meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00

Author	SHA1	Message	Date
Gyorgy Sarvari	5ec4458878	python3-pyjwt: set CVE_PRODUCT The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them. See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424\|pyjwt_project\|pyjwt\|\|\|1.5.0\|<= CVE-2022-29217\|pyjwt_project\|pyjwt\|1.5.0\|>=\|2.4.0\|< CVE-2024-53861\|pyjwt_project\|pyjwt\|2.10.0\|=\|\| CVE-2025-45768\|pyjwt_project\|pyjwt\|2.10.1\|=\|\| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	851e449d54	python3-html5lib: set CVE_PRODUCT There are currently 2 related CVEs in the NIST db, both of them are tracked with html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match. See CVE db query: sqlite> select * from products where PRODUCT like '%html5lib%'; CVE-2016-9909\|html5lib\|html5lib\|\|\|0.99999999\|<= CVE-2016-9910\|html5lib\|html5lib\|\|\|0.99999999\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	6f2ce3843e	python3-werkzeug: set CVE_PRODUCT The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes the the default python:werkzeug CPE to not match anything. See CVE db query: sqlite> select * from products where PRODUCT like 'werkzeug'; CVE-2016-10516\|palletsprojects\|werkzeug\|\|\|0.11.11\|< CVE-2019-14322\|palletsprojects\|werkzeug\|\|\|0.15.5\|< CVE-2019-14806\|palletsprojects\|werkzeug\|\|\|0.15.3\|< CVE-2020-28724\|palletsprojects\|werkzeug\|\|\|0.11.6\|< CVE-2022-29361\|palletsprojects\|werkzeug\|\|\|2.1.0\|<= CVE-2023-23934\|palletsprojects\|werkzeug\|\|\|2.2.3\|< CVE-2023-25577\|palletsprojects\|werkzeug\|\|\|2.2.3\|< CVE-2023-46136\|palletsprojects\|werkzeug\|\|\|2.3.8\|< CVE-2023-46136\|palletsprojects\|werkzeug\|3.0.0\|=\|\| CVE-2024-34069\|palletsprojects\|werkzeug\|\|\|3.0.3\|< CVE-2024-49766\|palletsprojects\|werkzeug\|\|\|3.0.6\|< CVE-2024-49767\|palletsprojects\|werkzeug\|\|\|3.0.6\|< CVE-2025-66221\|palletsprojects\|werkzeug\|\|\|3.1.4\|< Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	5dd59b03f8	python3-tqdm: set CVE_PRODUCT The only related CVE to this recipe is tracked using tqdm_project:tqdm CPE, so the default python:tqdm CPE doesn't match it. See relevant CVE db query: sqlite> select * from products where PRODUCT like 'tqdm'; CVE-2016-10075\|tqdm_project\|tqdm\|4.4.1\|=\|\| CVE-2016-10075\|tqdm_project\|tqdm\|4.10\|=\|\| Set the CVE_PRODUCT so it can match related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	4675c9ddb7	python3-ipython: set CVE_PRODUCT ipython CVEs are tracked using ipython:ipython CPE, so the default python:ipython CVE_PRODUCT doesn't match relevant CPEs. See CVE db query: sqlite> select * from products where PRODUCT like 'ipython'; CVE-2015-4706\|ipython\|ipython\|3.0.0\|=\|\| CVE-2015-4706\|ipython\|ipython\|3.1.0\|=\|\| CVE-2015-4707\|ipython\|ipython\|\|\|3.2.0\|< CVE-2015-5607\|ipython\|ipython\|2.0.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.1.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.2.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.3.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.3.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.4.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|2.4.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.0.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.1.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.0\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.1\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.2\|=\|\| CVE-2015-5607\|ipython\|ipython\|3.2.3\|=\|\| CVE-2022-21699\|ipython\|ipython\|\|\|5.10.0\|<= CVE-2022-21699\|ipython\|ipython\|6.0.0\|>=\|7.16.3\|< CVE-2022-21699\|ipython\|ipython\|7.17.0\|>=\|7.31.1\|< CVE-2022-21699\|ipython\|ipython\|8.0.0\|>=\|8.0.1\|< CVE-2023-24816\|ipython\|ipython\|\|\|8.10.0\|< Set the CVE_PRODUCT accordingly to match the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:54 -08:00
