Backport a patch from version 0.4.2 upstream since the uprev would add
functionality changes.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
3.2.5 fixes CVE-2021-35042: Potential SQL injection via unsanitized
QuerySet.order_by() input.
Additional release notes:
- Fixed a regression in Django 3.2 that caused a crash of
QuerySet.values_list(…, named=True) after prefetch_related() (#32812).
- Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+
when altering BinaryField, JSONField, or TextField to non-nullable
(#32503).
- Fixed a regression in Django 3.2 that caused a migration crash on MySQL
8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a
default value (#32832).
- Fixed a bug in Django 3.2 where a system check would crash on a model
with an invalid app_label (#32863).
There is no corresponding uprev for the 2.x LTS branch since it is
already at the latest version (2.2.24).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit fe50bd1005)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 3.2.4:
- CVE-2021-33203: Potential directory traversal via admindocs
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses
- Fixed a bug in Django 3.2 where a final catch-all view in the
admin didn't respect the server-provided value of SCRIPT_NAME
when redirecting unauthenticated users to the login page.
- Fixed a bug in Django 3.2 where a system check would crash on an
abstract model
- Prevented unnecessary initialization of unused caches following
a regression in Django 3.2
- Fixed a crash in Django 3.2 that could occur when running
mod_wsgi with the recommended settings while the Windows
colorama library was installed
- Fixed a bug in Django 3.2 that would trigger the auto-reloader
for template changes when directory paths were specified with
strings
- Fixed a regression in Django 3.2 that caused a crash of
auto-reloader with AttributeError, e.g. inside a Conda
environment
- Fixed a regression in Django 3.2 that caused a loss of precision
for operations with DecimalField on MySQL
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 624e3e1898)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
3.2.3 is a bugfix release:
- Prepared for mysqlclient > 2.0.3 support (#32732).
- Fixed a regression in Django 3.2 that caused the incorrect
filtering of querysets combined with the | operator (#32717).
- Fixed a regression in Django 3.2.1 where saving FileField
would raise a SuspiciousFileOperation even when a custom
upload_to returns a valid file path (#32718).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit bdf1be7c55)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2.2.23 is a bugfix release:
- Fixed a regression in Django 2.2.21 where saving FileField would raise a
SuspiciousFileOperation even when a custom upload_to returns a valid
file path (#32718).
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit f07a8c1376)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 3.11.4:
- Bug fix where a MongoClient would mistakenly attempt to create
minPoolSize connections to arbiter nodes
- Bug fix that prevented PyMongo from retrying writes after a
writeConcernError on MongoDB 4.4+
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit dcb9ecc1e5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 4.0.2:
- Using Union containing generics as type hint causes an error
- Libdoc does not anymore work with resource files in PYTHONPATH
- Rebot removes sourcename attribute from <kw> in output.xml
- Run Keyword If Test Failed does not work correctly if it is not
first keyword in teardown and test is skipped
- Argument conversion problems when type hint is ABC
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 73d63dd3fe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.3.4:
- Reverts the unsatisfying fix for KeyError during import when
running with python optimisation level of 2
- instead a RuntimeError is thrown when Python is running with
optimization level 2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 87e6a45374)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix a security issue CVE-2020-36242 where certain sequences of
``update()`` calls when symmetrically encrypting very large
payloads (>2GB) could result in an integer overflow, leading to
buffer overflows.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2.2.x is LTS, so upgrade to latest release 2.2.20.
This upgrade fixes several CVEs such as CVE-2021-3281.
Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.0.12:
- Add support for hashed/random/keyword expressions
- Review support support for hashed/random/keyword expression and
add expanders reactor
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 4c0e6d3365)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 5.0.7:
- The decorator module was not passing correctly the defaults
inside the *args tuple
- Fixed some mispellings in the documentation
- Integrated codespell in the CI
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit d07aa9a0a7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.2.4:
- Fixed regression in DataFrame.sum() when min_count greater than
the DataFrame shape was passed resulted in a ValueError
- Fixed regression in DataFrame.to_json() raising AttributeError
when run on PyPy
- Fixed regression in (in)equality comparison of pd.NaT with a
non-datetimelike numpy array returning a scalar instead of an
array
- Fixed regression in DataFrame.where() not returning a copy in
the case of an all True condition
- Fixed regression in DataFrame.replace() raising IndexError when
regex was a multi-key dictionary
- Fixed regression in repr of floats in an object column not
respecting float_format when printed in the console or outputted
through DataFrame.to_string(), DataFrame.to_html(), and
DataFrame.to_latex()
- Fixed regression in NumPy ufuncs such as np.add not passing
through all arguments for DataFrame
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 443e435ce4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.8:
assumptions:
- Q.infinite now correctly evaluates to True for oo, -oo, and zoo
- Assumption predicates now correctly evaluates to None for S.NaN
- Relational objects do not need to be wrapped by Q.is_true to be
asked or refined anymore
- Q.is_true wrapping over AppliedPredicate now just return the
argument
- refine arg(x) when x is real and nonzero
- assumptions/relation module is introduced. This module
implements binary relation as predicate
- AskHandler(), register_handler() and remove_handler() are
deprecated. Handler now must be multipledispatch instance
- Predicate now uses a single handler which is multipledispatch
instance
- Predicate can now take multiple arguments
- Predicate("...") now returns UndefinedPredicate instance. To
define a predicate, you must make a subclass of Predicate
calculus:
- Using maximum with a piecewise expression over a domain no
longer fails due to a bug fix in Piecewise.as_expr_set_pairs
codegen:
- allowing for multi-dimensional arrays as arguments/locals in c
code generation
- create_expand_pow_optimization is now customizable with respect
to requirement on base
- Support flattening of elementwise additions of array expressions
- Fixes to array-expressions in order to properly work with
ZeroArray and ZeroMatrix
- Fixing matrix expression recognition from array-expressions
- Minor fixes to the way the AST of array expressions is built
- Add normalization of CodegenArrayDiagonal when it's nested with
CodegenArrayPermuteDims and CodegenArrayContraction
- Increased support for the normalization of array expressions and
permutations of indices
- parse_matrix_expression( ) is now able to parse traces of
matrices
combinatorics:
- Added a section to the permutation docs about containment in
permutation groups
geometry:
- Fix AssertError for vertical tangent
- Geometric entities with symbolic coordinates will not be printed
in SVG
simplify:
- Fix simplify calls sympify without rational parameter
- TRmorrie now takes powers of cos terms into account
tensor:
- Introduced objects ArraySymbol and ArrayElement for array
expressions equivalent to MatrixSymbol and MatrixElement in the
matrix expression module
- Add class ZeroArray for array expressions of zero-valued
elements
- Make Array differentiation(derive_by_array) work with non sympy
expressions
- Added tensordiagonal( ) function to perform diagonalization of
array expressions
- Adding an array with any other type now consistently gives
NotImplemented
utilities:
- Added official support for using CuPy to GPU accelerate lambdify
functions
- Added Replacer class to simplify the creation of replacement
expressions with MatchPy
- Added tests for optional parameter in MatchPy patterns
- Added string printers for MatchPy-compatible wildcards in
sympy.utilities.matchpy_connector
- minlex no longer accepts is_set or small arguments
- minlex and least_rotation now accept key= arguments similar to
sorted
vector:
- Fixed a bug with integral over ImplicitRegion objects
other:
- Expanding documentation to include all class members with
docstrings
License-Update: Update year
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 71acc03cbd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.4.7:
orm:
- Fixed regression where the subqueryload() loader strategy would
fail to correctly accommodate sub-options, such as a defer()
option on a column, if the “path” of the subqueryload were more
than one level deep.
- Fixed regression where the merge_frozen_result() function relied
upon by the dogpile.caching example was not included in tests
and began failing due to incorrect internal arguments.
- Fixed critical regression where the Session could fail to
"autobegin" a new transaction when a flush occurred without an
existing transaction in place, implicitly placing the Session
into legacy autocommit mode which commit the transaction. The
Session now has a check that will prevent this condition from
occurring, in addition to repairing the flush issue.
- Fixed regression where the ORM compilation scheme would assume
the function name of a hybrid property would be the same as the
attribute name in such a way that an AttributeError would be
raised, when it would attempt to determine the correct name for
each element in a result tuple.
- Fixed critical regression caused by the new feature added as
part of #1763, eager loaders are invoked on unexpire operations.
The new feature makes use of the "immediateload" eager loader
strategy as a substitute for a collection loading strategy,
which unlike the other “post-load” strategies was not
accommodating for recursive invocations between
mutually-dependent relationships, leading to recursion overflow
errors.
engine:
- Fixed up the behavior of the Row object when dictionary access
is used upon it, meaning converting to a dict via dict(row) or
accessing members using strings or other objects i.e.
row["some_key"] works as it would with a dictionary, rather than
raising TypeError as would be the case with a tuple, whether or
not the C extensions are in place
sql:
- Enhanced the "expanding" feature used for ColumnOperators.in_()
operations to infer the type of expression from the right hand
list of elements, if the left hand side does not have any
explicit type set up. This allows the expression to support
stringification among other things. In 1.3, "expanding" was not
automatically used for ColumnOperators.in_() expressions, so in
that sense this change fixes a behavioral regression.
- Fixed the "stringify" compiler to support a basic
stringification of a "multirow" INSERT statement, i.e. one with
multiple tuples following the VALUES keyword.
schema:
- Fixed regression where usage of a token in the
Connection.execution_options.schema_translate_map dictionary
which contained special characters such as braces would fail to
be substituted properly. Use of square bracket characters [] is
now explicitly disallowed as these are used as a delimiter
character in the current implementation.
mypy:
- Fixed issue in Mypy plugin where the plugin wasn't inferring the
correct type for columns of subclasses that don’t directly
descend from TypeEngine, in particular that of TypeDecorator and
UserDefinedType.
misc:
- Added a new flag to DefaultDialect called supports_schema; third
party dialects may set this flag to True to enable SQLAlchemy's
schema-level tests when running the test suite for a third party
dialect.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit bc55118cf6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.6:
- Fix order for converting mach absolute time
Get the source code from the git repository because an archive
is not available in PyPI for this release.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 7076813079)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Minor code refactoring of the recipe and upgrade to release 1.3.3:
- Classes can be used as constraint for the type rule
- The abstract base classes of the standard library's
collections.abc module are available as named types for the
type rule
- Generic type aliases from the :mod:`typing` module can be used
as constraints for the type rule, including parametrized ones
a.k.a. compound types
- Support for Python 3.5 is removed.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 4d94ced1ec)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
What's New in astroid 2.5.3?
============================
Release Date: 2021-04-10
* Takes into account the fact that subscript inferring for a ClassDef may involve __class_getitem__ method
* Reworks the `collections` and `typing` brain so that `pylint`s acceptance tests are fine.
ClosesPyCQA/pylint#4206
* Use ``inference_tip`` for ``typing.TypedDict`` brain.
* Fix mro for classes that inherit from typing.Generic
* Add inference tip for typing.Generic and typing.Annotated with ``__class_getitem__``
ClosesPyCQA/pylint#2822
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit b06d10f7de)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 4.0.1. It is the first bug fix release in the
Robot Framework 4.0.x series. It fixes several severe and not so
severe issues reported since Robot Framework 4.0 was released.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 801b087028)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 2.1.3:
- Address issue where a test server may return an HTTP error
during upload or download
- Address issue where ignore_ids may be empty or have empty values
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit becc8a0246)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.0.11:
- fix bug: bad case:0 6 30 3 *
- Add support for L in the day_of_week component. This enable
expressions like * * * * L4, which means last Thursday of the
month.
- Create CroniterUnsupportedSyntaxError exception for situations
where CRON syntax may be valid but some combinations of features
is not supported. Currently, this is used when the day_of_week
component has a combination of literal values and nth/last
syntax at the same time.
For example, 0 0 * * 1,L6 or 0 0 * * 15,sat#1 will both raise
this exception because of mixing literal days of the week with
nth-weekday or last-weekday syntax. This may impact existing
cron expressions in prior releases, because 0 0 * * 15,sat#1
was previously allowed but incorrectly handled.
- Update croniter_range() to allow an alternate croniter class to
be used. Helpful when using a custom class derived from croniter.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 159df27856)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 0.17.4:
- prevent (empty) comments from throwing assertion error
- fix for issue 382 caused by an error in a format string
- allow expansion of aliases by setting
``yaml.composer.return_alias = lambda s: copy.deepcopy(s)``
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 5aaffd50a7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 1.6.0:
- XML data bindings and code generators are now considered stable
- Add arguments 'max_depth' and 'extra_validator' to validation
methods
- Enhance decoding with 'value_hook' argument
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit 0f32057302)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 3.2:
- Automatic AppConfig discovery
- Customizing type of auto-created primary keys
- Functional indexes
- pymemcache support
- New decorators for the admin site
- Other minor new features
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
(cherry picked from commit f45f3862a6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
