search

hasgeek / hasjob

Hasjob, the Hasgeek job board
https://hasjob.co
GNU Affero General Public License v3.0
238 stars 80 forks source link

Scheduled monthly dependency update for April #558

Closed pyup-bot closed 4 years ago

pyup-bot commented 4 years ago

Update Flask-WTF from 0.14.2 to 0.14.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/flask-wtf - Changelog: https://pyup.io/changelogs/flask-wtf/ - Repo: https://github.com/lepture/flask-wtf - Docs: https://pythonhosted.org/Flask-WTF/

Update Flask-Testing from 0.7.1 to 0.8.0.

Changelog ### 0.8.0 ``` * Drops support for python 2.6, 3.3, and 3.4 due to end-of-life. * Fixes werkzeug 1.0 compatibility issue with import paths ```
Links - PyPI: https://pypi.org/project/flask-testing - Changelog: https://pyup.io/changelogs/flask-testing/ - Repo: https://github.com/jarus/flask-testing - Docs: https://pythonhosted.org/Flask-Testing/

Update Pillow from 7.0.0 to 7.1.0.

Changelog ### 7.1.0 ``` ------------------ - Fix multiple OOB reads in FLI decoding 4503 [wiredfool] - Fix buffer overflow in SGI-RLE decoding 4504 [wiredfool, hugovk] - Fix bounds overflow in JPEG 2000 decoding 4505 [wiredfool] - Fix bounds overflow in PCX decoding 4506 [wiredfool] - Fix 2 buffer overflows in TIFF decoding 4507 [wiredfool] - Add APNG support 4243 [pmrowla, radarhere, hugovk] - ImageGrab.grab() for Linux with XCB 4260 [nulano, radarhere] - Added three new channel operations 4230 [dwastberg, radarhere] - Prevent masking of Image reduce method in Jpeg2KImagePlugin 4474 [radarhere, homm] - Added reading of earlier ImageMagick PNG EXIF data 4471 [radarhere] - Fixed endian handling for I;16 getextrema 4457 [radarhere] - Release buffer if function returns prematurely 4381 [radarhere] - Add JPEG comment to info dictionary 4455 [radarhere] - Fix size calculation of Image.thumbnail() 4404 [orlnub123] - Fixed stroke on FreeType < 2.9 4401 [radarhere] - If present, only use alpha channel for bounding box 4454 [radarhere] - Warn if an unknown feature is passed to features.check() 4438 [jdufresne] - Fix Name field length when saving IM images 4424 [hugovk, radarhere] - Allow saving of zero quality JPEG images 4440 [radarhere] - Allow explicit zero width to hide outline 4334 [radarhere] - Change ContainerIO return type to match file object mode 4297 [jdufresne, radarhere] - Only draw each polygon pixel once 4333 [radarhere] - Add support for shooting situation Exif IFD tags 4398 [alexagv] - Handle multiple and malformed JPEG APP13 markers 4370 [homm] - Depends: Update libwebp to 1.1.0 4342, libjpeg to 9d 4352 [radarhere] ```
Links - PyPI: https://pypi.org/project/pillow - Changelog: https://pyup.io/changelogs/pillow/ - Homepage: https://python-pillow.org

Update sqlalchemy_utils from 0.36.1 to 0.36.3.

Changelog ### 0.36.3 ``` ^^^^^^^^^^^^^^^^^^^ - Added hash method for PhoneNumberType (428, pull request courtesy of hanc1208) ``` ### 0.36.2 ``` ^^^^^^^^^^^^^^^^^^^ - Added repr for UUIDType (424, pull request courtesy of ziima) ```
Links - PyPI: https://pypi.org/project/sqlalchemy-utils - Changelog: https://pyup.io/changelogs/sqlalchemy-utils/ - Repo: https://github.com/kvesteri/sqlalchemy-utils

Update markdown from 3.1.1 to 3.2.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/markdown - Repo: https://Python-Markdown.github.io/

Update coverage from 5.0.3 to 5.0.4.

Changelog ### 5.0.4 ``` ---------------------------- - If using the ``[run] relative_files`` setting, the XML report will use relative files in the ``<source>`` elements indicating the location of source code. Closes `issue 948`_. - The textual summary report could report missing lines with negative line numbers on PyPy3 7.1 (`issue 943`_). This is now fixed. - Windows wheels for Python 3.8 were incorrectly built, but are now fixed. (`issue 949`_) - Updated Python 3.9 support to 3.9a4. - HTML reports couldn't be sorted if localStorage wasn't available. This is now fixed: sorting works even though the sorting setting isn't retained. (`issue 944`_ and `pull request 945`_). Thanks, Abdeali Kothari. .. _issue 943: https://github.com/nedbat/coveragepy/issues/943 .. _issue 944: https://github.com/nedbat/coveragepy/issues/944 .. _pull request 945: https://github.com/nedbat/coveragepy/pull/945 .. _issue 948: https://github.com/nedbat/coveragepy/issues/948 .. _issue 949: https://github.com/nedbat/coveragepy/issues/949 .. _changes_503: ```
Links - PyPI: https://pypi.org/project/coverage - Changelog: https://pyup.io/changelogs/coverage/ - Repo: https://github.com/nedbat/coveragepy

Update bleach from 3.1.0 to 3.1.4.

Changelog ### 3.1.4 ``` -------------------------------- **Security fixes** * ``bleach.clean`` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to ``bleach.clean`` with an allowed tag with an allowed ``style`` attribute were vulnerable to ReDoS. For example, ``bleach.clean(..., attributes={'a': ['style']})``. This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar regular expression and should be considered vulnerable too. Anyone using Bleach <=v3.1.3 is encouraged to upgrade. https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 **Backwards incompatible changes** * Style attributes with dashes, or single or double quoted values are cleaned instead of passed through. **Features** None **Bug fixes** None ``` ### 3.1.3 ``` -------------------------------- **Security fixes** None **Backwards incompatible changes** None **Features** * Add relative link to code of conduct. (442) * Drop deprecated 'setup.py test' support. (507) * Fix typo: curren -> current in tests/test_clean.py (504) * Test on PyPy 7 * Drop test support for end of life Python 3.4 **Bug fixes** None ``` ### 3.1.2 ``` -------------------------------- **Security fixes** * ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS. This security issue was confirmed in Bleach version v3.1.1. Earlier versions are likely affected too. Anyone using Bleach <=v3.1.1 is encouraged to upgrade. https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 **Backwards incompatible changes** None **Features** None **Bug fixes** None ``` ### 3.1.1 ``` ----------------------------------- **Security fixes** * ``bleach.clean`` behavior parsing ``noscript`` tags did not match browser behavior. Calls to ``bleach.clean`` allowing ``noscript`` and one or more of the raw text tags (``title``, ``textarea``, ``script``, ``style``, ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable to a mutation XSS. This security issue was confirmed in Bleach versions v2.1.4, v3.0.2, and v3.1.0. Earlier versions are probably affected too. Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade. https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 **Backwards incompatible changes** None **Features** None **Bug fixes** None Bleach changes ============== ```
Links - PyPI: https://pypi.org/project/bleach - Changelog: https://pyup.io/changelogs/bleach/ - Repo: https://github.com/mozilla/bleach - Docs: https://pythonhosted.org/bleach/

Update Flask-Migrate from 2.5.2 to 2.5.3.

Changelog ### 2.5.3 ``` - Allow `Path` objects to be used as `directory` parameter [319](https://github.com/miguelgrinberg/flask-migrate/issues/319) Closes [318](https://github.com/miguelgrinberg/flask-migrate/issues/318). ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/399cb28cc128539111234f7ecea0b3187325af82)) (thanks **Nicolas Schneider**!) - Use same database URLs as Flask-SQLAlchemy [276](https://github.com/miguelgrinberg/flask-migrate/issues/276) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/4a180b711bf87572617a0b7caad0a7151f53fde7)) - Document how to set up with init_app method [302](https://github.com/miguelgrinberg/flask-migrate/issues/302) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/6a76c245740d9af3ad5eef56ee9ff15f8205a0ca)) (thanks **Kyle Lawlor**!) - Document how to include a message in initial migrate. [313](https://github.com/miguelgrinberg/flask-migrate/issues/313) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/aa05b836a2fe89363bc2d61a699acd54aca52bd5)) (thanks **Bernardo Gomes**!) - Remove checks for alembic 0.7.0 [278](https://github.com/miguelgrinberg/flask-migrate/issues/278) Flask-Migrate requires alembic >= 0.7 in its setup.py file, which makes all the checks for this version obsolete. ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/97b8d334324ecb043fb0ddaef1660f36832af02c)) (thanks **Tadej Borovšak**!) - Use sys.executable in tests [290](https://github.com/miguelgrinberg/flask-migrate/issues/290) Also re-order imports. Closes https://github.com/miguelgrinberg/Flask-Migrate/issues/289 ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/e5135e5a6a31675d5fb10febe815b257d82632a2)) (thanks **John Vandenberg**!) - Cosmetic improvements to help messages [284](https://github.com/miguelgrinberg/flask-migrate/issues/284) ([commit](https://github.com/miguelgrinberg/flask-migrate/commit/d501d8b2923187df00d6bb1ec1f04694ab3f9667)) (thanks **Marat Sharafutdinov**!) ```
Links - PyPI: https://pypi.org/project/flask-migrate - Changelog: https://pyup.io/changelogs/flask-migrate/ - Repo: http://github.com/miguelgrinberg/flask-migrate/ - Docs: https://pythonhosted.org/Flask-Migrate/

Update progressbar2 from 3.47.0 to 3.50.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links - PyPI: https://pypi.org/project/progressbar2 - Repo: https://github.com/WoLpH/python-progressbar

Update coveralls from 1.8.2 to 1.11.1.

Changelog ### 1.11.1 ``` Bug Fixes * **github:** rename to github-actions ([9e65a059](9e65a059)) This fixes a regression introduced with v1.11.0, which may have prevented usage of this library on Github Actions. <a name="1.11.0"></a> ``` ### 1.11.0 ``` Fixes * **github:** add service_number for github actions ([9f93bd8e](9f93bd8e)) This should fix support for parallel builds. Compatibility * Python 2.7 and 3.4 are now officially End-Of-Life'd. Consider them deprecated from the perspective of this package -- we'll remove them in an upcoming release (likely the first one which requires non-trivial work to continue supporting them!). <a name="1.10.0"></a> ``` ### 1.10.0 ``` Features * support coverage>=5.0 (214) ([4a917402](4a917402)) <a name="1.9.2"></a> ``` ### 1.9.2 ``` Bug Fixes * **github:** fixup incorrect API usage (209) ([c338cab4](c338cab4)) <a name="1.9.1"></a> ``` ### 1.9.1 ``` Compatibility * this release marks Python 3.8 as officially supported. Earlier versions probably supported Python 3.8 too, but now we're *sure*. <a name="1.9.0"></a> ``` ### 1.9.0 ``` Features * **support:** support Github Actions CI (207) ([817119c3](817119c3)) Bug Fixes * **compatibility:** fixup coverage.__version__ comparisons (208) ([03a57a9a](03a57a9a)) <a name="1.8.2"></a> ```
Links - PyPI: https://pypi.org/project/coveralls - Changelog: https://pyup.io/changelogs/coveralls/ - Repo: http://github.com/coveralls-clients/coveralls-python