nebula-orchestrator / manager

The API endpoint that manages nebula orchestrator clusters
https://nebula-orchestrator.github.io/
GNU General Public License v3.0
30 stars 12 forks source link

Bump configobj from 5.0.8 to 5.0.9 #613

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps configobj from 5.0.8 to 5.0.9.

Release notes

Sourced from configobj's releases.

5.0.9

What's Changed

New Contributors

Full Changelog: https://github.com/DiffSK/configobj/compare/v5.0.8...v5.0.9

Changelog

Sourced from configobj's changelog.

Changelog

Release 5.0.9 """""""""""""

  • drop support for Python 2 and <3.7
  • fix CVE-2023-26112, ReDoS attack

Release 5.0.8 """""""""""""

  • fixing/test for a regression introduced in 5.0.7 that prevented import validate from working

Release 5.0.7 """""""""""""

  • update testing to validate against python version 2.7 and 3.5-3.11
  • update broken links / non-existent services and references

Older Releases """"""""""""""

  • Release 5.0.6 improves error messages in certain edge cases
  • Release 5.0.5 corrects a unicode-bug that still existed in writing files
  • Release 5.0.4 corrects a unicode-bug that still existed in reading files after fixing lists of string in 5.0.3
  • Release 5.0.3 corrects errors related to the incorrectly handling unicode encoding and writing out files
  • Release 5.0.2 adds a specific error message when trying to install on Python versions older than 2.5
  • Release 5.0.1 fixes a regression with unicode conversion not happening in certain cases PY2
  • Release 5.0.0 updates the supported Python versions to 2.6, 2.7, 3.2, 3.3 and is otherwise unchanged
  • Release 4.7.2 fixes several bugs in 4.7.1
  • Release 4.7.1 fixes a bug with the deprecated options keyword in 4.7.0.
  • Release 4.7.0 improves performance adds features for validation and fixes some bugs.
Commits
  • 242dfd0 release 5.0.9
  • 8857b08 Merge pull request #246 from DiffSK/python-version
  • d6f7597 Update minimum python to 3.7 everywhere, and add 3.12
  • 8ffcf0c Merge pull request #241 from yegorich/license
  • 5e2f143 Merge pull request #245 from jelmer/extra-2014
  • fdf3634 Drop extra '2014' in LICENSE file. Fixes #233
  • 3480a6e Merge pull request #237 from jelmer/drop-python2
  • 008165c Drop python 3.5 from GitHub action, since it now fails to download
  • 861383c Drop support for Python < 3.5
  • 7c618b0 Merge pull request #236 from cdcadman/cve_2023_26112
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)