Version 0.7.3
* Add support for PEP 570 (positional-only keyword parameters) changes to CodeType
in Python 3.8.
Version 0.7.2
* Add support for Python 3.8.
0.13.0:
Add new Wildcard fields
Fix ABC deprecation warnings
Fix @api.expect(..., validate=False) decorators for an :class:`Api` where validate=True is set on the constructor
Ensure basePath is always a path
Hide Namespaces with all hidden Resources from Swagger documentation
Per route Swagger documentation for multiple routes on a Resource
Changelog:
Changes
Always set the display name for user shares (server#16254)
Prevent undefined offset 0 in findByUserIdOrMail (server#16325)
Use HTTP1.1 to read S3 objects (server#16330)
Bump lodash.mergewith from 4.6.1 to 4.6.2 (server#16338)
Bump lodash.merge from 4.6.1 to 4.6.2 (server#16341)
Bump lodash from 4.17.11 to 4.17.13 (server#16352)
Addsubtag should push to array (server#16405)
Add catch for RuntimeException (server#16414)
Only prevent disabling encrytion via the API (server#16425)
Do not keep searching for recent (server#16432)
Update operationprogressbar.js (server#16437)
Fix File#putContents(string) on ObjectStorage (server#16444)
Pass $configargs to openssl_pkey_export (server#16500)
Nested recursion breaking max nested level for parent comment calculation (server#16524)
Allow hidden smb shares (server#16527)
Allow to provide supported calendar component set internally as a string (server#16536)
Lock SCSS so we only run 1 job at a time (server#16541)
Fix max contrast retrieval to limit minimum color for relative time (server#16543)
Supresses disclosing the userid for LDAP users in the welcome mail (server#16561)
Use a pattern to identify sensitive config keys (server#16562)
Do not log locked files (server#16564)
Log email shares in admin_audit log (server#16566)
Change send to sent (server#16567)
Do not log all locked exceptions (server#16578)
Check the if we can actually access the storage cache for recent files (server#16598)
Set proper defaults for v-tooltip usages (server#16607)
Fix/xss/on favorite file (server#16610)
Log circles and remote shares in admin_audit (server#16627)
Make sure we only fetch the file by id for the actual owner (server#16630)
Remove unncessary code block in share recommendations, fixed undefined var error (server#16633)
Files_external: proper user context for sharing (server#16637)
Properly return an int in the getId function of the cache (server#16689)
Fix enable/disable user audit message (server#16691)
Delay sending event from app init to when they are needed (server#16695)
Fix download button shown in public share page with hidden downloads (files_pdfviewer#145)
Change name from 'Text editor' to 'Plain text editor' to prevent confusion with 'Text' (files_texteditor#169)
Run drone for webpack build (files_texteditor#176)
Bump lodash from 4.17.11 to 4.17.14 (files_videoplayer#135)
Bump lodash.mergewith from 4.6.1 to 4.6.2 (firstrunwizard#199)
Bump lodash.merge from 4.6.1 to 4.6.2 (firstrunwizard#200)
Bump lodash from 4.17.11 to 4.17.14 (firstrunwizard#202)
Bump fstream from 1.0.11 to 1.0.12 (firstrunwizard#205)
Bump lodash from 4.17.11 to 4.17.13 (notifications#376)
Trim the subject before encrypting the subject (notifications#384)
Align the notification subject vertically to the icon (notifications#390)
Fix notification body text alignment and text contrast (notifications#391)
Fix mention and actions layout (notifications#392)
Bump lodash.mergewith from 4.6.1 to 4.6.2 (recommendations#105)
Bump lodash from 4.17.11 to 4.17.14 (recommendations#107)
Bump tar from 2.2.1 to 2.2.2 (recommendations#120)
Bump cypress-image-snapshot from 3.0.1 to 3.0.2 (viewer#102)
Bump babel-loader from 8.0.5 to 8.0.6 (viewer#103)
Bump cypress-file-upload from 3.1.1 to 3.1.2 (viewer#104)
Bump @babel/preset-env from 7.4.4 to 7.4.5 (viewer#109)
Bump eslint-plugin-node from 9.0.1 to 9.1.0 (viewer#116)
Bump cypress-testing-library from 3.0.1 to 4.0.0 (viewer#119)
Bump nextcloud-vue from 0.11.3 to 0.11.4 (viewer#121)
Bump webpack-cli from 3.3.2 to 3.3.3 (viewer#127)
Bump file-loader from 3.0.1 to 4.0.0 (viewer#130)
Bump cypress-image-snapshot from 3.1.0 to 3.1.1 (viewer#131)
Bump webpack from 4.33.0 to 4.34.0 (viewer#135)
Bump cypress-file-upload from 3.1.2 to 3.1.3 (viewer#137)
Bump webpack-cli from 3.3.3 to 3.3.4 (viewer#138)
Bump nextcloud-server from 0.15.9 to 0.15.10 (viewer#139)
Bump webpack from 4.34.0 to 4.35.0 (viewer#144)
Bump eslint-plugin-vue from 5.2.2 to 5.2.3 (viewer#152)
Bump webpack-cli from 3.3.4 to 3.3.5 (viewer#153)
Bump eslint-plugin-promise from 4.1.1 to 4.2.1 (viewer#154)
Bump url-loader from 2.0.0 to 2.0.1 (viewer#155)
Bump eslint-plugin-import from 2.17.3 to 2.18.0 (viewer#156)
Bump eslint-loader from 2.1.2 to 2.2.1 (viewer#165)
Bump webpack from 4.35.2 to 4.35.3 (viewer#176)
Bump stylelint-scss from 3.8.0 to 3.9.1 (viewer#178)
Bump eslint-plugin-import from 2.18.0 to 2.18.2 (viewer#182)
Bump webpack-cli from 3.3.5 to 3.3.6 (viewer#187)
Bump vue-loader from 15.7.0 to 15.7.1 (viewer#188)
Bump webpack from 4.35.3 to 4.36.1 (viewer#189)
Bump webpack from 4.36.1 to 4.38.0 (viewer#194)
Bump url-loader from 2.0.1 to 2.1.0 (viewer#196)
Bump lodash from 4.17.11 to 4.17.15 (viewer#201)
Bump webpack from 4.38.0 to 4.39.0 (viewer#202)
Bump webpack from 4.39.0 to 4.39.1 (viewer#204)
Detect and switch fullscreen (viewer#47)
Update version on master (viewer#66)
Test actions (viewer#67)
Revert "Test actions" (viewer#68)
Bump nextcloud-vue from 0.9.5 to 0.10.0 (viewer#69)
Bump eslint-plugin-import from 2.16.0 to 2.17.2 (viewer#70)
Bump eslint-import-resolver-webpack from 0.11.0 to 0.11.1 (viewer#71)
Bump webpack from 4.29.6 to 4.30.0 (viewer#72)
Fix/loading/race condition (viewer#73)
Bump webpack-cli from 3.3.1 to 3.3.2 (viewer#90)
Bump eslint-plugin-node from 8.0.1 to 9.0.1 (viewer#92)
Bump webpack from 4.30.0 to 4.31.0 (viewer#96)
- Added ability to store accumulated processing time into DB_GEN_STATS tcb
file via '--accumulated-time' command line option.
- Added additional Apache status codes to the list.
- Added a few feed readers to the list.
- Added 'Android 8 Oreo' to the list of OSs.
- Added 'Android Pie 9' to the list of OSs.
- Added --anonymize-ip command line option to anonymize ip addresses.
- Added --browsers-file command line option to load a list of crawlers from a
text file.
- Added byte unit (PiB) to C formatter and refactored code.
- Added byte unit (PiB) to JS formatter.
- Added Chinese translation (i18n).
- Added French translation (i18n).
- Added '%h' date specifier to the allowed date character specifiers.
- Added "HeadlessChrome" to the list of browsers.
- Added --hide-referer command line option to hide referers from report.
- Added HTTP status code 429 (TOO MANY REQUESTS).
- Added IGNORE_LEVEL_PANEL and IGNORE_LEVEL_REQ definitions.
- Added --ignore-referer-report command line option to hide referers from
output.
- Added Japanese translation (i18n).
- Added macOS 10.14 Mojave to the list of OSs.
- Added "Mastodon" user-agent to the list of crawlers/unix-like.
- Added new fontawesome icons and use angle arrows in HTML paging.
- Added new purple theme to HTML report and default to it.
- Added --no-parsing-spinner command line option to switch off parsing
spinner.
- Added .ogv and ogg static file extension (ogg video, Ogg Vorbis audio).
- Added OS X version numbers when outputting with --real-os.
- Added parsing mechanism in an attempt capture more bots and to include
unspecified bots/crawlers.
- Added --pidfile command line option to the default config file.
- Added Spanish translation (i18n).
- Added SSL support for Docker goaccess build.
- Added support to the WebSocket server for openssl-1.1*.
- Added the ability to show/hide a chart per panel in the HTML report.
- Added transparency to the navigation bar of the HTML report.
- Added "WhatsApp" user-agent to the list of crawlers.
- Changed default db folder so it adds the process id (PID). --db-path is
required now when using --load-from-disk.
- Changed Dockerfile to build from the current source.
- Changed 'hits' to be right-aligned on TUI.
- Changed to use faster slide animations on HTML report.
- Changed wording from 'Bandwidth' to the proper term 'Tx. Amount'.
- Ensure database filenames used by btree are less predictable.
- Ensure HTML templates, CSS and JS files are minified when outputting
report.
- Ensure key phrases from Google are added even when https is used.
- Ensure live report updates data & charts if tab/document has focus.
- Ensure multiple 'Yandex' crawlers are properly parsed.
- Ensure Safari has priority over most crawlers except the ones that are
known to have it.
- Ensure the request protocol on its own is properly parsed.
- Ensure the right number of tests are performed against the given log.
- Ensure user configuration is parsed first when available.
- Ensure wss:// is used when connecting via HTTPS.
- Ensure XFF parser takes into account escaped braces.
- Fixed a regression where fifo-in/out would fail with ENXIO.
- Fixed a regression where it would return EXIT_FAILURE on an empty log.
- Fixed a (ssh) pipeline problem with fgetline()/fgets() when there is a race
for data on stdin.
- Fixed broken X-Forwarded-For (XFF) %~ specifier in certain parsing cases.
- Fixed conf.filenames duplication problem if logs are via pipe.
- Fixed float percent value on JSON/HTML output for locales using decimal comma.
- Fixed issue where it was not possible to establish a Web Socket connection
when attempting to parse and extract HTTP method.
- Fixed issue where log formats with pipe delimiter were not propely parsed.
- Fixed memory leak after config file path has been set (housekeeping).