Gyorgy Sarvari	25b9ae3902	python3-m2crypto: set CVE_PRODUCT NIST currently tracks CVEs under at least 2 different CPEs for this recipe, but neither of them is python:m2crypto (the default CVE_PRODUCT). See CVE db query: sqlite> select * from products where PRODUCT like '%m2crypto%'; CVE-2009-0127\|heikkitoivonen\|m2crypto\|-\|\|\| CVE-2020-25657\|m2crypto_project\|m2crypto\|-\|\|\| CVE-2023-50781\|m2crypto_project\|m2crypto\|-\|\|\| Set the CVE_PRODUCT to match the relevant CPEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	a89ab32230	python3-twisted: set CVE_PRODUCT The related CVEs are tracked with twisted:twisted CPE, so the default python:twisted CPE doesn't match any entries. See CVE db query: sqlite> select * from products where PRODUCT = 'twisted'; CVE-2014-7143\|twisted\|twisted\|14.0.0\|=\|\| CVE-2016-1000111\|twisted\|twisted\|\|\|16.3.1\|< CVE-2019-12387\|twisted\|twisted\|\|\|19.2.1\|< CVE-2019-12855\|twisted\|twisted\|\|\|19.2.1\|<= CVE-2020-10108\|twisted\|twisted\|\|\|19.10.0\|<= CVE-2020-10109\|twisted\|twisted\|\|\|19.10.0\|<= CVE-2022-21712\|twisted\|twisted\|11.1.0\|>=\|22.1.0\|< CVE-2022-21716\|twisted\|twisted\|21.7.0\|>=\|22.2.0\|< CVE-2022-24801\|twisted\|twisted\|\|\|22.4.0\|< CVE-2022-39348\|twisted\|twisted\|0.9.4\|>=\|22.10.0\|< CVE-2023-46137\|twisted\|twisted\|\|\|22.8.0\|<= CVE-2024-41810\|twisted\|twisted\|\|\|24.3.0\|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	b96b616553	python3-simplejson: set CVE_PRODUCT There is one relevant CVE tracked using the simplejson_prject:simplejson CPE, and no entries tracked with python:simplejson. See CVE db query: sqlite> select * from products where PRODUCT like '%simplejson%'; CVE-2014-4616\|simplejson_project\|simplejson\|\|\|2.6.1\|< Set the CVE_PRODUCT accordingly Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	0aa5b9d824	python3-virtualenv: set CVE_PRODUCT There are relevant CVEs tracked under two different CPEs: python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed). See CVE db query: sqlite> select * from products where PRODUCT = 'virtualenv'; CVE-2011-4617\|python\|virtualenv\|\|\|1.4.9\|<= CVE-2011-4617\|python\|virtualenv\|0.8\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.8.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|0.9.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.0\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.1.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.3.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.1\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.2\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.3\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.4\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.5\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.6\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.7\|=\|\| CVE-2011-4617\|python\|virtualenv\|1.4.8\|=\|\| CVE-2013-5123\|virtualenv\|virtualenv\|12.0.7\|=\|\| CVE-2024-53899\|virtualenv\|virtualenv\|\|\|20.26.6\|< Set the CVE_PRODUCT so both are matched. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:53 -08:00
Gyorgy Sarvari	c5a7d5765e	python3-httplib2: set CVE_PRODUCT There are no CVEs tracked with python:httplib2 CPE, but there are multiple ones tracked under httplib2_project:hgttplib2 CPE (and they are related to this recipe). See CVE db query: sqlite> select * from products where PRODUCT = 'httplib2'; CVE-2013-2037\|httplib2_project\|httplib2\|\|\|0.7.2\|<= CVE-2013-2037\|httplib2_project\|httplib2\|0.8\|=\|\| CVE-2020-11078\|httplib2_project\|httplib2\|\|\|0.18.0\|< CVE-2021-21240\|httplib2_project\|httplib2\|\|\|0.19.0\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	a9a8c80550	python3-matplotlib: set CVE_PRODUCT At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are tracked by the defaul python:matplotlib CPE). See CVE db query: sqlite> select * from products where PRODUCT = 'matplotlib'; CVE-2013-1424\|debian\|matplotlib\|0.99.3-1\|>=\|1.4.2-3.1\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	fc90f2b514	python3-pyrad: set CVE_PRODUCT NIST tracks related CVEs with pyrad_project CPE vendor instead of "python". Set the CVE_PRODUCT to pyrad, so both can be matched. See CVE db query: sqlite> select * from products where PRODUCT = 'pyrad'; CVE-2013-0294\|pyrad_project\|pyrad\|\|\|2.1\|< CVE-2013-0342\|pyrad_project\|pyrad\|\|\|2.1\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	febab38136	python3-redis: set CVE_PRODUCT Set the correct CVE_PRODUCT for the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	34f5d84f85	python3-twitter: set CVE_PRODUCT The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where PRODUCT = 'tweepy'; CVE-2012-5825\|tweepy\|tweepy\|-\|\|\| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:52 -08:00
