a field with a functional index (#33194).
Django 3.2.8 fixes two bugs in 3.2.7.
Bugfixes
Fixed a bug in Django 3.2 that caused incorrect links on read-only
fields in the admin (#33077).
Fixed a regression in Django 3.2 that caused incorrect selection of
items across all pages when actions were placed both on the top and
bottom of the admin change-list view (#33083).
Django 3.2.7 fixes a bug in 3.2.6.
Bugfixes
Fixed a regression in Django 3.2 that caused the incorrect offset
extraction from fixed offset timezones (#32992).
Django 3.2.6 fixes several bugs in 3.2.5.
Bugfixes
Fixed a regression in Django 3.2 that caused a crash validating "NaN"
input with a forms.DecimalField when additional constraints, e.g.
max_value, were specified (#32949).
Fixed a bug in Django 3.2 where a system check would crash on a model
with a reverse many-to-many relation inherited from a parent class
(#32947).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 446a503acf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
pip isn't needed to build, and adding the empty string to RDEPENDS is
most certainly meaningless.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 57ae325941)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Also update the HOMEPAGE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 45e5b27db6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gevent is MIT, and it embeds copies of Python which is Python-2.0.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 91b516cc80)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gevent by default will build its own c-ares and libuv, but that build
needs patches and embedded libraries are bad form.
DEPEND on the recipes instead, and turn off embedding.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 2d63ec9476)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
I tried backporting Richard's master change but there where many merge conflicts.
I went the lazy route and ran the script.
This is work based on "b402a3076 recipes: Update SRC_URI branch and protocols"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
1.2.6 release does not have fixes to work with setuptools 0.58+
the patches are part of github 1.2.7 pre-release, until the release
comes out switch to using github
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 55534f9d10)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Release 0.8.10 is a minor release and contains two bug fixes for the HSM extension and changes how the 'self' literal string is handled.
- Feature #545: The literal 'self' (default model parameter of `Machine`) has been replaced by the class variable `Machine.self_literal = 'self'`. `Machine` now performs an identity check (instead of a value check) with `mod is self.self_literal` to determine whether it should act as a model. While 'self' should still work when passed to the `model` parameter, we encourage using `Machine.self_literal` from now on. This was done to enable easier override of `Machine.__eq__` in subclasses (thanks @VKSolovev).
- Bug #547: Introduce `HierarchicalMachine.prefix_path` to resolve global state names since the HSM stack is not reliable when `queued=True` (thanks @jankrejci).
- Bug #548: `HSM` source states were exited even though they are parents of the destination state (thanks @wes-public-apps).
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 4613292202)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bugfixes
Ignore blank ignored in existing Data Validations
Add support for cell protection for merged cell ranges
Timezone-aware datetimes raise an Exception
Improved normalisation of chart series
Catch OverflowError for out of range datetimes
Alignment.relativeIndent can be negative
Incorrect default value groupBy attribute
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 18f4c0b5e8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Here is a non-exhaustive list of changes,
Fixes:
async with doesn’t allow newlines PR #13090
Dynamically changing to vi mode via %config magic) PR #13091
Virtualenv handling fixes:
init_virtualenv now uses Pathlib PR #12548
Fix Improper path comparison of virtualenv directories PR #13140
Fix virtual environment user warning for lower case pathes PR #13094
Adapt to all sorts of drive names for cygwin PR #13153
New Features:
enable autoplay in embed YouTube player PR #13133
Documentation:
Fix formatting for the core.interactiveshell documentation PR #13118
Fix broken ipyparallel’s refs PR #13138
Improve formatting of %time documentation PR #13125
Reword the YouTubeVideo autoplay WN PR #13147
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit b067418e86)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add nativesdk to BBCLASSEXTEND to enable recipes that produce files intended
for host portion the SDK
Signed-off-by: Sai Hari Chandana Kalluri <chandana.kalluri@xilinx.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
`Release 10.0`_ (2021-09-17)
----------------------------
**Noteworthy changes:**
- Merged pull request `#45`_ to resolve the issue caused by the conditional
:pypi:`pyreadline` requirement on Windows not supporting Python 3.9+.
- Updated the readme to use Python 3 in the example (reported in issue `#56`_).
Also added a mention of the ``humanfriendly --demo`` command.
- Removed the ``humanfriendly.compat.unittest`` alias that presumably no-one is
using at this point; it had been rendered useless quite a long time ago
(requested in issue `#53`_).
**Internal changes:**
- Merged pull request `#54`_ which migrates the :pypi:`humanfriendly` project
from Travis CI to GitHub Actions and from Coveralls.io to Codecov.
- Fixed a deprecation warning concerning ``setup.cfg`` and some Sphinx
documentation errors.
.. _Release 10.0: https://github.com/xolox/python-humanfriendly/compare/9.2...10.0
.. _#45: https://github.com/xolox/python-humanfriendly/pull/45
.. _#53: https://github.com/xolox/python-humanfriendly/issues/53
.. _#54: https://github.com/xolox/python-humanfriendly/pull/54
.. _#56: https://github.com/xolox/python-humanfriendly/issues/56
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
* Attempt to reconnect to database if connection becomes unusable (e.g. due to
a server restart). See: `huey.contrib.sql_huey.SqlHuey`.
* Do not use a soft file-lock for `FileStorage` - use `fcntl.flock()` instead.
[View commits](https://github.com/coleifer/huey/compare/2.4.0...2.4.1)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
* Bug Fixes
* Fixed extra space appended to each alias by "alias list" command
* Enhancements
* New function `set_default_ap_completer_type()` allows developer to extend and modify the
behavior of `ArgparseCompleter`.
* Added `ArgumentParser.get_ap_completer_type()` and `ArgumentParser.set_ap_completer_type()`. These
methods allow developers to enable custom tab completion behavior for a given parser by using a custom
`ArgparseCompleter`-based class.
* Added `ap_completer_type` keyword arg to `Cmd2ArgumentParser.__init__()` which saves a call
to `set_ap_completer_type()`. This keyword will also work with `add_parser()` when creating subcommands
if the base command's parser is a `Cmd2ArgumentParser`.
* New function `register_argparse_argument_parameter()` allows developers to specify custom
parameters to be passed to the argparse parser's `add_argument()` method. These parameters will
become accessible in the resulting argparse Action object when modifying `ArgparseCompleter` behavior.
* Using `SimpleTable` in the output for the following commands to improve appearance.
* help
* set (command and tab completion of Settables)
* alias tab completion
* macro tab completion
* Tab completion of `CompletionItems` now includes divider row comprised of `Cmd.ruler` character.
* Removed `--verbose` flag from set command since descriptions always show now.
* All cmd2 built-in commands now populate `self.last_result`.
* Argparse tab completer will complete remaining flag names if there are no more positionals to complete.
* Updated `async_alert()` to account for `self.prompt` not matching Readline's current prompt.
* Deletions (potentially breaking changes)
* Deleted ``set_choices_provider()`` and ``set_completer()`` which were deprecated in 2.1.2
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
The main repo is sourced from git://git.openembedded.org not github.
Don't think oe-core.git exists.
Lets be constent across all sub layers.
Drop Revisions and Prioriiy from repo references as they are not used.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-License-Update: Modify part description.
old: If a copy of the MPL was not distributed with this project,
new: If a copy of the MPL was not distributed with this file,
v4.62.3 (2021-09-20)#
whl|asc
fix minor typo (#1246)
minor example fix (#1246)
misc tidying & refactoring
misc build/dev framework updates
update dependencies
update linters
update docs deployment branches
misc test/ci updates
test forks
tidy OS & Python version tests
bump primary python version 3.7 => 3.8
beta py3.10 testing
fix py2.7 tests
better timeout handling
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Release 0.4.2 (Sep 10, 2021)
----------------------------
Notable Changes
* IMPORTANT: This release fixes a security vulnerability in the
strip comments filter. In this filter a regular expression that was
vulnerable to ReDOS (Regular Expression Denial of Service) was
used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
The vulnerability was discovered by @erik-krogh and @yoff from
GitHub Security Lab (GHSL). Thanks for reporting!
Enhancements
* Add ELSIF as keyword (issue584).
* Add CONFLICT and ON_ERROR_STOP keywords (pr595, by j-martin).
Bug Fixes
* Fix parsing of backticks (issue588).
* Fix parsing of scientific number (issue399).
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Robot Framework 4.1.1 is mostly a bug fix release, but it also adds official Python 3.10 support.
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
What's Changed
Avoid deadlock in Youtube controller
Remove unnecessary app launch in quickplay
Bump black from 21.7b0 to 21.9b0
Bump pylint from 2.9.6 to 2.10.2
Bump pylint from 2.9.5 to 2.9.6
Bump pylint from 2.9.3 to 2.9.5
Bump black from 21.6b0 to 21.7b0
Add force_launch option to BaseController.launch
Bump pylint from 2.9.1 to 2.9.3
Bump pylint from 2.8.3 to 2.9.1
Adjust to pylint 2.9.0
Bump black from 21.5b2 to 21.6b0
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Fixes
RuntimeError:
Please install pkg-config on your system or set the PYICU_CFLAGS environment
variable to the flags required by the C++ compiler to find the header files
for ICU, and possibly -std=c++11 if using ICU version >= 60
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
"BSD" is ambiguous, use the precise licenses BSD-3-Clause
Missing MIT and Apache 2-0...
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
v2]
Too many 'ands'
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
