Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.
There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.
Fixed server checks for circular symbolic links to be compatible with Python 3.13 -- by :user:steverep.
Related issues and pull requests on GitHub:
:issue:8565.
Fixed request body not being read when ignoring an Upgrade request -- by :user:Dreamsorcerer.
Related issues and pull requests on GitHub:
:issue:8597.
Fixed an edge case where shutdown would wait for timeout when the handler was already completed -- by :user:Dreamsorcerer.
Related issues and pull requests on GitHub:
:issue:8611.
Fixed connecting to npipe://, tcp://, and unix:// urls -- by :user:bdraco.
Related issues and pull requests on GitHub:
:issue:8632.
Fixed WebSocket ping tasks being prematurely garbage collected -- by :user:bdraco.
There was a small risk that WebSocket ping tasks would be prematurely garbage collected because the event loop only holds a weak reference to the task. The garbage collection risk has been fixed by holding a strong reference to the task. Additionally, the task is now scheduled eagerly with Python 3.12+ to increase the chance it can be completed immediately and avoid having to hold any references to the task.
Related issues and pull requests on GitHub:
:issue:8641.
Fixed incorrectly following symlinks for compressed file variants -- by :user:steverep.
Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
No longer sort Wordnet synsets and relations (sort in calling function when required)
Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
Add Python 3.12 support
Many other minor fixes
Thanks to the following contributors to 3.8.2:
Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins,
Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.
Version 3.8.1 2023-01-02
Resolve RCE vulnerability in localhost WordNet Browser (#3100)
ONNX v1.17.0 is now available with exciting new features! We would like to thank everyone who contributed to this release!
Please visit onnx.ai to learn more about ONNX and associated projects.
urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.
Thank you for your support.
Changes
Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. (#3122)
Fixed return types representing copying actions to use typing.Self. (#3363)
Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. ([#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122>__)
Fixed return types representing copying actions to use typing.Self. ([#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363>__)
This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.
Restore behavior where parsing multipart/x-www-form-urlencoded data with
invalid UTF-8 bytes in the body results in no form data parsed rather than a
413 error. #2930
Improve parse_options_header performance when parsing unterminated
quoted string values. #2904
Debugger pin auth is synchronized across threads/processes when tracking
failed entries. #2916
Dev server handles unexpected SSLEOFError due to issue in Python < 3.13.
#2926
Debugger pin auth works when the URL already contains a query string.
#2918
3.0.3
This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
Make reloader more robust when "" is in sys.path. #2823
Improve type annotation fore SharedDataMiddleware. :issue:2958
Compatibility with Python 3.13 when generating debugger pin and the current
UID does not have an associated name. :issue:2957
Version 3.0.4
Released 2024-08-21
Restore behavior where parsing multipart/x-www-form-urlencoded data with
invalid UTF-8 bytes in the body results in no form data parsed rather than a
413 error. :issue:2930
Improve parse_options_header performance when parsing unterminated
quoted string values. :issue:2904
Debugger pin auth is synchronized across threads/processes when tracking
failed entries. :issue:2916
Dev server handles unexpected SSLEOFError due to issue in Python < 3.13.
:issue:2926
Debugger pin auth works when the URL already contains a query string.
:issue:2918
Version 3.0.3
Released 2024-05-05
Only allow localhost, .localhost, 127.0.0.1, or the specified
hostname when running the dev server, to make debugger requests. Additional
hosts can be added by using the debugger middleware directly. The debugger
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Dartvauder/NeuroSandboxWebUI/network/alerts).
Bumps the pip group with 8 updates in the /RequirementsFiles directory:
3.9.5
3.10.2
2024.2.2
2024.7.4
3.8.1
3.9
1.16.1
1.17.0
1.4.2
1.5.0
2.2.1
2.2.2
3.0.2
3.0.6
3.18.1
3.19.1
Updates
aiohttp
from 3.9.5 to 3.10.2Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
491106e
Release 3.10.2 (#8655)ce2e975
[PR #8652/b0536ae6 backport][3.10] Do not follow symlinks for compressed file...6a77806
[PR #8636/51d872e backport][3.10] Remove Request.wait_for_disconnection() met...1f92213
[PR #8642/e4942771 backport][3.10] Fix response to circular symlinks with Pyt...2ef14a6
[PR #8641/0a88bab backport][3.10] Fix WebSocket ping tasks being prematurely ...68e8496
[PR #8608/c4acabc backport][3.10] Fix timer handle churn in websocket heartbe...72f41aa
[PR #8632/b2691f2 backport][3.10] Fix connecting to npipe://, tcp://, and uni...bf83dbe
[PR #8634/c7293e19 backport][3.10] Backport #8620 as improvements to various ...4815765
[PR #8597/c99a1e27 backport][3.10] Fix reading of body when ignoring an upgra...266608d
[PR #8611/1fcef940 backport][3.10] Fix handler waiting on shutdown (#8627)Updates
certifi
from 2024.2.2 to 2024.7.4Commits
bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Updates
nltk
from 3.8.1 to 3.9Changelog
Sourced from nltk's changelog.
... (truncated)
Commits
24936a2
Bump version to 3.9c222897
Merge branch 'develop' of https://github.com/nltk/nltk into develop34c3a4a
Merge branch 'develop' of https://github.com/nltk/nltk into develop253dd3a
add blackc43727f
Update version7137405
Merge pull request #3066 from asishm/bugfix-lambda-closure-leak369cb9f
Merge pull request #3245 from ekaf/hotfix-closuredup501c70e
Merge branch 'develop' into hotfix-closuredupbf05dc4
Merge pull request #3306 from ekaf/py3_compat66539c7
Sorted output in unit/test_wordnet.pyUpdates
onnx
from 1.16.1 to 1.17.0Release notes
Sourced from onnx's releases.
... (truncated)
Commits
b8baa84
Set version 1.17.0 for official release (#6405)6d77b80
[Cherry-Pick] Fix main url checks (#6312) (#6327)174938d
[Cherry-Pick] Fix protobuf pkg 5.28.0 failing on Windows (#6342) (#6347)f18d593
[Cherry-Pick] Remove unused variables (#6303) (#6324)c588905
Set version in rel-1.17.0 to 1.17.0rc1 (#6317)4392c2c
Prepare for rel-1.17.0 (#6281)cb54169
Update ort filter to 1.20.0 to skip tests known to fail with ort 1.19.0 (#6306)99e1fd3
Bump reviewdog/action-misspell from 1.21.0 to 1.23.0 (#6268)1920565
Bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#6273)2e8f228
Bump mypy from 1.10.1 to 1.11.1 (#6275)Updates
scikit-learn
from 1.4.2 to 1.5.0Release notes
Sourced from scikit-learn's releases.
Commits
b51d0c9
trigger whell builder [cd build]919ae9b
MAINT Reoder what's new for 1.5 (#29039)0ac28ad
DOC Release highlights 1.5 (#29007)729b54d
test py3.12 against numpy 2 [cd build]1e50434
set versionffbe4ab
DOC remove obsolete SVM example (#27108)4647729
DOC Fix time complexity of MLP (#28592)9bd7047
FIX convergence criterion of MeanShift (#28951)b79420f
FIX add long long for int32/int64 windows compat in NumPy 2.0 (#29029)37f544d
DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...Updates
urllib3
from 2.2.1 to 2.2.2Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
Commits
27e2a5c
Release 2.2.2 (#3406)accff72
Merge pull request from GHSA-34jh-p97f-mpxf34be4a5
Pin CFFI to a new release candidate instead of a Git commit (#3398)da41058
Bump browser-actions/setup-chrome from 1.6.0 to 1.7.1 (#3399)b07a669
Bump github/codeql-action from 2.13.4 to 3.25.6 (#3396)b8589ec
Measure coverage with v4 of artifact actions (#3394)f3bdc55
Allow triggering CI manually (#3391)5239265
Fix HTTP version in debug log (#3316)b34619f
Bump actions/checkout to 4.1.4 (#3387)9961d14
Bump browser-actions/setup-chrome from 1.5.0 to 1.6.0 (#3386)Updates
werkzeug
from 3.0.2 to 3.0.6Release notes
Sourced from werkzeug's releases.
... (truncated)
Changelog
Sourced from werkzeug's changelog.
... (truncated)
Commits
5eaefc3
release version 3.0.62767bcb
Merge commit from fork87cc78a
catch special absolute path on Windows Python < 3.1150cfeeb
Merge commit from fork8760275
apply max_form_memory_size another level up in the parser8d6a12e
start version 3.0.6a7b121a
release version 3.0.5 (#2961)9caf72a
release version 3.0.5e28a245
catch OSError from getpass.getuser (#2960)e6b4cce
catch OSError from getpass.getuserUpdates
zipp
from 3.18.1 to 3.19.1Changelog
Sourced from zipp's changelog.
Commits
6d1cb72
Finalizefd604bd
Merge pull request #120 from jaraco/bugfix/119-malformed-pathsc18417e
Add news fragment.58115d2
Employ SanitizedNames in CompleteDirs. Fixes broken test.564fcc1
Add SanitizedNames mixin.79a309f
Add some assertions about malformed paths.2d015c2
Merge https://github.com/jaraco/skeletona595a0f
Rename extras to align with core metadata spec.608f90a
Finalize3a22d72
Merge pull request #118 from jaraco/feature/is-symlinkDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show