5ea2cf2484
24909 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Quentin Gliech
|
5ea2cf2484
|
Move device changes off the main process (#18581)
The main goal of this PR is to handle device list changes onto multiple writers, off the main process, so that we can have logins happening whilst Synapse is rolling-restarting. This is quite an intrusive change, so I would advise to review this commit by commit; I tried to keep the history as clean as possible. There are a few things to consider: - the `device_list_key` in stream tokens becomes a `MultiWriterStreamToken`, which has a few implications in sync and on the storage layer - we had a split between `DeviceHandler` and `DeviceWorkerHandler` for master vs. worker process. I've kept this split, but making it rather writer vs. non-writer worker, using method overrides for doing replication calls when needed - there are a few operations that need to happen on a single worker at a time. Instead of using cross-worker locks, for now I made them run on the first writer on the list --------- Co-authored-by: Eric Eastwood <erice@element.io> |
||
Eric Eastwood
|
66504d1144
|
Fix dirty Cargo.lock changes appearing after install (base64) (#18689)
Normal install results in `Cargo.lock` changes constantly popping up for me as I navigate my branches. This was probably caused by some Depdendabot PR updating the `Cargo.toml` without `Cargo.lock` or something. ``` poetry install --extras all ``` In another PR, I've also added CI to ensure we don't leave `Cargo.lock` changes behind to avoid this annoyance in the future -> https://github.com/element-hq/synapse/pull/18693 |
||
|
Eric Eastwood
|
cda922830e
|
Clean up MetricsResource and Prometheus hacks (#18687)
Clean up `MetricsResource`, Prometheus hacks (`_set_prometheus_client_use_created_metrics`), and better document why we care about having a separate `metrics` listener type. These clean-up changes have been split out from https://github.com/element-hq/synapse/pull/18584 since that PR was closed. |
||
dependabot[bot]
|
f0f9a82ca4
|
Bump lxml from 5.4.0 to 6.0.0 (#18631)
Bumps [lxml](https://github.com/lxml/lxml) from 5.4.0 to 6.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lxml/lxml/blob/master/CHANGES.txt">lxml's changelog</a>.</em></p> <blockquote> <h1>6.0.0 (2025-06-26)</h1> <h2>Features added</h2> <ul> <li> <p>GH#463: <code>lxml.html.diff</code> is faster and provides structurally better diffs. Original patch by Steven Fernandez.</p> </li> <li> <p>GH#405: The factories <code>Element</code> and <code>ElementTree</code> can now be used in type hints.</p> </li> <li> <p>GH#448: Parsing from <code>memoryview</code> and other buffers is supported to allow zero-copy parsing.</p> </li> <li> <p>GH#437: <code>lxml.html.builder</code> was missing several HTML5 tag names. Patch by Nick Tarleton.</p> </li> <li> <p>GH#458: <code>CDATA</code> can now be written into the incremental <code>xmlfile()</code> writer. Original patch by Lane Shaw.</p> </li> <li> <p>A new parser option <code>decompress=False</code> was added that controls the automatic input decompression when using libxml2 2.15.0 or later. Disabling this option by default will effectively prevent decompression bombs when handling untrusted input. Code that depends on automatic decompression must enable this option. Note that libxml2 2.15.0 was not released yet, so this option currently has no effect but can already be used.</p> </li> <li> <p>The set of compile time / runtime supported libxml2 feature names is available as <code>etree.LIBXML_COMPILED_FEATURES</code> and <code>etree.LIBXML_FEATURES</code>. This currently includes <code>catalog</code>, <code>ftp</code>, <code>html</code>, <code>http</code>, <code>iconv</code>, <code>icu</code>, <code>lzma</code>, <code>regexp</code>, <code>schematron</code>, <code>xmlschema</code>, <code>xpath</code>, <code>zlib</code>.</p> </li> </ul> <h2>Bugs fixed</h2> <ul> <li> <p>GH#353: Predicates in <code>.find*()</code> could mishandle tag indices if a default namespace is provided. Original patch by Luise K.</p> </li> <li> <p>GH#272: The <code>head</code> and <code>body</code> properties of <code>lxml.html</code> elements failed if no such element was found. They now return <code>None</code> instead. Original patch by FVolral.</p> </li> <li> <p>Tag names provided by code (API, not data) that are longer than <code>INT_MAX</code> could be truncated or mishandled in other ways.</p> </li> <li> <p><code>.text_content()</code> on <code>lxml.html</code> elements accidentally returned a "smart string" without additional information. It now returns a plain string.</p> </li> <li> <p>LP#2109931: When building lxml with coverage reporting, it now disables the <code>sys.monitoring</code> support due to the lack of support in <a href="https://redirect.github.com/nedbat/coveragepy/issues/1790">nedbat/coveragepy#1790</a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Quentin Gliech
|
f031105eee
|
Start and stop the Tokio runtime with the Twisted reactor (#18691)
Fixes https://github.com/element-hq/synapse/issues/18659 This changes the Tokio runtime to be attached to the Twisted reactor. This way, the Tokio runtime starts when the Twisted reactor starts, and *not* when the module gets loaded. This is important as starting the runtime on module load meant that it broke when Synapse was started with `daemonize`/`synctl`, as forks only retain the calling threads, breaking the Tokio runtime. This also changes so that the HttpClient gets the Twisted reactor explicitly as parameter instead of loading it from `twisted.internet.reactor` |
||
Kim Brose
|
a0d6469069
|
fix schema and docs of rc_delayed_event_mgmt (#18692)
Signed-off-by: Kim Brose <kim.brose@nordeck.net> |
||
Patrick Cloke
|
84991317d0
|
Stabilize support for custom profile fields. (#18635) | ||
Tulir Asokan
|
56c166cbf0
|
Include event_id when getting state with ?format=event (#18675)
|
||
Märt
|
a07e26a936
|
Fix sequence migration for autoincrement tables in synapse_port_db (#18677)
Closes https://github.com/element-hq/synapse/issues/18053 - the sliding sync tables will now migrate properly. |
||
|
dependabot[bot]
|
b07dc6a27d
|
Bump types-jsonschema from 4.24.0.20250528 to 4.24.0.20250708 (#18682) | ||
|
dependabot[bot]
|
42297bfceb
|
Bump ruff from 0.12.2 to 0.12.3 (#18683) | ||
|
Eric Eastwood
|
88785dbaeb
|
Refactor cache metrics to be homeserver-scoped (#18604)
(add `server_name` label to cache metrics). Part of https://github.com/element-hq/synapse/issues/18592 |
||
|
Eric Eastwood
|
fc10a5ee29
|
Refactor Measure block metrics to be homeserver-scoped (v2) (#18601)
Refactor `Measure` block metrics to be homeserver-scoped (add `server_name` label to block metrics). Part of https://github.com/element-hq/synapse/issues/18592 ### Testing strategy #### See behavior of previous `metrics` listener 1. Add the `metrics` listener in your `homeserver.yaml` ```yaml listeners: - port: 9323 type: metrics bind_addresses: ['127.0.0.1'] ``` 1. Start the homeserver: `poetry run synapse_homeserver --config-path homeserver.yaml` 1. Fetch `http://localhost:9323/metrics` 1. Observe response includes the block metrics (`synapse_util_metrics_block_count`, `synapse_util_metrics_block_in_flight`, etc) #### See behavior of the `http` `metrics` resource 1. Add the `metrics` resource to a new or existing `http` listeners in your `homeserver.yaml` ```yaml listeners: - port: 9322 type: http bind_addresses: ['127.0.0.1'] resources: - names: [metrics] compress: false ``` 1. Start the homeserver: `poetry run synapse_homeserver --config-path homeserver.yaml` 1. Fetch `http://localhost:9322/_synapse/metrics` (it's just a `GET` request so you can even do in the browser) 1. Observe response includes the block metrics (`synapse_util_metrics_block_count`, `synapse_util_metrics_block_in_flight`, etc) |
||
|
Eric Eastwood
|
d72c278a07
|
Remove allow_no_prev_events option (MSC2716 cleanup) (#18676)
This option is no longer used since we backed out the MSC2716 changes in https://github.com/matrix-org/synapse/pull/15748 and is even mentioned as a follow-up task in the PR description there. The `allow_no_prev_events` option was first introduced in https://github.com/matrix-org/synapse/pull/11243 to support MSC2716 back in the day. |
||
Johannes Marbach
|
b274d6561c
|
Document that some config options for the user directory are in violation of the Matrix spec (#18548)
Fix #17534 Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org> |
||
Andrew Morgan
|
49cb78376e
|
Advertise support for Matrix v1.12 (#18647) | ||
|
Eric Eastwood
|
88f38ea149
|
Correct version that recaptcha_{private,public}_key_path config options were introduced (#18684)
Introduced in https://github.com/element-hq/synapse/pull/17984 I already see a [`v1.134.0rc1`](https://github.com/element-hq/synapse/releases/tag/v1.134.0rc1) tag from 5 days ago so I assume https://github.com/element-hq/synapse/pull/17984 will actually ship in the next release (which will be `v1.135.0`) |
||
|
Andrew Morgan
|
5f027adb33
|
Update URL Preview code to work with lxml 6.0.0 (#18622)
|
||
Erik Johnston
|
e6dbbbb315 | Merge remote-tracking branch 'origin/master' into develop | ||
|
dependabot[bot]
|
78ce4dc26f
|
Bump mypy from 1.13.0 to 1.16.1 (#18653) | ||
|
Erik Johnston
|
60be549c0c | 1.134.0 | ||
reivilibre
|
97d2738eef
|
Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events. (#18499)
Fixes: #18491 Fix hotlooping due to skipped PDUs if there is still no progress to be made. This could bite if the event was purged since being skipped during catch-up. Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org> |
||
|
dependabot[bot]
|
945e22303c
|
Bump phonenumbers from 9.0.8 to 9.0.9 (#18681) | ||
V02460
|
481c4e2b55
|
Add recaptcha_{private,public}_key_path config option (#17984)
Another config option on my quest to a `*_path` variant for every secret. Adds the config options `recaptcha_private_key_path` and `recaptcha_public_key_path`. Tests and docs are included. A public key is of course no secret, but it is closely related to the private key, so it’s still useful to have a `*_path` variant for it. |
||
Travis Ralston
|
5129668449
|
Allow admins to see soft failed events (if they want to) (#18238) | ||
