The previous default (...) means "build the whole world", which is never
what you want. Instead, use "./...", which means "everything below the
top-level directory". According to the documentation, this is what was
meant the whole time.
This is probably a no-op because any useful Go package overrides this
currently.
no objection from wiz@
Changelog:
1.11.1.1155 (Aug 5, 2022)
* TDEPS-228 Add support for auto inferred Sourcehut git urls
* Update aws-api, Maven, etc dep versions
* Use tools.deps.alpha 0.14.1222
1.11.1.1149 (Jun 21, 2022)
* clj -Ttools install-latest - refine how versions are filtered, sorted, and
newest selected
* Update to tools.tools v0.2.8
* Use tools.deps.alpha 0.14.1212
1.11.1.1139 (Jun 16, 2022)
* Add clj -Ttools install-latest api function, examples:
* Install tool: clj -Ttools install-latest :lib io.github.clojure/
tools.deps.graph :as graph
* Update tool: clj -Ttools install-latest :tool graph
* Fix regression with clj -X:deps find-versions from 1.11.1.1119
* Output from clj -X:deps find-versions now provides :git/tag and :git/sha
* Update to tools.tools v0.2.6
* Use tools.deps.alpha 0.14.1205
1.11.1.1129 (Jun 14, 2022)
* Fix directory context of -X:deps prep with transitive local deps
* Use tools.deps.alpha 0.14.1194
1.11.1.1124 (Jun 11, 2022)
* Fix bug in TDEPS-213 change
* Use tools.deps.alpha 0.14.1189
1.11.1.1119 (Jun 9, 2022)
* TDEPS-213 - Add -X:deps aliases to list available aliases
* TDEPS-226 - More nunanced error handling for s3 downloads
* Better error message when git url can??t be inferred
* Use tools.deps.alpha 0.14.1185
1.11.1.1113 (Apr 25, 2022)
* TDEPS-153 - yet more fixes for errors during concurrent Maven downloads
* Use tools.deps.alpha 0.14.1178
1.11.1.1105 (Apr 5, 2022)
* Default to Clojure 1.11.1 if no Clojure version specified
1.11.0.1100 (Mar 28, 2022)
* Default to Clojure 1.11.0 if no Clojure version specified
* TDEPS-153 Fix concurrency issues in Maven artifact downloads
1.10.3.1087 (Feb 28, 2022)
* Fix error message when git url missing or not inferred
* Pass :exec-fn and :exec-args to -X/-T even when using -Scp
* TDEPS-222 Make Clojure dependency in pom a compile dependency, not provided
* TDEPS-203 In -X:deps prep - now takes basis settings, including aliases
* TDEPS-197 -X:deps git-resolve-tags - now resolves to :git/tag and :git/sha
* -X:deps tree - now takes basis settings
* -X:deps mvn-pom - now takes basis settings
* -X:deps list - put license abbreviation list in a resource and load on
demand
* Use tools.deps.alpha 0.12.1158
1.10.3.1075 (Feb 2, 2022)
* TDEPS-216 - Built-in :deps alias should remove project paths from classpath
* Improve error if git sha is not found in git repo
* Improve prep error if transtive dep??s prep function is unresolvable
* Bump AWS deps to latest versions
* Use tools.deps.alpha 0.12.1135
1.10.3.1069 (Jan 26, 2022)
* Update some Maven transitive deps to address some CVEs
* Update to tools.tools v0.2.5
* Add check to error on invocation of multiple exec functions
* Use tools.deps.alpha 0.12.1120
1.10.3.1058 (Jan 5, 2022)
* TDEPS-207 Fix deadlock in version range resolution
* TDEPS-215 Fix race condition during parallel loading of s3 transporter
* Don??t track local deps.edn manifest for caching if deps project doesn??t
have one
* Update maven-core to 3.8.4, aws libs, tools.build, tools.tools to latest
* Use tools.deps.alpha 0.12.1109
1.10.3.1040 (Dec 1, 2021)
* Add clj -X:deps list for listing the full transitive set of deps and their
license info - see docs
* Improved error handling for unknown tool with -T or -X:deps find-versions
* Use tools.deps.alpha 0.12.1084
1.10.3.1029 (Nov 8, 2021)
* TDEPS-212 Cover a much wider range of valid git dep urls, including git
file urls
* Use tools.deps.alpha 0.12.1071
1.10.3.1020 (Nov 5, 2021)
* TDEPS-83 Invalidate classpath cache when local dep manifests change
* Add new clj -X:deps list program to list the full lib set on the classpath,
see API docs for more info
* Bump deps to more recent versions - aws-api, jetty-client, etc
* Clean up exception handling for -X/-T
* Use tools.deps.alpha 0.12.1067
1.10.3.998 (Oct 26, 2021)
* Remove bottle :unneeded from brew formulas (no longer needed)
* TDEPS-209 Include only jar files in classpath from Maven artifacts
* Update to tools.tools v0.2.1 (minor improvements in clj -Ttools list)
* Use tools.deps.alpha 0.12.1058
1.10.3.986 (Sep 22, 2021)
* Fix nested session cache computation for local pom model building
* Use tools.deps.alpha 0.12.1048
1.10.3.981 (Sep 21, 2021)
* Update to latest AWS API libs
* Downgrade Maven resolver libs to better match Maven core libs
* Use tools.deps.alpha 0.12.1041
1.10.3.967 (Sep 1, 2021)
* Refine exec exceptions for missing namespace vs missing function in
namespace
* Replace Maven-based build process with tools.build
* Compile entry points in tools.deps used for building classpaths for
performance
* Use tools.deps.alpha 0.12.1036
1.10.3.943 (Aug 13, 2021)
* TDEPS-199 Use default http-client in S3 transporter
* Cache S3 transporter for a repo
* Fixed session cache to work properly across threads / binding stacks for
better perf
* Replace specific maven version range requests with non-range request to
reduce repo metadata lookups
* Load and cache Maven settings once for perf
* Cache version range resolution results for perf
* Use tools.deps.alpha 0.12.1019
1.10.3.933 (July 28, 2021)
* deps.edn
+ git deps
o If a git library name follows the repo convention names, the :git/
url can now be inferred (:git/url can also be specified explicitly
and takes precedence)
o :git/tag and prefix :git/sha can now be specified instead of the
full sha. Both must point to the same commit.
o :sha has been renamed to :git/sha but the original is still
supported for backwards compatibility
+ :deps/prep-lib - a new top-level key can be used to say how a source
lib should be prepared before being added to the classpath. This key??s
value is a map with :alias, :fn, and :ensures. See prep docs for more
info.
+ :tools/usage - a new top-level key can be used to provide the
:ns-default and :ns-aliases context for a tool
* Tools - git-based programs that can be installed with a local name. Tools
can provide their own usage context in deps.edn.
+ Added new auto-installed tool named tools with functions install, list,
remove. See reference.
+ Install a tool with clojure -Ttools install <lib> <coord> :as
<toolname>
+ Run a tool with clojure -T<toolname> fn (also takes -X style args)
* Clojure CLI
+ New -T option is like -X (executes a function) but does not use the
project classpath, instead uses tool classpath (and adds :paths ["."]
by default). -T:aliases is otherwise same as -X. -Ttoolname resolves
named tool by name and uses that tool lib.
+ TDEPS-198 - -X and -T will not wait to exit if futures/agents have been
used
+ TDEPS-182 - Improve deprecation messages to be more accurate
+ TDEPS-183 - Fix -Sdescribe output to be valid EDN on Windows
+ TDEPS-179 - Fix incorrect classpath when :classpath-overrides removes
path
+ Delay computation of local-repo path (don??t compute at load time)
+ Use tools.deps.alpha 0.12.1003
* New -X:deps programs:
+ find-versions - to find versions of Maven or git libs or tools
+ prep - use to prep source libs
+ help/dir - to list available functions in a tool namespace
+ help/doc - to list docs for a tool namespace or function
Read more at Source Libs and Builds.
1.10.3.855 (May 25, 2021)
* Fix in applying :jvm-opts with -X execution on Windows
1.10.3.849 (May 21, 2021)
* Adds support for a trailing map of kvs in -X calls (similar to Clojure 1.11
trailing map to vararg calls)
* Updates all Maven deps to latest (maven-resolver 1.7.0, maven core 1.8.3)
to address these security concerns
+ CVE-2020-13956 - bumps deps on Apache HttpClient used by Maven
+ CVE-2021-26291 - potential security problems regarding Maven
repositories:
o Due to the possibility of MITM (man in the middle) attacks, http
repo access is now blocked by default. tools.deps/Clojure CLI has
always used https repos in the default repository list (central and
clojars), so this mostly impacts any explicit http repositories
defined in deps.edn
o Concerns over the "hijacking" of repository urls by transitive pom
deps (or their super poms) to download artifacts from malicious
repos. Maven made no changes here, but did clarify how repos are
resolved on this page. From a deps perspective, we only use
repositories declared in the top-level deps.edn (if transitive deps
need a custom repo, you will need to add it at top-level too). For
tools.deps use of pom dependencies, we are providing the repos of
the top deps.edn file (which should always put Maven Central and
Clojars first), then deferring to Maven for the rest.
* Use tools.deps.alpha 0.11.922
1.10.3.839 (May 12, 2021)
* Fix Linux installer breakage in 1.10.3.833
1.10.3.833 (May 11, 2021)
* TDEPS-177 - Fix Maven mirrors to look up by id, not name
* Remove flag when fetching git deps so that older git versions work
* Tweak some warning messages
* Clean up scripts to simplify variable replacement
* Use tools.deps.alpha 0.11.918
1.10.3.822 (Apr 3, 2021)
* Fix issue with git deps where new commits on branches were not fetched
1.10.3.814 (Mar 16, 2021)
* git deps: switch from using jgit to shelling out to git (must be git >=
2.5)
+ New env vars for control:
o GITLIBS_COMMAND - command to invoke when shelling out to git,
default = git
o GITLIBS_DEBUG - set to true to print git commands and output to
stderr, default = false
* Made git fetch only when shas can??t be resolved to improve performance
* Bump dep versions for tools.cli and aws api to latest
* Use tools.deps.alpha 0.11.905
1.10.2.796 (Feb 23, 2021)
* Fix clj -X:deps git-resolve-tags to update the sha to match the tag
* Perf improvements for git or local deps using pom.xml
* Use tools.deps.alpha 0.9.884
1.10.2.790 (Feb 19, 2021)
* Add -version and --version options
* TDEPS-56 - Fix main-opts and jvm-opts word splitting on spaces
* TDEPS-125 - Use JAVA_CMD if set (thanks Gregor Middell!)
* Add warning if :paths or :extra-paths refers to a directory outside the
project root (in the future will become an error)
* Use tools.deps.alpha 0.9.871
1.10.2.774 (Jan 26, 2021)
* Improve error when git dep version relationship can??t be determined
* Switch to 1.10.2 for default Clojure version
* Use tools.deps.alpha 0.9.863
1.10.1.763 (Dec 10, 2020)
* Set exit code for -X ex-info error
* Sync up cli syntax for aliases in help
* Use tools.deps.alpha 0.9.857
1.10.1.754 (Dec 7, 2020)
* New, more informative tree format for clj -Stree / clj -X:deps tree
* Added options for use with clj -X:deps tree
* Use tools.deps.alpha 0.9.857
1.10.1.739 (Nov 23, 2020)
* Fix use of jdk profile activation in local deps with pom files
* Fix error handling for -X to avoid double throw
* Add error handling for -A used without an alias
* Use tools.deps.alpha 0.9.840
1.10.1.727 (Oct 21, 2020)
* Fix clj -X:deps tree adding tools.deps.alpha to tree
* Fix clj -X:deps mvn-pom adding tools.deps.alpha to pom deps
* Fix clj -X:deps git-resolve-tags not working
* TDEPS-169 - Fix clj -X:deps mvn-install on jar to also install embedded pom
* Fix clj -Spom not respecting dep modifications from -A (regression)
* Use tools.deps.alpha 0.9.833
1.10.1.716 (Oct 10, 2020)
* Make edn reading tolerant of unknown tagged literals
* Update to latest dependencies for maven-resolver and aws-api
* Use tools.deps.alpha 0.9.821
1.10.1.708 (Oct 7, 2020)
* Fixes to handling transitive deps when newer versions of a dep are found in
the dep expansion
* TDEPS-168 - Improvements to -X error message handling
* Use tools.deps.alpha 0.9.816
1.10.1.697 (Sept 25, 2020)
* Added execution mode (-X)
* Added prepare mode (-P)
* Expanded main execution (-M) to support all argmap arguments
* Added new argmap attributes for namespace resolution:
+ :ns-aliases and :ns-default
* Added new clojure.tools.cli.api available via -X:deps alias:
+ clj -X:deps git-resolve-tags
+ clj -X:deps mvn-install
+ clj -X:deps mvn-pom
+ clj -X:deps tree
* Deprecated -R, -C (use -X, -M, or -A instead)
* Deprecated unqualified lib names in deps.edn (use fully qualified lib
names)
* Deprecated alias tool args :deps and :paths (use :replace-deps and
:replace-paths)
* Removed -O (use -X, -M, or -A)
* Removed -Sresolve-tags (use -X:deps git-resolve-tags)
* TDEPS-152 - Fixes to -Spom generation with srcDirectory
* TDEPS-155 - Better error handling for bad coordinates
* TDEPS-167 - Handle absolute resource paths in pom deps
* Use tools.deps.alpha 0.9.810
1.10.1.561 (July 17, 2020)
* Rework exclusion handling when exclusion sets differ for same lib/version
* Use tools.deps.alpha 0.8.709
1.10.1.547 (June 11, 2020)
* (Windows) Write -Spath to output, not to host
* TDEPS-152 - Fix bad addition of srcDirectory in pom gen
* TDEPS-155 - Add error checking for missing :mvn/version
* Use tools.deps.alpha 0.8.695
1.10.1.536 (Feb 28, 2020)
* Release automation work, no tool changes
1.10.1.510 (Feb 14, 2020)
* TDEPS-150 - Fix regression in supporting -Scp flag (avoid resolving deps)
* TDEPS-148 - Fix incorrect path resolution for git/local dep without
deps.edn
* Use tools.deps.alpha 0.8.677
Fixes builds of go118 and newer in x86_64 chroots on an arm64 host. The go
build system parses "uname -v" and incorrectly assumes that if you're running
on an arm64 host you always want arm64 binaries.
Changes from 5.1.x to 5.2.0
---------------------------
*****************************************************************************
* MPFR mode (the -M option) is now ON PAROLE. This feature is now being *
* supported by a volunteer in the development team and not by the primary *
* maintainer. If this situation changes, then the feature will be removed. *
* For more information see this section in the manual: *
* https://www.gnu.org/software/gawk/manual/html_node/MPFR-On-Parole.html *
*****************************************************************************
1. Infrastructure upgrades: Libtool 2.4.7, Bison 3.8.2.
2. Numeric scalars now compare in the same way as C for the relational
operators. Comparison order for sorting has not changed. This only
makes a difference when comparing Infinity and NaN values with
regular numbers; it should not be noticeable most of the time.
3. If the AWK_HASH environment variable is set to "fnv1a" gawk will
use the FNV1-A hash function for associative arrays.
4. The CMake infrastructure has been removed. In the five years it was in
the tree, nobody used it, and it was not updated.
5. There is now a new function, mkbool(), that creates Boolean-typed
values. These values *are* numbers, but they are also tagged as
Boolean. This is mainly for use with data exchange to/from languages
or environments that support real Boolean values. See the manual
for details.
6. As BWK awk has supported interval expressions since 2019, they are
now enabled even if --traditional is supplied. The -r/--re-interval option
remains, but it does nothing.
7. The rwarray extension has two new functions, writeall() and readall(),
for saving / restoring all of gawk's variables and arrays.
8. The new `gawkbug' script should be used for reporting bugs.
9. The manual page (doc/gawk.1) has been considerably reduced in size.
Wherever possible, details were replaced with references to the online
copy of the manual.
10. Gawk now supports Terence Kelly's "persistent malloc" (pma),
allowing gawk to preserve its variables, arrays and user-defined
functions between runs. THIS IS AN EXPERIMENTAL FEATURE!
For more information, see the manual. A new pm-gawk.1 man page
is included, as is a separate user manual that focuses on the feature.
11. Support for OS/2 has been removed. It was not being actively
maintained.
12. Similarly, support for DJGPP has been removed. It also was not
being actively maintained.
13. VAX/VMS is no longer supported, as it can no longer be tested.
The files for it remain in the distribution but will be removed
eventually.
14. Some subtle issues with untyped array elements being passed to
functions have been fixed.
15. Syntax errors are now immediately fatal. This prevents problems
with errors from fuzzers and other such things.
16. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Python 3.7.14
Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.
Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.
The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.
Library
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.
Documentation
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.3.1.
Tests
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
bpo-41306: Fixed a failure in test_tk.test_widgets.ScaleTest happening when executing the test with Tk 8.6.10.
Windows
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
Ruby on Rails 6.1.7 release on 9th September 2022.
Active Record and Active Storage are updated:
Active Record
* Symbol is allowed by default for YAML columns
Étienne Barrié
* Fix ActiveRecord::Store to serialize as a regular Hash
Previously it would serialize as an
ActiveSupport::HashWithIndifferentAccess which is wasteful and cause
problem with YAML safe_load.
Jean Boussier
* Fix PG.connect keyword arguments deprecation warning on ruby 2.7
Fixes .
Nikita Vasilevsky
Active Storage
* Respect Active Record's primary_key_type in Active Storage
migrations. Backported from 7.0.
fatkodima
Ruby on Rails 6.0.6 release on 9th September 2022 and
Active Record is only updated.
databases/ruby-activerecord60
* Symbol is allowed by default for YAML columns
Étienne Barrié
Vala 0.56.3
===========
* Various improvements and bug fixes:
- vala: Don't unconditionally expect ObjectType of Class [#1341]
- vala: Make try-statement parsing more resilient [#1304]
- vala: Avoid problems with '\' in #line directives on Windows [#1353]
- gidlparser: Set source reference of parameters
* Bindings:
- atspi-2: Fix a few binding errors
- glib-2.0: Use g_abort for GLib.Process.abort() beginning with 2.50 [#1350]
- gtk+-3.0: Correctly unhide BindingSet.by_class to avoid Version attribute
Python 3.9.14
Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.
Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.
The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.
Library
gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”.
gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None.
bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.
Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers.
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
Python 3.8.14
Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.
Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.
The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.
Library
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.
Documentation
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4.
Tests
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.
Windows
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
This minor release includes 2 security fixes following the security policy:
net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev", "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Python 3.10.7 final
Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
Core and Builtins
gh-96187: Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. Patch by Pablo Galindo
gh-95876: Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments.
gh-95605: Fix misleading contents of error message when converting an all-whitespace string to float.
gh-93592: coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine.
gh-94996: ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). Patch by Shantanu Jain.
Library
gh-68163: Correct conversion of numbers.Rational’s to float.
gh-96159: Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed.
gh-96175: Fix unused localName parameter in the Attr class in xml.dom.minidom.
gh-95609: Update bundled pip to 22.2.2.
gh-95231: Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled.
Documentation
gh-96098: Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules.
gh-95789: Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org
gh-91207: Fix stylesheet not working in Windows CHM htmlhelp docs. Contributed by C.A.M. Gerlach.
bpo-47115: The documentation now lists which members of C structs are part of the Limited API/Stable ABI.
Tests
gh-95243: Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. Patch by Ross Burton.
Build
gh-94682: Build and test with OpenSSL 1.1.1q
IDLE
gh-65802: Document handling of extensions in Save As dialogs.
gh-95191: Include prompts when saving Shell (interactive input and output).
This minor release includes 2 security fixes following the security policy:
net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev", "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
This is useful for allowing packages that install python egg metadata
to benefit from the PRINT_PLIST_AWK defined in egg.mk even if they don't
actually use setup.py or normal Python build tools.
2022-08-22
New Features
* (first contribution) add Inline type alias into uses assist:
* (first contribution) implement type inference for IntoFuture.
* consider bounds on inherent impl in method resolution (fixes nalgebra constructors).
* add LSP extension for cancelling running flychecks.
* allow running tests in inline module from anywhere in parent file.
* support disabling keyword hover popups (rust-analyzer.hover.documentation.keywords.enable).
Fixes
* resolve associated types of bare dyn types.
* resolve path Self alone in value namespace.
* support Self::assoc() syntax in Generate function.`
* replace Self in Inline call.
* fix incorrect type mismatch with cfg_if! and other macros in expression position.
* fix record completion filtering.
* escape keywords used as names in earlier editions.
* revert 12947, trigger workspace switches on all structure changes again.
* log rustfmt parsing errors as warnings.
Internal Improvements
* build release binaries on ubuntu-20.04.
* document interaction of checkOnSave.overrideCommand and multiple linked projects.
* add an HIR pretty-printer.
* make resolve_name_in_module a bit more lazy.
* fix a bunch of typos.
