Skip to content

chore(deps): bump cbor2 from 5.5.1 to 5.6.0 #15233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump cbor2 from 5.5.1 to 5.6.0 #15233

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 18, 2024

Bumps cbor2 from 5.5.1 to 5.6.0.

Release notes

Sourced from cbor2's releases.

5.6.0

  • Added the cbor2 command line tool (for pipx run cbor2)
  • Added support for native date encoding (bschoenmaeckers)
  • Made the C extension mandatory when the environment variable CBOR2_BUILD_C_EXTENSION is set to 1.
  • Fixed SystemError in the C extension when decoding a Fractional with a bad number of arguments or a non-tuple value
  • Fixed SystemError in the C extension when the decoder object hook raises an exception
  • Fixed a segmentation fault when decoding invalid unicode data
  • Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
  • Fixed MemoryError when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded
  • Fixed UnicodeDecodeError from failed parsing of a UTF-8 text string not being wrapped as CBORDecodeValueError
  • Fixed TypeError or ZeroDivisionError from a failed decoding of Fraction not being wrapped as CBORDecodeValueError
  • Fixed TypeError or ValueError from a failed decoding of UUID not being wrapped as CBORDecodeValueError
  • Fixed TypeError from a failed decoding of MIMEMessage not being wrapped as CBORDecodeValueError
  • Fixed OverflowError, OSError or ValueError from a failed decoding of epoch-based datetime not being wrapped as CBORDecodeValueError
Changelog

Sourced from cbor2's changelog.

Version history

.. currentmodule:: cbor2

This library adheres to Semantic Versioning <http://semver.org/>_.

5.6.0 (2024-01-17)

  • Added the cbor2 command line tool (for pipx run cbor2)
  • Added support for native date encoding (bschoenmaeckers)
  • Made the C extension mandatory when the environment variable CBOR2_BUILD_C_EXTENSION is set to 1.
  • Fixed SystemError in the C extension when decoding a Fractional with a bad number of arguments or a non-tuple value
  • Fixed SystemError in the C extension when the decoder object hook raises an exception
  • Fixed a segmentation fault when decoding invalid unicode data
  • Fixed infinite recursion when trying to hash a CBOR tag whose value points to the tag itself
  • Fixed MemoryError when maliciously constructed bytestrings or string (declared to be absurdly large) are being decoded
  • Fixed UnicodeDecodeError from failed parsing of a UTF-8 text string not being wrapped as CBORDecodeValueError
  • Fixed TypeError or ZeroDivisionError from a failed decoding of Fraction not being wrapped as CBORDecodeValueError
  • Fixed TypeError or ValueError from a failed decoding of UUID not being wrapped as CBORDecodeValueError
  • Fixed TypeError from a failed decoding of MIMEMessage not being wrapped as CBORDecodeValueError
  • Fixed OverflowError, OSError or ValueError from a failed decoding of epoch-based datetime not being wrapped as CBORDecodeValueError

5.5.1 (2023-11-02)

  • Fixed CBORSimpleValue allowing the use of reserved values (24 to 31) which resulted in invalid byte sequences
  • Fixed encoding of simple values from 20 to 23 producing the wrong byte sequences

5.5.0 (2023-10-21)

  • The cbor2.encoder, cbor2.decoder or cbor2.types modules were deprecated – import their contents directly from cbor2 from now on. The old modules will be removed in the next major release.
  • Added support for Python 3.12
  • Added type annotations
  • Dropped support for Python 3.7
  • Fixed bug in the fp attribute of the built-in version of CBORDecoder and CBOREncoder where the getter returns an invalid pointer if the read method of the file was a built-in method

... (truncated)

Commits
  • 91d8fec Bumped up the version
  • b4f7fce Fixed SystemError from non-tuple input value when decoding Fraction
  • ed997ac Fixed test failures on Windows
  • 7c6e647 Convert ValueError for invalid epoch-based datetime values
  • 4ef178b Convert OverflowError and OSError for invalid epoch-based datetime values
  • 98bdde3 Convert TypeError/ValueError for invalid regex/MIME/UUID values
  • 7d8b776 [pre-commit.ci] pre-commit autoupdate (#207)
  • faf035f Made the C extension mandatory when CBOR2_BUILD_C_EXTENSION=1
  • 70aae50 Wrapped ZeroDivisionError from decoding Fraction
  • 8b46c76 Wrapped errors from decoding utf-8 string or Fraction
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump cbor2 from 5.5.1 to 5.6.0
b264eba 
Bumps [cbor2](https://github.com/agronholm/cbor2) from 5.5.1 to 5.6.0.
- [Release notes](https://github.com/agronholm/cbor2/releases)
- [Changelog](https://github.com/agronholm/cbor2/blob/master/docs/versionhistory.rst)
- [Commits](agronholm/cbor2@5.5.1...5.6.0)

---
updated-dependencies:
- dependency-name: cbor2
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner January 18, 2024 10:24
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 18, 2024
@pypi-combine-prs pypi-combine-prs bot mentioned this pull request Jan 18, 2024
Merged
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 18, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/cbor2-5.6.0 branch January 18, 2024 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants