Added support for the Python 3.12 walk_up keyword argument in anyio.Path.relative_to() (PR by Colin Taylor)
Fixed passing total_tokens to anyio.CapacityLimiter() as a keyword argument not working on the trio backend (#515)
Fixed Process.aclose() not performing the minimum level of necessary cleanup when cancelled. Previously:
Cancellation of Process.aclose() could leak an orphan process
Cancellation of run_process() could very briefly leak an orphan process.
Cancellation of Process.aclose() or run_process() on Trio could leave standard streams unclosed
(PR by Ganden Schaffner)
Fixed Process.stdin.aclose(), Process.stdout.aclose(), and Process.stderr.aclose() not including a checkpoint on asyncio (PR by Ganden Schaffner)
Fixed documentation on how to provide your own typed attributes
4.2.0
Add support for byte-based paths in connect_unix, create_unix_listeners, create_unix_datagram_socket, and create_connected_unix_datagram_socket. (PR by Lura Skye)
Enabled the Event and CapacityLimiter classes to be instantiated outside an event loop thread
Broadly improved/fixed the type annotations. Among other things, many functions and methods that take variadic positional arguments now make use of PEP 646 TypeVarTuple to allow the positional arguments to be validated by static type checkers. These changes affected numerous methods and functions, including:
This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.
UNRELEASED
Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises
KeyError
4.3.0
Added support for the Python 3.12 walk_up keyword argument in
anyio.Path.relative_to() (PR by Colin Taylor)
Fixed passing total_tokens to anyio.CapacityLimiter() as a keyword argument
not working on the trio backend
([#515](https://github.com/agronholm/anyio/issues/515) <https://github.com/agronholm/anyio/issues/515>_)
Fixed Process.aclose() not performing the minimum level of necessary cleanup when
cancelled. Previously:
Cancellation of Process.aclose() could leak an orphan process
Cancellation of run_process() could very briefly leak an orphan process.
Cancellation of Process.aclose() or run_process() on Trio could leave
standard streams unclosed
(PR by Ganden Schaffner)
Fixed Process.stdin.aclose(), Process.stdout.aclose(), and
Process.stderr.aclose() not including a checkpoint on asyncio (PR by Ganden
Schaffner)
Fixed documentation on how to provide your own typed attributes
4.2.0
Add support for byte-based paths in connect_unix, create_unix_listeners,
create_unix_datagram_socket, and create_connected_unix_datagram_socket. (PR by
Lura Skye)
Enabled the Event and CapacityLimiter classes to be instantiated outside an
event loop thread
Broadly improved/fixed the type annotations. Among other things, many functions and
methods that take variadic positional arguments now make use of PEP 646
TypeVarTuple to allow the positional arguments to be validated by static type
checkers. These changes affected numerous methods and functions, including:
This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously
suppressed legitimate Truncated exceptions. This caused the stub
resolver to timeout instead of failing over to TCP when a legitimate
truncated response was received over UDP.
This release addresses the potential DoS issue discussed in the
"TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is
vulnerable to a potential DoS if a bad-in-some-way response from the
right address and port forged by an attacker arrives before a
legitimate one on the UDP port dnspython is using for that query. In
this situation, dnspython might switch to querying another resolver or
give up entirely, possibly denying service for that resolution. This
release addresses the issue by adopting the recommended mitigation,
which is ignoring the bad packets and continuing to listen for a
legitimate response until the timeout for the query has expired.
Thank you to all the contributors to this release, and, as usual,
thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian
Wellington.
This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.
Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.
dnspython 2.5.0
See the What's New page for a summary of this release.
Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.
The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from
failing over to TCP and causing the query to timeout #1053.
2.6.0
As mentioned in the "TuDoor" paper and the associated CVE-2023-29483, the dnspython
stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the
right address and port forged by an attacker arrives before a legitimate one on the
UDP port dnspython is using for that query.
This release addresses the issue by adopting the recommended mitigation, which is
ignoring the bad packets and continuing to listen for a legitimate response until
the timeout for the query has expired.
Added support for the NSID EDNS option.
Dnspython now looks for version metadata for optional packages and will not
use them if they are too old. This prevents possible exceptions when a
feature like DoH is not desired in dnspython, but an old httpx is installed
along with dnspython for some other purpose.
The DoHNameserver class now allows GET to be used instead of the default POST,
and also passes source and source_port correctly to the underlying query
methods.
2.5.0
Dnspython now uses hatchling for builds.
Asynchronous destinationless sockets now work on Windows.
Cython is no longer supported due to various typing issues.
Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.
Previously it was possible for non-canonical IPv6 forms to be stored
in a AAAA address, which would work correctly but possibly cause
problmes if the address were used as a key in a dictionary.
The number of messages in a section can be retrieved with
section_count().
Truncation preferences for messages can be specified.
The length of a message can be automatically prepended when
rendering.
🐛 Fix unhandled growing memory for internal server errors, refactor dependencies with yield and except to require raising again as in regular Python. PR #11191 by @tiangolo.
This is a breaking change (and only slightly) if you used dependencies with yield, used except in those dependencies, and didn't raise again.
This was reported internally by @rushilsrivastava as a memory leak when the server had unhandled exceptions that would produce internal server errors, the memory allocated before that point would not be released.
NumPy 1.26.4 is a maintenance release that fixes bugs and regressions
discovered after the 1.26.3 release. The Python versions supported by
this release are 3.9-3.12. This is the last planned release in the
1.26.x series.
Contributors
A total of 13 people contributed to this release. People with a "+" by
their names contributed a patch for the first time.
Charles Harris
Elliott Sales de Andrade
Lucas Colley +
Mark Ryan +
Matti Picus
Nathan Goldbaum
Ola x Nilsson +
Pieter Eendebak
Ralf Gommers
Sayed Adel
Sebastian Berg
Stefan van der Walt
Stefano Rivera
Pull requests merged
A total of 19 pull requests were merged for this release.
Bumps the all group with 23 updates:
3.7.1
4.3.0
1.23.6
1.25.0
2023.11.17
2024.2.2
2.4.2
2.6.1
0.105.0
0.110.0
1.0.2
1.0.5
0.26.0
0.27.0
0.41.1
0.42.0
3.3.2
3.4.0
0.58.1
0.59.1
1.26.2
1.26.4
23.2
24.0
1.3.0
1.4.0
2.5.3
2.6.4
2.14.6
2.17.0
4.6.1
4.6.3
7.4.3
8.1.1
2023.3.post1
2024.1
1.11.4
1.12.0
1.3.0
1.3.1
0.27.0
0.37.2
4.9.0
4.10.0
0.25.0
0.29.0
Updates
anyio
from 3.7.1 to 4.3.0Release notes
Sourced from anyio's releases.
... (truncated)
Changelog
Sourced from anyio's changelog.
... (truncated)
Commits
437a7e3
Bumped up the version1ce32e5
Updated the upload/download artifact actionsd39c837
[pre-commit.ci] pre-commit autoupdate (#690)ba48ea8
Added the network marker to some tests that need DNS (#687)5426f7b
Remove conditionals and workarounds for Python interpreter versions 3.7 and o...7565f31
[pre-commit.ci] pre-commit autoupdate (#684)137de70
Fixed documentation on providing custom typed attributes (#683)8b8806c
Fixed typo (#681)1e60219
Fixedrun_process()
andopen_process().__aexit__
leaking an orphan proces...3f14df8
[pre-commit.ci] pre-commit autoupdate (#676)Updates
beanie
from 1.23.6 to 1.25.0Release notes
Sourced from beanie's releases.
... (truncated)
Changelog
Sourced from beanie's changelog.
... (truncated)
Commits
72b35f9
Version/1.25.0 (#844)3258326
Limit Nesting Level of Linked Documents (#834)7c49b91
Sync Method (#831)ced7168
ko-fi buttons (#843)99312f6
Create FUNDING.yml (#842)8fa4068
Update migration command to enable/disable transactions (#828)63542eb
Fix: FindInterface type-hints break on View models (#819)9056fbb
fix: count with text queries and links (#826)e876e1a
Encode date objects (#816)f2e1439
version | 1.24.0 (#815)Updates
certifi
from 2023.11.17 to 2024.2.2Commits
45eb611
2024.02.02 (#266)83f4f04
fix leaking certificate issue (#265)bbf2208
Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#264)9e837a5
Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#262)05d071b
Bump actions/upload-artifact from 4.0.0 to 4.1.0 (#261)2a3088a
Bump actions/download-artifact from 4.1.0 to 4.1.1 (#260)d4ca66e
Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#258)5d15663
Bump actions/download-artifact from 3.0.2 to 4.1.0 (#257)d66ef9d
Bump actions/setup-python from 4.7.1 to 5.0.0 (#256)8f0d412
Bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (#255)Updates
dnspython
from 2.4.2 to 2.6.1Release notes
Sourced from dnspython's releases.
Changelog
Sourced from dnspython's changelog.
... (truncated)
Commits
0a742b9
update CI0ea5ad0
The Tudoor fix should not eat valid Truncated exceptions #1053 (#1054)f12d398
2.6.1 version prepcecb853
Further improve CVE fix coverage to 100% for sync and async.7952e31
test IgnoreErrorse093299
For the Tudoor fix, we also need the UDP nameserver to ignore_unexpected.3af9f78
2.6.0 versioningca63d95
Require cryptography >=41 instead of 42.902cbf3
Create CODE_OF_CONDUCT.mded9795f
github contributing and pull request templateUpdates
fastapi
from 0.105.0 to 0.110.0Release notes
Sourced from fastapi's releases.
... (truncated)
Commits
e40747f
🔖 Release version 0.110.032b56a8
📝 Update release notesb6b0f2a
📝 Update release notesbf771bd
🐛 Fix unhandled growing memory for internal server errors, refactor dependenc...6336604
📝 Update release notescb93874
📝 Update release notes9210e6a
🌐 Add German translation fordocs/de/docs/reference/background.md
(#10820)dec45c5
🌐 Add German translation fordocs/de/docs/reference/templating.md
(#10842)5da35ff
📝 Update release notes626b066
🌐 Add German translation fordocs/de/docs/external-links.md
(#10852)Updates
httpcore
from 1.0.2 to 1.0.5Release notes
Sourced from httpcore's releases.
