Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data
part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.
Fixed "Unclosed client session" when initialization of
:py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.
Related issues and pull requests on GitHub:
:issue:8253.
Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data
part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.
Related issues and pull requests on GitHub:
:issue:8332.
Added default Content-Disposition in multipart/form-data responses to avoid broken
form-data responses -- by :user:Dreamsorcerer.
Related issues and pull requests on GitHub:
:issue:8335.
3.9.4 (2024-04-11)
Bug fixes
The asynchronous internals now set the underlying causes
when assigning exceptions to the future objects
-- by :user:webknjaz.
Related issues and pull requests on GitHub:
:issue:8089.
Replaced the packaging is replaced from an old-fashioned :file:setup.py to an
in-tree :pep:517 build backend -- by :user:webknjaz.
Whenever the end-users or downstream packagers need to build frozenlist
from source (a Git checkout or an sdist), they may pass a config_settings
flag pure-python. If this flag is not set, a C-extension will be built
and included into the distribution.
Declared Python 3.12 and PyPy 3.8-3.10 supported officially
in the distribution package metadata.
Related issues and pull requests on GitHub:
:issue:553.
Replaced the packaging is replaced from an old-fashioned :file:setup.py to an
in-tree :pep:517 build backend -- by :user:webknjaz.
Whenever the end-users or downstream packagers need to build frozenlist
from source (a Git checkout or an sdist), they may pass a config_settings
flag pure-python. If this flag is not set, a C-extension will be built
and included into the distribution.
Upgraded the C-API macros that have been deprecated in Python 3.9 and later removed in 3.13 -- by @iemelyanov💰.
Related issues and pull requests on GitHub:#862, #864, #868, #898.
Reverted to using the public argument parsing API PyArg_ParseTupleAndKeywords() under Python 3.12 -- by @charles-dyfis-net💰 and @webknjaz💰.
The effect is that this change prevents build failures with clang 16.9.6 and gcc-14 reported in #926. It also fixes a segmentation fault crash caused by passing keyword arguments to MultiDict.getall() discovered by @jonaslb💰 and @hroncok💰 while examining the problem.
Related issues and pull requests on GitHub:#862, #909, #926, #929.
Fixed a SystemError: null argument to internal routine error on a MultiDict.items().isdisjoint() call when using C Extensions.
Upgraded the C-API macros that have been deprecated in Python 3.9
and later removed in 3.13 -- by :user:iemelyanov.
Related issues and pull requests on GitHub:
:issue:862, :issue:864, :issue:868, :issue:898.
Reverted to using the public argument parsing API
:c:func:PyArg_ParseTupleAndKeywords under Python 3.12
-- by :user:charles-dyfis-net and :user:webknjaz.
The effect is that this change prevents build failures with
clang 16.9.6 and gcc-14 reported in :issue:926. It also
fixes a segmentation fault crash caused by passing keyword
arguments to :py:meth:MultiDict.getall() <multidict.MultiDict.getall> discovered by :user:jonaslb
and :user:hroncok while examining the problem.
Related issues and pull requests on GitHub:
:issue:862, :issue:909, :issue:926, :issue:929.
Fixed a SystemError: null argument to internal routine error on
a MultiDict.items().isdisjoint() call when using C Extensions.
Related issues and pull requests on GitHub:
:issue:927.
Improved documentation
On the Contributing docs <https://github.com/aio-libs/multidict/blob/master/CHANGES/README.rst>_ page,
a link to the Towncrier philosophy has been fixed.
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj
The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be used
as keys to this filter, or must be separately validated first.
:ghsa:h75v-3vvj-5mfj
Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
(Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.
Improve best_match (and thereby error messages from jsonschema.validate) in cases where there are multiple sibling errors from applying anyOf / allOf -- i.e. when multiple elements of a JSON array have errors, we now do prefer showing errors from earlier elements rather than simply showing an error for the full array (#1250).
(Micro-)optimize equality checks when comparing for JSON Schema equality by first checking for object identity, as == would.
