search

callistoteam / schoolbot

A discord bot that informs the school's academic calendar, timetable, and meals in Korea(대한민국 학교의 급식, 학사일정, 시간표를 알려주는 디스코드 봇)
GNU Affero General Public License v3.0
9 stars 3 forks source link

chore(deps): bump aiohttp from 3.7.3 to 3.7.4.post0 #148

Open dependabot[bot] opened 3 years ago

dependabot[bot] commented 3 years ago

Bumps aiohttp from 3.7.3 to 3.7.4.post0.

Changelog

Sourced from aiohttp's changelog.

3.7.4.post0 (2021-03-06)

Misc

  • Bumped upper bound of the chardet runtime dependency to allow their v4.0 version stream. [#5366](https://github.com/aio-libs/aiohttp/issues/5366) <https://github.com/aio-libs/aiohttp/issues/5366>_

3.7.4 (2021-02-25)

Bugfixes

  • (SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

    Thanks to Beast Glatisant <https://github.com/g147>__ for finding the first instance of this issue and Jelmer Vernooij <https://jelmer.uk/>__ for reporting and tracking it down in aiohttp. [#5497](https://github.com/aio-libs/aiohttp/issues/5497) <https://github.com/aio-libs/aiohttp/issues/5497>_

  • Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.

    Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter. [#5498](https://github.com/aio-libs/aiohttp/issues/5498) <https://github.com/aio-libs/aiohttp/issues/5498>_

Commits
  • 184274d Bump aiohttp to v3.7.4.post0 for a dep bump
  • 934e5cb Bump chardet cap 5.0.0 (backport of #5333)
  • 0810861 Fix the link to MultiDict in client_quickstart.rst (#5517)
  • 6e04556 Prepare Sphinx setup for stricter nitpicky mode
  • e0f4936 Fix v3.7.4 changelog title
  • 0a26acc Bump aiohttp to v3.7.4 for a security release
  • 021c416 Merge branch 'ghsa-v6wp-4m6f-gcjg' into master
  • 4ed7c25 Bump chardet from 3.0.4 to 4.0.0 (#5333)
  • b61f0fd Fix how pure-Python HTTP parser interprets //
  • 5c1efbc Bump pre-commit from 2.9.2 to 2.9.3 (#5322)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)