|
dependabot[bot]
|
3c13c3bebf
|
Bump base64 from 0.21.7 to 0.22.1 (#18666)
Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.21.7 to 0.22.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's changelog</a>.</em></p> <blockquote> <h1>0.22.1</h1> <ul> <li>Correct the symbols used for the predefined <code>alphabet::BIN_HEX</code>.</li> </ul> <h1>0.22.0</h1> <ul> <li><code>DecodeSliceError::OutputSliceTooSmall</code> is now conservative rather than precise. That is, the error will only occur if the decoded output <em>cannot</em> fit, meaning that <code>Engine::decode_slice</code> can now be used with exactly-sized output slices. As part of this, <code>Engine::internal_decode</code> now returns <code>DecodeSliceError</code> instead of <code>DecodeError</code>, but that is not expected to affect any external callers.</li> <li><code>DecodeError::InvalidLength</code> now refers specifically to the <em>number of valid symbols</em> being invalid (i.e. <code>len % 4 == 1</code>), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either <code>InvalidLength</code> or <code>InvalidByte</code> being appropriate.</li> <li>Decoding is somewhat faster (5-10%)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Quentin Gliech
|
1e5e6a48be
|
Use markdown-it-py instead of commonmark in the release script. (#18637)
`commonmark` has been deprecated in favor of `markdown-it-py`, and its type hints have been [removed from typeshed](https://github.com/python/typeshed/issues/13725). This switches the release script to use `markdown-it-py` instead of `commonmark` for parsing the `CHANGES.md` |
||
|
Andrew Morgan
|
947216abc0
|
Update latest_deps workflow to migrate poetry --no-dev -> --without dev (#18617)
|
||
|
V02460
|
c5999cf452
|
Document config file merge behavior (#18664)
Explains in the doc comment of `synapse.config._base.read_config_file` how config files are merged. |
||
|
Quentin Gliech
|
28c9ed3ccb
|
Remove unnecessary replication calls (#18564)
This should be reviewed commit by commit. Nowadays it's trivial to propagate cache invalidations, which means we can move some things off the main process, and not go through HTTP replication. `ReplicationGetQueryRestServlet` appeared to be unused, and was very weird, as it was being called if the current instance is the main one… to RPC to the main one (if no instance is set on a replication client, it makes it to the main process) The other two handlers could be relatively trivially moved to any workers, moving some methods to the worker store. **I've intentionally not removed the replication servlets yet** so that it's safe to rollout, and will do another PR that clean those up to remove on the N+1 version |
||
|
Quentin Gliech
|
1dc29563c1
|
Move registrations off the main worker (#18552)
This is mainly moving a few store methods around. Note that this doesn't yet remove the replication servlet to avoid breaking during rollout. |
||
Erik Johnston
|
66daf0bfae
|
Add ability to limit amount uploaded by a user (#18527)
You can now configure how much media can be uploaded by a user in a given time period. Note the first commit here is a refactor of create/upload content function |
||
|
Johannes Marbach
|
b9b8775db7
|
Add plain-text handling for rich-text topics as per MSC3765 (#18195)
This implements https://github.com/matrix-org/matrix-spec-proposals/pull/3765 which is already merged and, therefore, can use stable identifiers. For `/publicRooms` and `/hierarchy`, the topic is read from the eponymous field of the `current_state_events` table. Rather than introduce further columns in this table, I changed the insertion / update logic to write the plain-text topic from the rich topic into the existing field. This will not take effect for existing rooms unless their topic is changed. However, existing rooms shouldn't have rich topics to begin with. Similarly, for server-side search, I changed the insertion logic of the `event_search` table to prefer the value from the rich topic. Again, existing events shouldn't have rich topics and, therefore, don't need to be migrated in the table. Spec doc: https://spec.matrix.org/v1.15/client-server-api/#mroomtopic Part of supporting Matrix v1.15: https://spec.matrix.org/v1.15/client-server-api/#mroomtopic Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org> Co-authored-by: Eric Eastwood <erice@element.io> |
||
|
Johannes Marbach
|
e1b429d88e
|
Add experimental support for MSC4277: Harmonizing the reporting endpoints (#18263)
[MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277): Harmonizing the reporting endpoints |
||
Andrew Morgan
|
8c1e60045c | Merge branch 'release-v1.134' into develop | ||
|
Erik Johnston
|
bf0370162f
|
Speed up inserting into stream_positions (#18672)
By ensuring we don't do a no-op `UPDATE`, as this causes new tuples to be written in postgres. |
||
|
Andrew Morgan
|
5c2765bd7a | 1.134.0rc1 | ||
|
Quentin Gliech
|
f8a7872ddb
|
Use native arm runners for building wheels (#18618)
This takes down the CI time to build wheels from 50 minutes to <10
minutes.