Commits
9882dbe Add / ignore the new specification test suite property.
Make background colors in the image formatter work with Pillow 10.0 (#2623)
Require Python 3.8. As a result, the importlib-metadata package
is no longer needed for fast plugin discovery on Python 3.7.
The plugins extra (used as, e.g., pip install pygments[plugins])
Make Resource.pointer also properly handle empty pointers (which refer to the root document).
This fix likely only affects you if you were using that function directly, as Resource.lookup already handles empty fragments.
Make Resource.pointer also properly handle empty pointers (which refer to the root document).
This fix likely only affects you if you were using that function directly, as Resource.lookup already handles empty fragments.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all group with 12 updates:
3.9.1
3.9.5
1.4.0
1.4.1
3.6
3.7
6.0.4
6.0.5
3.13.4
3.14.0
3.1.3
3.1.4
4.21.1
4.22.0
7.16.3
7.16.4
2.17.2
2.18.0
26.0.2
26.0.3
0.35.0
0.35.1
20.26.0
20.26.1
Updates
aiohttp
from 3.9.1 to 3.9.5Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
b844d42
Release v3.9.5 (#8340)0415a4c
Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)f21c6f2
[PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)7eecdff
[PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)82fbe64
[PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)01df7ec
Bump version7917ae2
Merge 3.1b3397c7
Release v3.9.4 (#8201)a7e240a
[PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...2833552
Escape filenames and paths in HTML when generating index pages (#8317) (#8319)Updates
frozenlist
from 1.4.0 to 1.4.1Release notes
Sourced from frozenlist's releases.
... (truncated)
Changelog
Sourced from frozenlist's changelog.
... (truncated)
Commits
457b28e
⇪📦 Bump to v1.4.14998859
📝 Mark "dev" as a known word3d740da
⇪📦 Bump to v1.4.1.dev0d92751c
🧪 Cache pre-commit.com virtualenvs @ CI7394415
🧪🐛 List explicit MyPy coverage.xml paths @ CIa26ba84
🧪 Update codecov action input to pluralfiles
e12ecf6
🧪 Upload MyPy coverage to Codecov59b9a74
🐛🧪 Fix the operator intest_lt
01720b2
🧪 Keep building macosx_x86_64 wheels for testsd9f5e0c
🧪💅 Add a reusable project name var to CI/CDUpdates
idna
from 3.6 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1
Release v3.7c1b3154
Merge pull request #172 from kjd/optimize-contextj0394ec7
Merge branch 'master' into optimize-contextjcd58a23
Merge pull request #152 from elliotwutingfeng/dev5beb28b
More efficient resolution of joiner contexts1b12148
Update ossf/scorecard-action to v2.3.1d516b87
Update Github actions/checkout to v4c095c75
Merge branch 'master' into dev60a0a4c
Fix typo in GitHub Actions workflow key5918a0e
Merge branch 'master' into devUpdates
multidict
from 6.0.4 to 6.0.5Release notes
Sourced from multidict's releases.
... (truncated)
Changelog
Sourced from multidict's changelog.
... (truncated)
Commits
a9b281b
⇪ 📦 Release v6.0.5ed825c8
🧪 Download artifacts todist/
@ release job7b04a64
🧪 Normalize issue refs @ release action74840e8
🧪 Pass Codecov token to reusable linters job41c133e
🧪 Bump Codecov action to v4adb1976
📝 Fix return type @ Sphinx config99e435f
📝 Mention bylines in the changelog guidelines736169e
📝 Clarify need to only ref PR @ change note name887846f
📝 Highlight the RST term @ changelog guide8f57f8a
📝 Add a missing comma @ changelog guideUpdates
filelock
from 3.13.4 to 3.14.0Release notes
Sourced from filelock's releases.
Commits
8556141
feat:blocking
parameter on lock constructor with tests and docs (#325)26ccad3
[pre-commit.ci] pre-commit autoupdate (#324)853e7d1
[pre-commit.ci] pre-commit autoupdate (#323)Updates
jinja2
from 3.1.3 to 3.1.4Release notes
Sourced from jinja2's releases.
