Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append,
:meth:aiohttp.MultipartWriter.append_json and
:meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny
The asynchronous internals now set the underlying causes
when assigning exceptions to the future objects
-- by :user:webknjaz.
Related issues and pull requests on GitHub:
:issue:8089.
Treated values of Accept-Encoding header as case-insensitive when checking
for gzip files -- by :user:steverep.
Related issues and pull requests on GitHub:
:issue:8104.
Improved the DNS resolution performance on cache hit -- by :user:bdraco.
This is achieved by avoiding an :mod:asyncio task creation in this case.
Related issues and pull requests on GitHub:
:issue:8163.
Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append,
:meth:aiohttp.MultipartWriter.append_json and
:meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny
Related issues and pull requests on GitHub:
:issue:7741.
Ensure websocket transport is closed when client does not close it
-- by :user:bdraco.
The transport could remain open if the client did not close it. This
change ensures the transport is closed when the client does not close
it.
Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.
Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.
The gRPC release support policy can be found here.
Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.
Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]
Thanks to Guido Vranken for reporting the issue.
3.6 (2023-11-25)
++++++++++++++++
Fix regression to include tests in source distribution.
3.5 (2023-11-24)
++++++++++++++++
Update to Unicode 15.1.0
String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
Fix typing error for codec encoding
"setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
Added security reporting protocol for project
Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.
3.4 (2022-09-14)
++++++++++++++++
Update to Unicode 15.0.0
Migrate to pyproject.toml for build information (PEP 621)
Correct another instance where generic exception was raised instead of
IDNAError for malformed input
Source distribution uses zeroized file ownership for improved
reproducibility
Thanks to Seth Michael Larson for contributions to this release.
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj
3.1.3
This is a fix release for the 3.1.x feature branch.
Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.
The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be used
as keys to this filter, or must be separately validated first.
:ghsa:h75v-3vvj-5mfj
Version 3.1.3
Released 2024-01-10
Fix compiler error when checking if required blocks in parent templates are
empty. :pr:1858
xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
Make error messages stemming from invalid nesting of {% trans %} blocks
more helpful. :pr:1918
Version 3.1.2
Released 2022-04-28
Add parameters to Environment.overlay to match __init__.
:issue:1645
Handle race condition in FileSystemBytecodeCache. :issue:1654
Version 3.1.1
Released 2022-03-25
The template filename on Windows uses the primary path separator.
:issue:1637
Bumps the pip group with 22 updates in the / directory:
3.7.4.post0
3.9.4
2021.10.8
2024.7.4
0.18.2
0.18.3
1.41.0
1.53.2
3.3
3.7
3.0.2
3.1.4
4.8.1
4.11.2
1.11.1
2.11.2
3.2.0
3.6.7
6.2.0
6.5.1
6.4.4
6.4.12
1.21.2
1.22.0
3.1.1
3.2.2
8.4.0
10.3.0
3.18.1
3.18.3
1.4.9
1.6.0
2.26.0
2.32.2
1.9.1+cu111
1.13.1
6.1
6.4.1
4.62.3
4.66.3
1.26.7
1.26.19
2.0.2
3.0.3
Updates
aiohttp
from 3.7.4.post0 to 3.9.4Release notes
Sourced from aiohttp's releases.
... (truncated)
Changelog
Sourced from aiohttp's changelog.
... (truncated)
Commits
b3397c7
Release v3.9.4 (#8201)a7e240a
[PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...2833552
Escape filenames and paths in HTML when generating index pages (#8317) (#8319)ed43040
[PR #8309/c29945a1 backport][3.9] Improve reliability of run_app test (#8315)ec2be05
[PR #8299/28d026eb backport][3.9] Create marker for internal tests (#8307)292d961
[PR #8304/88c80c14 backport][3.9] Check for backports in CI (#8305)cebe526
Fix handling of multipart/form-data (#8280) (#8302)270ae9c
[PR #8297/d15f07cf backport][3.9] Upgrade to llhttp 9.2.1 (#8292) (#8298)bb23105
[PR #8283/54e13b0a backport][3.9] Fix blocking I/O in the event loop while pr...3f79241
[PR #8286/28f1fd88 backport][3.9] docs: remove repetitive word in comment (#8...Updates
certifi
from 2021.10.8 to 2024.7.4Commits
bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Updates
future
from 0.18.2 to 0.18.3Release notes
Sourced from future's releases.
... (truncated)
Changelog
Sourced from future's changelog.
... (truncated)
Commits
af1db97
Merge pull request #613 from PythonCharmers/lwan/0.18.3-release079ee9b
Prepare for 0.18.3 release02f7a81
Merge pull request #610 from wshanks/wshanks-patch-1c91d70b
Backport fix for bpo-3880480523f3
Merge pull request #569 from jmadler/master5e5af71
Merge pull request #582 from r3m0t/patch-617e4bbd
Merge pull request #596 from abjonnes/fix-print-trailing-comma1b427ba
Merge branch 'xZise-official-count' into masterc8eb497
Merge branch 'official-count' of https://github.com/xZise/python-future into ...dffc579
Fix bug in fix_print.py fixerUpdates
grpcio
from 1.41.0 to 1.53.2Release notes
Sourced from grpcio's releases.
... (truncated)
Changelog
Sourced from grpcio's changelog.
Commits
afb307f
[v1.53.x][Interop] Backport Python image update (#33864)7a9373b
[Backport] [dependency] Restrict cython to less than 3.X (#33770)fdb64a6
[v1.53][Build] Update Phusion baseimage (#33767) (#33836)cdf4186
[PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...ce5b93a
[PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...b24b6ea
[release] Bump release version to 1.53.2 (#33709)1e86ca5
[backport][iomgr][EventEngine] Improve server handling of file descriptor exh...aff3066
[PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...539d75c
[PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....3e79c88
[Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)Updates
idna
from 3.3 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1
Release v3.7c1b3154
Merge pull request #172 from kjd/optimize-contextj0394ec7
Merge branch 'master' into optimize-contextjcd58a23
Merge pull request #152 from elliotwutingfeng/dev5beb28b
More efficient resolution of joiner contexts1b12148
Update ossf/scorecard-action to v2.3.1d516b87
Update Github actions/checkout to v4c095c75
Merge branch 'master' into dev60a0a4c
Fix typo in GitHub Actions workflow key5918a0e
Merge branch 'master' into devUpdates
jinja2
from 3.0.2 to 3.1.4Release notes
Sourced from jinja2's releases.
Changelog
Sourced from jinja2's changelog.
... (truncated)
Commits
dd4a8b5
release version 3.1.40668239
Merge pull request from GHSA-h75v-3vvj-5mfjd655030
disallow invalid characters in keys to xmlattr filtera7863ba
add ghsa linksb5c98e7
start version 3.1.4da3a9f0
update project files (#1968)0ee5eb4
satisfy formatter, linter, and strict mypy20477c6
update project files (#5457)e491223
update pyyaml dev dependency36f9885
fix pr linkUpdates
jupyter-core
from 4.8.1 to 4.11.2Release notes
Sourced from jupyter-core's releases.
Changelog
Sourced from jupyter-core's changelog.
... (truncated)
Commits
Updates
jupyter-server
from 1.11.1 to 2.11.2Release notes
Sourced from jupyter-server's releases.
... (truncated)
Changelog
Sourced from jupyter-server's changelog.
... (truncated)
Commits
9bd9657
Publish 2.11.20056c3a
Merge pull request from GHSA-h56g-gq9v-vc8r88eca99
Bump to 2.12.0.dev03755794
Publish 2.11.140a95e5
avoid unhandled error on some invalid paths (#1369)ecd5b1f
Change md5 to hash and hash_algorithm, fix incompatibility (#1367)8e5d766
Bump to 2.12.0.dev0cc74bb6
Publish 2.11.0e7c0f33
Update api docs with md5 param (#1364)0983b71
Update ruff and typings (#1365)Updates
jupyterlab
from 3.2.0 to 3.6.7Release notes
Sourced from jupyterlab's releases.