Gyorgy Sarvari	49ced80122	python3-sqlalchemy: set CVE_PRODUCT The default python:sqlalchemy CPE fails to match CVEs, because the CVEs are associated with sqlalchemy:sqlalchemy CPE. See CVE db query: sqlite> select * from products where PRODUCT = 'sqlalchemy'; CVE-2012-0805\|sqlalchemy\|sqlalchemy\|\|\|0.7.0\|<= CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta2\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.0_beta3\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.2\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.3\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.4\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.5\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.6\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.6.7\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.7.0_b1\|=\|\| CVE-2012-0805\|sqlalchemy\|sqlalchemy\|0.7.0_b2\|=\|\| CVE-2019-7164\|sqlalchemy\|sqlalchemy\|\|\|1.2.17\|<= CVE-2019-7164\|sqlalchemy\|sqlalchemy\|1.3.0_beta1\|=\|\| CVE-2019-7164\|sqlalchemy\|sqlalchemy\|1.3.0_beta2\|=\|\| CVE-2019-7548\|sqlalchemy\|sqlalchemy\|1.2.17\|=\|\| Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	e22d2a7ba6	python3-paramiko: set CVE_PRODUCT Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs. See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299\|python_software_foundation\|paramiko\|1.7.1\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.17.6\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.18.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.0.8\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.1.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.2.3\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.3.2\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.4.1\|=\|\| CVE-2018-7750\|paramiko\|paramiko\|\|\|1.17.6\|< CVE-2018-7750\|paramiko\|paramiko\|1.18.0\|>=\|1.18.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.0.0\|>=\|2.0.8\|< CVE-2018-7750\|paramiko\|paramiko\|2.1.0\|>=\|2.1.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.2.0\|>=\|2.2.3\|< CVE-2018-7750\|paramiko\|paramiko\|2.3.0\|>=\|2.3.2\|< CVE-2018-7750\|paramiko\|paramiko\|2.4.0\|=\|\| CVE-2022-24302\|paramiko\|paramiko\|\|\|2.10.1\|< CVE-2023-48795\|paramiko\|paramiko\|\|\|3.4.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	139cc15de3	python3-tornado: set CVE_PRODUCT The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because the project's CPE is "tornadoweb:tornado". See cve db query (docmosis is an irrelevant vendor): sqlite> select * from products where PRODUCT = 'tornado'; CVE-2012-2374\|tornadoweb\|tornado\|\|\|2.2\|<= CVE-2012-2374\|tornadoweb\|tornado\|1.0\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.0.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.1.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.2\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|1.2.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.0\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.1\|=\|\| CVE-2012-2374\|tornadoweb\|tornado\|2.1.1\|=\|\| CVE-2014-9720\|tornadoweb\|tornado\|\|\|3.2.2\|< CVE-2023-25264\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-25265\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-25266\|docmosis\|tornado\|\|\|2.9.5\|< CVE-2023-28370\|tornadoweb\|tornado\|\|\|6.3.2\|< CVE-2024-42733\|docmosis\|tornado\|\|\|2.9.7\|<= CVE-2024-52804\|tornadoweb\|tornado\|\|\|6.4.2\|< CVE-2025-47287\|tornadoweb\|tornado\|\|\|6.5.0\|< CVE-2025-67724\|tornadoweb\|tornado\|\|\|6.5.3\|< CVE-2025-67725\|tornadoweb\|tornado\|\|\|6.5.3\|< CVE-2025-67726\|tornadoweb\|tornado\|\|\|6.5.3\|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Gyorgy Sarvari	96a2496b65	python3-cbor2: set CVE_PRODUCT The default, "python:cbor2" CVE_PRODUCT is not appropriate for this recipe, because most associated CVEs use "agronholm:cbor2" CPE. Set the CVE_PRODUCT to cbor2, so it will match the currently used CPE, and in case there will be future python:cbor2 CPEs also, they will be matched too. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Khem Raj	f06f03200d	python3-backports-zstd: Upgrade to 1.3.0 Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Liu Yiding	e15758ad1a	python3-fastapi-cli: upgrade 0.0.16 -> 0.0.20 Changelog: https://github.com/fastapi/fastapi-cli/releases/tag/0.0.20 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Wang Mingyu	90ab1ee642	python3-typer: upgrade 0.20.1 -> 0.21.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:49 -08:00
Wang Mingyu	3be4495590	python3-pikepdf: upgrade 10.0.3 -> 10.1.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	54691ea40a	python3-marshmallow: upgrade 4.1.1 -> 4.1.2 Changelog: Merge error store messages without rebuilding collections. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	b7a2d1f770	python3-elementpath: upgrade 5.0.4 -> 5.1.0 License-Update: Copyright year updated to 2025. Changelog: =========== - Drop Python 3.9 compatibility and add Pyton 3.15 support - Improve XPath sequence internal processing with a list derived type xlist - Extensions and fixes for XSD datatypes - Add XSequence datatype for external representation of XPath sequences Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	c5196a2282	python3-coverage: upgrade 7.13.0 -> 7.13.1 Changelog: ============ - Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. - Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable. - Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105. - Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. - Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step. - Docs: added a section explaining more about what is considered a missing branch and how it is reported: Examples of missing branches, as requested in issue 1597. - Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:48 -08:00
Wang Mingyu	9c5e7e5c29	python3-typer: upgrade 0.20.0 -> 0.20.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	ebca0ae79d	python3-tornado: upgrade 6.5.3 -> 6.5.4 Bug fixes ~~~~~~~~~ - The "in" operator for "HTTPHeaders" was incorrectly case-sensitive, causing lookups to fail for headers with different casing than the original header name. This was a regression in version 6.5.3 and has been fixed to restore the intended case-insensitive behavior from version 6.5.2 and earlier. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	f1bdb4e99b	python3-soupsieve: upgrade 2.8 -> 2.8.1 FIX: Changes in tests to accommodate latest Python HTML parser changes. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	aba3856c1e	python3-smbus2: upgrade 0.5.0 -> 0.6.0 Changelog: ========== - Python 3.14 added. - Fix SystemError: buffer overflow on Python 3.14+ on 64-bit systems by using c_ulong instead of c_uint32 for I2C_FUNCS ioctl. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	8db029f9a5	python3-sdbus: upgrade 0.14.1 -> 0.14.2 Changelog: =========== - Fix segmentation fault if export handle outlives the exported object. - Fix some tests failing on slow systems. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	dc39281af5	python3-python-multipart: upgrade 0.0.20 -> 0.0.21 Changelog: Add support for Python 3.14 and drop EOL 3.8 and 3.9 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:29 -08:00