Changelog
Sourced from httpcore's changelog.
Commits
1851ac3
Version 1.0.5 (#904)4565838
Update trio dependency... (#903)fbbd909
HandleEndOfStream
for anyio backend (#899)10481ce
Fixed typo inRequest
class docstring. (#898)7b39e6a
Bump the python-packages group with 6 updates (#896)5c9be94
bump to v0.3.0 && format (#895)5518172
Moveunasync.py
toscripts
(#891)14bda52
Version 1.0.4 (#892)80d21ee
Addtarget
request extension (#888)accae7b
Fix support for connection Upgrade and CONNECT when some data in the stream h...Updates
httpx
from 0.26.0 to 0.27.0Release notes
Sourced from httpx's releases.
Changelog
Sourced from httpx's changelog.
Commits
326b943
Version 0.27.0 (#3095)3faa4a8
Improve 'Custom transports' docs (#3081)c51af4b
Extensions docs (#3080)cabd1c0
Deprecateapp=...
in favor of explicitWSGITransport
/ASGITransport
. (#3...6f46152
Bump the python-packages group with 6 updates (#3077)37a2901
Mention NO_PROXY environment variable on Advanced Usage page (#3066)371b6e9
Use__future__.annotations
(#3068)4f6edf3
testparse_header_links
via public api (#3061)c7cd6aa
testobfuscate_sensitive_headers
via public api (#3063)15f9253
Drop outdated section (#3057)Updates
llvmlite
from 0.41.1 to 0.42.0Commits
b2a26aa
Merge pull request #1029 from stuartarchibald/wip/change_log_0_42_0_final2c3dae0
Update CHANGE_LOG for 0.42.0 final.c0c7726
Initialize 0.42 branchf22420a
Merge pull request #1021 from gmarkall/release-notes-04283a8829
Update CHANGE_LOGab073f5
Add release notes for 0.42.0rc14292eea
Merge pull request #978 from tbennun/type-query-480bb55b
Add test for is_function_vararg on non-function typefe53feb
Merge remote-tracking branch 'origin/main' into pr/978e70590f
Merge pull request #1019 from diptorupd/add_convergent_attributeUpdates
motor
from 3.3.2 to 3.4.0Release notes
Sourced from motor's releases.
Changelog
Sourced from motor's changelog.
Commits
19eeb29
BUMP 3.4.072e8655
MOTOR-1286 Update Changelog for 3.4.0 (#273)0f1a6cd
[Motor-1175] Document Network Compression (#271)7bcea04
MOTOR-1279 Improve Motor Typing (#269)f4832d9
MOTOR-1284 Fix Cryptography Install on PyPy3.8 (#270)2d35987
[MOTOR-1269] Exclude Synchro test TestUnifiedInterruptInUsePoolClear (#268)1414d0f
MOTOR-1282 Stop using filemd5 in docs example for db.command (#267)9d00dd2
MOTOR-1277 Limit when pull request-specific tasks are run (#266)228e76a
MOTOR-1271 Use GitHub App to Auto Assign Reviewer (#265)e8a6d6d
MOTOR-1257 key_id can be passed as UUID with pymongo>=4.7 (#264)Updates
numba
from 0.58.1 to 0.59.1Release notes
Sourced from numba's releases.
Commits
9ce83ef
Merge pull request #9480 from sklam/misc/rel0.59.1_patches58b4954
Update docs/source/user/installing.rstb39bdf2
Reduce thread use to avoid stuck in TBB on machines with high thread count.3411945
Bump release datedb03908
Skip test_issue9490_non_det_ssa_problem for PPCd39f16b
Update changeloga0eb243
Merge pull request #9491 from sklam/fix/iss9490e503a5d
Remove release notes for 0.59.180211ed
Add 0.59.1 release noteaae4820
Remove notes from 0.59.0Updates
numpy
from 1.26.2 to 1.26.4Release notes
Sourced from numpy's releases.
... (truncated)
Commits
9815c16
Merge pull request #25770 from charris/prepare-1.26.4114ed25
REL: Prepare for the NumPy 1.26.4 release2fae4d3
Merge pull request #25323 from stefanor/import-asstrce89a0a
Merge pull request #25756 from charris/backport-24711f62dfc6
Merge pull request #25755 from charris/backport-25709fee88ab
BUG: Fix np.quantile([Fraction(2,1)], 0.5) (#24711)659be68
MAINT: Include header defining backtrace837cd38
Merge pull request #25748 from rgommers/unvendor-mesonpythonf984240
CI: upgrade cibuildwheel from 2.16.4 to 2.16.5 [wheel build]3548f9d
BLD: unvendor meson-python [wheel build]Updates
packaging
from 23.2 to 24.0Release notes
Sourced from packaging's releases.