Changelog
Sourced from jinja2's changelog.
Commits
dd4a8b5
release version 3.1.40668239
Merge pull request from GHSA-h75v-3vvj-5mfjd655030
disallow invalid characters in keys to xmlattr filtera7863ba
add ghsa linksb5c98e7
start version 3.1.4da3a9f0
update project files (#1968)0ee5eb4
satisfy formatter, linter, and strict mypy20477c6
update project files (#5457)e491223
update pyyaml dev dependency36f9885
fix pr linkUpdates
jsonschema
from 4.21.1 to 4.22.0Release notes
Sourced from jsonschema's releases.
Changelog
Sourced from jsonschema's changelog.
Commits
9882dbe
Add / ignore the new specification test suite property.ebc90bb
Merge commit '8fcfc3a674a7188a4fcc822b7a91efb3e0422a20'8fcfc3a
Squashed 'json/' changes from b41167c74..54f3784a830b7537
Pin pyenchant to pre from below until pyenchant/pyenchant#302 is released.c3729db
Enable doctests for the rest of the referencing page.70a994c
Remove a now-unneeded noqa since apparently this is fixed in new ruff.e6d0ef1
Fix a minor typo in the referencing example docs.bceaf41
Another placeholder benchmark for future optimization.b20234e
Consider errors from earlier indices (in instances) to be better matches41b49c6
Minor improvement to test failure message when a best match test fails.Updates
nbconvert
from 7.16.3 to 7.16.4Release notes
Sourced from nbconvert's releases.
Changelog
Sourced from nbconvert's changelog.
Commits
d6dc8a5
Publish 7.16.471fde29
rst exporter: Re-enable coalescing streams (#2142)89de373
Revert "Set all min deps" (#2138)d3c8086
Set all min deps (#2136)36e1b77
chore: update pre-commit hooks (#2134)Updates
pygments
from 2.17.2 to 2.18.0Release notes
Sourced from pygments's releases.
... (truncated)
Changelog
Sourced from pygments's changelog.
... (truncated)
Commits
d7d11f6
Last steps for 2.18 release.ec7bfd2
Fix Janet version_added.ea9c823
Update CHANGES.338d366
Merge pull request #2670 from Kodiologist/hylex4d1371b
Lock down the pytest version.8dd97e0
Improve docs.26179d6
Fix deprecated variable usage in tests.ad125ca
Prepare 2.18 release.24deeb9
Lock the ruff version in tox.ini.c9165cf
Fix format string usage.Updates
pyzmq
from 26.0.2 to 26.0.3Release notes
Sourced from pyzmq's releases.
Commits
5a45683
Bump to 26.0.3adb199b
Merge pull request #1986 from minrk/cython-implementatin0948257
changelog for 26.0.390108f8
cython build dependency on non-pypyacfcaf1
Merge pull request #1982 from minrk/circleci_upload5809a4c
upload circleci wheels from githubUpdates
referencing
from 0.35.0 to 0.35.1Release notes
Sourced from referencing's releases.
Changelog
Sourced from referencing's changelog.
Commits
1863d4a
Correct the return type.1357a73
Handle empty pointers (root pointers) in Resource.pointer.a524132
Merge pull request #149 from python-jsonschema/dependabot/submodules/suite-c4...c0c7b72
Bump suite from8be5a4b
toc49444c
edd1006
Merge pull request #147 from python-jsonschema/dependabot/submodules/suite-8b...d485584
Bump suite from87851a6
to8be5a4b
217a18d
Remove a now-unneeded noqa since apparently this is fixed in new ruff.2c1a8f5
Pin pyenchant to pre from below until pyenchant/pyenchant#302 is released.Updates
virtualenv
from 20.26.0 to 20.26.1Changelog
Sourced from virtualenv's changelog.
Commits
1563992
release 20.26.1cbbf465
Fix PATH-based Python discovery on Windows (#2712)9eac8a6
Merge pull request #2710 from pypa/release-20.26.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show