**It also fixes macOS ARM builds, and includes more ARM builds in
general** (we were ignoring pypy and musl before). This doesn't cost
much for us to do this, reasons for not doing this is 1. space on PyPI
and 2. keeping them 'officially' supported?
This is the list of wheels this built (`+` are the ones added):
```diff
matrix_synapse-1.133.0-cp39-abi3-macosx_10_9_x86_64.whl
+ matrix_synapse-1.133.0-cp39-abi3-macosx_11_0_arm64.whl
matrix_synapse-1.133.0-cp39-abi3-manylinux_2_28_aarch64.whl
matrix_synapse-1.133.0-cp39-abi3-manylinux_2_28_x86_64.whl
+ matrix_synapse-1.133.0-cp39-abi3-musllinux_1_2_aarch64.whl
matrix_synapse-1.133.0-cp39-abi3-musllinux_1_2_x86_64.whl
matrix_synapse-1.133.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl
+ matrix_synapse-1.133.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl
+ matrix_synapse-1.133.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl
matrix_synapse-1.133.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl
matrix_synapse-1.133.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl
+ matrix_synapse-1.133.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl
+ matrix_synapse-1.133.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl
matrix_synapse-1.133.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl
```
And the numbers aaaaare 🥁
-
[before](https://github.com/element-hq/synapse/actions/runs/16072488018):
54 minutes
-
[after](https://github.com/element-hq/synapse/actions/runs/16004034949?pr=18618):
10 minutes
**Revert
[e43b0f9](
|
||
|
Andrew Morgan
|
b8ad9bf1b7
|
Add .zed/ to .gitignore (#18623)
|
||
|
Quentin Gliech
|
9b86458900
|
Speed up the building of Docker images using ARM CI workers (#18620)
This splits the building of docker images in 2 jobs, one for each platform, using the native ARM runners for arm64. The tricky part here is to get back a nice multi-arch manifest. Previously, you'd do that by pushing each platform image in two distinct tags, then referencing them in a multi-arch manifest. Nowadays, it's possible to push images by their digest only, then creating the manifest for those pushed digests separately This is inspired by the Docker docs on how to distribute multi-platform image builds: https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners `ghcr.io/element-hq/synapse:sha-c733dd6` is an example image that got built by this workflow (there is a temporary sha-* tag on workflow_dispatch runs to help trying out the workflow) I also had to make sure we sign the manifests correctly: ``` $ cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github.com/element-hq/synapse/.github/workflows/docker.yml@.*' ghcr.io/element-hq/synapse:sha-c733dd6 Verification for ghcr.io/element-hq/synapse:sha-c733dd6 -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The code-signing certificate was verified using trusted certificate authority certificates ``` And the numbers aaaaare 🥁 - [before](https://github.com/element-hq/synapse/actions/runs/16118229296/job/45477093703): 30 minutes - [after](https://github.com/element-hq/synapse/actions/runs/16021743575): 4 minutes --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> |
||
|
dependabot[bot]
|
57220706b2
|
Bump typing-extensions from 4.14.0 to 4.14.1 (#18668)
Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.14.0 to 4.14.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.14.1</h2> <h1>Release 4.14.1 (July 4, 2025)</h1> <ul> <li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside other types (e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is not allowed by the type system but worked on older versions, so we maintain support.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.14.1 (July 4, 2025)</h1> <ul> <li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside other types (e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is not allowed by the type system but worked on older versions, so we maintain support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
616ada3dfe
|
Bump tokio from 1.46.0 to 1.46.1 (#18667)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.46.0 to 1.46.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.46.1</h2> <h1>1.46.1 (July 4th, 2025)</h1> <p>This release fixes incorrect spawn locations in runtime task hooks for tasks spawned using <code>tokio::spawn</code> rather than <code>Runtime::spawn</code>. This issue only effected the spawn location in <code>TaskMeta::spawned_at</code>, and did not effect task locations in Tracing events.</p> <h2>Unstable</h2> <ul> <li>runtime: add <code>TaskMeta::spawn_location</code> tracking where a task was spawned (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7440">tokio-rs/tokio#7440</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
49e46b84de
|
Bump types-psycopg2 from 2.9.21.20250318 to 2.9.21.20250516 (#18658)
Bumps [types-psycopg2](https://github.com/typeshed-internal/stub_uploader) from 2.9.21.20250318 to 2.9.21.20250516. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
4a7b166d80
|