- Fixed memory leak when adding host to holder introduced in c052d1ea.
- Fixed possible memory leak when hiding specific referrers.
- Fixed several JS jshint warnings.
- Fixed sudo installs on TravisCI.
- Fixed UNDEFINED time range in HTML report when VISITORS panel was ignored.
- Fixed unnecessary closing span tags from template.
- Fixed use-after-free when two color items were found on color_list.
Kore is an easy to use web application framework for writing scalable
web APIs in C.
Its main goals are security, scalability and allowing rapid development
and deployment of such APIs. Because of this Kore is an ideal candidate
for building robust, scalable and secure web things.
OK kamil@
6.0.1
- Attempt to re-establish websocket connection to Gateway
- Add missing react-dom js to package data
6.0
This is the first major release of the Jupyter Notebook since version 5.0 (March 2017).
We encourage users to start trying JupyterLab, which has just announced it's 1.0 release in preparation
for a future transition.
- Remove Python 2.x support in favor of Python 3.5 and higher.
- Multiple accessibility enhancements and bug-fixes.
- Multiple translation enhancements and bug-fixes.
- Remove deprecated ANSI CSS styles.
- Native support to forward requests to Jupyter Gateway(s) (Embedded NB2KG).
- Use JavaScript to redirect users to notebook homepage.
- Enhanced SSL/TLS security by using PROTOCOL_TLS which selects the highest ssl/tls
protocol version available that both the client and server support. When PROTOCOL_TLS
is not available use PROTOCOL_SSLv23.
- Add ?no_track_activity=1 argument to allow API requests.
to not be registered as activity (e.g. API calls by external activity monitors).
- Kernels shutting down due to an idle timeout is no longer considered
an activity-updating event.
- Further improve compatibility with tornado 6 with improved
checks for when websockets are closed.
- Launch the browser with a local file which redirects to the server address including
the authentication token. This prevents another logged-in user from stealing the token
from command line arguments and authenticating to the server.
The single-use token previously used to mitigate this has been removed.
Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Respect nbconvert entrypoints as sources for exporters
- Update to CodeMirror to 5.37, which includes f-string syntax for Python 3.6.
- Update jquery-ui to 1.12
- Execute cells by clicking icon in input prompt.
- New "Save as" menu option.
- When serving on a loopback interface, protect against DNS rebinding by
checking the Host header from the browser.
This check can be disabled if necessary by setting
NotebookApp.allow_remote_access.
(Disabled by default while we work out some Mac issues in :ghissue:3754).
- Add kernel_info_timeout traitlet to enable restarting slow kernels.
- Add custom_display_host config option to override displayed URL.
- Add /metrics endpoint for Prometheus Metrics.
- Optimize large file uploads.
- Allow access control headers to be overriden in jupyter_notebook_config.py to support
greater CORS and proxy configuration flexibility.
- Add support for terminals on windows.
- Add a "restart and run all" button to the toolbar.
- Frontend/extension-config: allow default json files in a .d directory.
- Allow setting token via jupyter_token env.
- Cull idle kernels using --MappingKernelManager.cull_idle_timeout.
- Allow read-only notebooks to be trusted.
- Convert JS tests to Selenium.
Security Fixes included in previous minor releases of Jupyter Notebook and also included in version 6.0.
- Fix Open Redirect vulnerability (CVE-2019-10255)
where certain malicious URLs could redirect from the Jupyter login page
to a malicious site after a successful login.
- Contains a security fix for a cross-site inclusion (XSSI) vulnerability (CVE-2019–9644),
where files at a known URL could be included in a page from an unauthorized website if
the user is logged into a Jupyter server. The fix involves setting the
X-Content-Type-Options: nosniff header, and applying CSRF checks previously on all
non-GET API requests to GET requests to API endpoints and the /files/ endpoint.
- Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability.
Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
access.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
assigned CVE-2018-14041 <https://nvd.nist.gov/vuln/detail/CVE-2018-14041>_.
- Contains a security fix preventing malicious directory names
from being able to execute javascript.
- Contains a security fix preventing nbconvert endpoints from executing javascript with
access to the server API. CVE request pending.
Scrapy 1.7.3:
Enforce lxml 4.3.5 or lower for Python 3.4 (issue 3912, issue 3918).
Scrapy 1.7.2:
Fix Python 2 support (issue 3889, issue 3893, issue 3896).
Scrapy 1.7.1:
Re-packaging of Scrapy 1.7.0, which was missing some changes in PyPI.
Scrapy 1.7.0:
Highlights:
Improvements for crawls targeting multiple domains
A cleaner way to pass arguments to callbacks
A new class for JSON requests
Improvements for rule-based spiders
New features for feed exports
Backward-incompatible changes
429 is now part of the RETRY_HTTP_CODES setting by default
This change is backward incompatible. If you don’t want to retry 429, you must override RETRY_HTTP_CODES accordingly.
Crawler, CrawlerRunner.crawl and CrawlerRunner.create_crawler no longer accept a Spider subclass instance, they only accept a Spider subclass now.
Spider subclass instances were never meant to work, and they were not working as one would expect: instead of using the passed Spider subclass instance, their from_crawler method was called to generate a new instance.
Non-default values for the SCHEDULER_PRIORITY_QUEUE setting may stop working. Scheduler priority queue classes now need to handle Request objects instead of arbitrary Python data structures.
New features
A new scheduler priority queue, scrapy.pqueues.DownloaderAwarePriorityQueue, may be enabled for a significant scheduling improvement on crawls targetting multiple web domains, at the cost of no CONCURRENT_REQUESTS_PER_IP support (issue 3520)
A new Request.cb_kwargs attribute provides a cleaner way to pass keyword arguments to callback methods (issue 1138, issue 3563)
A new JSONRequest class offers a more convenient way to build JSON requests (issue 3504, issue 3505)
A process_request callback passed to the Rule constructor now receives the Response object that originated the request as its second argument (issue 3682)
A new restrict_text parameter for the LinkExtractor constructor allows filtering links by linking text (issue 3622, issue 3635)
A new FEED_STORAGE_S3_ACL setting allows defining a custom ACL for feeds exported to Amazon S3 (issue 3607)
A new FEED_STORAGE_FTP_ACTIVE setting allows using FTP’s active connection mode for feeds exported to FTP servers (issue 3829)
A new METAREFRESH_IGNORE_TAGS setting allows overriding which HTML tags are ignored when searching a response for HTML meta tags that trigger a redirect (issue 1422, issue 3768)
A new redirect_reasons request meta key exposes the reason (status code, meta refresh) behind every followed redirect (issue 3581, issue 3687)
The SCRAPY_CHECK variable is now set to the true string during runs of the check command, which allows detecting contract check runs from code (issue 3704, issue 3739)
A new Item.deepcopy() method makes it easier to deep-copy items (issue 1493, issue 3671)
CoreStats also logs elapsed_time_seconds now (issue 3638)
Exceptions from ItemLoader input and output processors are now more verbose (issue 3836, issue 3840)
Crawler, CrawlerRunner.crawl and CrawlerRunner.create_crawler now fail gracefully if they receive a Spider subclass instance instead of the subclass itself (issue 2283, issue 3610, issue 3872)
Bug fixes
process_spider_exception() is now also invoked for generators (issue 220, issue 2061)
System exceptions like KeyboardInterrupt are no longer caught (issue 3726)
ItemLoader.load_item() no longer makes later calls to ItemLoader.get_output_value() or ItemLoader.load_item() return empty data (issue 3804, issue 3819)
The images pipeline (ImagesPipeline) no longer ignores these Amazon S3 settings: AWS_ENDPOINT_URL, AWS_REGION_NAME, AWS_USE_SSL, AWS_VERIFY (issue 3625)
Fixed a memory leak in MediaPipeline affecting, for example, non-200 responses and exceptions from custom middlewares (issue 3813)
Requests with private callbacks are now correctly unserialized from disk (issue 3790)
FormRequest.from_response() now handles invalid methods like major web browsers
DIST_SUBDIR no longer contains version suffix to prevent distfiles clutter.
Changes since 1.28.1:
* DB-2245: merge with Firefox 68.0.2
* DB-2245: Update to 1.28.2
* DB-2250: fixed about dialog license link
* DB-2247: fix texts on Profile Downgrade dialog
* DB-2246: fallback to textValue as url value
5.6.0:
Significant Changes
Jupter Client Pin
The jupyter_client dependency is now pinned to >5.3.1. This is done to support the Parallel NBConvert below, and future versions may require interface changes from that version.
Parallel NBConvert
NBConvert --execute can now be run in parallel via threads, multiprocessing, or async patterns! This means you can now parallelize nbconvert via a bash loop, or a python concurrency pattern and it should be able to execute those notebooks in parallel.
Kernels have varying support for safe concurrent execution. The ipython kernel (ipykernel version 1.5.2 and higher) should be safe to run concurrently using Python 3. However, the Python 2 ipykernel does not always provide safe concurrent execution and sometimes fails with a socket bind exception. Unlike ipykernel which is maintained by the project, other community-maintained kernels may have varying support for concurrent execution, and these kernels were not tested heavily.
Issues for nbconvert can be viewed here:
.. note: We'll keep an eye for issues related to this new capability and try to quickly patch any discovered issues post release. The improvement required touching three projects with separate releases, so if you do find an issue try upgrading dependencies and listing your dependencies for your environment when reporting.
Execute Loop Rewrite
This release completely rewrote the execution loop responsible for monitoring kernel messages until cell execution is completed. This removes an error where kernel messages could be dropped if too many were posted too quickly. Furthermore, the change means that messages are not buffered. Now, messages can be logged immediately rather than waiting for the cell to terminate.
Comprehensive notes
New Features
- Make a default global location for custom user templates
- Parallel execution improvements
- Added store_history option to preprocess_cell and run_cell
- Simplify the function signature for preprocess()
- Set flag to not always stop kernel execution on errors
- setup_preprocessor passes kwargs to start_new_kernel
Fixing Problems
- Very fast stream outputs no longer drop some messages
- LaTeX errors now properly raise exceptions
- Improve template whitespacing
- Fixes for character in LaTeX exports and filters
- Mistune pinned in preparation for 2.0 release
- Require mock only on Python 2
- Fix selection of mimetype when converting to HTML
- Correct a few typos
- Update export_from_notebook names
- Dedenting html in ExtractOutputPreprocessor
- Fix backwards incompatibility with markdown2html
- Fixed html image tagging
- Remove unnecessary css
Testing, Docs, and Builds
- Pip-install nbconvert on readthedocs.org
- Fix various doc build issues
- Add issue templates
- Added instructions for bumping the version forward when releasing
- Fix Testing on Windows
- Refactored test_run_notebooks
- Fixed documentation typos
1.9.3
- **FIX**: [attr!=value] pattern was mistakenly using :not([attr|=value]) logic instead of :not([attr=value]).
- **FIX**: Remove undocumented _QUIRKS mode flag. Beautiful Soup was meant to use it to help with transition to Soup
Sieve, but never released with it. Help with transition at this point is no longer needed.
Git 2.23 Release Notes
======================
Updates since v2.22
-------------------
Backward compatibility note
* The "--base" option of "format-patch" computed the patch-ids for
prerequisite patches in an unstable way, which has been updated to
compute in a way that is compatible with "git patch-id --stable".
* The "git log" command by default behaves as if the --mailmap option
was given.
UI, Workflows & Features
* The "git fast-export/import" pair has been taught to handle commits
with log messages in encoding other than UTF-8 better.
* In recent versions of Git, per-worktree refs are exposed in
refs/worktrees/<wtname>/ hierarchy, which means that worktree names
must be a valid refname component. The code now sanitizes the names
given to worktrees, to make sure these refs are well-formed.
* "git merge" learned "--quit" option that cleans up the in-progress
merge while leaving the working tree and the index still in a mess.
* "git format-patch" learns a configuration to set the default for
its --notes=<ref> option.
* The code to show args with potential typo that cannot be
interpreted as a commit-ish has been improved.
* "git clone --recurse-submodules" learned to set up the submodules
to ignore commit object names recorded in the superproject gitlink
and instead use the commits that happen to be at the tip of the
remote-tracking branches from the get-go, by passing the new
"--remote-submodules" option.
* The pattern "git diff/grep" use to extract funcname and words
boundary for Matlab has been extend to cover Octave, which is more
or less equivalent.
* "git help git" was hard to discover (well, at least for some
people).
* The pattern "git diff/grep" use to extract funcname and words
boundary for Rust has been added.
* "git status" can be told a non-standard default value for the
"--[no-]ahead-behind" option with a new configuration variable
status.aheadBehind.
* "git fetch" and "git pull" reports when a fetch results in
non-fast-forward updates to let the user notice unusual situation.
The commands learned "--no-show-forced-updates" option to disable
this safety feature.
* Two new commands "git switch" and "git restore" are introduced to
split "checking out a branch to work on advancing its history" and
"checking out paths out of the index and/or a tree-ish to work on
advancing the current history" out of the single "git checkout"
command.
* "git branch --list" learned to always output the detached HEAD as
the first item (when the HEAD is detached, of course), regardless
of the locale.
* The conditional inclusion mechanism learned to base the choice on
the branch the HEAD currently is on.
* "git rev-list --objects" learned the "--no-object-names" option to
squelch the path to the object that is used as a grouping hint for
pack-objects.
* A new tag.gpgSign configuration variable turns "git tag -a" into
"git tag -s".
* "git multi-pack-index" learned expire and repack subcommands.
* "git blame" learned to "ignore" commits in the history, whose
effects (as well as their presence) get ignored.
* "git cherry-pick/revert" learned a new "--skip" action.
* The tips of refs from the alternate object store can be used as
starting point for reachability computation now.
* Extra blank lines in "git status" output have been reduced.
* The commits in a repository can be described by multiple
commit-graph files now, which allows the commit-graph files to be
updated incrementally.
* "git range-diff" output has been tweaked for easier identification
of which part of what file the patch shown is about.
Performance, Internal Implementation, Development Support etc.
* Update supporting parts of "git rebase" to remove code that should
no longer be used.
* Developer support to emulate unsatisfied prerequisites in tests to
ensure that the remainder of the tests still succeeds when tests
with prerequisites are skipped.
* "git update-server-info" learned not to rewrite the file with the
same contents.
* The way of specifying the path to find dynamic libraries at runtime
has been simplified. The old default to pass -R/path/to/dir has been
replaced with the new default to pass -Wl,-rpath,/path/to/dir,
which is the more recent GCC uses. Those who need to build with an
old GCC can still use "CC_LD_DYNPATH=-R"
* Prepare use of reachability index in topological walker that works
on a range (A..B).
* A new tutorial targeting specifically aspiring git-core
developers has been added.
* Auto-detect how to tell HP-UX aCC where to use dynamically linked
libraries from at runtime.
* "git mergetool" and its tests now spawn fewer subprocesses.
* Dev support update to help tracing out tests.
* Support to build with MSVC has been updated.
* "git fetch" that grabs from a group of remotes learned to run the
auto-gc only once at the very end.
* A handful of Windows build patches have been upstreamed.
* The code to read state files used by the sequencer machinery for
"git status" has been made more robust against a corrupt or stale
state files.
* "git for-each-ref" with multiple patterns have been optimized.
* The tree-walk API learned to pass an in-core repository
instance throughout more codepaths.
* When one step in multi step cherry-pick or revert is reset or
committed, the command line prompt script failed to notice the
current status, which has been improved.
* Many GIT_TEST_* environment variables control various aspects of
how our tests are run, but a few followed "non-empty is true, empty
or unset is false" while others followed the usual "there are a few
ways to spell true, like yes, on, etc., and also ways to spell
false, like no, off, etc." convention.
* Adjust the dir-iterator API and apply it to the local clone
optimization codepath.
* We have been trying out a few language features outside c89; the
coding guidelines document did not talk about them and instead had
a blanket ban against them.
* A test helper has been introduced to optimize preparation of test
repositories with many simple commits, and a handful of test
scripts have been updated to use it.
Fixes since v2.22
-----------------
* A relative pathname given to "git init --template=<path> <repo>"
ought to be relative to the directory "git init" gets invoked in,
but it instead was made relative to the repository, which has been
corrected.
* "git worktree add" used to fail when another worktree connected to
the same repository was corrupt, which has been corrected.
* The ownership rule for the file descriptor to fast-import remote
backend was mixed up, leading to an unrelated file descriptor getting
closed, which has been fixed.
* A "merge -c" instruction during "git rebase --rebase-merges" should
give the user a chance to edit the log message, even when there is
otherwise no need to create a new merge and replace the existing
one (i.e. fast-forward instead), but did not. Which has been
corrected.
* Code cleanup and futureproof.
* More parameter validation.
* "git update-server-info" used to leave stale packfiles in its
output, which has been corrected.
* The server side support for "git fetch" used to show incorrect
value for the HEAD symbolic ref when the namespace feature is in
use, which has been corrected.
* "git am -i --resolved" segfaulted after trying to see a commit as
if it were a tree, which has been corrected.
* "git bundle verify" needs to see if prerequisite objects exist in
the receiving repository, but the command did not check if we are
in a repository upfront, which has been corrected.
* "git merge --squash" is designed to update the working tree and the
index without creating the commit, and this cannot be countermanded
by adding the "--commit" option; the command now refuses to work
when both options are given.
* The data collected by fsmonitor was not properly written back to
the on-disk index file, breaking t7519 tests occasionally, which
has been corrected.
* Update to Unicode 12.1 width table.
* The command line to invoke a "git cat-file" command from inside
"git p4" was not properly quoted to protect a caret and running a
broken command on Windows, which has been corrected.
* "git request-pull" learned to warn when the ref we ask them to pull
from in the local repository and in the published repository are
different.
* When creating a partial clone, the object filtering criteria is
recorded for the origin of the clone, but this incorrectly used a
hardcoded name "origin" to name that remote; it has been corrected
to honor the "--origin <name>" option.
* "git fetch" into a lazy clone forgot to fetch base objects that are
necessary to complete delta in a thin packfile, which has been
corrected.
* The filter_data used in the list-objects-filter (which manages a
lazily sparse clone repository) did not use the dynamic array API
correctly---'nr' is supposed to point at one past the last element
of the array in use. This has been corrected.
* The description about slashes in gitignore patterns (used to
indicate things like "anchored to this level only" and "only
matches directories") has been revamped.
* The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.
* The list of for-each like macros used by clang-format has been
updated.
* "git branch --list" learned to show branches that are checked out
in other worktrees connected to the same repository prefixed with
'+', similar to the way the currently checked out branch is shown
with '*' in front.
(merge 6e9381469e nb/branch-show-other-worktrees-head later to maint).
* Code restructuring during 2.20 period broke fetching tags via
"import" based transports.
* The commit-graph file is now part of the "files that the runtime
may keep open file descriptors on, all of which would need to be
closed when done with the object store", and the file descriptor to
an existing commit-graph file now is closed before "gc" finalizes a
new instance to replace it.
* "git checkout -p" needs to selectively apply a patch in reverse,
which did not work well.
* Code clean-up to avoid signed integer wraparounds during binary search.
* "git interpret-trailers" always treated '#' as the comment
character, regardless of core.commentChar setting, which has been
corrected.
* "git stash show 23" used to work, but no more after getting
rewritten in C; this regression has been corrected.
* "git rebase --abort" used to leave refs/rewritten/ when concluding
"git rebase -r", which has been corrected.
* An incorrect list of options was cached after command line
completion failed (e.g. trying to complete a command that requires
a repository outside one), which has been corrected.
* The code to parse scaled numbers out of configuration files has
been made more robust and also easier to follow.
* The codepath to compute delta islands used to spew progress output
without giving the callers any way to squelch it, which has been
fixed.
* Protocol capabilities that go over wire should never be translated,
but it was incorrectly marked for translation, which has been
corrected. The output of protocol capabilities for debugging has
been tweaked a bit.
* Use "Erase in Line" CSI sequence that is already used in the editor
support to clear cruft in the progress output.
* "git submodule foreach" did not protect command line options passed
to the command to be run in each submodule correctly, when the
"--recursive" option was in use.
* The configuration variable rebase.rescheduleFailedExec should be
effective only while running an interactive rebase and should not
affect anything when running a non-interactive one, which was not
the case. This has been corrected.
* The "git clone" documentation refers to command line options in its
description in the short form; they have been replaced with long
forms to make them more recognisable.
* Generation of pack bitmaps are now disabled when .keep files exist,
as these are mutually exclusive features.
(merge 7328482253 ew/repack-with-bitmaps-by-default later to maint).
* "git rm" to resolve a conflicted path leaked an internal message
"needs merge" before actually removing the path, which was
confusing. This has been corrected.
* "git stash --keep-index" did not work correctly on paths that have
been removed, which has been fixed.
(merge b932f6a5e8 tg/stash-keep-index-with-removed-paths later to maint).
* Window 7 update ;-)
* A codepath that reads from GPG for signed object verification read
past the end of allocated buffer, which has been fixed.
* "git clean" silently skipped a path when it cannot lstat() it; now
it gives a warning.
* "git push --atomic" that goes over the transport-helper (namely,
the smart http transport) failed to prevent refs to be pushed when
it can locally tell that one of the ref update will fail without
having to consult the other end, which has been corrected.
* The internal diff machinery can be made to read out of bounds while
looking for --function-context line in a corner case, which has been
corrected.
(merge b777f3fd61 jk/xdiff-clamp-funcname-context-index later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge fbec05c210 cc/test-oidmap later to maint).
(merge 7a06fb038c jk/no-system-includes-in-dot-c later to maint).
(merge 81ed2b405c cb/xdiff-no-system-includes-in-dot-c later to maint).
(merge d61e6ce1dd sg/fsck-config-in-doc later to maint).
Changes:
* BREAKING
* Add pagination for admin api get orgs and fix only list public orgs bug (#7742) (#7752)
* SECURITY
* Be more strict with git arguments (#7715) (#7762)
* Release built with go 1.12.8 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA
* BUGFIXES
* Fix local runs of ssh-requiring integration tests (#7855) (#7857)
* Fix hook problem (#7856) (#7754)
* Use .ExpiredUnix.IsZero to display green color of forever valid gpg key (#7850) (#7846)
* Do not fetch all refs (#7797) (#7837)
* Fix duplicate call of webhook (#7824) (#7821)
* Enable switching to a different source branch when PR already exists (#7823)
* Rewrite existing repo units if setting is not included in api body (#7811)
* Prevent Commit Status and Message From Overflowing On Branch Page (#7800) (#7808)
* API: fix multiple bugs with statuses endpoints (Backport #7785) (#7807)
* Fix Slack webhook fork message (1.9 release backport) (#7783)
* Fix approvals counting (#7757) (#7777)
* Fix rename failed when rewrite public keys (#7761) (#7769)
* Fix dropTableColumns sqlite implementation (#7710) (#7765)
* Fix repo_index_status lingering when deleting a repository (#7738)
* Fix milestone completness calculation when migrating (#7725) (#7732)
* Fixes indexed repos keeping outdated indexes when files grow too large (#7731)
* Skip non-regular files (e.g. submodules) on repo indexing (#7717)
* Improve branches list performance and fix protected branch icon when no-login (#7695) (#7704)
* Correct wrong datetime format for git (#7689) (#7690)
Pkgsrc changelog :
* Some files do not exist anymore, so they were removed from installation
* Fixed compilation issue about signals
Some of the upstream changes :
* an HTML parser : pages are now parsed for additional elements (images,
js...) that are also requested ;
* improved memory management ;
* logging to a file is now disabled by default ;
* colored output can be disabled in the config file ;
* implement disable cache option.
Full changelog available here :
https://github.com/JoeDog/siege/blob/v4.0.4/ChangeLog
Changes:
0.3
---
- Improve documentation and add man pages for all tools
- Several tscrape_update improvements (making it more robust/verbose about
possible errors)
Upstream changes (from NEWS):
== Ruby-GNOME2 3.3.7: 2019-08-17
This is the bug fix release of 3.3.6.
=== Changes
==== Ruby/Pango
* Improvements
* (({Pango::AttrList#each})): Added.
* (({Pango::AttrType})): Added support for (({PANGO_ATTR_FONT_DESC})).
==== Ruby/GObjectIntrospection
* Improvements
* Added support for (({GHashTable<utf8, enum>})).
* Added support for GObject Introspection 1.60.0.
==== Ruby/Pango
* Improvements
* Added support for Pango 1.44.
[GitHub#1288][Reported by Toshiaki Asai]
==== Ruby/GTK3
* Fixes
* Fixed document markup.
[GitHub#1280][GitHub#1281][GitHub#1282][Patch by İsmail Arılık]
==== Ruby/WNCK3
* Added.
[GitHub#1284][Reported by Christopher L. Ramsey]
==== Ruby/libsecret
* Added.
=== Thanks
* İsmail Arılık
* Christopher L. Ramsey
* Toshiaki Asai
ChangeLog:
Logswan 2.0.4 (2019-08-16)
- Adding #include guard in compat header file
- Add an example log file and regenerate output example
- Add dependencies installation instructions for NetBSD and FreeBSD
- Add final dots for options descriptions
- Add final dot when printing results summary
- Use EXIT_SUCCESS and EXIT_FAILURE macros for return values
- Add a trailing newline when printing JSON output
OK kamil@
Changelog:
Fixed
Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Security fixes
#CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry
Changelog:
* make the warning in buildconf more clear, month
after noting that the hardfailure was not necessary.
* comment nroff parts of configure script, build +
check + release without groff tested succesfully on NetBSD 9.99.4
* Dependencies: python-3 is now supported (should be in curl
as well) for the tests. If python is required at all for
the tests needs to be looked at more closely. groff/nroff dropped.
The usual curl Changelog applies, consult https://curl.haxx.se for the
ChangeLog.
Changes with nginx 1.17.3
*) Security: when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
*) Bugfix: "zero size buf" alerts might appear in logs when using
gzipping; the bug had appeared in 1.17.2.
*) Bugfix: a segmentation fault might occur in a worker process if the
"resolver" directive was used in SMTP proxy.
Changes with nginx 1.17.2
*) Change: minimum supported zlib version is 1.2.0.4.
Thanks to Ilya Leoshkevich.
*) Change: the $r->internal_redirect() embedded perl method now expects
escaped URIs.
*) Feature: it is now possible to switch to a named location using the
$r->internal_redirect() embedded perl method.
*) Bugfix: in error handling in embedded perl.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if hash bucket size larger than 64 kilobytes was used
in the configuration.
*) Bugfix: nginx might hog CPU during unbuffered proxying and when
proxying WebSocket connections if the select, poll, or /dev/poll
methods were used.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_ssi_filter_module.
Changes with nginx 1.17.1
*) Feature: the "limit_req_dry_run" directive.
*) Feature: when using the "hash" directive inside the "upstream" block
an empty hash key now triggers round-robin balancing.
Thanks to Niklas Keller.
*) Bugfix: a segmentation fault might occur in a worker process if
caching was used along with the "image_filter" directive, and errors
with code 415 were redirected with the "error_page" directive; the
bug had appeared in 1.11.10.
*) Bugfix: a segmentation fault might occur in a worker process if
embedded perl was used; the bug had appeared in 1.7.3.
Changes with nginx 1.16.1
*) Security: when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Changes with Apache 2.4.41
*) SECURITY: CVE-2019-10081 (cve.mitre.org)
mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
could lead to an overwrite of memory in the pushing request's pool,
leading to crashes. The memory copied is that of the configured push
link header values, not data supplied by the client.
*) SECURITY: CVE-2019-9517 (cve.mitre.org)
mod_http2: a malicious client could perform a DoS attack by flooding
a connection with requests and basically never reading responses
on the TCP connection. Depending on h2 worker dimensioning, it was
possible to block those with relatively few connections.
*) SECURITY: CVE-2019-10098 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
*) SECURITY: CVE-2019-10092 (cve.mitre.org)
Remove HTML-escaped URLs from canned error responses to prevent misleading
text/links being displayed via crafted links.
*) SECURITY: CVE-2019-10097 (cve.mitre.org)
mod_remoteip: Fix stack buffer overflow and NULL pointer deference
when reading the PROXY protocol header.
*) SECURITY: CVE-2019-10082 (cve.mitre.org)
mod_http2: Using fuzzed network input, the http/2 session
handling could be made to read memory after being freed,
during connection shutdown.
*) mod_proxy_balancer: Improve balancer-manager protection against
XSS/XSRF attacks from trusted users.
*) mod_session: Introduce SessionExpiryUpdateInterval which allows to
configure the session/cookie expiry's update interval.
*) modules/filters: Fix broken compilation when using old GCC (<4.2.x).
*) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile
configured for a domain managed by mod_md.
nghttp2 v1.39.2
This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack.
Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall
v1.7.11
Implementation Changes
- Pass library and Python version in x-goog-api-client header
Documentation
- Fix typo in filename used in 'docs/auth.md'
Changelog:
Thu 01 Aug 2019 01:23:36 PM CEST
Releasing libmicrohttpd 0.9.66. -CG
Thu 01 Aug 2019 12:53:49 AM CEST
Fix issue with discarding unhandled upload data discovered
by Florian Dold. -CG
Mon 29 Jul 2019 08:01:50 PM CEST
Fix hanging situation with large transmission over upgraded
(i.e. Web socket) connection with epoll() and HTTPS enabled
(as reported by Viet on the mailinglist). -CG
Thu 25 Jul 2019 02:40:12 PM CEST
Fixing regression introduced in cc5032b85 (bit mask matching
of the header kinds in MHD_lookup_connection_value()), as
reported by Jose Bollo on the mailinglist. -CG/JB
Tue Jul 16 19:56:14 CEST 2019
Add MHD_OPTION_HTTPS_CERT_CALLBACK2 to allow OCSP stapling
and MHD_FEATURE_HTTPS_CERT_CALLBACK2 to check for. -TR
1.5.2:
* Selector.remove_namespaces received a significant performance improvement
* The value of data within the printable representation of a selector
(repr(selector)) now ends in ... when truncated, to make the
truncation obvious.
* Minor documentation improvements.
1.21.0:
- Add the encoding and path_encoding parameters to
:func:w3lib.url.safe_download_url
- :func:w3lib.url.safe_url_string now also removes tabs and new lines
- :func:w3lib.html.remove_comments now also removes truncated comments
- :func:w3lib.html.remove_tags_with_content no longer removes tags which
start with the same text as one of the specified tags
- Recommend pytest instead of nose to run tests
Perform common useful JavaScript operations in Shiny apps that will
greatly improve your apps without having to know any JavaScript.
Examples include: hiding an element, disabling an input, resetting an
input back to its original value, delaying code execution by a few
seconds, and many more useful functions for both the end user and the
developer. 'shinyjs' can also be used to easily call your own custom
JavaScript functions from R.
Makes it incredibly easy to build interactive web applications with R.
Automatic "reactive" binding between inputs and outputs and extensive
prebuilt widgets make it possible to build beautiful, responsive, and
powerful applications with minimal effort.
Provides low-level socket and protocol support for handling HTTP and
WebSocket requests directly from within R. It is primarily intended as
a building block for other packages, rather than making it
particularly easy to create complete web applications using httpuv
alone. httpuv is built on top of the libuv and http-parser C
libraries, both of which were developed by Joyent, Inc. (See LICENSE
file for libuv and http-parser license information.)
Useful tools for working with HTTP organised by HTTP verbs (GET(),
POST(), etc). Configuration functions make it easy to control
additional request components (authenticate(), add_headers() and so
on).
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
