search

HashPals / Search-That-Hash

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
GNU General Public License v3.0
1.28k stars 92 forks source link

Bump loguru from 0.5.3 to 0.6.0 #163

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps loguru from 0.5.3 to 0.6.0.

Release notes

Sourced from loguru's releases.

0.6.0

  • Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 (#563).
  • Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).
  • Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.
  • Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() (#339).
  • Prevent non-ascii characters to be escaped while logging JSON message with serialize=True (#575, thanks @​ponponon).
  • Fix flake8 errors and improve code readability (#353, thanks @​AndrewYakimets).
Changelog

Sourced from loguru's changelog.

0.6.0_ (2022-01-29)

  • Remove internal use of pickle.loads() considered as a security vulnerability referenced as CVE-2022-0329 <https://nvd.nist.gov/vuln/detail/CVE-2022-0329>_ ([#563](https://github.com/Delgan/loguru/issues/563) <https://github.com/Delgan/loguru/issues/563>_).
  • Modify coroutine sink to make it discard log messages when loop=None and no event loop is running (due to internally using asyncio.get_running_loop() in place of asyncio.get_event_loop()).
  • Remove the possibility to add a coroutine sink with enqueue=True if loop=None and no event loop is running.
  • Change default encoding of file sink to be utf8 instead of locale.getpreferredencoding() ([#339](https://github.com/Delgan/loguru/issues/339) <https://github.com/Delgan/loguru/issues/339>_).
  • Prevent non-ascii characters to be escaped while logging JSON message with serialize=True ([#575](https://github.com/Delgan/loguru/issues/575) <https://github.com/Delgan/loguru/pull/575>, thanks @ponponon <https://github.com/ponponon>).
  • Fix flake8 errors and improve code readability ([#353](https://github.com/Delgan/loguru/issues/353) <https://github.com/Delgan/loguru/issues/353>, thanks @AndrewYakimets <https://github.com/AndrewYakimets>).
Commits
  • f40fa31 Bump version to 0.6.0
  • 6a19cb1 Update CHANGELOG.md to reference CVE-2022-0329 vulnerability fix
  • bc1dab4 Add docs about possible log injection attack
  • ea39375 Document several security considerations and best practices
  • 1eeea19 Change default file sink encoding to be "utf8" (#339)
  • b02ef7a Prevent non-ascii characters to be escaped while logging JSON (#575)
  • d38ced7 Modify behavior of coroutine sink when no running event loop
  • ca6dcd0 Fix warnings generated by 'test_exceptions_catch.py' unit tests
  • 2270d2b Fix warning generated by "test_add_option_enqueue.py" unit tests
  • 4b0070a Remove use of "pickle.loads()" to comply with security tools (#563)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 2 years ago

Codecov Report

Merging #163 (1ac377a) into main (a502b9e) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##              main      #163   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines          127       127           
=========================================
  Hits           127       127

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a502b9e...1ac377a. Read the comment docs.