Bump ruff from 0.12.1 to 0.12.2 (#18657)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.12.1 to 0.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.12.2</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-pyi</code>] Expand <code>Optional[A]</code> to <code>A | None</code> (<code>PYI016</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18572">#18572</a>)</li> <li>[<code>pyupgrade</code>] Mark <code>UP008</code> fix safe if no comments are in range (<a href="https://redirect.github.com/astral-sh/ruff/pull/18683">#18683</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-comprehensions</code>] Fix <code>C420</code> to prepend whitespace when needed (<a href="https://redirect.github.com/astral-sh/ruff/pull/18616">#18616</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF403</code> panic on attribute or subscription loop variable (<a href="https://redirect.github.com/astral-sh/ruff/pull/19042">#19042</a>)</li> <li>[<code>pydocstyle</code>] Fix <code>D413</code> infinite loop for parenthesized docstring (<a href="https://redirect.github.com/astral-sh/ruff/pull/18930">#18930</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW0108</code> autofix introducing a syntax error when the lambda's body contains an assignment expression (<a href="https://redirect.github.com/astral-sh/ruff/pull/18678">#18678</a>)</li> <li>[<code>refurb</code>] Fix false positive on empty tuples (<code>FURB168</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19058">#19058</a>)</li> <li>[<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19021">#19021</a>)</li> <li>[<code>ruff</code>] Fix syntax error introduced for an empty string followed by a u-prefixed string (<code>UP025</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18899">#18899</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-executable</code>] Allow <code>uvx</code> in shebang line (<code>EXE003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18967">#18967</a>)</li> <li>[<code>pandas</code>] Avoid flagging <code>PD002</code> if <code>pandas</code> is not imported (<a href="https://redirect.github.com/astral-sh/ruff/pull/18963">#18963</a>)</li> <li>[<code>pyupgrade</code>] Avoid PEP-604 unions with <code>typing.NamedTuple</code> (<code>UP007</code>, <code>UP045</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18682">#18682</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Document link between <code>import-outside-top-level (PLC0415)</code> and <code>lint.flake8-tidy-imports.banned-module-level-imports</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18733">#18733</a>)</li> <li>Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/pull/19095">#19095</a>)</li> <li>[<code>airflow</code>] Make <code>AIR302</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18988">#18988</a>)</li> <li>[<code>airflow</code>] Make <code>AIR312</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18989">#18989</a>)</li> <li>[<code>flake8-annotations</code>] Make <code>ANN401</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18974">#18974</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC100</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18993">#18993</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC105</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19002">#19002</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC110</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18975">#18975</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC210</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18977">#18977</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC220</code>, <code>ASYNC221</code>, and <code>ASYNC222</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18978">#18978</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC251</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18990">#18990</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S201</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19017">#19017</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S604</code> and <code>S609</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19049">#19049</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B028</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19054">#19054</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B911</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19051">#19051</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ011</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19055">#19055</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ901</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19056">#19056</a>)</li> <li>[<code>flake8-pyi</code>] Make <code>PYI032</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19061">#19061</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI014</code>, <code>PYI015</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19097">#19097</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI042</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19101">#19101</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI059</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19080">#19080</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI062</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19079">#19079</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19104">#19104</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19105">#19105</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.12.2</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-pyi</code>] Expand <code>Optional[A]</code> to <code>A | None</code> (<code>PYI016</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18572">#18572</a>)</li> <li>[<code>pyupgrade</code>] Mark <code>UP008</code> fix safe if no comments are in range (<a href="https://redirect.github.com/astral-sh/ruff/pull/18683">#18683</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-comprehensions</code>] Fix <code>C420</code> to prepend whitespace when needed (<a href="https://redirect.github.com/astral-sh/ruff/pull/18616">#18616</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF403</code> panic on attribute or subscription loop variable (<a href="https://redirect.github.com/astral-sh/ruff/pull/19042">#19042</a>)</li> <li>[<code>pydocstyle</code>] Fix <code>D413</code> infinite loop for parenthesized docstring (<a href="https://redirect.github.com/astral-sh/ruff/pull/18930">#18930</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW0108</code> autofix introducing a syntax error when the lambda's body contains an assignment expression (<a href="https://redirect.github.com/astral-sh/ruff/pull/18678">#18678</a>)</li> <li>[<code>refurb</code>] Fix false positive on empty tuples (<code>FURB168</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19058">#19058</a>)</li> <li>[<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19021">#19021</a>)</li> <li>[<code>ruff</code>] Fix syntax error introduced for an empty string followed by a u-prefixed string (<code>UP025</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18899">#18899</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-executable</code>] Allow <code>uvx</code> in shebang line (<code>EXE003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18967">#18967</a>)</li> <li>[<code>pandas</code>] Avoid flagging <code>PD002</code> if <code>pandas</code> is not imported (<a href="https://redirect.github.com/astral-sh/ruff/pull/18963">#18963</a>)</li> <li>[<code>pyupgrade</code>] Avoid PEP-604 unions with <code>typing.NamedTuple</code> (<code>UP007</code>, <code>UP045</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18682">#18682</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Document link between <code>import-outside-top-level (PLC0415)</code> and <code>lint.flake8-tidy-imports.banned-module-level-imports</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18733">#18733</a>)</li> <li>Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/pull/19095">#19095</a>)</li> <li>[<code>airflow</code>] Make <code>AIR302</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18988">#18988</a>)</li> <li>[<code>airflow</code>] Make <code>AIR312</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18989">#18989</a>)</li> <li>[<code>flake8-annotations</code>] Make <code>ANN401</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18974">#18974</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC100</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18993">#18993</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC105</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19002">#19002</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC110</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18975">#18975</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC210</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18977">#18977</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC220</code>, <code>ASYNC221</code>, and <code>ASYNC222</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18978">#18978</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC251</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18990">#18990</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S201</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19017">#19017</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S604</code> and <code>S609</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19049">#19049</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B028</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19054">#19054</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B911</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19051">#19051</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ011</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19055">#19055</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ901</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19056">#19056</a>)</li> <li>[<code>flake8-pyi</code>] Make <code>PYI032</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19061">#19061</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI014</code>, <code>PYI015</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19097">#19097</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI042</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19101">#19101</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI059</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19080">#19080</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI062</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19079">#19079</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19104">#19104</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19105">#19105</a>)</li> <li>[<code>flake8-quotes</code>] Make example error out-of-the-box (<code>Q003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19106">#19106</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d61b919030
|
Bump setuptools-rust from 1.10.2 to 1.11.1 (#18655)
Bumps [setuptools-rust](https://github.com/PyO3/setuptools-rust) from 1.10.2 to 1.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyO3/setuptools-rust/releases">setuptools-rust's releases</a>.</em></p> <blockquote> <h2>v1.11.1</h2> <h3>Fixed</h3> <ul> <li>Fix finding cargo artifacts when filenames are empty. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/521">#521</a></li> </ul> <h2>v1.11.0</h2> <h3>Packaging</h3> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/479">#479</a></li> <li>Support free-threaded Python. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/502">#502</a></li> <li>Support adding custom env vars. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/504">#504</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyO3/setuptools-rust/blob/main/CHANGELOG.md">setuptools-rust's changelog</a>.</em></p> <blockquote> <h2>1.11.1 (2025-04-04)</h2> <h3>Fixed</h3> <ul> <li>Fix finding cargo artifacts when filenames are empty. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/521">#521</a></li> </ul> <h2>1.11.0 (2025-03-14)</h2> <h3>Packaging</h3> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/479">#479</a></li> <li>Support free-threaded Python. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/502">#502</a></li> <li>Support adding custom env vars. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/504">#504</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cb0d5a3012
|
Bump typing-extensions from 4.12.2 to 4.14.0 (#18654)
Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.12.2 to 4.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.14.0</h2> <p>This release adds several new features, including experimental support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>) and sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>), and support for changes in Python 3.14. In addition, Python 3.8 is no longer supported.</p> <p>Changes since 4.14.0rc1:</p> <ul> <li>Remove <code>__or__</code> and <code>__ror__</code> methods from <code>typing_extensions.Sentinel</code> on Python versions <3.10. PEP 604 was introduced in Python 3.10, and <code>typing_extensions</code> does not generally attempt to backport PEP-604 methods to prior versions.</li> <li>Further update <code>typing_extensions.evaluate_forward_ref</code> with changes in Python 3.14.</li> </ul> <p>Changes included in 4.14.0rc1:</p> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h2>4.14.0rc1</h2> <p>Major changes:</p> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.14.0 (June 2, 2025)</h1> <p>Changes since 4.14.0rc1:</p> <ul> <li>Remove <code>__or__</code> and <code>__ror__</code> methods from <code>typing_extensions.Sentinel</code> on Python versions <3.10. PEP 604 was introduced in Python 3.10, and <code>typing_extensions</code> does not generally attempt to backport PEP-604 methods to prior versions.</li> <li>Further update <code>typing_extensions.evaluate_forward_ref</code> with changes in Python 3.14.</li> </ul> <h1>Release 4.14.0rc1 (May 24, 2025)</h1> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.2 (April 10, 2025)</h1> <ul> <li>Fix <code>TypeError</code> when taking the union of <code>typing_extensions.TypeAliasType</code> and a <code>typing.TypeAliasType</code> on Python 3.12 and 3.13. Patch by <a href="https://github.com/jorenham">Joren Hammudoglu</a>.</li> <li>Backport from CPython PR <a href="https://redirect.github.com/python/cpython/pull/132160">#132160</a> to avoid having user arguments shadowed in generated <code>__new__</code> by <code>@typing_extensions.deprecated</code>. Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.1 (April 3, 2025)</h1> <p>Bugfixes:</p> <ul> <li>Fix regression in 4.13.0 on Python 3.10.2 causing a <code>TypeError</code> when using <code>Concatenate</code>. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix <code>TypeError</code> when using <code>evaluate_forward_ref</code> on Python 3.10.1-2 and 3.9.8-10. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> </ul> <h1>Release 4.13.0 (March 25, 2025)</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6096cb4054
|
Bump phonenumbers from 9.0.2 to 9.0.8 (#18652)
Bumps [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) from 9.0.2 to 9.0.8. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
fc710c4804
|
Bump attrs from 24.2.0 to 25.3.0 (#18649)
