summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* python3-alembic: upgrade 1.13.2 -> 1.13.3Wang Mingyu2024-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - Render if_exists and if_not_exists parameters in CreateTableOp, CreateIndexOp, DropTableOp and DropIndexOp in an autogenerate context. - Enhance version_locations parsing to handle paths containing newlines. - Added support for Operations.create_table.if_not_exists and Operations.drop_table.if_exists, adding similar functionality to render IF [NOT] EXISTS for table operations in a similar way as with indexes. - The pin for setuptools<69.3 in pyproject.toml has been removed. MJ: https://git.openembedded.org/meta-openembedded/commit/?h=styhead&id=4441545a5dc75120bb4e839d71c6f8fc500e917f was backported into styhead causing: | ERROR Missing dependencies: | setuptools<69.3,>=61.0 | WARNING: exit code 1 from a shell command. this upgrade resolves this issue (see last item in changelog) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pdm-build-locked: Add recipeKhem Raj2024-11-251-0/+13
| | | | | | | | | | | | | | | | | * backporting new recipes is against stable policy, but https://git.openembedded.org/meta-openembedded/commit/?h=styhead&id=cb58461c8f9067247d630ec385851ed9c3889f79 was backported and added this dependency, so now styhead is failing with: ERROR: Nothing PROVIDES 'python3-pdm-build-locked-native' (but meta-oe/meta-python/recipes-devtools/python/python3-pdm_2.19.1.bb DEPENDS on or otherwise requires it). Close matches: python3-build-native python3-filelock-native python3-pdm-backend-native Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-reedsolo: switch to PEP-517 build backendalperak2024-11-191-1/+1
| | | | | | | | | | | | | The project has a proper pyproject.toml which declares the setuptools.build.meta PEP-517 backend. Fix: WARNING: python3-reedsolo-2.1.0b1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9a5f017a0159e26b9217c8748da74a5ce3c94c2c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pastedeploy: switch to PEP-517 build backendalperak2024-11-191-7/+10
| | | | | | | | | | | | | | | - The project has a proper pyproject.toml which declares the setuptools.build.meta PEP-517 backend. - Unnecessary dependencies dropped. Fix: WARNING: python3-pastedeploy-3.1.0-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit f421917ff688727cf2197849cbbed1e3c412d3c0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-spidev: switch to PEP-517 build backendalperak2024-11-191-1/+1
| | | | | | | | | | | Fix: WARNING: python3-spidev-3.6-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit dd22a1cdc78fdc45a369dcbe7d763e4d697029d0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-inflate64: switch to PEP-517 build backendalperak2024-11-191-2/+2
| | | | | | | | | | | | | | | | | - The project has a proper pyproject.toml which declares the setuptools.build.meta PEP-517 backend. - The PyPi package name (defaults to PN without the python3- prefix), so there is no need to set PYPI_PACKAGE as inflate64, it is by default. - Added missing dependency python3-setuptools-scm-native. Fix: WARNING: python3-inflate64-1.0.0-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 289470f0eb2bbef8c2f3310420e39c266c8a6c86) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-alembic: switch to PEP-517 build backendalperak2024-11-191-3/+1
| | | | | | | | | | | | - The project has a proper pyproject.toml which declares the setuptools.build.meta PEP-517 backend. - The PyPi package name (defaults to PN without the python3- prefix), so there is no need to set PYPI_PACKAGE as alembic, it is by default. WARNING: python3-alembic-1.13.3-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 207266f4c08f7de1bbe70f6d9105f97533df2b5d) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-sqlalchemy: Upgrade 2.0.32 -> 2.0.35 and switch to PEP-517 build backendalperak2024-11-191-3/+4
| | | | | | | | | | | | | | | | | | | | | | | - The project has a proper pyproject.toml which declares the setuptools.build.meta PEP-517 backend. - PYPI_PACKAGE name changed SQLAlchemy to sqlalchemy. - Added missing Cython dependency. Fix: WARNING: python3-sqlalchemy-2.0.32-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend] Changelog: https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.33 https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.34 https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.35 Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 42d10bd71d354aa6eeb3ba3a2bea71c33de475eb) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-sqlparse: Add missing rdep on mypy module for ptestsKhem Raj2024-11-191-0/+1
| | | | | | | | | | | | This is needed for fixing Failed ptests: {'python3-sqlparse': ['tests/test_cli.py:test_encoding_stdout[encoding_gbk.sql-gbk]', 'tests/test_cli.py:test_encoding_output_file[encoding_gbk.sql-gbk]', 'tests/test_cli.py:test_encoding_stdin[encoding_gbk.sql-gbk]']} Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pytest-mock: Fix ptestsKhem Raj2024-11-193-50/+11
| | | | | | | | | | | | | - Drop the patch to add additional checks to disable failing introspection tests, use plain asserts instead - Switch to pypi fetcher - Add missing rdeps needed for ptest runs Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pint: Upgrade to 0.24.3Khem Raj2024-11-192-8/+11
| | | | | | | | | - Switch to fetching from pypi - Use automake format for pytests - Fix ptests, by adding missing runtime deps Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-validators: Add missing rdeps for ptestsKhem Raj2024-11-191-0/+4
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-eth-hash: Add packageconfigs and switch to pep517-backendKhem Raj2024-11-191-7/+13
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-gunicorn: Add missing rdeps for ptestsKhem Raj2024-11-191-0/+2
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-ujson: Add python misc modules to ptest rdepsKhem Raj2024-11-192-2/+3
| | | | | | | | | Its needed for ModuleNotFoundError: No module named 'tracemalloc' Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pdm-backend: Upgrade to 2.4.1 releaseKhem Raj2024-11-191-1/+1
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pdm: Upgrade to 2.19.1Khem Raj2024-11-191-1/+2
| | | | | | | Add newlt added dependency on python3-pdm-build-locked-native Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pydbus: Add missing rdep on xml module for ptestsKhem Raj2024-11-191-1/+1
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-typer: Disable test_rich_markup_mode testsKhem Raj2024-11-191-1/+2
| | | | | | | | They fail for OE, see https://github.com/fastapi/typer/pull/859/files/2cfd641d86a591a0d8582dec9292c03e6322a21a Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-yarl: upgrade 1.10.0 -> 1.11.1Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | | | Changelog: =========== - Allowed scheme replacement for relative URLs if the scheme does not require a host - Allowed empty host for URL schemes other than the special schemes listed in the WHATWG URL spec - Loosened restriction on integers as query string values to allow classes that implement __int__ - Improved performance of normalizing paths Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-xmlschema: upgrade 3.3.2 -> 3.4.1Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | | Changelog: =========== - Fix failing URL normalization tests - Disable protocols checking with elementpath v4.5.0 - Extended ModelVisitor to make it usable as an helper class for generating content Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-virtualenv: upgrade 20.26.4 -> 20.26.5Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: Use uv over pip Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-robotframework: upgrade 7.0.1 -> 7.1Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: https://github.com/robotframework/robotframework/blob/master/doc/releasenotes/rf-7.1.rst Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-regex: upgrade 2024.7.24 -> 2024.9.11Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: Updated to Unicode 16.0.0. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyunormalize: upgrade 15.1.0 -> 16.0.0Wang Mingyu2024-11-191-2/+2
| | | | | | | | | | | License-Update: Copyright year updated to 2024. Changelog: Updated to Unicode 16.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyproject-api: upgrade 1.7.1 -> 1.7.2Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: Improve the CI Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pymisp: upgrade 2.4.197 -> 2.4.198Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | | | | Changelog: ============ - Bump changelog. - Bump deps, version. - Only include the changelog in the sdist package. - [data] describeTypes.json updated. - Openioc.py is not a script, but had exec bit. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-pyasn1-modules: upgrade 0.4.0 -> 0.4.1Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: Added support for Python 3.13 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-platformdirs: upgrade 4.3.1 -> 4.3.6Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | | | | | | | Changelog: =========== - Fix readme download target - Split build and publish for release - Use upstream setup-uv with uv python - Bump astral-sh/setup-uv from 2 to 3 - [pre-commit.ci] pre-commit autoupdate - don't include outdated changelog in docs - Fix multi-path returned from _path methods on MacOS - Use uv as installer Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-paramiko: upgrade 3.4.1 -> 3.5.0Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: Add support for AES-GCM encryption ciphers (128 and 256 bit variants). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-nmap: upgrade 1.6.0 -> 1.9.1Wang Mingyu2024-11-191-1/+1
| | | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-greenlet: upgrade 3.0.3 -> 3.1.0Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | Changelog: ========== - Adds support for Python 3.13. - Greatly reduce the chances for crashes during interpreter shutdown. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-filelock: upgrade 3.16.0 -> 3.16.1Wang Mingyu2024-11-191-1/+1
| | | | | | | | | Changelog: CI improvements Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-eventlet: upgrade 0.36.1 -> 0.37.0Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | | | Changelog: ========== * [fix] os.read/write waits until file descriptor is ready. * [fix] Upgrade RLocks as last thing we do * [security] drop header keys with underscores * [doc] Various doc updates Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-elementpath: upgrade 4.4.0 -> 4.5.0Wang Mingyu2024-11-191-1/+1
| | | | | | | | | | | | Changelog: ========== - Fix and clean node trees iteration methods - Fix missing raw string for '[^rn]' - Full and more specific type annotations Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-msgpack: upgrade 1.0.8 -> 1.1.0alperak2024-09-171-2/+2
| | | | | | | Full Changelog: https://github.com/msgpack/msgpack-python/compare/v1.0.8...v1.1.0 Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pytest-mock: Upgrade to 3.14.0Khem Raj2024-09-152-96/+4
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastjsonschema: Add missing rdeps for ptestsKhem Raj2024-09-151-0/+2
| | | | | | Allocated 5G RAM to qemu when running the ptest to avoid OOMs Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pylint: Add missing ptest rdep on python3-miscKhem Raj2024-09-151-1/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python-ujson: Use python_setuptools_build_metaKhem Raj2024-09-152-40/+5
| | | | | | | Drop the patch to disable strip instead set the env variable. set UJSON_BUILD_NO_STRIP=1 and get rid of one pending patch Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pillow: Add missing rdep on py3-compile for ptestsKhem Raj2024-09-151-1/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-wrapt: Add missing rdep on misc modules for ptestsKhem Raj2024-09-151-0/+2
| | | | | | Needed for 'this', 'abc' modules Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-django: upgrade 5.0.6 -> 5.0.9Fathi Boudra2024-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-45231: Potential user email enumeration via response status on password reset Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes. To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger. CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat() The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize() urlize() and urlizetrunc() were subject to a potential denial-of-service attack via certain inputs with a very large number of brackets. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords The django.contrib.auth.backends.ModelBackend.authenticate() method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save() Derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class, allowed for potential directory-traversal via certain inputs when calling save(). Built-in Storage sub-classes were not affected by this vulnerability. CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant() get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. To mitigate this vulnerability, the language code provided to get_supported_language_variant() is now parsed up to a maximum length of 500 characters. Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-django: upgrade 4.2.11 -> 4.2.16Fathi Boudra2024-09-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-45231: Potential user email enumeration via response status on password reset Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes. To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger. CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat() The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize() urlize() and urlizetrunc() were subject to a potential denial-of-service attack via certain inputs with a very large number of brackets. CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords The django.contrib.auth.backends.ModelBackend.authenticate() method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save() Derived classes of the django.core.files.storage.Storage base class which override generate_filename() without replicating the file path validations existing in the parent class, allowed for potential directory-traversal via certain inputs when calling save(). Built-in Storage sub-classes were not affected by this vulnerability. CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant() get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. To mitigate this vulnerability, the language code provided to get_supported_language_variant() is now parsed up to a maximum length of 500 characters. Fixed a crash in Django 4.2 when validating email max line lengths with content decoded using the surrogateescape error handling scheme (#35361) Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask: Add missing ptest depsKhem Raj2024-09-121-0/+4
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py-cpuinfo: Fix ptest runtime depsKhem Raj2024-09-121-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyyaml-include: Add missing dependencies for ptestsKhem Raj2024-09-121-0/+3
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fsspec: Add recipeKhem Raj2024-09-121-0/+22
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-service-identity: Fix ptest rdepsKhem Raj2024-09-121-0/+2
| | | | | | Add missing six and attrs modules to runtime deps Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-trustme: Add missing ptest rdeps on attrs and six modulesKhem Raj2024-09-121-0/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-02 03:03:54 +0000