Wang Mingyu	4389519b6b	python3-pikepdf: upgrade 10.0.2 -> 10.0.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	602a336ae3	python3-nodeenv: upgrade 1.9.1 -> 1.10.0 Changelog: ========== - Use lowercase lookup for archmap - Add support for Python 3.13 - Add UV Virtual Environment support - Use sh instead of bash - Replace additional use of which(1) with shutil.which() - Support leading v in .node-version - Check host platform when finding node version Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	b92546dea2	python3-joblib: upgrade 1.5.2 -> 1.5.3 Changelog: =========== - The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. - Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. - Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	049f50eef4	python3-imgtool: upgrade 2.2.0 -> 2.3.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	310009aad6	python3-humanize: upgrade 4.14.0 -> 4.15.0 Added ------ - Add locale support for decimal separator in intword - Add support for Python 3.15 Changed -------- - Replace pre-commit with prek Fixed ------ - naturaldelta: round the value to nearest unit that makes sense - Fix plural form for intword and improve performance - Replace Exception with more specific FileNotFoundError Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	3f09bcaf54	python3-google-auth: upgrade 2.43.0 -> 2.45.0 Changelog: ============= Features --------- - Adding Agent Identity bound token support and handling certificate mismatches with retries - support Python 3.14 - add ecdsa p-384 support - MDS connections use mTLS - Implement token revocation in STS client and add revoke() method to ExternalAccountAuthorizedUser credentials - Add shlex to correctly parse executable commands with spaces Bug Fixes --------- - Use public refresh method for source credentials in ImpersonatedCredentials - Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration - Delegate workload cert and key default lookup to helper function Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	c2710a2df9	python3-filelock: upgrade 3.20.0 -> 3.20.1 Changelog: CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:28 -08:00
Wang Mingyu	44c27a5915	python3-cmake: upgrade 4.2.0 -> 4.2.1 Changelog: ========== - fix: add missing f-string prefix for --parallel bootstrap arg - fix: workaround issue in lastversion with OpenSSL - chore(deps): update clang to 21.1.8.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:27 -08:00
Wang Mingyu	0cc847b8f7	python3-cachetools: upgrade 6.2.3 -> 6.2.4 Changelog: Fix license information displayed on PyPI be using an updated version of twine for uploading. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:27 -08:00
Khem Raj	dbc5ef5e12	python3-pyzstd: Delete recipe It has been moved to core layer Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Koen Kooi <koen.kooi@oss.qualcomm.com>	2025-12-24 13:18:25 -08:00
Liu Yiding	cf1b6485d1	python3-uvicorn: upgrade 0.38.0 -> 0.40.0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-23 12:22:42 -08:00
Liu Yiding	a33d278d08	python3-importlib-metadata: upgrade 8.7.0 -> 8.7.1 LIC_FILES_CHKSUM changed as LICENSE file format has been changed in 8.7.1 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-23 12:22:41 -08:00
Khem Raj	c0fb020740	python3-pytest-metadata: Upgrade to 3.1.1 pytest-metadata version 2.0.2 has a bug where it tries to access py.__version__, but the py library version 1.11.0 removed the __version__ attribute. This is a known incompatibility. Switch to hatching build backend Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-22 07:29:42 -08:00
Khem Raj	ab4e9f7009	python3-pytest-html: Add missing ptest rdep on pytest html Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 12:58:57 -08:00
Wang Mingyu	2c0a4edb58	python3-tzdata: upgrade 2025.2 -> 2025.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:04 -08:00
Wang Mingyu	8ba97b6646	python3-tornado: upgrade 6.5.2 -> 6.5.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:04 -08:00
Wang Mingyu	f95039cd4b	python3-sqlalchemy: upgrade 2.0.44 -> 2.0.45 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:04 -08:00
Wang Mingyu	50f6252da9	python3-nanobind: upgrade 2.9.2 -> 2.10.2 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00
Wang Mingyu	335d2486ed	python3-matplotlib: upgrade 3.10.7 -> 3.10.8 Changelog: =========== - Properly allow freethreaded mode in the MacOS backend - Better error handling for MacOS backend Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-21 08:54:03 -08:00

1 2 3 4 5 ...

8884 Commits