Bumps [attrs](https://github.com/sponsors/hynek) from 24.2.0 to 25.3.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sponsors/hynek/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
4ad93b296f
|
Bump authlib from 1.5.2 to 1.6.0 (#18642)
Bumps [authlib](https://github.com/authlib/authlib) from 1.5.2 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <ul> <li>Fix issue when <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a> is enabled and the authorization endpoint response is not a redirection. [pull request <a href="https://redirect.github.com/authlib/authlib/issues/733">#733</a>](<a href="https://redirect.github.com/authlib/authlib/pull/733">authlib/authlib#733</a>)</li> <li>Fix missing state parameter in authorization error responses. [issue <a href="https://redirect.github.com/authlib/authlib/issues/525">#525</a>](<a href="https://redirect.github.com/authlib/authlib/issues/525">authlib/authlib#525</a>)</li> <li>Support for acr and amr claims in id_token. [issue <a href="https://redirect.github.com/authlib/authlib/issues/734">#734</a>](<a href="https://redirect.github.com/authlib/authlib/issues/734">authlib/authlib#734</a>)</li> <li>Support for the none JWS algorithm.</li> <li>Fix response_types strict order during dynamic client registration. [issue <a href="https://redirect.github.com/authlib/authlib/issues/760">#760</a>](<a href="https://redirect.github.com/authlib/authlib/issues/760">authlib/authlib#760</a>)</li> <li>Implement <a href="https://datatracker.ietf.org/doc/html/rfc9101.html">RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</a>. [issue <a href="https://redirect.github.com/authlib/authlib/issues/723">#723</a>](<a href="https://redirect.github.com/authlib/authlib/issues/723">authlib/authlib#723</a>)</li> <li>OIDC <a href="https://docs.authlib.org/en/latest/specs/oidc.html#authlib.oidc.core.UserInfoEndpoint">UserInfo endpoint</a> support. [issue <a href="https://redirect.github.com/authlib/authlib/issues/459">#459</a>](<a href="https://redirect.github.com/authlib/authlib/issues/459">authlib/authlib#459</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 <9207></code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> <li>Fix missing <code>state</code> parameter in authorization error responses. :issue:<code>525</code></li> <li>Support for <code>acr</code> and <code>amr</code> claims in <code>id_token</code>. :issue:<code>734</code></li> <li>Support for the <code>none</code> JWS algorithm.</li> <li>Fix <code>response_types</code> strict order during dynamic client registration. :issue:<code>760</code></li> <li>Implement :rfc:<code>RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101></code>. :issue:<code>723</code></li> <li>OIDC :class:<code>UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint></code> support. :issue:<code>459</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
acabececc4
|
Bump ijson from 3.3.0 to 3.4.0 (#18650)
Bumps [ijson](https://github.com/ICRAR/ijson) from 3.3.0 to 3.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ICRAR/ijson/blob/master/CHANGELOG.md">ijson's changelog</a>.</em></p> <blockquote> <h2>[3.4.0]</h2> <ul> <li>Added support for PEP 489 multi-phase initialisation and per-module state for our C extension, allowing us to support sub-interpreters with per-interpreter GIL.</li> <li>Advertise support for free-threading python mode.</li> <li>Removed support for Python < 3.9.</li> <li>Enhanced generators so they yield all possible results to users before errors are raised (<a href="https://redirect.github.com/ICRAR/ijson/issues/123">#123</a>).</li> <li>Added <code>ijson.ALL_BACKENDS</code> constant listing all supported backends (which might or not be available at runtime).</li> <li>Added a <code>capabilities</code> constant to each backend describing which capabilities it supports.</li> <li>Exposing backend's name under <code><backend>.backend_name</code>, and default backend's name under <code>ijson.backend_name</code>. This is similar to the already existing <code>name</code> constant, only slightly better named to hopefully avoid confusion.</li> <li>Restructured source code so all code lives under <code>src/</code>, and the <code>ijson.backends._yajl2</code> extension under <code>src/ijson/backends/ext/_yajl2</code>. This allows C backend tests to actually run on cibuildwheel.</li> <li>Improved performance of <code>parse</code> routine in C backend by ~4%.</li> <li>Fixed several potential stability issues in C backend around correct error handling.</li> <li>Fixed corner-case wrong behaviour of <code>yajl2_c</code> backend, which didn't work correctly with user-provided event names.</li> <li>Pointing to our own fork of yajl (for when we build it ourselves) that contains fixes for all known CVEs (<a href="https://redirect.github.com/ICRAR/ijson/issues/126">#126</a>).</li> <li>Removed leftover compatibility bits in the C backend.</li> <li>Fixed potential issue with <code>yajl</code> and <code>yajl2</code> backends where crashes could occur at interpreter shutdown.</li> <li>Removed tox.</li> <li>Moved static project metadata to <code>pyproject.toml</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |