Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scheduled monthly dependency update for March #45

Merged
merged 1 commit into from Mar 3, 2021

Conversation

pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Mar 1, 2021

Update aiohttp from 3.7.3 to 3.7.4.

Changelog

3.7.4

==================

Bugfixes
--------

- **(SECURITY BUG)** Started preventing open redirects in the
``aiohttp.web.normalize_path_middleware`` middleware. For
more details, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

Thanks to `Beast Glatisant <https://github.com/g147>`__ for
finding the first instance of this issue and `Jelmer Vernooij
<https://jelmer.uk/>`__ for reporting and tracking it down
in aiohttp.
`5497 <https://github.com/aio-libs/aiohttp/issues/5497>`_
- Fix interpretation difference of the pure-Python and the Cython-based
HTTP parsers construct a ``yarl.URL`` object for HTTP request-target.

Before this fix, the Python parser would turn the URI's absolute-path
for ``//some-path`` into ``/`` while the Cython code preserved it as
``//some-path``. Now, both do the latter.
`5498 <https://github.com/aio-libs/aiohttp/issues/5498>`_


----
Links

Update cffi from 1.14.4 to 1.14.5.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update chardet from 3.0.4 to 4.0.0.

Changelog

4.0.0

Benchmarking chardet 4.0.0 on CPython 3.7.5 (default, Sep  8 2020, 12:19:42)
[Clang 11.0.3 (clang-1103.0.32.62)]
--------------------------------------------------------------------------------
.......................................................................................................................................................................................................................................................................................................................................................................
Calls per second for each encoding:
Links

Update cryptography from 3.3.1 to 3.4.6.

Changelog

3.4.6

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1j.

.. _v3-4-5:

3.4.5

~~~~~~~~~~~~~~~~~~

* Various improvements to type hints.
* Lower the minimum supported Rust version (MSRV) to >=1.41.0. This change
improves compatibility with system-provided Rust on several Linux
distributions.
* ``cryptography`` will be switching to a new versioning scheme with its next
feature release. More information is available in our
:doc:`/api-stability` documentation.

.. _v3-4-4:

3.4.4

~~~~~~~~~~~~~~~~~~

* Added a ``py.typed`` file so that ``mypy`` will know to use our type
annotations.
* Fixed an import cycle that could be triggered by certain import sequences.

.. _v3-4-3:

3.4.3

~~~~~~~~~~~~~~~~~~

* Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users
on older versions will get a clear error message.

.. _v3-4-2:

3.4.2

~~~~~~~~~~~~~~~~~~

* Improvements to make the rust transition a bit easier. This includes some
better error messages and small dependency fixes. If you experience
installation problems **Be sure to update pip** first, then check the
:doc:`FAQ </faq>`.

.. _v3-4-1:

3.4.1

~~~~~~~~~~~~~~~~~~

* Fixed a circular import issue.
* Added additional debug output to assist users seeing installation errors
due to outdated ``pip`` or missing ``rustc``.

.. _v3-4:

3.4

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed.
* We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1``
wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't
cause issues downloading wheels on their platform.
* ``cryptography`` now incorporates Rust code. Users building ``cryptography``
themselves will need to have the Rust toolchain installed. Users who use an
officially produced wheel will not need to make any changes. The minimum
supported Rust version is 1.45.0.
* ``cryptography`` now has :pep:`484` type hints on nearly all of of its public
APIs. Users can begin using them to type check their code with ``mypy``.

.. _v3-3-2:

3.3.2

~~~~~~~~~~~~~~~~~~

* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
when symmetrically encrypting very large payloads (>2GB) could result in an
integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:**
This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL
1.1.1j.

.. _v3-3-1:
Links

Update sentry-sdk from 0.19.5 to 0.20.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

* Update aiohttp from 3.7.3 to 3.7.4
* Update cffi from 1.14.4 to 1.14.5
* Update cryptography from 3.3.1 to 3.4.6
* Update sentry-sdk from 0.19.5 to 0.20.3
@TrueBrain TrueBrain force-pushed the pyup-scheduled-update-2021-03-01 branch from 9b415a5 to 8072d00 Compare Mar 3, 2021
@TrueBrain TrueBrain merged commit 319fe67 into master Mar 3, 2021
6 checks passed
@TrueBrain TrueBrain deleted the pyup-scheduled-update-2021-03-01 branch Mar 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants