search

glotaran / pyglotaran

A Python library for Global and Target Analysis of time-resolved spectroscopy data
GNU Lesser General Public License v3.0
53 stars 18 forks source link

Bump asteval from 0.9.33 to 1.0.2 #1506

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 1 month ago

Bumps asteval from 0.9.33 to 1.0.2.

Release notes

Sourced from asteval's releases.

1.0.2

bug fixes:

  • fix NameError handling in expression code
  • make exception messages more Python-like

1.0.1

security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division

  • remove numpy modules polynomial, fft, linalg by default for security concerns
  • disallow string.format(), improve security of f-string evaluation

1.0.0

Asteval 1.0.0

Asteval has been fairly mature for a while, with major improvements since version 0.9.29 over the past year or so making it feel like it has reached a point where the features and API are stable enough to call version 1.0.0.

Changes compared to 0.9.33:

  • fix (again) nested list comprehension (Issues #127 and #126).
  • add more testing of multiple list comprehensions.
  • more complete support for Numpy 2, and removal of many Numpy symbols that have been long deprecated.
  • remove AST nodes deprecated in Python 3.8.
  • clean up build files and outdated tests.
  • fixes to codecov configuration.
  • update docs.
Commits
  • 22f6f48 more work to make exception messages more Python like
  • d837fb9 put exception name with message, more like Python exception
  • 1dec732 Merge pull request #130 from shazarivf/fix-nameerror-handling
  • cab435a fix NameError handling in expression code
  • c673c8b update doc to describe audit by IBM security research group
  • d85e7cb remove numpy modules polynomial, fft, linalg by default for security concerns
  • 1b453ec disallow string.format(), improve security of f-string evaluation
  • 633bdc4 update docs
  • c6499a6 Update README.rst
  • c70824d fix pyproject.toml
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 1 month ago

Binder :point_left: Launch a binder notebook on branch glotaran/pyglotaran/dependabot/pip/staging/asteval-1.0.2

s-weigand commented 2 weeks ago

@dependabot rebase

sonarcloud[bot] commented 2 weeks ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud