#361: Avoid potential REDoS in EntryPoint.pattern.
v4.10.0
#354: Removed Distribution._local factory. This
functionality was created as a demonstration of the
possible implementation. Now, the
pep517 <https://pypi.org/project/pep517>_ package
provides this functionality directly through
pep517.meta.load <https://github.com/pypa/pep517/blob/a942316305395f8f757f210e2b16f738af73f8b8/pep517/meta.py#L63-L73>_.
v4.9.0
Require Python 3.7 or later.
v4.8.3
#357: Fixed requirement generation from egg-info when a
URL requirement is given.
v4.8.2
v2.1.2
#353: Fixed discovery of distributions when path is empty.
v4.8.1
#348: Restored support for EntryPoint access by item,
deprecating support in the process. Users are advised
to use direct member access instead of item-based access::
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps importlib-metadata from 1.7.0 to 4.10.1.
Changelog
Sourced from importlib-metadata's changelog.
... (truncated)
Commits
67cd67fMerge pull request #363 from python/bugfix/361-regexp-perf5516095Update changelogaa4f879Refactor regular expression to avoid expensive backtracking on contrived entr...4dbecdbAdd test capturing undesirable performance. Ref #361.9491ef9Merge pull request #354 from FFY00/remove-distribution-local1f6fe1eMerge branch 'main' into remove-distribution-local4a2f7d5Update changelog.e59f3b6Remove pep517 dependency and LocalPackage fixture, no longer used.5ad9047Merge https://github.com/jaraco/skeletoneca1c4cRemove filtered warnings, addressed upstream.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)